Class: Win32::Security::ACL

Inherits:
Object
  • Object
show all
Includes:
Windows::Error, Windows::Limits, Windows::MSVCRT::Buffer, Windows::Security
Defined in:
lib/win32/security/acl.rb

Overview

The ACL class encapsulates an Access Control List.

Constant Summary collapse

VERSION =

The version of the Win32::Security::ACL class.

'0.1.0'

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(revision = ACL_REVISION) ⇒ ACL

Creates and returns a new Win32::Security::ACL object. This object encapsulates an ACL structure, including a binary representation of the ACL itself, and the revision information.



32
33
34
35
36
37
38
39
40
41
 
# File 'lib/win32/security/acl.rb', line 32

def initialize(revision = ACL_REVISION)
  acl = 0.chr * 8 # This can be increased later as needed

  unless InitializeAcl(acl, acl.size, revision)
    raise Error, get_last_error
  end

  @acl = acl
  @revision = revision
end

Instance Attribute Details

#aclObject (readonly)

The binary representation of the ACL structure



23
24
25
 
# File 'lib/win32/security/acl.rb', line 23

def acl
  @acl
end

#revisionObject

The revision level.



26
27
28
 
# File 'lib/win32/security/acl.rb', line 26

def revision
  @revision
end

Instance Method Details

#ace_countObject

Returns the number of ACE’s in the ACL object.



45
46
47
48
49
50
51
52
53
 
# File 'lib/win32/security/acl.rb', line 45

def ace_count
  buf = 0.chr * 12 # sizeof(ACL_SIZE_INFORMATION)

  unless GetAclInformation(@acl, buf, buf.size, AclSizeInformation)
    raise Error, get_last_error
  end

  buf[0, 4].unpack('L')[0]
end

#add_access_allowed_ace(sid, mask = 0) ⇒ Object

Adds an access allowed ACE to the given sid. The mask is a bitwise OR’d value of access rights.



58
59
60
61
62
 
# File 'lib/win32/security/acl.rb', line 58

def add_access_allowed_ace(sid, mask=0)
  unless AddAccessAllowedAce(@acl, @revision, mask, sid)
    raise Error, get_last_error
  end
end

#add_access_denied_ace(sid, mask = 0) ⇒ Object

Adds an access denied ACE to the given sid.



66
67
68
69
70
 
# File 'lib/win32/security/acl.rb', line 66

def add_access_denied_ace(sid, mask=0)
  unless AddAccessDeniedAce(@acl, @revision, mask, sid)
    raise Error, get_last_error
  end
end

#add_ace(ace, index = MAXDWORD) ⇒ Object

Adds an ACE to the ACL object with the given revision at index or the end of the chain if no index is specified.

Returns the index if successful. – This is untested and will require an actual implementation of Win32::Security::Ace before it can work properly.



80
81
82
83
84
85
86
 
# File 'lib/win32/security/acl.rb', line 80

def add_ace(ace, index=MAXDWORD)
  unless AddAce(@acl, @revision, index, ace, ace.length)
    raise Error, get_last_error
  end

  index
end

#delete_ace(index = MAXDWORD) ⇒ Object

Deletes an ACE from the ACL object at index, or from the end of the chain if no index is specified.

Returns the index if successful. – This is untested and will require an actual implementation of Win32::Security::Ace before it can work properly.



96
97
98
99
100
101
102
 
# File 'lib/win32/security/acl.rb', line 96

def delete_ace(index=MAXDWORD)
  unless DeleteAce(@ace, index)
    raise Error, get_last_error
  end

  index
end

#find_ace(index = nil) ⇒ Object

Finds and returns a pointer (address) to an ACE in the ACL at the given index. If no index is provided, then an address to the first free byte of the ACL is returned.



108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
# File 'lib/win32/security/acl.rb', line 108

def find_ace(index = nil)
  ptr = [0].pack('L')

  if index.nil?
    unless FindFirstFreeAce(@acl, ptr)
      raise Error, get_last_error
    end
  else
    unless GetAce(@acl, index, ptr)
      raise Error, get_last_error
    end
  end

  [ptr].pack('p*').unpack('L')[0]
end

#valid?Boolean

Returns whether or not the ACL is a valid ACL.

Returns:

  • (Boolean) 


143
144
145
 
# File 'lib/win32/security/acl.rb', line 143

def valid?
  IsValidAcl(@acl)
end