Module: Chef::ReservedNames::Win32::API::Security

Extended by:
Chef::ReservedNames::Win32::API
Included in:
FileAccessControl::Windows, File, Security, Security
Defined in:
lib/chef/win32/api/security.rb

Defined Under Namespace

Classes: ACE_HEADER, ACE_WITH_MASK_AND_SID, ACLStruct, GENERIC_MAPPING, LSA_ENUMERATION_INFORMATION, LSA_OBJECT_ATTRIBUTES, LSA_UNICODE_STRING, LUID, LUID_AND_ATTRIBUTES, PRIVILEGE_SET, TOKEN_ELEVATION_TYPE, TOKEN_OWNER, TOKEN_PRIMARY_GROUP, TOKEN_PRIVILEGES

Constant Summary collapse

ACCESS_MIN_MS_ACE_TYPE =

ACE_HEADER AceType

0x0
ACCESS_ALLOWED_ACE_TYPE =
0x0
ACCESS_DENIED_ACE_TYPE =
0x1
SYSTEM_AUDIT_ACE_TYPE =
0x2
SYSTEM_ALARM_ACE_TYPE =
0x3
ACCESS_MAX_MS_V2_ACE_TYPE =
0x3
ACCESS_ALLOWED_COMPOUND_ACE_TYPE =
0x4
ACCESS_MAX_MS_V3_ACE_TYPE =
0x4
ACCESS_MIN_MS_OBJECT_ACE_TYPE =
0x5
ACCESS_ALLOWED_OBJECT_ACE_TYPE =
0x5
ACCESS_DENIED_OBJECT_ACE_TYPE =
0x6
SYSTEM_AUDIT_OBJECT_ACE_TYPE =
0x7
SYSTEM_ALARM_OBJECT_ACE_TYPE =
0x8
ACCESS_MAX_MS_OBJECT_ACE_TYPE =
0x8
ACCESS_MAX_MS_V4_ACE_TYPE =
0x8
ACCESS_MAX_MS_ACE_TYPE =
0x8
ACCESS_ALLOWED_CALLBACK_ACE_TYPE =
0x9
ACCESS_DENIED_CALLBACK_ACE_TYPE =
0xA
ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE =
0xB
ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE =
0xC
SYSTEM_AUDIT_CALLBACK_ACE_TYPE =
0xD
SYSTEM_ALARM_CALLBACK_ACE_TYPE =
0xE
SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE =
0xF
SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE =
0x10
SYSTEM_MANDATORY_LABEL_ACE_TYPE =
0x11
ACCESS_MAX_MS_V5_ACE_TYPE =
0x11
OBJECT_INHERIT_ACE =

ACE_HEADER AceFlags

0x1
CONTAINER_INHERIT_ACE =
0x2
NO_PROPAGATE_INHERIT_ACE =
0x4
INHERIT_ONLY_ACE =
0x8
INHERITED_ACE =
0x10
VALID_INHERIT_FLAGS =
0x1F
SUCCESSFUL_ACCESS_ACE_FLAG =
0x40
FAILED_ACCESS_ACE_FLAG =
0x80
OWNER_SECURITY_INFORMATION =

SECURITY_INFORMATION flags (DWORD)

0x01
GROUP_SECURITY_INFORMATION =
0x02
DACL_SECURITY_INFORMATION =
0x04
SACL_SECURITY_INFORMATION =
0x08
LABEL_SECURITY_INFORMATION =
0x10
UNPROTECTED_SACL_SECURITY_INFORMATION =
0x10000000
UNPROTECTED_DACL_SECURITY_INFORMATION =
0x20000000
PROTECTED_SACL_SECURITY_INFORMATION =
0x40000000
PROTECTED_DACL_SECURITY_INFORMATION =
0x80000000
SECURITY_DESCRIPTOR_REVISION =

SECURITY_DESCRIPTOR_REVISION

1
SECURITY_DESCRIPTOR_REVISION1 =
1
SE_OWNER_DEFAULTED =

SECURITY_DESCRIPTOR_CONTROL

0x0001
SE_GROUP_DEFAULTED =
0x0002
SE_DACL_PRESENT =
0x0004
SE_DACL_DEFAULTED =
0x0008
SE_SACL_PRESENT =
0x0010
SE_SACL_DEFAULTED =
0x0020
SE_DACL_AUTO_INHERIT_REQ =
0x0100
SE_SACL_AUTO_INHERIT_REQ =
0x0200
SE_DACL_AUTO_INHERITED =
0x0400
SE_SACL_AUTO_INHERITED =
0x0800
SE_DACL_PROTECTED =
0x1000
SE_SACL_PROTECTED =
0x2000
SE_RM_CONTROL_VALID =
0x4000
SE_SELF_RELATIVE =
0x8000
GENERIC_READ =

ACCESS_RIGHTS_MASK Generic Access Rights

0x80000000
GENERIC_WRITE =
0x40000000
GENERIC_EXECUTE =
0x20000000
GENERIC_ALL =
0x10000000
DELETE =

Standard Access Rights

0x00010000
READ_CONTROL =
0x00020000
WRITE_DAC =
0x00040000
WRITE_OWNER =
0x00080000
SYNCHRONIZE =
0x00100000
STANDARD_RIGHTS_REQUIRED =
0x000F0000
STANDARD_RIGHTS_READ =
READ_CONTROL
STANDARD_RIGHTS_WRITE =
READ_CONTROL
STANDARD_RIGHTS_EXECUTE =
READ_CONTROL
STANDARD_RIGHTS_ALL =
0x001F0000
SPECIFIC_RIGHTS_ALL =
0x0000FFFF
ACCESS_SYSTEM_SECURITY =

Access System Security Right

0x01000000
FILE_READ_DATA =

File/Directory Specific Rights

0x0001
FILE_LIST_DIRECTORY =
0x0001
FILE_WRITE_DATA =
0x0002
FILE_ADD_FILE =
0x0002
FILE_APPEND_DATA =
0x0004
FILE_ADD_SUBDIRECTORY =
0x0004
FILE_CREATE_PIPE_INSTANCE =
0x0004
FILE_READ_EA =
0x0008
FILE_WRITE_EA =
0x0010
FILE_EXECUTE =
0x0020
FILE_TRAVERSE =
0x0020
FILE_DELETE_CHILD =
0x0040
FILE_READ_ATTRIBUTES =
0x0080
FILE_WRITE_ATTRIBUTES =
0x0100
FILE_ALL_ACCESS =
STANDARD_RIGHTS_REQUIRED |
SYNCHRONIZE |
0x1FF
FILE_GENERIC_READ =
STANDARD_RIGHTS_READ |
FILE_READ_DATA | FILE_READ_ATTRIBUTES |
FILE_READ_EA | SYNCHRONIZE
FILE_GENERIC_WRITE =
STANDARD_RIGHTS_WRITE | FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA | SYNCHRONIZE
FILE_GENERIC_EXECUTE =
STANDARD_RIGHTS_EXECUTE | FILE_READ_ATTRIBUTES | FILE_EXECUTE | SYNCHRONIZE
WRITE =
FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA
SUBFOLDERS_AND_FILES_ONLY =
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE
TOKEN_ASSIGN_PRIMARY =

Access Token Rights (for OpenProcessToken) Access Rights for Access-Token Objects (used in OpenProcessToken)

0x0001
TOKEN_DUPLICATE =
0x0002
TOKEN_IMPERSONATE =
0x0004
TOKEN_QUERY =
0x0008
TOKEN_QUERY_SOURCE =
0x0010
TOKEN_ADJUST_PRIVILEGES =
0x0020
TOKEN_ADJUST_GROUPS =
0x0040
TOKEN_ADJUST_DEFAULT =
0x0080
TOKEN_ADJUST_SESSIONID =
0x0100
TOKEN_READ =
(STANDARD_RIGHTS_READ | TOKEN_QUERY)
TOKEN_ALL_ACCESS =
(STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY |
TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_QUERY_SOURCE |
TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT |
TOKEN_ADJUST_SESSIONID)
SE_PRIVILEGE_ENABLED_BY_DEFAULT =

AdjustTokenPrivileges

0x00000001
SE_PRIVILEGE_ENABLED =
0x00000002
SE_PRIVILEGE_REMOVED =
0X00000004
SE_PRIVILEGE_USED_FOR_ACCESS =
0x80000000
SE_PRIVILEGE_VALID_ATTRIBUTES =
SE_PRIVILEGE_ENABLED_BY_DEFAULT |
SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_REMOVED | SE_PRIVILEGE_USED_FOR_ACCESS
SECURITY_DESCRIPTOR_MIN_LENGTH =

Minimum size of a SECURITY_DESCRIPTOR. TODO: this is probably platform dependent. Make it work on 64 bit.

20
ACL_REVISION =

ACL revisions

2
ACL_REVISION_DS =
4
ACL_REVISION1 =
1
ACL_REVISION2 =
2
ACL_REVISION3 =
3
ACL_REVISION4 =
4
MIN_ACL_REVISION =
ACL_REVISION2
MAX_ACL_REVISION =
ACL_REVISION4
MAXDWORD =
0xffffffff
LOGON32_LOGON_INTERACTIVE =

LOGON32 constants for LogonUser

2
LOGON32_LOGON_NETWORK =
3
LOGON32_LOGON_BATCH =
4
LOGON32_LOGON_SERVICE =
5
LOGON32_LOGON_UNLOCK =
7
LOGON32_LOGON_NETWORK_CLEARTEXT =
8
LOGON32_LOGON_NEW_CREDENTIALS =
9
LOGON32_PROVIDER_DEFAULT =
0
LOGON32_PROVIDER_WINNT35 =
1
LOGON32_PROVIDER_WINNT40 =
2
LOGON32_PROVIDER_WINNT50 =
3
POLICY_VIEW_LOCAL_INFORMATION =

LSA access policy

0x00000001
POLICY_VIEW_AUDIT_INFORMATION =
0x00000002
POLICY_GET_PRIVATE_INFORMATION =
0x00000004
POLICY_TRUST_ADMIN =
0x00000008
POLICY_CREATE_ACCOUNT =
0x00000010
POLICY_CREATE_SECRET =
0x00000020
POLICY_CREATE_PRIVILEGE =
0x00000040
POLICY_SET_DEFAULT_QUOTA_LIMITS =
0x00000080
POLICY_SET_AUDIT_REQUIREMENTS =
0x00000100
POLICY_AUDIT_LOG_ADMIN =
0x00000200
POLICY_SERVER_ADMIN =
0x00000400
POLICY_LOOKUP_NAMES =
0x00000800
POLICY_NOTIFICATION =
0x00001000
SE_OBJECT_TYPE =

Win32 API Bindings

enum :SE_OBJECT_TYPE, %i{
     SE_UNKNOWN_OBJECT_TYPE
     SE_FILE_OBJECT
     SE_SERVICE
     SE_PRINTER
     SE_REGISTRY_KEY
     SE_LMSHARE
     SE_KERNEL_OBJECT
     SE_WINDOW_OBJECT
     SE_DS_OBJECT
     SE_DS_OBJECT_ALL
     SE_PROVIDER_DEFINED_OBJECT
     SE_WMIGUID_OBJECT
     SE_REGISTRY_WOW64_32KEY
}
SID_NAME_USE =
enum :SID_NAME_USE, [
     :SidTypeUser, 1,
     :SidTypeGroup,
     :SidTypeDomain,
     :SidTypeAlias,
     :SidTypeWellKnownGroup,
     :SidTypeDeletedAccount,
     :SidTypeInvalid,
     :SidTypeUnknown,
     :SidTypeComputer,
     :SidTypeLabel
]
TOKEN_INFORMATION_CLASS =
enum :TOKEN_INFORMATION_CLASS, [
     :TokenUser, 1,
     :TokenGroups,
     :TokenPrivileges,
     :TokenOwner,
     :TokenPrimaryGroup,
     :TokenDefaultDacl,
     :TokenSource,
     :TokenType,
     :TokenImpersonationLevel,
     :TokenStatistics,
     :TokenRestrictedSids,
     :TokenSessionId,
     :TokenGroupsAndPrivileges,
     :TokenSessionReference,
     :TokenSandBoxInert,
     :TokenAuditPolicy,
     :TokenOrigin,
     :TokenElevationType,
     :TokenLinkedToken,
     :TokenElevation,
     :TokenHasRestrictions,
     :TokenAccessInformation,
     :TokenVirtualizationAllowed,
     :TokenVirtualizationEnabled,
     :TokenIntegrityLevel,
     :TokenUIAccess,
     :TokenMandatoryPolicy,
     :TokenLogonSid,
     :TokenIsAppContainer,
     :TokenCapabilities,
     :TokenAppContainerSid,
     :TokenAppContainerNumber,
     :TokenUserClaimAttributes,
     :TokenDeviceClaimAttributes,
     :TokenRestrictedUserClaimAttributes,
     :TokenRestrictedDeviceClaimAttributes,
     :TokenDeviceGroups,
     :TokenRestrictedDeviceGroups,
     :TokenSecurityAttributes,
     :TokenIsRestricted,
     :MaxTokenInfoClass
]
SECURITY_IMPERSONATION_LEVEL =
enum :SECURITY_IMPERSONATION_LEVEL, %i{
     SecurityAnonymous
     SecurityIdentification
     SecurityImpersonation
     SecurityDelegation
}
ELEVATION_TYPE =
enum :ELEVATION_TYPE, [
    :TokenElevationTypeDefault, 1,
    :TokenElevationTypeFull,
    :TokenElevationTypeLimited
]