Class: Win32::Security::SID
- Inherits:
-
Object
- Object
- Win32::Security::SID
- Extended by:
- Windows::Error, Windows::MSVCRT::Buffer, Windows::MSVCRT::String, Windows::Security
- Includes:
- Windows::Error, Windows::MSVCRT::Buffer, Windows::MSVCRT::String, Windows::Process, Windows::Security, Windows::Thread
- Defined in:
- lib/win32/security/sid.rb
Overview
The SID class encapsulates a Security Identifier.
Defined Under Namespace
Classes: Error
Constant Summary collapse
- VERSION =
The version of the Win32::Security::SID class.
'0.1.3'
- Null =
Some constant SID’s for your convenience, in string format. See support.microsoft.com/kb/243330 for details.
'S-1-0'
- Nobody =
'S-1-0-0'
- World =
'S-1-1'
- Everyone =
'S-1-1-0'
- Local =
'S-1-2'
- Creator =
'S-1-3'
- CreatorOwner =
'S-1-3-0'
- CreatorGroup =
'S-1-3-1'
- CreatorOwnerServer =
'S-1-3-2'
- CreatorGroupServer =
'S-1-3-3'
- NonUnique =
'S-1-4'
- Nt =
'S-1-5'
- Dialup =
'S-1-5-1'
- Network =
'S-1-5-2'
- Batch =
'S-1-5-3'
- Interactive =
'S-1-5-4'
- Service =
'S-1-5-6'
- Anonymous =
'S-1-5-7'
- Proxy =
'S-1-5-8'
- EnterpriseDomainControllers =
'S-1-5-9'
- PrincipalSelf =
'S-1-5-10'
- AuthenticatedUsers =
'S-1-5-11'
- RestrictedCode =
'S-1-5-12'
- TerminalServerUsers =
'S-1-5-13'
- LocalSystem =
'S-1-5-18'
- NtLocal =
'S-1-5-19'
- NtNetwork =
'S-1-5-20'
- BuiltinAdministrators =
'S-1-5-32-544'
- BuiltinUsers =
'S-1-5-32-545'
- Guests =
'S-1-5-32-546'
- PowerUsers =
'S-1-5-32-547'
- AccountOperators =
'S-1-5-32-548'
- ServerOperators =
'S-1-5-32-549'
- PrintOperators =
'S-1-5-32-550'
- BackupOperators =
'S-1-5-32-551'
- Replicators =
'S-1-5-32-552'
Instance Attribute Summary collapse
-
#account ⇒ Object
readonly
The account name passed to the constructor.
-
#account_type ⇒ Object
readonly
The SID account type, e.g.
-
#domain ⇒ Object
readonly
The domain the SID is on.
-
#host ⇒ Object
readonly
The host passed to the constructor, or the localhost if none was specified.
-
#sid ⇒ Object
readonly
The binary SID object itself.
Class Method Summary collapse
-
.create(authority, *sub_authorities) ⇒ Object
Creates a new SID with
authority
and up to 8subauthorities
, and returns new Win32::Security::SID object. -
.open(account = nil, host = Socket.gethostname) ⇒ Object
Synonym for SID.new.
-
.sid_to_string(sid) ⇒ Object
Converts a binary SID to a string in S-R-I-S-S…
-
.string_to_sid(string) ⇒ Object
Converts a string in S-R-I-S-S…
Instance Method Summary collapse
-
#==(other) ⇒ Object
Returns whether or not the SID object is equal to
other
. -
#initialize(account = nil, host = Socket.gethostname) ⇒ SID
constructor
Creates and returns a new Win32::Security::SID object, based on the account name, which may also be a binary SID.
-
#length ⇒ Object
Returns the length of the SID object, in bytes.
-
#to_s ⇒ Object
(also: #to_str)
Returns the binary SID in string format suitable for display, storage or transmission.
-
#valid? ⇒ Boolean
Returns whether or not the SID is a valid sid.
-
#well_known? ⇒ Boolean
Returns whether or not the SID is a well known SID.
Constructor Details
#initialize(account = nil, host = Socket.gethostname) ⇒ SID
Creates and returns a new Win32::Security::SID object, based on the account name, which may also be a binary SID. If a host is provided, then the information is retrieved from that host. Otherwise, the local host is used.
If no account is provided then it retrieves information for the user account associated with the calling thread and the host argument is ignored.
Note that this does NOT create a new SID, but merely retrieves information for an existing SID. To create a new SID, use the SID.create method.
Examples:
# Current user
Win32::Security::SID.new
# User 'john' on the localhost
Win32::Security::SID.new('john')
# User 'jane' on a remote machine
Win32::Security::SID.new('jane', 'some_host')
# Binary SID
Win32::Security::SID.new("\001\000\000\000\000\000\001\000\000\000\000")
192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 |
# File 'lib/win32/security/sid.rb', line 192 def initialize(account=nil, host=Socket.gethostname) if account.nil? htoken = [0].pack('L') bool = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, 1, htoken) errno = GetLastError() if !bool if errno == ERROR_NO_TOKEN unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, htoken) raise get_last_error end else raise get_last_error(errno) end end htoken = htoken.unpack('V').first cbti = [0].pack('L') token_info = 0.chr * 36 bool = GetTokenInformation( htoken, TokenOwner, token_info, token_info.size, cbti ) unless bool raise Error, get_last_error end end bool = false sid = 0.chr * 28 sid_cb = [sid.size].pack('L') domain_buf = 0.chr * 80 domain_cch = [domain_buf.size].pack('L') sid_name_use = 0.chr * 4 if account ordinal_val = account[0] ordinal_val = ordinal_val.ord if RUBY_VERSION.to_f >= 1.9 else ordinal_val = nil end if ordinal_val.nil? bool = LookupAccountSid( nil, token_info.unpack('L')[0], sid, sid_cb, domain_buf, domain_cch, sid_name_use ) elsif ordinal_val < 10 # Assume it's a binary SID. bool = LookupAccountSid( host, [account].pack('p*').unpack('L')[0], sid, sid_cb, domain_buf, domain_cch, sid_name_use ) else bool = LookupAccountName( host, account, sid, sid_cb, domain_buf, domain_cch, sid_name_use ) end unless bool raise Error, get_last_error end # The arguments are flipped depending on which path we took if ordinal_val.nil? buf = 0.chr * 260 ptr = token_info.unpack('L')[0] memcpy(buf, ptr, token_info.size) @sid = buf.strip @account = sid.strip elsif ordinal_val < 10 @sid = account @account = sid.strip else @sid = sid.strip @account = account end @host = host @domain = domain_buf.strip @account_type = get_account_type(sid_name_use.unpack('L')[0]) end |
Instance Attribute Details
#account ⇒ Object (readonly)
The account name passed to the constructor.
79 80 81 |
# File 'lib/win32/security/sid.rb', line 79 def account @account end |
#account_type ⇒ Object (readonly)
The SID account type, e.g. ‘user, ’group’, etc.
82 83 84 |
# File 'lib/win32/security/sid.rb', line 82 def account_type @account_type end |
#domain ⇒ Object (readonly)
The domain the SID is on.
85 86 87 |
# File 'lib/win32/security/sid.rb', line 85 def domain @domain end |
#host ⇒ Object (readonly)
The host passed to the constructor, or the localhost if none was specified.
89 90 91 |
# File 'lib/win32/security/sid.rb', line 89 def host @host end |
#sid ⇒ Object (readonly)
The binary SID object itself.
76 77 78 |
# File 'lib/win32/security/sid.rb', line 76 def sid @sid end |
Class Method Details
.create(authority, *sub_authorities) ⇒ Object
Creates a new SID with authority
and up to 8 subauthorities
, and returns new Win32::Security::SID object.
Example:
sec = Security::SID.create(
Security::SID::SECURITY_WORLD_SID_AUTHORITY,
Security::SID::SECURITY_WORLD_RID
)
p sec
#<Win32::Security::SID:0x2c5a95c
@host="your_host",
@account="Everyone",
@account_type="well known group",
@sid="\001\001\000\000\000\000\000\001\000\000\000\000",
@domain=""
>
143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 |
# File 'lib/win32/security/sid.rb', line 143 def self.create(, *) if .length > 8 raise ArgumentError, "maximum of 8 subauthorities allowed" end sid = 0.chr * GetSidLengthRequired(.length) auth = 0.chr * 5 + .chr unless InitializeSid(sid, auth, .length) raise Error, get_last_error end .each_index do |i| value = [[i]].pack('L') auth_ptr = GetSidSubAuthority(sid, i) memcpy(auth_ptr, value, 4) end new(sid) end |
.open(account = nil, host = Socket.gethostname) ⇒ Object
Synonym for SID.new.
300 301 302 |
# File 'lib/win32/security/sid.rb', line 300 def self.open(account=nil, host=Socket.gethostname) new(account, host) end |
.sid_to_string(sid) ⇒ Object
Converts a binary SID to a string in S-R-I-S-S… format.
93 94 95 96 97 98 99 100 101 102 103 104 |
# File 'lib/win32/security/sid.rb', line 93 def self.sid_to_string(sid) sid_addr = [sid].pack('p*').unpack('L')[0] sid_buf = 0.chr * 80 sid_ptr = 0.chr * 4 unless ConvertSidToStringSid(sid_addr, sid_ptr) raise Error, get_last_error end strcpy(sid_buf, sid_ptr.unpack('L')[0]) sid_buf.strip end |
.string_to_sid(string) ⇒ Object
Converts a string in S-R-I-S-S… format back to a binary SID.
108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
# File 'lib/win32/security/sid.rb', line 108 def self.string_to_sid(string) sid_buf = 0.chr * 80 string_addr = [string].pack('p*').unpack('L')[0] unless ConvertStringSidToSid(string_addr, sid_buf) raise Error, get_last_error end if RUBY_VERSION.to_f < 1.9 sid_buf.strip else sid_buf.force_encoding('ASCII-8BIT').strip end end |
Instance Method Details
#==(other) ⇒ Object
Returns whether or not the SID object is equal to other
.
324 325 326 |
# File 'lib/win32/security/sid.rb', line 324 def ==(other) EqualSid(@sid, other.sid) end |
#length ⇒ Object
Returns the length of the SID object, in bytes.
349 350 351 |
# File 'lib/win32/security/sid.rb', line 349 def length GetLengthSid(@sid) end |
#to_s ⇒ Object Also known as: to_str
Returns the binary SID in string format suitable for display, storage or transmission.
307 308 309 310 311 312 313 314 315 316 317 318 |
# File 'lib/win32/security/sid.rb', line 307 def to_s sid_addr = [@sid].pack('p*').unpack('L').first sid_buf = 0.chr * 80 sid_ptr = 0.chr * 4 unless ConvertSidToStringSid(sid_addr, sid_ptr) raise Error, get_last_error end strcpy(sid_buf, sid_ptr.unpack('L').first) sid_buf.strip end |
#valid? ⇒ Boolean
Returns whether or not the SID is a valid sid.
330 331 332 |
# File 'lib/win32/security/sid.rb', line 330 def valid? IsValidSid(@sid) end |
#well_known? ⇒ Boolean
Returns whether or not the SID is a well known SID.
Requires Windows XP or later. Earlier versions will raise a NoMethodError.
339 340 341 342 343 344 345 |
# File 'lib/win32/security/sid.rb', line 339 def well_known? if defined? IsWellKnownSid IsWellKnownSid(@sid) else raise NoMethodError, 'requires Windows XP or later' end end |