Class: Ohai::Util::Win32::GroupHelper

Inherits:
Object
  • Object
show all
Defined in:
lib/ohai/util/win32/group_helper.rb

Constant Summary collapse

BUILTIN_ADMINISTRATORS_SID =

Per support.microsoft.com/kb/243330 SID: S-1-5-32-544 is the internal name for the Administrators group, which lets us work properly in environments with a renamed or localized name for the Administrators group

'S-1-5-32-544'

Class Method Summary collapse

Class Method Details

.windows_root_group_nameObject


31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# File 'lib/ohai/util/win32/group_helper.rb', line 31

def self.windows_root_group_name
  administrators_group_name_result = nil

  administrators_sid_result = FFI::MemoryPointer.new(:pointer)
  convert_result = Win32.convert_string_sid_to_sid(BUILTIN_ADMINISTRATORS_SID, administrators_sid_result)
  last_win32_error = Win32.get_last_error

  if convert_result == 0
    raise "ERROR: failed to to convert sid string '#{BUILTIN_ADMINISTRATORS_SID}' to a Windows SID structure because Win32 API function ConvertStringSidToSid returned #{last_win32_error}."
  end

  administrators_group_name_buffer = 0.chr * 260
  administrators_group_name_length = [administrators_group_name_buffer.length].pack('L')
  domain_name_length_buffer = [260].pack('L')
  sid_use_result = 0.chr * 4

  # Use LookupAccountSid rather than WMI's Win32_Group class because WMI will attempt
  # to include (unneeded) Active Directory groups by querying AD, which is a performance
  # and reliability issue since AD might not be reachable. Additionally, in domains with
  # thousands of groups, the WMI query is very slow,  on the order of minutes, even to
  # get the first result. So we use LookupAccountSid which is a purely local lookup
  # of the built-in group, with no need to access AD, and thus no failure modes related
  # to network conditions or query performance.
  lookup_boolean_result = Win32.(
                                                   nil,
                                                   administrators_sid_result.read_pointer,
                                                   administrators_group_name_buffer,
                                                   administrators_group_name_length,
                                                   nil,
                                                   domain_name_length_buffer,
                                                   sid_use_result)

  last_win32_error = Win32.get_last_error

  Win32.local_free(administrators_sid_result.read_pointer)

  if lookup_boolean_result == 0
    raise "ERROR: failed to find root group (i.e. builtin\\administrators) for sid #{BUILTIN_ADMINISTRATORS_SID} because Win32 API function LookupAccountSid returned #{last_win32_error}."
  end

  administrators_group_name_buffer.strip
end