Added AccessCheck

author: Jay Mundrawala <jdmundrawala@gmail.com> 2015-02-11 16:14:29 -0800
committer: Bryan McLellan <btm@opscode.com> 2015-02-17 09:24:45 -0500
commit: a12fc1e1883d5fc5a2534cac87a748fc5ec82046 (patch)
tree: 25400b6f058cb2d75862def6fc6a3ec20e2f512b /lib/chef/win32/security.rb
parent: fcf2f9dd983ff5b1f8cc2dbea40050765ac5a923 (diff)
download: chef-a12fc1e1883d5fc5a2534cac87a748fc5ec82046.tar.gz
1 files changed, 28 insertions, 0 deletions
diff --git a/lib/chef/win32/security.rb b/lib/chef/win32/security.rb
index 61f71256e8..3902d8caaf 100644
--- a/lib/chef/win32/security.rb
+++ b/lib/chef/win32/security.rb
@@ -32,6 +32,34 @@ class Chef
       extend Chef::ReservedNames::Win32::API::Security
       extend Chef::ReservedNames::Win32::API::Macros
 
+      def self.access_check(security_descriptor, token, desired_access, generic_mapping)
+        token_handle = token.handle.handle
+        security_descriptor_ptr = security_descriptor.pointer
+
+        rights_ptr = FFI::MemoryPointer.new(:ulong)
+        rights_ptr.write_ulong(desired_access)
+
+        # This function takes care of calling MapGenericMask, so you don't have to
+        MapGenericMask(rights_ptr, generic_mapping)
+
+        result_ptr = FFI::MemoryPointer.new(:ulong)
+
+        # Because optional actually means required
+        privileges = PRIVILEGE_SET.new
+        privileges[:PrivilegeCount] = 0
+        privileges_length_ptr = FFI::MemoryPointer.new(:ulong)
+        privileges_length_ptr.write_ulong(privileges.size)
+
+        granted_access_ptr = FFI::MemoryPointer.new(:ulong)
+
+        unless AccessCheck(security_descriptor_ptr, token_handle, rights_ptr.read_ulong,
+                           generic_mapping, privileges, privileges_length_ptr, granted_access_ptr,
+                           result_ptr)
+          Chef::ReservedNames::Win32::Error.raise!
+        end
+        result_ptr.read_ulong == 1
+      end
+
       def self.add_ace(acl, ace, insert_position = MAXDWORD, revision = ACL_REVISION)
         acl = acl.pointer if acl.respond_to?(:pointer)
         ace = ace.pointer if ace.respond_to?(:pointer)
author	Jay Mundrawala <jdmundrawala@gmail.com>	2015-02-11 16:14:29 -0800
committer	Bryan McLellan <btm@opscode.com>	2015-02-17 09:24:45 -0500
commit	a12fc1e1883d5fc5a2534cac87a748fc5ec82046 (patch)
tree	25400b6f058cb2d75862def6fc6a3ec20e2f512b /lib/chef/win32/security.rb
parent	fcf2f9dd983ff5b1f8cc2dbea40050765ac5a923 (diff)
download	chef-a12fc1e1883d5fc5a2534cac87a748fc5ec82046.tar.gz