Class: Chef::ReservedNames::Win32::Security::SecurableObject
- Defined in:
- lib/chef/win32/security/securable_object.rb
Constant Summary collapse
- SecurityConst =
Chef::ReservedNames::Win32::API::Security
Instance Attribute Summary collapse
-
#path ⇒ Object
readonly
Returns the value of attribute path.
-
#type ⇒ Object
readonly
Returns the value of attribute type.
Instance Method Summary collapse
- #dacl=(val) ⇒ Object
- #group=(val) ⇒ Object
-
#initialize(path, type = :SE_FILE_OBJECT) ⇒ SecurableObject
constructor
A new instance of SecurableObject.
- #owner=(val) ⇒ Object
-
#predict_rights_mask(generic_mask) ⇒ Object
This method predicts what the rights mask would be on an object if you created an ACE with the given mask.
- #sacl=(val) ⇒ Object
- #security_descriptor(include_sacl = false) ⇒ Object
-
#set_dacl(dacl, dacl_inherits) ⇒ Object
You don’t set dacl_inherits without also setting dacl, because Windows gets angry and denies you access.
- #set_sacl(sacl, sacl_inherits) ⇒ Object
Constructor Details
#initialize(path, type = :SE_FILE_OBJECT) ⇒ SecurableObject
Returns a new instance of SecurableObject.
28 29 30 31 |
# File 'lib/chef/win32/security/securable_object.rb', line 28 def initialize(path, type = :SE_FILE_OBJECT) @path = path @type = type end |
Instance Attribute Details
#path ⇒ Object (readonly)
Returns the value of attribute path.
33 34 35 |
# File 'lib/chef/win32/security/securable_object.rb', line 33 def path @path end |
#type ⇒ Object (readonly)
Returns the value of attribute type.
34 35 36 |
# File 'lib/chef/win32/security/securable_object.rb', line 34 def type @type end |
Instance Method Details
#dacl=(val) ⇒ Object
73 74 75 |
# File 'lib/chef/win32/security/securable_object.rb', line 73 def dacl=(val) Security.set_named_security_info(path, type, :dacl => val) end |
#group=(val) ⇒ Object
84 85 86 |
# File 'lib/chef/win32/security/securable_object.rb', line 84 def group=(val) Security.set_named_security_info(path, type, :group => val) end |
#owner=(val) ⇒ Object
88 89 90 91 92 93 |
# File 'lib/chef/win32/security/securable_object.rb', line 88 def owner=(val) # TODO to fix serious permissions problems, we may need to enable SeBackupPrivilege. But we might need it (almost) everywhere else, too. Security.with_privileges("SeTakeOwnershipPrivilege", "SeRestorePrivilege") do Security.set_named_security_info(path, type, :owner => val) end end |
#predict_rights_mask(generic_mask) ⇒ Object
This method predicts what the rights mask would be on an object if you created an ACE with the given mask. Specifically, it looks for generic attributes like GENERIC_READ, and figures out what specific attributes will be set. This is important if you want to try to compare an existing ACE with one you want to create.
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/chef/win32/security/securable_object.rb', line 43 def predict_rights_mask(generic_mask) mask = generic_mask #mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_READ if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_READ) != 0 #mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_WRITE if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE) != 0 #mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_EXECUTE if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE) != 0 #mask |= Chef::ReservedNames::Win32::API::Security::STANDARD_RIGHTS_ALL if (mask | Chef::ReservedNames::Win32::API::Security::GENERIC_ALL) != 0 if type == :SE_FILE_OBJECT mask |= Chef::ReservedNames::Win32::API::Security::FILE_GENERIC_READ if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_READ) != 0 mask |= Chef::ReservedNames::Win32::API::Security::FILE_GENERIC_WRITE if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE) != 0 mask |= Chef::ReservedNames::Win32::API::Security::FILE_GENERIC_EXECUTE if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE) != 0 mask |= Chef::ReservedNames::Win32::API::Security::FILE_ALL_ACCESS if (mask & Chef::ReservedNames::Win32::API::Security::GENERIC_ALL) != 0 else raise "Unimplemented object type for predict_security_mask: #{type}" end mask &= ~(Chef::ReservedNames::Win32::API::Security::GENERIC_READ | Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE | Chef::ReservedNames::Win32::API::Security::GENERIC_ALL) mask end |
#sacl=(val) ⇒ Object
95 96 97 98 99 |
# File 'lib/chef/win32/security/securable_object.rb', line 95 def sacl=(val) Security.with_privileges("SeSecurityPrivilege") do Security.set_named_security_info(path, type, :sacl => val) end end |
#security_descriptor(include_sacl = false) ⇒ Object
61 62 63 64 65 66 67 68 69 70 71 |
# File 'lib/chef/win32/security/securable_object.rb', line 61 def security_descriptor(include_sacl = false) security_information = Chef::ReservedNames::Win32::API::Security::OWNER_SECURITY_INFORMATION | Chef::ReservedNames::Win32::API::Security::GROUP_SECURITY_INFORMATION | Chef::ReservedNames::Win32::API::Security::DACL_SECURITY_INFORMATION if include_sacl security_information |= Chef::ReservedNames::Win32::API::Security::SACL_SECURITY_INFORMATION Security.with_privileges("SeSecurityPrivilege") do Security.get_named_security_info(path, type, security_information) end else Security.get_named_security_info(path, type, security_information) end end |
#set_dacl(dacl, dacl_inherits) ⇒ Object
You don’t set dacl_inherits without also setting dacl, because Windows gets angry and denies you access. So if you want to do that, you may as well do both at once.
80 81 82 |
# File 'lib/chef/win32/security/securable_object.rb', line 80 def set_dacl(dacl, dacl_inherits) Security.set_named_security_info(path, type, :dacl => dacl, :dacl_inherits => dacl_inherits) end |
#set_sacl(sacl, sacl_inherits) ⇒ Object
101 102 103 104 105 |
# File 'lib/chef/win32/security/securable_object.rb', line 101 def set_sacl(sacl, sacl_inherits) Security.with_privileges("SeSecurityPrivilege") do Security.set_named_security_info(path, type, :sacl => sacl, :sacl_inherits => sacl_inherits) end end |