Class: Win32::Security::SID
- Inherits:
-
Object
- Object
- Win32::Security::SID
- Extended by:
- Windows::Security::Functions
- Defined in:
- lib/win32/security/sid.rb
Overview
The SID class encapsulates a Security Identifier.
Constant Summary collapse
- VERSION =
The version of the Win32::Security::SID class.
'0.2.5'
- Null =
Some constant SID’s for your convenience, in string format. See support.microsoft.com/kb/243330 for details.
'S-1-0'
- Nobody =
'S-1-0-0'
- World =
'S-1-1'
- Everyone =
'S-1-1-0'
- Local =
'S-1-2'
- Creator =
'S-1-3'
- CreatorOwner =
'S-1-3-0'
- CreatorGroup =
'S-1-3-1'
- CreatorOwnerServer =
'S-1-3-2'
- CreatorGroupServer =
'S-1-3-3'
- NonUnique =
'S-1-4'
- Nt =
'S-1-5'
- Dialup =
'S-1-5-1'
- Network =
'S-1-5-2'
- Batch =
'S-1-5-3'
- Interactive =
'S-1-5-4'
- Service =
'S-1-5-6'
- Anonymous =
'S-1-5-7'
- Proxy =
'S-1-5-8'
- EnterpriseDomainControllers =
'S-1-5-9'
- PrincipalSelf =
'S-1-5-10'
- AuthenticatedUsers =
'S-1-5-11'
- RestrictedCode =
'S-1-5-12'
- TerminalServerUsers =
'S-1-5-13'
- LocalSystem =
'S-1-5-18'
- NtLocal =
'S-1-5-19'
- NtNetwork =
'S-1-5-20'
- BuiltinAdministrators =
'S-1-5-32-544'
- BuiltinUsers =
'S-1-5-32-545'
- Guests =
'S-1-5-32-546'
- PowerUsers =
'S-1-5-32-547'
- AccountOperators =
'S-1-5-32-548'
- ServerOperators =
'S-1-5-32-549'
- PrintOperators =
'S-1-5-32-550'
- BackupOperators =
'S-1-5-32-551'
- Replicators =
'S-1-5-32-552'
Instance Attribute Summary collapse
-
#account ⇒ Object
readonly
The account name passed to the constructor.
-
#account_type ⇒ Object
readonly
The SID account type, e.g.
-
#domain ⇒ Object
readonly
The domain the SID is on.
-
#host ⇒ Object
readonly
The host passed to the constructor, or the localhost if none was specified.
-
#sid ⇒ Object
readonly
The binary SID object itself.
Class Method Summary collapse
-
.create(authority, *sub_authorities) ⇒ Object
Creates a new SID with
authority
and up to 8subauthorities
, and returns new Win32::Security::SID object. -
.open(account = nil, host = Socket.gethostname) ⇒ Object
Synonym for SID.new.
-
.sid_to_string(sid) ⇒ Object
Converts a binary SID to a string in S-R-I-S-S…
-
.string_to_sid(string) ⇒ Object
Converts a string in S-R-I-S-S…
Instance Method Summary collapse
-
#==(other) ⇒ Object
Returns whether or not the SID object is equal to
other
. -
#initialize(account = nil, host = Socket.gethostname) ⇒ SID
constructor
Creates and returns a new Win32::Security::SID object, based on the account name, which may also be a binary SID.
-
#length ⇒ Object
Returns the length of the SID object, in bytes.
-
#to_s ⇒ Object
(also: #to_str)
Returns the binary SID in string format suitable for display, storage or transmission.
-
#valid? ⇒ Boolean
Returns whether or not the SID is a valid sid.
-
#well_known? ⇒ Boolean
Returns whether or not the SID is a well known SID.
Constructor Details
#initialize(account = nil, host = Socket.gethostname) ⇒ SID
Creates and returns a new Win32::Security::SID object, based on the account name, which may also be a binary SID. If a host is provided, then the information is retrieved from that host. Otherwise, the local host is used.
If no account is provided then it retrieves information for the user account associated with the calling thread and the host argument is ignored.
Note that this does NOT create a new SID, but merely retrieves information for an existing SID. To create a new SID, use the SID.create method.
Examples:
# Current user
Win32::Security::SID.new
# User 'john' on the localhost
Win32::Security::SID.new('john')
# User 'jane' on a remote machine
Win32::Security::SID.new('jane', 'some_host')
# Binary SID
Win32::Security::SID.new("\001\000\000\000\000\000\001\000\000\000\000")
183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 |
# File 'lib/win32/security/sid.rb', line 183 def initialize(account=nil, host=Socket.gethostname) if account.nil? begin if RUBY_PLATFORM == 'java' && ENV_JAVA['sun.arch.data.model'] == '64' ptr_type = :ulong_long else ptr_type = :uintptr_t end ptoken = FFI::MemoryPointer.new(ptr_type) # Try the thread token first, default to the process token. bool = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, 1, ptoken) unless bool ptoken.clear unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, ptoken) FFI.raise_windows_error('OpenProcessToken') end end token = ptoken.read_pointer.to_i pinfo = FFI::MemoryPointer.new(:pointer) plength = FFI::MemoryPointer.new(:ulong) # First pass, just get the size needed (1 is TokenOwner) GetTokenInformation(token, 1, pinfo, pinfo.size, plength) pinfo = FFI::MemoryPointer.new(plength.read_ulong) plength.clear # Second pass, actual call (1 is TokenOwner) unless GetTokenInformation(token, 1, pinfo, pinfo.size, plength) FFI.raise_windows_error('GetTokenInformation') end token_info = pinfo.read_pointer ensure CloseHandle(token) if token end end ordinal_val = account ? account[0].ord : nil sid = FFI::MemoryPointer.new(:uchar, 1024) sid_size = FFI::MemoryPointer.new(:ulong) sid_size.write_ulong(sid.size) domain = FFI::MemoryPointer.new(:uchar, 1024) domain_size = FFI::MemoryPointer.new(:ulong) domain_size.write_ulong(domain.size) use_ptr = FFI::MemoryPointer.new(:ulong) if ordinal_val.nil? bool = LookupAccountSid( nil, token_info, sid, sid_size, domain, domain_size, use_ptr ) unless bool FFI.raise_windows_error('LookupAccountSid') end elsif ordinal_val < 10 # Assume it's a binary SID. account_ptr = FFI::MemoryPointer.from_string(account) bool = LookupAccountSid( host.wincode, account_ptr, sid, sid_size, domain, domain_size, use_ptr ) unless bool FFI.raise_windows_error('LookupAccountSid') end account_ptr.free else bool = LookupAccountName( host.wincode, account.wincode, sid, sid_size, domain, domain_size, use_ptr ) unless bool FFI.raise_windows_error('LookupAccountName') end end # The arguments are flipped depending on which path we took if ordinal_val.nil? length = GetLengthSid(token_info) @sid = token_info.read_string(length) @account = sid.read_bytes(sid.size).wstrip elsif ordinal_val < 10 @sid = account @account = sid.read_bytes(sid.size).wstrip else length = GetLengthSid(sid) @sid = sid.read_bytes(length) @account = account end @host = host @domain = domain.read_bytes(domain.size).wstrip @account_type = get_account_type(use_ptr.read_ulong) end |
Instance Attribute Details
#account ⇒ Object (readonly)
The account name passed to the constructor.
63 64 65 |
# File 'lib/win32/security/sid.rb', line 63 def account @account end |
#account_type ⇒ Object (readonly)
The SID account type, e.g. ‘user, ’group’, etc.
66 67 68 |
# File 'lib/win32/security/sid.rb', line 66 def account_type @account_type end |
#domain ⇒ Object (readonly)
The domain the SID is on.
69 70 71 |
# File 'lib/win32/security/sid.rb', line 69 def domain @domain end |
#host ⇒ Object (readonly)
The host passed to the constructor, or the localhost if none was specified.
73 74 75 |
# File 'lib/win32/security/sid.rb', line 73 def host @host end |
#sid ⇒ Object (readonly)
The binary SID object itself.
60 61 62 |
# File 'lib/win32/security/sid.rb', line 60 def sid @sid end |
Class Method Details
.create(authority, *sub_authorities) ⇒ Object
Creates a new SID with authority
and up to 8 subauthorities
, and returns new Win32::Security::SID object.
Example:
sec = Security::SID.create(
Security::SID::SECURITY_WORLD_SID_AUTHORITY,
Security::SID::SECURITY_WORLD_RID
)
p sec
#<Win32::Security::SID:0x2c5a95c
@host="your_host",
@account="Everyone",
@account_type="well known group",
@sid="\001\001\000\000\000\000\000\001\000\000\000\000",
@domain=""
>
129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 |
# File 'lib/win32/security/sid.rb', line 129 def self.create(, *) if .length > 8 raise ArgumentError, "maximum of 8 subauthorities allowed" end size = GetSidLengthRequired(.length) new_obj = nil FFI::MemoryPointer.new(:uchar, size) do |sid| auth = SID_IDENTIFIER_AUTHORITY.new auth[:Value][5] = unless InitializeSid(sid, auth, .length) FFI.raise_windows_error('InitializeSid') end .each_index do |i| ptr = GetSidSubAuthority(sid, i) ptr.write_ulong([i]) end new_obj = new(sid.read_string(size)) # Pass a binary string end new_obj end |
.open(account = nil, host = Socket.gethostname) ⇒ Object
Synonym for SID.new.
307 308 309 |
# File 'lib/win32/security/sid.rb', line 307 def self.open(account=nil, host=Socket.gethostname) new(account, host) end |
.sid_to_string(sid) ⇒ Object
Converts a binary SID to a string in S-R-I-S-S… format.
77 78 79 80 81 82 83 84 85 86 87 88 89 |
# File 'lib/win32/security/sid.rb', line 77 def self.sid_to_string(sid) result = nil FFI::MemoryPointer.new(:pointer) do |string_sid| unless ConvertSidToStringSid(sid, string_sid) FFI.raise_windows_error('ConvertSidToStringSid') end result = string_sid.read_pointer.read_string end result end |
.string_to_sid(string) ⇒ Object
Converts a string in S-R-I-S-S… format back to a binary SID.
93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 |
# File 'lib/win32/security/sid.rb', line 93 def self.string_to_sid(string) result = nil FFI::MemoryPointer.new(:pointer) do |sid| unless ConvertStringSidToSid(string, sid) FFI.raise_windows_error('ConvertStringSidToSid') end ptr = sid.read_pointer result = ptr.read_bytes(GetLengthSid(ptr)) end result end |
Instance Method Details
#==(other) ⇒ Object
Returns whether or not the SID object is equal to other
.
332 333 334 |
# File 'lib/win32/security/sid.rb', line 332 def ==(other) EqualSid(@sid, other.sid) end |
#length ⇒ Object
Returns the length of the SID object, in bytes.
357 358 359 |
# File 'lib/win32/security/sid.rb', line 357 def length GetLengthSid(@sid) end |
#to_s ⇒ Object Also known as: to_str
Returns the binary SID in string format suitable for display, storage or transmission.
314 315 316 317 318 319 320 321 322 323 324 325 326 |
# File 'lib/win32/security/sid.rb', line 314 def to_s string = nil FFI::MemoryPointer.new(:pointer) do |ptr| unless ConvertSidToStringSid(@sid, ptr) FFI.raise_windows_error('ConvertSidToStringSid') end string = ptr.read_pointer.read_string end string end |
#valid? ⇒ Boolean
Returns whether or not the SID is a valid sid.
338 339 340 |
# File 'lib/win32/security/sid.rb', line 338 def valid? IsValidSid(@sid) end |
#well_known? ⇒ Boolean
Returns whether or not the SID is a well known SID.
Requires Windows XP or later. Earlier versions will raise a NoMethodError.
347 348 349 350 351 352 353 |
# File 'lib/win32/security/sid.rb', line 347 def well_known? if defined? IsWellKnownSid IsWellKnownSid(@sid) else raise NoMethodError, 'requires Windows XP or later' end end |