Module: Chef::ReservedNames::Win32::API::Security
- Extended by:
- Chef::ReservedNames::Win32::API
- Included in:
- FileAccessControl::Windows, File, Security, Security
- Defined in:
- lib/chef/win32/api/security.rb
Defined Under Namespace
Classes: ACE_HEADER, ACE_WITH_MASK_AND_SID, ACLStruct, GENERIC_MAPPING, LSA_ENUMERATION_INFORMATION, LSA_OBJECT_ATTRIBUTES, LSA_UNICODE_STRING, LUID, LUID_AND_ATTRIBUTES, PRIVILEGE_SET, TOKEN_ELEVATION_TYPE, TOKEN_OWNER, TOKEN_PRIMARY_GROUP, TOKEN_PRIVILEGES
Constant Summary collapse
- ACCESS_MIN_MS_ACE_TYPE =
ACE_HEADER AceType
0x0
- ACCESS_ALLOWED_ACE_TYPE =
0x0
- ACCESS_DENIED_ACE_TYPE =
0x1
- SYSTEM_AUDIT_ACE_TYPE =
0x2
- SYSTEM_ALARM_ACE_TYPE =
0x3
- ACCESS_MAX_MS_V2_ACE_TYPE =
0x3
- ACCESS_ALLOWED_COMPOUND_ACE_TYPE =
0x4
- ACCESS_MAX_MS_V3_ACE_TYPE =
0x4
- ACCESS_MIN_MS_OBJECT_ACE_TYPE =
0x5
- ACCESS_ALLOWED_OBJECT_ACE_TYPE =
0x5
- ACCESS_DENIED_OBJECT_ACE_TYPE =
0x6
- SYSTEM_AUDIT_OBJECT_ACE_TYPE =
0x7
- SYSTEM_ALARM_OBJECT_ACE_TYPE =
0x8
- ACCESS_MAX_MS_OBJECT_ACE_TYPE =
0x8
- ACCESS_MAX_MS_V4_ACE_TYPE =
0x8
- ACCESS_MAX_MS_ACE_TYPE =
0x8
- ACCESS_ALLOWED_CALLBACK_ACE_TYPE =
0x9
- ACCESS_DENIED_CALLBACK_ACE_TYPE =
0xA
- ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE =
0xB
- ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE =
0xC
- SYSTEM_AUDIT_CALLBACK_ACE_TYPE =
0xD
- SYSTEM_ALARM_CALLBACK_ACE_TYPE =
0xE
- SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE =
0xF
- SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE =
0x10
- SYSTEM_MANDATORY_LABEL_ACE_TYPE =
0x11
- ACCESS_MAX_MS_V5_ACE_TYPE =
0x11
- OBJECT_INHERIT_ACE =
ACE_HEADER AceFlags
0x1
- CONTAINER_INHERIT_ACE =
0x2
- NO_PROPAGATE_INHERIT_ACE =
0x4
- INHERIT_ONLY_ACE =
0x8
- INHERITED_ACE =
0x10
- VALID_INHERIT_FLAGS =
0x1F
- SUCCESSFUL_ACCESS_ACE_FLAG =
0x40
- FAILED_ACCESS_ACE_FLAG =
0x80
- OWNER_SECURITY_INFORMATION =
SECURITY_INFORMATION flags (DWORD)
0x01
- GROUP_SECURITY_INFORMATION =
0x02
- DACL_SECURITY_INFORMATION =
0x04
- SACL_SECURITY_INFORMATION =
0x08
- LABEL_SECURITY_INFORMATION =
0x10
- UNPROTECTED_SACL_SECURITY_INFORMATION =
0x10000000
- UNPROTECTED_DACL_SECURITY_INFORMATION =
0x20000000
- PROTECTED_SACL_SECURITY_INFORMATION =
0x40000000
- PROTECTED_DACL_SECURITY_INFORMATION =
0x80000000
- SECURITY_DESCRIPTOR_REVISION =
SECURITY_DESCRIPTOR_REVISION
1
- SECURITY_DESCRIPTOR_REVISION1 =
1
- SE_OWNER_DEFAULTED =
SECURITY_DESCRIPTOR_CONTROL
0x0001
- SE_GROUP_DEFAULTED =
0x0002
- SE_DACL_PRESENT =
0x0004
- SE_DACL_DEFAULTED =
0x0008
- SE_SACL_PRESENT =
0x0010
- SE_SACL_DEFAULTED =
0x0020
- SE_DACL_AUTO_INHERIT_REQ =
0x0100
- SE_SACL_AUTO_INHERIT_REQ =
0x0200
- SE_DACL_AUTO_INHERITED =
0x0400
- SE_SACL_AUTO_INHERITED =
0x0800
- SE_DACL_PROTECTED =
0x1000
- SE_SACL_PROTECTED =
0x2000
- SE_RM_CONTROL_VALID =
0x4000
- SE_SELF_RELATIVE =
0x8000
- GENERIC_READ =
ACCESS_RIGHTS_MASK Generic Access Rights
0x80000000
- GENERIC_WRITE =
0x40000000
- GENERIC_EXECUTE =
0x20000000
- GENERIC_ALL =
0x10000000
- DELETE =
Standard Access Rights
0x00010000
- READ_CONTROL =
0x00020000
- WRITE_DAC =
0x00040000
- WRITE_OWNER =
0x00080000
- SYNCHRONIZE =
0x00100000
- STANDARD_RIGHTS_REQUIRED =
0x000F0000
- STANDARD_RIGHTS_READ =
READ_CONTROL
- STANDARD_RIGHTS_WRITE =
READ_CONTROL
- STANDARD_RIGHTS_EXECUTE =
READ_CONTROL
- STANDARD_RIGHTS_ALL =
0x001F0000
- SPECIFIC_RIGHTS_ALL =
0x0000FFFF
- ACCESS_SYSTEM_SECURITY =
Access System Security Right
0x01000000
- FILE_READ_DATA =
File/Directory Specific Rights
0x0001
- FILE_LIST_DIRECTORY =
0x0001
- FILE_WRITE_DATA =
0x0002
- FILE_ADD_FILE =
0x0002
- FILE_APPEND_DATA =
0x0004
- FILE_ADD_SUBDIRECTORY =
0x0004
- FILE_CREATE_PIPE_INSTANCE =
0x0004
- FILE_READ_EA =
0x0008
- FILE_WRITE_EA =
0x0010
- FILE_EXECUTE =
0x0020
- FILE_TRAVERSE =
0x0020
- FILE_DELETE_CHILD =
0x0040
- FILE_READ_ATTRIBUTES =
0x0080
- FILE_WRITE_ATTRIBUTES =
0x0100
- FILE_ALL_ACCESS =
STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF
- FILE_GENERIC_READ =
STANDARD_RIGHTS_READ | FILE_READ_DATA | FILE_READ_ATTRIBUTES | FILE_READ_EA | SYNCHRONIZE
- FILE_GENERIC_WRITE =
STANDARD_RIGHTS_WRITE | FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA | SYNCHRONIZE
- FILE_GENERIC_EXECUTE =
STANDARD_RIGHTS_EXECUTE | FILE_READ_ATTRIBUTES | FILE_EXECUTE | SYNCHRONIZE
- WRITE =
FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA
- SUBFOLDERS_AND_FILES_ONLY =
INHERIT_ONLY_ACE | CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE
- TOKEN_ASSIGN_PRIMARY =
Access Token Rights (for OpenProcessToken) Access Rights for Access-Token Objects (used in OpenProcessToken)
0x0001
- TOKEN_DUPLICATE =
0x0002
- TOKEN_IMPERSONATE =
0x0004
- TOKEN_QUERY =
0x0008
- TOKEN_QUERY_SOURCE =
0x0010
- TOKEN_ADJUST_PRIVILEGES =
0x0020
- TOKEN_ADJUST_GROUPS =
0x0040
- TOKEN_ADJUST_DEFAULT =
0x0080
- TOKEN_ADJUST_SESSIONID =
0x0100
- TOKEN_READ =
(STANDARD_RIGHTS_READ | TOKEN_QUERY)
- TOKEN_ALL_ACCESS =
(STANDARD_RIGHTS_REQUIRED | TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_QUERY | TOKEN_QUERY_SOURCE | TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID)
- SE_PRIVILEGE_ENABLED_BY_DEFAULT =
AdjustTokenPrivileges
0x00000001
- SE_PRIVILEGE_ENABLED =
0x00000002
- SE_PRIVILEGE_REMOVED =
0X00000004
- SE_PRIVILEGE_USED_FOR_ACCESS =
0x80000000
- SE_PRIVILEGE_VALID_ATTRIBUTES =
SE_PRIVILEGE_ENABLED_BY_DEFAULT | SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_REMOVED | SE_PRIVILEGE_USED_FOR_ACCESS
- SECURITY_DESCRIPTOR_MIN_LENGTH =
Minimum size of a SECURITY_DESCRIPTOR. TODO: this is probably platform dependent. Make it work on 64 bit.
20
- ACL_REVISION =
ACL revisions
2
- ACL_REVISION_DS =
4
- ACL_REVISION1 =
1
- ACL_REVISION2 =
2
- ACL_REVISION3 =
3
- ACL_REVISION4 =
4
- MIN_ACL_REVISION =
ACL_REVISION2
- MAX_ACL_REVISION =
ACL_REVISION4
- MAXDWORD =
0xffffffff
- LOGON32_LOGON_INTERACTIVE =
LOGON32 constants for LogonUser
2
- LOGON32_LOGON_NETWORK =
3
- LOGON32_LOGON_BATCH =
4
- LOGON32_LOGON_SERVICE =
5
- LOGON32_LOGON_UNLOCK =
7
- LOGON32_LOGON_NETWORK_CLEARTEXT =
8
- LOGON32_LOGON_NEW_CREDENTIALS =
9
- LOGON32_PROVIDER_DEFAULT =
0
- LOGON32_PROVIDER_WINNT35 =
1
- LOGON32_PROVIDER_WINNT40 =
2
- LOGON32_PROVIDER_WINNT50 =
3
- POLICY_VIEW_LOCAL_INFORMATION =
LSA access policy
0x00000001
- POLICY_VIEW_AUDIT_INFORMATION =
0x00000002
- POLICY_GET_PRIVATE_INFORMATION =
0x00000004
- POLICY_TRUST_ADMIN =
0x00000008
- POLICY_CREATE_ACCOUNT =
0x00000010
- POLICY_CREATE_SECRET =
0x00000020
- POLICY_CREATE_PRIVILEGE =
0x00000040
- POLICY_SET_DEFAULT_QUOTA_LIMITS =
0x00000080
- POLICY_SET_AUDIT_REQUIREMENTS =
0x00000100
- POLICY_AUDIT_LOG_ADMIN =
0x00000200
- POLICY_SERVER_ADMIN =
0x00000400
- POLICY_LOOKUP_NAMES =
0x00000800
- POLICY_NOTIFICATION =
0x00001000
- SE_OBJECT_TYPE =
Win32 API Bindings
enum :SE_OBJECT_TYPE, %i{ SE_UNKNOWN_OBJECT_TYPE SE_FILE_OBJECT SE_SERVICE SE_PRINTER SE_REGISTRY_KEY SE_LMSHARE SE_KERNEL_OBJECT SE_WINDOW_OBJECT SE_DS_OBJECT SE_DS_OBJECT_ALL SE_PROVIDER_DEFINED_OBJECT SE_WMIGUID_OBJECT SE_REGISTRY_WOW64_32KEY }
- SID_NAME_USE =
enum :SID_NAME_USE, [ :SidTypeUser, 1, :SidTypeGroup, :SidTypeDomain, :SidTypeAlias, :SidTypeWellKnownGroup, :SidTypeDeletedAccount, :SidTypeInvalid, :SidTypeUnknown, :SidTypeComputer, :SidTypeLabel ]
- TOKEN_INFORMATION_CLASS =
enum :TOKEN_INFORMATION_CLASS, [ :TokenUser, 1, :TokenGroups, :TokenPrivileges, :TokenOwner, :TokenPrimaryGroup, :TokenDefaultDacl, :TokenSource, :TokenType, :TokenImpersonationLevel, :TokenStatistics, :TokenRestrictedSids, :TokenSessionId, :TokenGroupsAndPrivileges, :TokenSessionReference, :TokenSandBoxInert, :TokenAuditPolicy, :TokenOrigin, :TokenElevationType, :TokenLinkedToken, :TokenElevation, :TokenHasRestrictions, :TokenAccessInformation, :TokenVirtualizationAllowed, :TokenVirtualizationEnabled, :TokenIntegrityLevel, :TokenUIAccess, :TokenMandatoryPolicy, :TokenLogonSid, :TokenIsAppContainer, :TokenCapabilities, :TokenAppContainerSid, :TokenAppContainerNumber, :TokenUserClaimAttributes, :TokenDeviceClaimAttributes, :TokenRestrictedUserClaimAttributes, :TokenRestrictedDeviceClaimAttributes, :TokenDeviceGroups, :TokenRestrictedDeviceGroups, :TokenSecurityAttributes, :TokenIsRestricted, :MaxTokenInfoClass ]
- SECURITY_IMPERSONATION_LEVEL =
enum :SECURITY_IMPERSONATION_LEVEL, %i{ SecurityAnonymous SecurityIdentification SecurityImpersonation SecurityDelegation }
- ELEVATION_TYPE =
enum :ELEVATION_TYPE, [ :TokenElevationTypeDefault, 1, :TokenElevationTypeFull, :TokenElevationTypeLimited ]