diff options
author | vijaymmali1990 <vijay.mali@msystechnologies.com> | 2019-01-28 05:23:54 -0800 |
---|---|---|
committer | vijaymmali1990 <vijay.mali@msystechnologies.com> | 2019-02-11 22:14:47 -0800 |
commit | 080c4a435af9192bcb46d7ff14840e62ab3911a4 (patch) | |
tree | 72ea1ab40090cea346965695abb9ea2de7ef2aea | |
parent | dadedcbb748c6ef5fbad4ea0cf3ff486ddeba75e (diff) | |
download | chef-080c4a435af9192bcb46d7ff14840e62ab3911a4.tar.gz |
Minor fixes as per the review comments
- Using proper verbiage for constant WRITE
- Source
https://docs.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights?view=netframework-4.7.2#fields
- Straight away using constants instead of it's fully qualified path
- Minor DRY up and Fixes
- Fixed functional test cases
- Ensured chefstyle
Signed-off-by: vijaymmali1990 <vijay.mali@msystechnologies.com>
-rw-r--r-- | lib/chef/file_access_control/windows.rb | 6 | ||||
-rw-r--r-- | lib/chef/win32/api/security.rb | 11 | ||||
-rw-r--r-- | lib/chef/win32/security/ace.rb | 6 | ||||
-rw-r--r-- | spec/support/shared/functional/securable_resource.rb | 2 |
4 files changed, 7 insertions, 18 deletions
diff --git a/lib/chef/file_access_control/windows.rb b/lib/chef/file_access_control/windows.rb index dc0e4444c3..6937912849 100644 --- a/lib/chef/file_access_control/windows.rb +++ b/lib/chef/file_access_control/windows.rb @@ -90,13 +90,11 @@ class Chef target_acl.each do |target_ace| if target_ace.flags & INHERIT_ONLY_ACE == 0 self_ace = target_ace.dup - if target_ace.mask != Chef::ReservedNames::Win32::API::Security::WRITE_CONTROL - self_ace.flags = 0 - end + self_ace.flags = 0 unless target_ace.mask == Chef::ReservedNames::Win32::API::Security::WRITE self_ace.mask = securable_object.predict_rights_mask(target_ace.mask) new_target_acl << self_ace end - if target_ace.mask != Chef::ReservedNames::Win32::API::Security::WRITE_CONTROL && target_ace.flags & (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE) != 0 + if target_ace.mask != Chef::ReservedNames::Win32::API::Security::WRITE && target_ace.flags & (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE) != 0 children_ace = target_ace.dup children_ace.flags |= INHERIT_ONLY_ACE new_target_acl << children_ace diff --git a/lib/chef/win32/api/security.rb b/lib/chef/win32/api/security.rb index 0cb63c6a30..bac4ab5450 100644 --- a/lib/chef/win32/api/security.rb +++ b/lib/chef/win32/api/security.rb @@ -139,14 +139,9 @@ class Chef FILE_GENERIC_READ = STANDARD_RIGHTS_READ | FILE_READ_DATA | FILE_READ_ATTRIBUTES | FILE_READ_EA | SYNCHRONIZE - FILE_GENERIC_WRITE = STANDARD_RIGHTS_WRITE | - FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | - FILE_WRITE_EA | FILE_APPEND_DATA | - SYNCHRONIZE - WRITE_CONTROL = FILE_WRITE_DATA | FILE_APPEND_DATA | - FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES - FILE_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE | FILE_READ_ATTRIBUTES | - FILE_EXECUTE | SYNCHRONIZE + FILE_GENERIC_WRITE = STANDARD_RIGHTS_WRITE | FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA | SYNCHRONIZE + FILE_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE | FILE_READ_ATTRIBUTES | FILE_EXECUTE | SYNCHRONIZE + WRITE = FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA # Access Token Rights (for OpenProcessToken) # Access Rights for Access-Token Objects (used in OpenProcessToken) TOKEN_ASSIGN_PRIMARY = 0x0001 diff --git a/lib/chef/win32/security/ace.rb b/lib/chef/win32/security/ace.rb index e55bdd4e81..ba81c44269 100644 --- a/lib/chef/win32/security/ace.rb +++ b/lib/chef/win32/security/ace.rb @@ -113,11 +113,7 @@ class Chef struct[:AceType] = type struct[:AceFlags] = flags struct[:AceSize] = size_needed - if mask == Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE || mask == Chef::ReservedNames::Win32::API::Security::WRITE_CONTROL - struct[:Mask] = Chef::ReservedNames::Win32::API::Security::WRITE_CONTROL - else - struct[:Mask] = mask - end + struct[:Mask] = mask == Security::GENERIC_WRITE ? Security::WRITE : mask Chef::ReservedNames::Win32::Memory.memcpy(struct.pointer + struct.offset_of(:SidStart), sid.pointer, sid.size) ACE.new(struct.pointer) end diff --git a/spec/support/shared/functional/securable_resource.rb b/spec/support/shared/functional/securable_resource.rb index 2abae030c2..d9a2110543 100644 --- a/spec/support/shared/functional/securable_resource.rb +++ b/spec/support/shared/functional/securable_resource.rb @@ -118,7 +118,7 @@ shared_context "use Windows permissions", :windows_only do let(:expected_write_perms) do { generic: Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE, - specific: Chef::ReservedNames::Win32::API::Security::FILE_GENERIC_WRITE, + specific: Chef::ReservedNames::Win32::API::Security::WRITE, } end |