Class: Puppet::Util::Windows::SID::Principal
- Extended by:
- FFI::Library
- Defined in:
- lib/puppet/util/windows.rb,
lib/puppet/util/windows/principal.rb
Constant Summary collapse
- MAXIMUM_SID_BYTE_LENGTH =
8 + max sub identifiers (15) * 4
68- ERROR_INSUFFICIENT_BUFFER =
122- SID_NAME_USE =
enum( :SidTypeUser, 1, :SidTypeGroup, 2, :SidTypeDomain, 3, :SidTypeAlias, 4, :SidTypeWellKnownGroup, 5, :SidTypeDeletedAccount, 6, :SidTypeInvalid, 7, :SidTypeUnknown, 8, :SidTypeComputer, 9, :SidTypeLabel, 10 )
Instance Attribute Summary collapse
- #account ⇒ Object readonly
- #account_type ⇒ Object readonly
- #domain ⇒ Object readonly
- #domain_account ⇒ Object readonly
- #sid ⇒ Object readonly
- #sid_bytes ⇒ Object readonly
Class Method Summary collapse
- .lookup_account_name(system_name = nil, account_name) ⇒ Object
- .lookup_account_sid(system_name = nil, sid_bytes) ⇒ Object
Instance Method Summary collapse
-
#==(compare) ⇒ Object
added for backward compatibility.
-
#initialize(account, sid_bytes, sid, domain, account_type) ⇒ Principal
constructor
A new instance of Principal.
-
#to_s ⇒ Object
added for backward compatibility.
Methods included from FFI::Library
Constructor Details
#initialize(account, sid_bytes, sid, domain, account_type) ⇒ Principal
Returns a new instance of Principal.
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/puppet/util/windows/principal.rb', line 8 def initialize(account, sid_bytes, sid, domain, account_type) # This is only ever called from lookup_account_sid which has already # removed the potential for passing in an account like host\user @account = account @sid_bytes = sid_bytes @sid = sid @domain = domain @account_type = account_type # When domain is available and it is a Domain principal, use domain only # otherwise if domain is available then combine it with parsed account # otherwise when the domain is not available, use the account value directly # WinNT naming standard https://msdn.microsoft.com/en-us/library/windows/desktop/aa746534(v=vs.85).aspx if (domain && !domain.empty? && @account_type == :SidTypeDomain) @domain_account = @domain elsif (domain && !domain.empty?) @domain_account = "#{domain}\\#{@account}" else @domain_account = account end end |
Instance Attribute Details
#account ⇒ Object (readonly)
6 7 8 |
# File 'lib/puppet/util/windows/principal.rb', line 6 def account @account end |
#account_type ⇒ Object (readonly)
6 7 8 |
# File 'lib/puppet/util/windows/principal.rb', line 6 def account_type @account_type end |
#domain ⇒ Object (readonly)
6 7 8 |
# File 'lib/puppet/util/windows/principal.rb', line 6 def domain @domain end |
#domain_account ⇒ Object (readonly)
6 7 8 |
# File 'lib/puppet/util/windows/principal.rb', line 6 def domain_account @domain_account end |
#sid ⇒ Object (readonly)
6 7 8 |
# File 'lib/puppet/util/windows/principal.rb', line 6 def sid @sid end |
#sid_bytes ⇒ Object (readonly)
6 7 8 |
# File 'lib/puppet/util/windows/principal.rb', line 6 def sid_bytes @sid_bytes end |
Class Method Details
.lookup_account_name(system_name = nil, account_name) ⇒ Object
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
# File 'lib/puppet/util/windows/principal.rb', line 45 def self.lookup_account_name(system_name = nil, account_name) system_name_ptr = FFI::Pointer::NULL begin if system_name system_name_wide = Puppet::Util::Windows::String.wide_string(system_name) # uchar here is synonymous with byte system_name_ptr = FFI::MemoryPointer.new(:byte, system_name_wide.bytesize) system_name_ptr.put_array_of_uchar(0, system_name_wide.bytes.to_a) end FFI::MemoryPointer.from_string_to_wide_string(account_name) do |account_name_ptr| FFI::MemoryPointer.new(:byte, MAXIMUM_SID_BYTE_LENGTH) do |sid_ptr| FFI::MemoryPointer.new(:dword, 1) do |sid_length_ptr| FFI::MemoryPointer.new(:dword, 1) do |domain_length_ptr| FFI::MemoryPointer.new(:uint32, 1) do |name_use_enum_ptr| sid_length_ptr.write_dword(MAXIMUM_SID_BYTE_LENGTH) success = LookupAccountNameW(system_name_ptr, account_name_ptr, sid_ptr, sid_length_ptr, FFI::Pointer::NULL, domain_length_ptr, name_use_enum_ptr) last_error = FFI.errno if (success == FFI::WIN32_FALSE && last_error != ERROR_INSUFFICIENT_BUFFER) raise Puppet::Util::Windows::Error.new('Failed to call LookupAccountNameW', last_error) end FFI::MemoryPointer.new(:lpwstr, domain_length_ptr.read_dword) do |domain_ptr| if LookupAccountNameW(system_name_ptr, account_name_ptr, sid_ptr, sid_length_ptr, domain_ptr, domain_length_ptr, name_use_enum_ptr) == FFI::WIN32_FALSE raise Puppet::Util::Windows::Error.new('Failed to call LookupAccountNameW') end # with a SID returned, loop back through lookup_account_sid to retrieve official name # necessary when accounts like . or '' are passed in return lookup_account_sid( system_name, sid_ptr.read_bytes(sid_length_ptr.read_dword).unpack('C*')) end end end end end end ensure system_name_ptr.free if system_name_ptr != FFI::Pointer::NULL end end |
.lookup_account_sid(system_name = nil, sid_bytes) ⇒ Object
93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
# File 'lib/puppet/util/windows/principal.rb', line 93 def self.lookup_account_sid(system_name = nil, sid_bytes) system_name_ptr = FFI::Pointer::NULL if (sid_bytes.nil? || (!sid_bytes.is_a? Array) || (sid_bytes.length == 0)) raise Puppet::Util::Windows::Error.new('Byte array for lookup_account_sid must not be nil and must be at least 1 byte long') end begin if system_name system_name_wide = Puppet::Util::Windows::String.wide_string(system_name) # uchar here is synonymous with byte system_name_ptr = FFI::MemoryPointer.new(:byte, system_name_wide.bytesize) system_name_ptr.put_array_of_uchar(0, system_name_wide.bytes.to_a) end FFI::MemoryPointer.new(:byte, sid_bytes.length) do |sid_ptr| FFI::MemoryPointer.new(:dword, 1) do |name_length_ptr| FFI::MemoryPointer.new(:dword, 1) do |domain_length_ptr| FFI::MemoryPointer.new(:uint32, 1) do |name_use_enum_ptr| sid_ptr.write_array_of_uchar(sid_bytes) success = LookupAccountSidW(system_name_ptr, sid_ptr, FFI::Pointer::NULL, name_length_ptr, FFI::Pointer::NULL, domain_length_ptr, name_use_enum_ptr) last_error = FFI.errno if (success == FFI::WIN32_FALSE && last_error != ERROR_INSUFFICIENT_BUFFER) raise Puppet::Util::Windows::Error.new('Failed to call LookupAccountSidW', last_error) end FFI::MemoryPointer.new(:lpwstr, name_length_ptr.read_dword) do |name_ptr| FFI::MemoryPointer.new(:lpwstr, domain_length_ptr.read_dword) do |domain_ptr| if LookupAccountSidW(system_name_ptr, sid_ptr, name_ptr, name_length_ptr, domain_ptr, domain_length_ptr, name_use_enum_ptr) == FFI::WIN32_FALSE raise Puppet::Util::Windows::Error.new('Failed to call LookupAccountSidW') end return new( name_ptr.read_wide_string(name_length_ptr.read_dword), sid_bytes, Puppet::Util::Windows::SID.sid_ptr_to_string(sid_ptr), domain_ptr.read_wide_string(domain_length_ptr.read_dword), SID_NAME_USE[name_use_enum_ptr.read_uint32]) end end end end end end ensure system_name_ptr.free if system_name_ptr != FFI::Pointer::NULL end end |
Instance Method Details
#==(compare) ⇒ Object
added for backward compatibility
30 31 32 33 |
# File 'lib/puppet/util/windows/principal.rb', line 30 def ==(compare) compare.is_a?(Puppet::Util::Windows::SID::Principal) && @sid_bytes == compare.sid_bytes end |
#to_s ⇒ Object
added for backward compatibility
36 37 38 |
# File 'lib/puppet/util/windows/principal.rb', line 36 def to_s @sid end |