class Puppet::Util::Windows::AccessControlList

Windows Access Control List

Represents a list of access control entries (ACEs).

@see msdn.microsoft.com/en-us/library/windows/desktop/aa374872(v=vs.85).aspx @api private

Constants

ACCESS_ALLOWED_ACE_TYPE
ACCESS_DENIED_ACE_TYPE

Public Class Methods

new(acl = nil) click to toggle source

Construct an ACL.

@param acl [Enumerable] A list of aces to copy from.

   # File lib/puppet/util/windows/access_control_list.rb
16 def initialize(acl = nil)
17   if acl
18     @aces = acl.map(&:dup)
19   else
20     @aces = []
21   end
22 end

Public Instance Methods

==(other) click to toggle source
    # File lib/puppet/util/windows/access_control_list.rb
107 def ==(other)
108   self.class == other.class &&
109     self.to_a == other.to_a
110 end
Also aliased as: eql?
allow(sid, mask, flags = 0) click to toggle source

Allow the sid to access a resource with the specified access mask.

@param sid [String] The SID that the ACE is granting access to @param mask [int] The access mask granted to the SID @param flags [int] The flags assigned to the ACE, e.g. INHERIT_ONLY_ACE

   # File lib/puppet/util/windows/access_control_list.rb
36 def allow(sid, mask, flags = 0)
37   @aces << Puppet::Util::Windows::AccessControlEntry.new(sid, mask, flags, ACCESS_ALLOWED_ACE_TYPE)
38 end
deny(sid, mask, flags = 0) click to toggle source

Deny the sid access to a resource with the specified access mask.

@param sid [String] The SID that the ACE is denying access to @param mask [int] The access mask denied to the SID @param flags [int] The flags assigned to the ACE, e.g. INHERIT_ONLY_ACE

   # File lib/puppet/util/windows/access_control_list.rb
45 def deny(sid, mask, flags = 0)
46   @aces << Puppet::Util::Windows::AccessControlEntry.new(sid, mask, flags, ACCESS_DENIED_ACE_TYPE)
47 end
each() { |ace| ... } click to toggle source

Enumerate each ACE in the list.

@yieldparam ace [Hash] the ace

   # File lib/puppet/util/windows/access_control_list.rb
27 def each
28   @aces.each {|ace| yield ace}
29 end
eql?(other)
Alias for: ==
inspect() click to toggle source
    # File lib/puppet/util/windows/access_control_list.rb
 99 def inspect
100   str = ""
101   @aces.each do |ace|
102     str << "  #{ace.inspect}\n"
103   end
104   str
105 end
reassign!(old_sid, new_sid) click to toggle source

Reassign all ACEs currently assigned to old_sid to new_sid instead. If an ACE is inherited or is not assigned to old_sid, then it will be copied as-is to the new ACL, preserving its order within the ACL.

@param old_sid [String] The old SID, e.g. 'S-1-5-18' @param new_sid [String] The new SID @return [AccessControlList] The copied ACL.

   # File lib/puppet/util/windows/access_control_list.rb
56 def reassign!(old_sid, new_sid)
57   new_aces = []
58   prepend_needed = false
59   aces_to_prepend = []
60 
61   @aces.each do |ace|
62     new_ace = ace.dup
63 
64     if ace.sid == old_sid
65       if ace.inherited?
66         # create an explicit ACE granting or denying the
67         # new_sid the rights that the inherited ACE
68         # granted or denied the old_sid. We mask off all
69         # flags except those affecting inheritance of the
70         # ACE we're creating.
71         inherit_mask = Puppet::Util::Windows::AccessControlEntry::CONTAINER_INHERIT_ACE |
72           Puppet::Util::Windows::AccessControlEntry::OBJECT_INHERIT_ACE |
73           Puppet::Util::Windows::AccessControlEntry::INHERIT_ONLY_ACE
74         explicit_ace = Puppet::Util::Windows::AccessControlEntry.new(new_sid, ace.mask, ace.flags & inherit_mask, ace.type)
75         aces_to_prepend << explicit_ace
76       else
77         new_ace.sid = new_sid
78 
79         prepend_needed = old_sid == Puppet::Util::Windows::SID::LocalSystem
80       end
81     end
82     new_aces << new_ace
83   end
84 
85   @aces = []
86 
87   if prepend_needed
88     mask = Puppet::Util::Windows::File::STANDARD_RIGHTS_ALL | Puppet::Util::Windows::File::SPECIFIC_RIGHTS_ALL
89     ace = Puppet::Util::Windows::AccessControlEntry.new(
90             Puppet::Util::Windows::SID::LocalSystem,
91             mask)
92     @aces << ace
93   end
94 
95   @aces.concat(aces_to_prepend)
96   @aces.concat(new_aces)
97 end