Class: Puppet::Util::Windows::SID::Principal

Inherits:
Object
  • Object
show all
Extended by:
FFI::Library
Defined in:
lib/puppet/util/windows.rb,
lib/puppet/util/windows/principal.rb

Constant Summary collapse

MAXIMUM_SID_BYTE_LENGTH =

8 + max sub identifiers (15) * 4

68
ERROR_INSUFFICIENT_BUFFER =
122
SID_NAME_USE =
enum(
  :SidTypeUser, 1,
  :SidTypeGroup, 2,
  :SidTypeDomain, 3,
  :SidTypeAlias, 4,
  :SidTypeWellKnownGroup, 5,
  :SidTypeDeletedAccount, 6,
  :SidTypeInvalid, 7,
  :SidTypeUnknown, 8,
  :SidTypeComputer, 9,
  :SidTypeLabel, 10
)

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from FFI::Library

attach_function_private

Constructor Details

#initialize(account, sid_bytes, sid, domain, account_type) ⇒ Principal


8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# File 'lib/puppet/util/windows/principal.rb', line 8

def initialize(, sid_bytes, sid, domain, )
  # This is only ever called from lookup_account_sid which has already
  # removed the potential for passing in an account like host\user
  @account = 
  @sid_bytes = sid_bytes
  @sid = sid
  @domain = domain
  @account_type = 
  # When domain is available and it is a Domain principal, use domain only
  #   otherwise if domain is available then combine it with parsed account
  #   otherwise when the domain is not available, use the account value directly
  # WinNT naming standard https://msdn.microsoft.com/en-us/library/windows/desktop/aa746534(v=vs.85).aspx
  if (domain && !domain.empty? && @account_type == :SidTypeDomain)
     = @domain
  elsif (domain && !domain.empty?)
     =  "#{domain}\\#{@account}"
  else
     = 
  end
end

Instance Attribute Details

#accountObject (readonly)

Returns the value of attribute account


6
7
8
# File 'lib/puppet/util/windows/principal.rb', line 6

def 
  @account
end

#account_typeObject (readonly)

Returns the value of attribute account_type


6
7
8
# File 'lib/puppet/util/windows/principal.rb', line 6

def 
  @account_type
end

#domainObject (readonly)

Returns the value of attribute domain


6
7
8
# File 'lib/puppet/util/windows/principal.rb', line 6

def domain
  @domain
end

#domain_accountObject (readonly)

Returns the value of attribute domain_account


6
7
8
# File 'lib/puppet/util/windows/principal.rb', line 6

def 
  
end

#sidObject (readonly)

Returns the value of attribute sid


6
7
8
# File 'lib/puppet/util/windows/principal.rb', line 6

def sid
  @sid
end

#sid_bytesObject (readonly)

Returns the value of attribute sid_bytes


6
7
8
# File 'lib/puppet/util/windows/principal.rb', line 6

def sid_bytes
  @sid_bytes
end

Class Method Details

.lookup_account_name(system_name = nil, account_name) ⇒ Object


46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# File 'lib/puppet/util/windows/principal.rb', line 46

def self.(system_name = nil, )
  system_name_ptr = FFI::Pointer::NULL
  begin
    if system_name
      system_name_wide = Puppet::Util::Windows::String.wide_string(system_name)
      # uchar here is synonymous with byte
      system_name_ptr = FFI::MemoryPointer.new(:byte, system_name_wide.bytesize)
      system_name_ptr.put_array_of_uchar(0, system_name_wide.bytes.to_a)
    end

    FFI::MemoryPointer.from_string_to_wide_string() do ||
      FFI::MemoryPointer.new(:byte, MAXIMUM_SID_BYTE_LENGTH) do |sid_ptr|
        FFI::MemoryPointer.new(:dword, 1) do |sid_length_ptr|
          FFI::MemoryPointer.new(:dword, 1) do |domain_length_ptr|
            FFI::MemoryPointer.new(:uint32, 1) do |name_use_enum_ptr|

            sid_length_ptr.write_dword(MAXIMUM_SID_BYTE_LENGTH)
            success = LookupAccountNameW(system_name_ptr, , sid_ptr, sid_length_ptr,
              FFI::Pointer::NULL, domain_length_ptr, name_use_enum_ptr)
            last_error = FFI.errno

            if (success == FFI::WIN32_FALSE && last_error != ERROR_INSUFFICIENT_BUFFER)
              raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountNameW with account: %{account_name}') % { account_name: }, last_error)
            end

            FFI::MemoryPointer.new(:lpwstr, domain_length_ptr.read_dword) do |domain_ptr|
              if LookupAccountNameW(system_name_ptr, ,
                  sid_ptr, sid_length_ptr,
                  domain_ptr, domain_length_ptr, name_use_enum_ptr) == FFI::WIN32_FALSE
              raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountNameW with account: %{account_name}') % { account_name: } )
              end

              # with a SID returned, loop back through lookup_account_sid to retrieve official name
              # necessary when accounts like . or '' are passed in
              return (
                system_name,
                sid_ptr.read_bytes(sid_length_ptr.read_dword).unpack('C*'))
              end
            end
          end
        end
      end
    end
  ensure
    system_name_ptr.free if system_name_ptr != FFI::Pointer::NULL
  end
end

.lookup_account_sid(system_name = nil, sid_bytes) ⇒ Object


94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# File 'lib/puppet/util/windows/principal.rb', line 94

def self.(system_name = nil, sid_bytes)
  system_name_ptr = FFI::Pointer::NULL
  if (sid_bytes.nil? || (!sid_bytes.is_a? Array) || (sid_bytes.length == 0))
    #TRANSLATORS `lookup_account_sid` is a variable name and should not be translated
    raise Puppet::Util::Windows::Error.new(_('Byte array for lookup_account_sid must not be nil and must be at least 1 byte long'))
  end

  begin
    if system_name
      system_name_wide = Puppet::Util::Windows::String.wide_string(system_name)
      # uchar here is synonymous with byte
      system_name_ptr = FFI::MemoryPointer.new(:byte, system_name_wide.bytesize)
      system_name_ptr.put_array_of_uchar(0, system_name_wide.bytes.to_a)
    end

    FFI::MemoryPointer.new(:byte, sid_bytes.length) do |sid_ptr|
      FFI::MemoryPointer.new(:dword, 1) do |name_length_ptr|
        FFI::MemoryPointer.new(:dword, 1) do |domain_length_ptr|
          FFI::MemoryPointer.new(:uint32, 1) do |name_use_enum_ptr|

            sid_ptr.write_array_of_uchar(sid_bytes)
            success = LookupAccountSidW(system_name_ptr, sid_ptr, FFI::Pointer::NULL, name_length_ptr,
              FFI::Pointer::NULL, domain_length_ptr, name_use_enum_ptr)
            last_error = FFI.errno

            if (success == FFI::WIN32_FALSE && last_error != ERROR_INSUFFICIENT_BUFFER)
              raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountSidW with bytes: %{sid_bytes}') % { sid_bytes: sid_bytes}, last_error)
            end

            FFI::MemoryPointer.new(:lpwstr, name_length_ptr.read_dword) do |name_ptr|
              FFI::MemoryPointer.new(:lpwstr, domain_length_ptr.read_dword) do |domain_ptr|
                if LookupAccountSidW(system_name_ptr, sid_ptr, name_ptr, name_length_ptr,
                    domain_ptr, domain_length_ptr, name_use_enum_ptr) == FFI::WIN32_FALSE
                 raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountSidW with bytes: %{sid_bytes}') % { sid_bytes: sid_bytes} )
                end

                return new(
                  name_ptr.read_wide_string(name_length_ptr.read_dword),
                  sid_bytes,
                  Puppet::Util::Windows::SID.sid_ptr_to_string(sid_ptr),
                  domain_ptr.read_wide_string(domain_length_ptr.read_dword),
                  SID_NAME_USE[name_use_enum_ptr.read_uint32])
              end
            end
          end
        end
      end
    end
  ensure
    system_name_ptr.free if system_name_ptr != FFI::Pointer::NULL
  end
end

Instance Method Details

#==(compare) ⇒ Object

added for backward compatibility


30
31
32
33
# File 'lib/puppet/util/windows/principal.rb', line 30

def ==(compare)
  compare.is_a?(Puppet::Util::Windows::SID::Principal) &&
    @sid_bytes == compare.sid_bytes
end

#to_sObject

returns authority qualified account name prefer to compare Principal instances with == operator or by #sid


37
38
39
# File 'lib/puppet/util/windows/principal.rb', line 37

def to_s
  
end