Module: Chef::ReservedNames::Win32::API::Security

Extended by:

Chef::ReservedNames::Win32::API

Included in:

FileAccessControl::Windows, File, Security, Security

Defined in:

lib/chef/win32/api/security.rb

Defined Under Namespace

Classes: ACE_HEADER, ACE_WITH_MASK_AND_SID, ACLStruct, GENERIC_MAPPING, LSA_ENUMERATION_INFORMATION, LSA_OBJECT_ATTRIBUTES, LSA_UNICODE_STRING, LUID, LUID_AND_ATTRIBUTES, PRIVILEGE_SET, TOKEN_ELEVATION_TYPE, TOKEN_OWNER, TOKEN_PRIMARY_GROUP, TOKEN_PRIVILEGES

Constant Summary

ACCESS_MIN_MS_ACE_TYPE =

ACE_HEADER AceType

0x0

ACCESS_ALLOWED_ACE_TYPE =

0x0

ACCESS_DENIED_ACE_TYPE =

0x1

SYSTEM_AUDIT_ACE_TYPE =

0x2

SYSTEM_ALARM_ACE_TYPE =

0x3

ACCESS_MAX_MS_V2_ACE_TYPE =

0x3

ACCESS_ALLOWED_COMPOUND_ACE_TYPE =

0x4

ACCESS_MAX_MS_V3_ACE_TYPE =

0x4

ACCESS_MIN_MS_OBJECT_ACE_TYPE =

0x5

ACCESS_ALLOWED_OBJECT_ACE_TYPE =

0x5

ACCESS_DENIED_OBJECT_ACE_TYPE =

0x6

SYSTEM_AUDIT_OBJECT_ACE_TYPE =

0x7

SYSTEM_ALARM_OBJECT_ACE_TYPE =

0x8

ACCESS_MAX_MS_OBJECT_ACE_TYPE =

0x8

ACCESS_MAX_MS_V4_ACE_TYPE =

0x8

ACCESS_MAX_MS_ACE_TYPE =

0x8

ACCESS_ALLOWED_CALLBACK_ACE_TYPE =

0x9

ACCESS_DENIED_CALLBACK_ACE_TYPE =

0xA

ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE =

0xB

ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE =

0xC

SYSTEM_AUDIT_CALLBACK_ACE_TYPE =

0xD

SYSTEM_ALARM_CALLBACK_ACE_TYPE =

0xE

SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE =

0xF

SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE =

0x10

SYSTEM_MANDATORY_LABEL_ACE_TYPE =

0x11

ACCESS_MAX_MS_V5_ACE_TYPE =

0x11

OBJECT_INHERIT_ACE =

ACE_HEADER AceFlags

0x1

CONTAINER_INHERIT_ACE =

0x2

NO_PROPAGATE_INHERIT_ACE =

0x4

INHERIT_ONLY_ACE =

0x8

INHERITED_ACE =

0x10

VALID_INHERIT_FLAGS =

0x1F

SUCCESSFUL_ACCESS_ACE_FLAG =

0x40

FAILED_ACCESS_ACE_FLAG =

0x80

OWNER_SECURITY_INFORMATION =

SECURITY_INFORMATION flags (DWORD)

0x01

GROUP_SECURITY_INFORMATION =

0x02

DACL_SECURITY_INFORMATION =

0x04

SACL_SECURITY_INFORMATION =

0x08

LABEL_SECURITY_INFORMATION =

0x10

UNPROTECTED_SACL_SECURITY_INFORMATION =

0x10000000

UNPROTECTED_DACL_SECURITY_INFORMATION =

0x20000000

PROTECTED_SACL_SECURITY_INFORMATION =

0x40000000

PROTECTED_DACL_SECURITY_INFORMATION =

0x80000000

SECURITY_DESCRIPTOR_REVISION =

SECURITY_DESCRIPTOR_REVISION

1

SECURITY_DESCRIPTOR_REVISION1 =

1

SE_OWNER_DEFAULTED =

SECURITY_DESCRIPTOR_CONTROL

0x0001

SE_GROUP_DEFAULTED =

0x0002

SE_DACL_PRESENT =

0x0004

SE_DACL_DEFAULTED =

0x0008

SE_SACL_PRESENT =

0x0010

SE_SACL_DEFAULTED =

0x0020

SE_DACL_AUTO_INHERIT_REQ =

0x0100

SE_SACL_AUTO_INHERIT_REQ =

0x0200

SE_DACL_AUTO_INHERITED =

0x0400

SE_SACL_AUTO_INHERITED =

0x0800

SE_DACL_PROTECTED =

0x1000

SE_SACL_PROTECTED =

0x2000

SE_RM_CONTROL_VALID =

0x4000

SE_SELF_RELATIVE =

0x8000

GENERIC_READ =

ACCESS_RIGHTS_MASK Generic Access Rights

0x80000000

GENERIC_WRITE =

0x40000000

GENERIC_EXECUTE =

0x20000000

GENERIC_ALL =

0x10000000

DELETE =

Standard Access Rights

0x00010000

READ_CONTROL =

0x00020000

WRITE_DAC =

0x00040000

WRITE_OWNER =

0x00080000

SYNCHRONIZE =

0x00100000

STANDARD_RIGHTS_REQUIRED =

0x000F0000

STANDARD_RIGHTS_READ =

READ_CONTROL

STANDARD_RIGHTS_WRITE =

READ_CONTROL

STANDARD_RIGHTS_EXECUTE =

READ_CONTROL

STANDARD_RIGHTS_ALL =

0x001F0000

SPECIFIC_RIGHTS_ALL =

0x0000FFFF

ACCESS_SYSTEM_SECURITY =

Access System Security Right

0x01000000

FILE_READ_DATA =

File/Directory Specific Rights

0x0001

FILE_LIST_DIRECTORY =

0x0001

FILE_WRITE_DATA =

0x0002

FILE_ADD_FILE =

0x0002

FILE_APPEND_DATA =

0x0004

FILE_ADD_SUBDIRECTORY =

0x0004

FILE_CREATE_PIPE_INSTANCE =

0x0004

FILE_READ_EA =

0x0008

FILE_WRITE_EA =

0x0010

FILE_EXECUTE =

0x0020

FILE_TRAVERSE =

0x0020

FILE_DELETE_CHILD =

0x0040

FILE_READ_ATTRIBUTES =

0x0080

FILE_WRITE_ATTRIBUTES =

0x0100

FILE_ALL_ACCESS =

STANDARD_RIGHTS_REQUIRED |
SYNCHRONIZE |
0x1FF

FILE_GENERIC_READ =

STANDARD_RIGHTS_READ |
FILE_READ_DATA | FILE_READ_ATTRIBUTES |
FILE_READ_EA | SYNCHRONIZE

FILE_GENERIC_WRITE =

STANDARD_RIGHTS_WRITE | FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA | SYNCHRONIZE

FILE_GENERIC_EXECUTE =

STANDARD_RIGHTS_EXECUTE | FILE_READ_ATTRIBUTES | FILE_EXECUTE | SYNCHRONIZE

WRITE =

FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA

SUBFOLDERS_AND_FILES_ONLY =

INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE

TOKEN_ASSIGN_PRIMARY =

Access Token Rights (for OpenProcessToken) Access Rights for Access-Token Objects (used in OpenProcessToken)

0x0001

TOKEN_DUPLICATE =

0x0002

TOKEN_IMPERSONATE =

0x0004

TOKEN_QUERY =

0x0008

TOKEN_QUERY_SOURCE =

0x0010

TOKEN_ADJUST_PRIVILEGES =

0x0020

TOKEN_ADJUST_GROUPS =

0x0040

TOKEN_ADJUST_DEFAULT =

0x0080

TOKEN_ADJUST_SESSIONID =

0x0100

TOKEN_READ =

(STANDARD_RIGHTS_READ | TOKEN_QUERY)

TOKEN_ALL_ACCESS =

(STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY |
TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_QUERY_SOURCE |
TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT |
TOKEN_ADJUST_SESSIONID)

SE_PRIVILEGE_ENABLED_BY_DEFAULT =

AdjustTokenPrivileges

0x00000001

SE_PRIVILEGE_ENABLED =

0x00000002

SE_PRIVILEGE_REMOVED =

0X00000004

SE_PRIVILEGE_USED_FOR_ACCESS =

0x80000000

SE_PRIVILEGE_VALID_ATTRIBUTES =

SE_PRIVILEGE_ENABLED_BY_DEFAULT |
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_REMOVED | SE_PRIVILEGE_USED_FOR_ACCESS

SECURITY_DESCRIPTOR_MIN_LENGTH =

Minimum size of a SECURITY_DESCRIPTOR. TODO: this is probably platform dependent. Make it work on 64 bit.

20

ACL_REVISION =

ACL revisions

2

ACL_REVISION_DS =

4

ACL_REVISION1 =

1

ACL_REVISION2 =

2

ACL_REVISION3 =

3

ACL_REVISION4 =

4

MIN_ACL_REVISION =

ACL_REVISION2

MAX_ACL_REVISION =

ACL_REVISION4

MAXDWORD =

0xffffffff

LOGON32_LOGON_INTERACTIVE =

LOGON32 constants for LogonUser

2

LOGON32_LOGON_NETWORK =

3

LOGON32_LOGON_BATCH =

4

LOGON32_LOGON_SERVICE =

5

LOGON32_LOGON_UNLOCK =

7

LOGON32_LOGON_NETWORK_CLEARTEXT =

8

LOGON32_LOGON_NEW_CREDENTIALS =

9

LOGON32_PROVIDER_DEFAULT =

0

LOGON32_PROVIDER_WINNT35 =

1

LOGON32_PROVIDER_WINNT40 =

2

LOGON32_PROVIDER_WINNT50 =

3

POLICY_VIEW_LOCAL_INFORMATION =

LSA access policy

0x00000001

POLICY_VIEW_AUDIT_INFORMATION =

0x00000002

POLICY_GET_PRIVATE_INFORMATION =

0x00000004

POLICY_TRUST_ADMIN =

0x00000008

POLICY_CREATE_ACCOUNT =

0x00000010

POLICY_CREATE_SECRET =

0x00000020

POLICY_CREATE_PRIVILEGE =

0x00000040

POLICY_SET_DEFAULT_QUOTA_LIMITS =

0x00000080

POLICY_SET_AUDIT_REQUIREMENTS =

0x00000100

POLICY_AUDIT_LOG_ADMIN =

0x00000200

POLICY_SERVER_ADMIN =

0x00000400

POLICY_LOOKUP_NAMES =

0x00000800

POLICY_NOTIFICATION =

0x00001000

SE_OBJECT_TYPE =

Win32 API Bindings

enum :SE_OBJECT_TYPE, %i{
     SE_UNKNOWN_OBJECT_TYPE
     SE_FILE_OBJECT
     SE_SERVICE
     SE_PRINTER
     SE_REGISTRY_KEY
     SE_LMSHARE
     SE_KERNEL_OBJECT
     SE_WINDOW_OBJECT
     SE_DS_OBJECT
     SE_DS_OBJECT_ALL
     SE_PROVIDER_DEFINED_OBJECT
     SE_WMIGUID_OBJECT
     SE_REGISTRY_WOW64_32KEY
}

SID_NAME_USE =

enum :SID_NAME_USE, [
     :SidTypeUser, 1,
     :SidTypeGroup,
     :SidTypeDomain,
     :SidTypeAlias,
     :SidTypeWellKnownGroup,
     :SidTypeDeletedAccount,
     :SidTypeInvalid,
     :SidTypeUnknown,
     :SidTypeComputer,
     :SidTypeLabel
]

TOKEN_INFORMATION_CLASS =

enum :TOKEN_INFORMATION_CLASS, [
     :TokenUser, 1,
     :TokenGroups,
     :TokenPrivileges,
     :TokenOwner,
     :TokenPrimaryGroup,
     :TokenDefaultDacl,
     :TokenSource,
     :TokenType,
     :TokenImpersonationLevel,
     :TokenStatistics,
     :TokenRestrictedSids,
     :TokenSessionId,
     :TokenGroupsAndPrivileges,
     :TokenSessionReference,
     :TokenSandBoxInert,
     :TokenAuditPolicy,
     :TokenOrigin,
     :TokenElevationType,
     :TokenLinkedToken,
     :TokenElevation,
     :TokenHasRestrictions,
     :TokenAccessInformation,
     :TokenVirtualizationAllowed,
     :TokenVirtualizationEnabled,
     :TokenIntegrityLevel,
     :TokenUIAccess,
     :TokenMandatoryPolicy,
     :TokenLogonSid,
     :TokenIsAppContainer,
     :TokenCapabilities,
     :TokenAppContainerSid,
     :TokenAppContainerNumber,
     :TokenUserClaimAttributes,
     :TokenDeviceClaimAttributes,
     :TokenRestrictedUserClaimAttributes,
     :TokenRestrictedDeviceClaimAttributes,
     :TokenDeviceGroups,
     :TokenRestrictedDeviceGroups,
     :TokenSecurityAttributes,
     :TokenIsRestricted,
     :MaxTokenInfoClass
]

SECURITY_IMPERSONATION_LEVEL =

msdn.microsoft.com/en-us/library/windows/desktop/aa379572%28v=vs.85%29.aspx

enum :SECURITY_IMPERSONATION_LEVEL, %i{
     SecurityAnonymous
     SecurityIdentification
     SecurityImpersonation
     SecurityDelegation
}

ELEVATION_TYPE =

msdn.microsoft.com/en-us/library/windows/desktop/bb530718%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

enum :ELEVATION_TYPE, [
    :TokenElevationTypeDefault, 1,
    :TokenElevationTypeFull,
    :TokenElevationTypeLimited
]