diff options
| author | Jay Mundrawala <jdmundrawala@gmail.com> | 2015-02-11 16:14:29 -0800 |
|---|---|---|
| committer | Bryan McLellan <btm@opscode.com> | 2015-02-17 09:24:45 -0500 |
| commit | a12fc1e1883d5fc5a2534cac87a748fc5ec82046 (patch) | |
| tree | 25400b6f058cb2d75862def6fc6a3ec20e2f512b /lib | |
| parent | fcf2f9dd983ff5b1f8cc2dbea40050765ac5a923 (diff) | |
| download | chef-a12fc1e1883d5fc5a2534cac87a748fc5ec82046.tar.gz | |
Added AccessCheck
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/chef/win32/api/security.rb | 1 | ||||
| -rw-r--r-- | lib/chef/win32/security.rb | 28 |
2 files changed, 29 insertions, 0 deletions
diff --git a/lib/chef/win32/api/security.rb b/lib/chef/win32/api/security.rb index 3e789bbd87..229f2ace10 100644 --- a/lib/chef/win32/api/security.rb +++ b/lib/chef/win32/api/security.rb @@ -361,6 +361,7 @@ class Chef ffi_lib "advapi32" + safe_attach_function :AccessCheck, [:pointer, :HANDLE, :DWORD, :pointer, :pointer, :pointer, :pointer, :pointer], :BOOL safe_attach_function :AddAce, [ :pointer, :DWORD, :DWORD, :LPVOID, :DWORD ], :BOOL safe_attach_function :AddAccessAllowedAce, [ :pointer, :DWORD, :DWORD, :pointer ], :BOOL safe_attach_function :AddAccessAllowedAceEx, [ :pointer, :DWORD, :DWORD, :DWORD, :pointer ], :BOOL diff --git a/lib/chef/win32/security.rb b/lib/chef/win32/security.rb index 61f71256e8..3902d8caaf 100644 --- a/lib/chef/win32/security.rb +++ b/lib/chef/win32/security.rb @@ -32,6 +32,34 @@ class Chef extend Chef::ReservedNames::Win32::API::Security extend Chef::ReservedNames::Win32::API::Macros + def self.access_check(security_descriptor, token, desired_access, generic_mapping) + token_handle = token.handle.handle + security_descriptor_ptr = security_descriptor.pointer + + rights_ptr = FFI::MemoryPointer.new(:ulong) + rights_ptr.write_ulong(desired_access) + + # This function takes care of calling MapGenericMask, so you don't have to + MapGenericMask(rights_ptr, generic_mapping) + + result_ptr = FFI::MemoryPointer.new(:ulong) + + # Because optional actually means required + privileges = PRIVILEGE_SET.new + privileges[:PrivilegeCount] = 0 + privileges_length_ptr = FFI::MemoryPointer.new(:ulong) + privileges_length_ptr.write_ulong(privileges.size) + + granted_access_ptr = FFI::MemoryPointer.new(:ulong) + + unless AccessCheck(security_descriptor_ptr, token_handle, rights_ptr.read_ulong, + generic_mapping, privileges, privileges_length_ptr, granted_access_ptr, + result_ptr) + Chef::ReservedNames::Win32::Error.raise! + end + result_ptr.read_ulong == 1 + end + def self.add_ace(acl, ace, insert_position = MAXDWORD, revision = ACL_REVISION) acl = acl.pointer if acl.respond_to?(:pointer) ace = ace.pointer if ace.respond_to?(:pointer) |