diff options
| author | vijaymmali1990 <vijay.mali@msystechnologies.com> | 2019-01-25 05:05:34 -0800 |
|---|---|---|
| committer | vijaymmali1990 <vijay.mali@msystechnologies.com> | 2019-02-11 22:14:47 -0800 |
| commit | dadedcbb748c6ef5fbad4ea0cf3ff486ddeba75e (patch) | |
| tree | d3778986502660ac2328205663029bcb69385797 /lib | |
| parent | ab964df45ad41621a2133a30de113a4cddacaca2 (diff) | |
| download | chef-dadedcbb748c6ef5fbad4ea0cf3ff486ddeba75e.tar.gz | |
Fix for write permissions were not working properly on windows
Signed-off-by: vijaymmali1990 <vijay.mali@msystechnologies.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/chef/file_access_control/windows.rb | 6 | ||||
| -rw-r--r-- | lib/chef/win32/api/security.rb | 11 | ||||
| -rw-r--r-- | lib/chef/win32/security/ace.rb | 6 |
3 files changed, 18 insertions, 5 deletions
diff --git a/lib/chef/file_access_control/windows.rb b/lib/chef/file_access_control/windows.rb index 2c6b69c257..dc0e4444c3 100644 --- a/lib/chef/file_access_control/windows.rb +++ b/lib/chef/file_access_control/windows.rb @@ -90,11 +90,13 @@ class Chef target_acl.each do |target_ace| if target_ace.flags & INHERIT_ONLY_ACE == 0 self_ace = target_ace.dup - self_ace.flags = 0 + if target_ace.mask != Chef::ReservedNames::Win32::API::Security::WRITE_CONTROL + self_ace.flags = 0 + end self_ace.mask = securable_object.predict_rights_mask(target_ace.mask) new_target_acl << self_ace end - if target_ace.flags & (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE) != 0 + if target_ace.mask != Chef::ReservedNames::Win32::API::Security::WRITE_CONTROL && target_ace.flags & (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE) != 0 children_ace = target_ace.dup children_ace.flags |= INHERIT_ONLY_ACE new_target_acl << children_ace diff --git a/lib/chef/win32/api/security.rb b/lib/chef/win32/api/security.rb index 277e85a26b..0cb63c6a30 100644 --- a/lib/chef/win32/api/security.rb +++ b/lib/chef/win32/api/security.rb @@ -115,6 +115,7 @@ class Chef STANDARD_RIGHTS_EXECUTE = READ_CONTROL STANDARD_RIGHTS_ALL = 0x001F0000 SPECIFIC_RIGHTS_ALL = 0x0000FFFF + # Access System Security Right ACCESS_SYSTEM_SECURITY = 0x01000000 # File/Directory Specific Rights @@ -138,8 +139,14 @@ class Chef FILE_GENERIC_READ = STANDARD_RIGHTS_READ | FILE_READ_DATA | FILE_READ_ATTRIBUTES | FILE_READ_EA | SYNCHRONIZE - FILE_GENERIC_WRITE = STANDARD_RIGHTS_WRITE | FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA | SYNCHRONIZE - FILE_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE | FILE_READ_ATTRIBUTES | FILE_EXECUTE | SYNCHRONIZE + FILE_GENERIC_WRITE = STANDARD_RIGHTS_WRITE | + FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | + FILE_WRITE_EA | FILE_APPEND_DATA | + SYNCHRONIZE + WRITE_CONTROL = FILE_WRITE_DATA | FILE_APPEND_DATA | + FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES + FILE_GENERIC_EXECUTE = STANDARD_RIGHTS_EXECUTE | FILE_READ_ATTRIBUTES | + FILE_EXECUTE | SYNCHRONIZE # Access Token Rights (for OpenProcessToken) # Access Rights for Access-Token Objects (used in OpenProcessToken) TOKEN_ASSIGN_PRIMARY = 0x0001 diff --git a/lib/chef/win32/security/ace.rb b/lib/chef/win32/security/ace.rb index d593513983..e55bdd4e81 100644 --- a/lib/chef/win32/security/ace.rb +++ b/lib/chef/win32/security/ace.rb @@ -113,7 +113,11 @@ class Chef struct[:AceType] = type struct[:AceFlags] = flags struct[:AceSize] = size_needed - struct[:Mask] = mask + if mask == Chef::ReservedNames::Win32::API::Security::GENERIC_WRITE || mask == Chef::ReservedNames::Win32::API::Security::WRITE_CONTROL + struct[:Mask] = Chef::ReservedNames::Win32::API::Security::WRITE_CONTROL + else + struct[:Mask] = mask + end Chef::ReservedNames::Win32::Memory.memcpy(struct.pointer + struct.offset_of(:SidStart), sid.pointer, sid.size) ACE.new(struct.pointer) end |