Class: Puppet::Util::Windows::SID::Principal Private

Inherits:

Object

• Object
• Puppet::Util::Windows::SID::Principal

Extended by:

FFI::Library

Defined in:

lib/puppet/util/windows.rb,
lib/puppet/util/windows/principal.rb

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Constant Summary

MAXIMUM_SID_BYTE_LENGTH =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

8 + max sub identifiers (15) * 4

68

ERROR_INVALID_PARAMETER =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

87

ERROR_INSUFFICIENT_BUFFER =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

122

SID_NAME_USE =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

msdn.microsoft.com/en-us/library/windows/desktop/aa379601(v=vs.85).aspx

enum(
  :SidTypeUser, 1,
  :SidTypeGroup, 2,
  :SidTypeDomain, 3,
  :SidTypeAlias, 4,
  :SidTypeWellKnownGroup, 5,
  :SidTypeDeletedAccount, 6,
  :SidTypeInvalid, 7,
  :SidTypeUnknown, 8,
  :SidTypeComputer, 9,
  :SidTypeLabel, 10
)

Instance Attribute Summary

• #account ⇒ Object readonly private
• #account_type ⇒ Object readonly private
• #domain ⇒ Object readonly private
• #domain_account ⇒ Object readonly private
• #sid ⇒ Object readonly private
• #sid_bytes ⇒ Object readonly private

Class Method Summary

• .lookup_account_name(system_name = nil, sanitize = true, account_name) ⇒ Object private
• .lookup_account_sid(system_name = nil, sid_bytes) ⇒ Object private

Instance Method Summary

• #==(compare) ⇒ Object private

  added for backward compatibility.

• #initialize(account, sid_bytes, sid, domain, account_type) ⇒ Principal constructor private

  A new instance of Principal.

• #to_s ⇒ Object private

  returns authority qualified account name prefer to compare Principal instances with == operator or by #sid.

Constructor Details

#initialize(account, sid_bytes, sid, domain, account_type) ⇒ Principal

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a new instance of Principal.

# File 'lib/puppet/util/windows/principal.rb', line 9

def initialize(account, sid_bytes, sid, domain, account_type)
  # This is only ever called from lookup_account_sid which has already
  # removed the potential for passing in an account like host\user
  @account = account
  @sid_bytes = sid_bytes
  @sid = sid
  @domain = domain
  @account_type = account_type
  # When domain is available and it is a Domain principal, use domain only
  #   otherwise if domain is available then combine it with parsed account
  #   otherwise when the domain is not available, use the account value directly
  # WinNT naming standard https://msdn.microsoft.com/en-us/library/windows/desktop/aa746534(v=vs.85).aspx
  if (domain && !domain.empty? && @account_type == :SidTypeDomain)
    @domain_account = @domain
  elsif (domain && !domain.empty?)
    @domain_account =  "#{domain}\\#{@account}"
  else
    @domain_account = account
  end
end

Instance Attribute Details

#account ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/principal.rb', line 7

def account
  @account
end

#account_type ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/principal.rb', line 7

def account_type
  @account_type
end

#domain ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/principal.rb', line 7

def domain
  @domain
end

#domain_account ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/principal.rb', line 7

def domain_account
  @domain_account
end

#sid ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/principal.rb', line 7

def sid
  @sid
end

#sid_bytes ⇒ Object (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/principal.rb', line 7

def sid_bytes
  @sid_bytes
end

Class Method Details

.lookup_account_name(system_name = nil, sanitize = true, account_name) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/principal.rb', line 48

def self.lookup_account_name(system_name = nil, sanitize = true, account_name)
  account_name = sanitize_account_name(account_name) if sanitize
  system_name_ptr = FFI::Pointer::NULL
  begin
    if system_name
      system_name_wide = Puppet::Util::Windows::String.wide_string(system_name)
      system_name_ptr = FFI::MemoryPointer.from_wide_string(system_name_wide)
    end

    FFI::MemoryPointer.from_string_to_wide_string(account_name) do |account_name_ptr|
      FFI::MemoryPointer.new(:byte, MAXIMUM_SID_BYTE_LENGTH) do |sid_ptr|
        FFI::MemoryPointer.new(:dword, 1) do |sid_length_ptr|
          FFI::MemoryPointer.new(:dword, 1) do |domain_length_ptr|
            FFI::MemoryPointer.new(:uint32, 1) do |name_use_enum_ptr|

            sid_length_ptr.write_dword(MAXIMUM_SID_BYTE_LENGTH)
            success = LookupAccountNameW(system_name_ptr, account_name_ptr, sid_ptr, sid_length_ptr,
              FFI::Pointer::NULL, domain_length_ptr, name_use_enum_ptr)
            last_error = FFI.errno

            if (success == FFI::WIN32_FALSE && last_error != ERROR_INSUFFICIENT_BUFFER)
              raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountNameW with account: %{account_name}') % { account_name: account_name}, last_error)
            end

            FFI::MemoryPointer.new(:lpwstr, domain_length_ptr.read_dword) do |domain_ptr|
              if LookupAccountNameW(system_name_ptr, account_name_ptr,
                  sid_ptr, sid_length_ptr,
                  domain_ptr, domain_length_ptr, name_use_enum_ptr) == FFI::WIN32_FALSE
              raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountNameW with account: %{account_name}') % { account_name: account_name} )
              end

              # with a SID returned, loop back through lookup_account_sid to retrieve official name
              # necessary when accounts like . or '' are passed in
              return lookup_account_sid(
                system_name,
                sid_ptr.read_bytes(sid_length_ptr.read_dword).unpack('C*'))
              end
            end
          end
        end
      end
    end
  ensure
    system_name_ptr.free if system_name_ptr != FFI::Pointer::NULL
  end
end

.lookup_account_sid(system_name = nil, sid_bytes) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/puppet/util/windows/principal.rb', line 95

def self.lookup_account_sid(system_name = nil, sid_bytes)
  system_name_ptr = FFI::Pointer::NULL
  if (sid_bytes.nil? || (!sid_bytes.is_a? Array) || (sid_bytes.length == 0))
    #TRANSLATORS `lookup_account_sid` is a variable name and should not be translated
    raise Puppet::Util::Windows::Error.new(_('Byte array for lookup_account_sid must not be nil and must be at least 1 byte long'))
  end

  begin
    if system_name
      system_name_wide = Puppet::Util::Windows::String.wide_string(system_name)
      system_name_ptr = FFI::MemoryPointer.from_wide_string(system_name_wide)
    end

    FFI::MemoryPointer.new(:byte, sid_bytes.length) do |sid_ptr|
      FFI::MemoryPointer.new(:dword, 1) do |name_length_ptr|
        FFI::MemoryPointer.new(:dword, 1) do |domain_length_ptr|
          FFI::MemoryPointer.new(:uint32, 1) do |name_use_enum_ptr|

            sid_ptr.write_array_of_uchar(sid_bytes)

            if Puppet::Util::Windows::SID.IsValidSid(sid_ptr) == FFI::WIN32_FALSE
              raise Puppet::Util::Windows::Error.new(_('Byte array for lookup_account_sid is invalid: %{sid_bytes}') % { sid_bytes: sid_bytes }, ERROR_INVALID_PARAMETER)
            end

            success = LookupAccountSidW(system_name_ptr, sid_ptr, FFI::Pointer::NULL, name_length_ptr,
              FFI::Pointer::NULL, domain_length_ptr, name_use_enum_ptr)
            last_error = FFI.errno

            if (success == FFI::WIN32_FALSE && last_error != ERROR_INSUFFICIENT_BUFFER)
              raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountSidW with bytes: %{sid_bytes}') % { sid_bytes: sid_bytes}, last_error)
            end

            FFI::MemoryPointer.new(:lpwstr, name_length_ptr.read_dword) do |name_ptr|
              FFI::MemoryPointer.new(:lpwstr, domain_length_ptr.read_dword) do |domain_ptr|
                if LookupAccountSidW(system_name_ptr, sid_ptr, name_ptr, name_length_ptr,
                    domain_ptr, domain_length_ptr, name_use_enum_ptr) == FFI::WIN32_FALSE
                 raise Puppet::Util::Windows::Error.new(_('Failed to call LookupAccountSidW with bytes: %{sid_bytes}') % { sid_bytes: sid_bytes} )
                end

                return new(
                  name_ptr.read_wide_string(name_length_ptr.read_dword),
                  sid_bytes,
                  Puppet::Util::Windows::SID.sid_ptr_to_string(sid_ptr),
                  domain_ptr.read_wide_string(domain_length_ptr.read_dword),
                  SID_NAME_USE[name_use_enum_ptr.read_uint32])
              end
            end
          end
        end
      end
    end
  ensure
    system_name_ptr.free if system_name_ptr != FFI::Pointer::NULL
  end
end

Instance Method Details

#==(compare) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

added for backward compatibility

# File 'lib/puppet/util/windows/principal.rb', line 31

def ==(compare)
  compare.is_a?(Puppet::Util::Windows::SID::Principal) &&
    @sid_bytes == compare.sid_bytes
end

#to_s ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

returns authority qualified account name prefer to compare Principal instances with == operator or by #sid

# File 'lib/puppet/util/windows/principal.rb', line 38

def to_s
  @domain_account
end