From 86fbcb043eb99062d836e1da522770724a9ab5a8 Mon Sep 17 00:00:00 2001
From: Lamont Granquist <lamont@opscode.com>
Date: Tue, 16 Apr 2013 18:07:30 -0700
Subject: fully implemented windows mv deployment

---
 lib/chef/provider/file/deploy/mv_windows.rb | 52 +++++++++++++++++++----------
 1 file changed, 34 insertions(+), 18 deletions(-)

(limited to 'lib/chef/provider/file')

diff --git a/lib/chef/provider/file/deploy/mv_windows.rb b/lib/chef/provider/file/deploy/mv_windows.rb
index eec4b79887..12e4696e81 100644
--- a/lib/chef/provider/file/deploy/mv_windows.rb
+++ b/lib/chef/provider/file/deploy/mv_windows.rb
@@ -28,39 +28,55 @@ class Chef
     class File
       class Deploy
         class MvWindows
+
+          Security = Chef::ReservedNames::Win32::Security
+          ACL = Security::ACL
+
           def create(file)
             Chef::Log.debug("touching #{file} to create it")
             FileUtils.touch(file)
           end
 
           ALL_ACLS =
-            Chef::ReservedNames::Win32::Security::OWNER_SECURITY_INFORMATION |
-            Chef::ReservedNames::Win32::Security::GROUP_SECURITY_INFORMATION |
-            Chef::ReservedNames::Win32::Security::DACL_SECURITY_INFORMATION
-            #Chef::ReservedNames::Win32::Security::SACL_SECURITY_INFORMATION
+            Security::OWNER_SECURITY_INFORMATION |
+            Security::GROUP_SECURITY_INFORMATION |
+            Security::DACL_SECURITY_INFORMATION |
+            Security::SACL_SECURITY_INFORMATION
 
           def deploy(src, dst)
-            result = Chef::ReservedNames::Win32::Security.get_named_security_info(dst, :SE_FILE_OBJECT, ALL_ACLS)
+            dst_so = Security::SecurableObject.new(dst)
+
+            # FIXME: catch exception when we can't elevate privs?
+            dst_sd = dst_so.security_descriptor(true)  # get the sd with the SACL
+
+            #result = Security.get_named_security_info(dst, :SE_FILE_OBJECT, ALL_ACLS)
+
+            if dst_sd.dacl_present?
+              apply_dacl = ACL.create(dst_sd.dacl.select { |ace| !ace.inherited? })
+            end
+            if dst_sd.sacl_present?
+              apply_sacl = ACL.create(dst_sd.sacl.select { |ace| !ace.inherited? })
+            end
+
+            Chef::Log.debug("applying owner #{dst_sd.owner} to staged file")
+            Chef::Log.debug("applying group #{dst_sd.group} to staged file")
+            Chef::Log.debug("applying dacl #{dst_sd.dacl} to staged file") if dst_sd.dacl_present?
+            Chef::Log.debug("applying dacl inheritance to staged file") if dst_sd.dacl_inherits?
+            Chef::Log.debug("applying sacl #{dst_sd.sacl} to staged file") if dst_sd.sacl_present?
+            Chef::Log.debug("applying sacl inheritance to staged file") if dst_sd.sacl_inherits?
 
-            Chef::Log.debug("applying owner #{result.owner} to staged file")
-            Chef::Log.debug("applying group #{result.group} to staged file")
-            Chef::Log.debug("applying dacl #{result.dacl} to staged file")
-            Chef::Log.debug("applying dacl inheritance to staged file") if result.dacl_inherits?
+            # FIXME: self_relative?
 
-            # FIXME: SACL
-            # FIXME: inheritance
-            # FIXME: control?
-            # FIXME: filter out inherited DACLs
 
-            so = Chef::ReservedNames::Win32::Security::SecurableObject.new(src)
+            so = Security::SecurableObject.new(src)
 
-            so.set_dacl(result.dacl, result.dacl_inherits?)
+            so.set_dacl(apply_dacl, dst_sd.dacl_inherits?) if dst_sd.dacl_present?
 
-            so.group = result.group
+            so.group = dst_sd.group
 
-            so.owner = result.owner
+            so.owner = dst_sd.owner
 
-            #so.set_sacl(result.sacl, result.sacl_inherits?)
+            so.set_sacl(apply_sacl, dst_sd.sacl_inherits?) if dst_sd.sacl_present?
 
             FileUtils.mv(src, dst)
           end
-- 
cgit v1.2.1