Class: Puppet::Util::Windows::AccessControlList Private

Inherits:
Object
  • Object
show all
Includes:
Enumerable
Defined in:
lib/puppet/util/windows/access_control_list.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Windows Access Control List

Represents a list of access control entries (ACEs).

Constant Summary collapse

ACCESS_ALLOWED_ACE_TYPE =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

0x0
ACCESS_DENIED_ACE_TYPE =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

0x1

Instance Method Summary collapse

Methods included from Enumerable

#uniq

Constructor Details

#initialize(acl = nil) ⇒ AccessControlList

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Construct an ACL.


16
17
18
19
20
21
22
# File 'lib/puppet/util/windows/access_control_list.rb', line 16

def initialize(acl = nil)
  if acl
    @aces = acl.map(&:dup)
  else
    @aces = []
  end
end

Instance Method Details

#==(other) ⇒ Object Also known as: eql?

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.


107
108
109
110
# File 'lib/puppet/util/windows/access_control_list.rb', line 107

def ==(other)
  self.class == other.class &&
    self.to_a == other.to_a
end

#allow(sid, mask, flags = 0) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Allow the sid to access a resource with the specified access mask.


36
37
38
# File 'lib/puppet/util/windows/access_control_list.rb', line 36

def allow(sid, mask, flags = 0)
  @aces << Puppet::Util::Windows::AccessControlEntry.new(sid, mask, flags, ACCESS_ALLOWED_ACE_TYPE)
end

#deny(sid, mask, flags = 0) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Deny the sid access to a resource with the specified access mask.


45
46
47
# File 'lib/puppet/util/windows/access_control_list.rb', line 45

def deny(sid, mask, flags = 0)
  @aces << Puppet::Util::Windows::AccessControlEntry.new(sid, mask, flags, ACCESS_DENIED_ACE_TYPE)
end

#each {|ace| ... } ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Enumerate each ACE in the list.

Yield Parameters:

  • ace (Hash)

    the ace


27
28
29
# File 'lib/puppet/util/windows/access_control_list.rb', line 27

def each
  @aces.each {|ace| yield ace}
end

#inspectObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.


99
100
101
102
103
104
105
# File 'lib/puppet/util/windows/access_control_list.rb', line 99

def inspect
  str = ""
  @aces.each do |ace|
    str << "  #{ace.inspect}\n"
  end
  str
end

#reassign!(old_sid, new_sid) ⇒ AccessControlList

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Reassign all ACEs currently assigned to old_sid to new_sid instead. If an ACE is inherited or is not assigned to old_sid, then it will be copied as-is to the new ACL, preserving its order within the ACL.


56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# File 'lib/puppet/util/windows/access_control_list.rb', line 56

def reassign!(old_sid, new_sid)
  new_aces = []
  prepend_needed = false
  aces_to_prepend = []

  @aces.each do |ace|
    new_ace = ace.dup

    if ace.sid == old_sid
      if ace.inherited?
        # create an explicit ACE granting or denying the
        # new_sid the rights that the inherited ACE
        # granted or denied the old_sid. We mask off all
        # flags except those affecting inheritance of the
        # ACE we're creating.
        inherit_mask = Puppet::Util::Windows::AccessControlEntry::CONTAINER_INHERIT_ACE |
          Puppet::Util::Windows::AccessControlEntry::OBJECT_INHERIT_ACE |
          Puppet::Util::Windows::AccessControlEntry::INHERIT_ONLY_ACE
        explicit_ace = Puppet::Util::Windows::AccessControlEntry.new(new_sid, ace.mask, ace.flags & inherit_mask, ace.type)
        aces_to_prepend << explicit_ace
      else
        new_ace.sid = new_sid

        prepend_needed = old_sid == Puppet::Util::Windows::SID::LocalSystem
      end
    end
    new_aces << new_ace
  end

  @aces = []

  if prepend_needed
    mask = Puppet::Util::Windows::File::STANDARD_RIGHTS_ALL | Puppet::Util::Windows::File::SPECIFIC_RIGHTS_ALL
    ace = Puppet::Util::Windows::AccessControlEntry.new(
            Puppet::Util::Windows::SID::LocalSystem,
            mask)
    @aces << ace
  end

  @aces.concat(aces_to_prepend)
  @aces.concat(new_aces)
end