(PUP-839) FFI Security.set_security_descriptor
7152effafe64Unpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

(PUP-839) FFI Security.set_security_descriptor

Previously SetSecurityDescriptor was using a reference to the API definition in windows/security, but has now been replaced with FFI.
Define the SE_OBJECT_TYPE enum to be passed to SetSecurityInfo
Rather than hardcoding the buffer size for the DACL to 1024, provide a calculation to determine the maximum size up-front based on the number of ACEs in the security descriptor. This will at least guarantee that the memory buffer is never too small, which could have been an issue with the existing code. Note that a more correct method would be to translate each SID in the DACL up-front to a sid_ptr, and to tally up the size of the SIDs.
Since only ACCESS_DENIED_ACE and ACCESS_ALLOWED_ACE are added to the DACL, use that struct size in the calculation by referring to number of bytes leading up to the :SidStart member of the GENERIC_ACCESS_ACE struct.

Provenance

Ethan J. Brown <Iristyle@github>	Authored on
vanmeeuwen	Pushed on Jun 2 2015, 2:22 PM

Parents

rPU46ea75f11e59: (PUP-839) Windows::Security Constants

Branches

Unknown

Tags

Unknown

Ethan J. Brown <Iristyle@github> committed rPU7152effafe64: (PUP-839) FFI Security.set_security_descriptor (authored by Ethan J. Brown <Iristyle@github>).Jun 19 2014, 11:32 PM

Path

Size

lib/

puppet/

util/

windows/