RubyGems - facter - Versions diffs - 2.4.6-x64-mingw32 → 2.5.0-x64-mingw32 - Mend

facter 2.4.6-x64-mingw32 → 2.5.0-x64-mingw32

Files changed (35) hide show

checksums.yaml +7 -0
data/Gemfile +8 -8
data/ext/build_defaults.yaml +1 -1
data/ext/project_data.yaml +1 -6
data/lib/facter/ec2.rb +8 -1
data/lib/facter/ec2/rest.rb +3 -5
data/lib/facter/gce/metadata.rb +1 -1
data/lib/facter/kernelrelease.rb +2 -7
data/lib/facter/operatingsystem/linux.rb +15 -10
data/lib/facter/operatingsystem/windows.rb +22 -23
data/lib/facter/util/config.rb +3 -3
data/lib/facter/util/ec2.rb +2 -2
data/lib/facter/util/ip.rb +4 -4
data/lib/facter/util/memory.rb +1 -1
data/lib/facter/util/windows.rb +10 -0
data/lib/facter/util/windows/api_types.rb +143 -0
data/lib/facter/util/windows/dir.rb +41 -0
data/lib/facter/util/windows/error.rb +85 -0
data/lib/facter/util/windows/process.rb +285 -0
data/lib/facter/util/windows/user.rb +180 -0
data/lib/facter/util/windows_root.rb +2 -2
data/lib/facter/util/wmi.rb +35 -2
data/lib/facter/version.rb +1 -1
data/lib/facter/virtual.rb +2 -0
data/spec/fixtures/unit/interfaces/ifconfig_net_tools_1.60_v6.txt +9 -0
data/spec/integration/util/windows/user_spec.rb +59 -0
data/spec/spec_helper.rb +0 -7
data/spec/unit/ec2/rest_spec.rb +14 -8
data/spec/unit/interfaces_spec.rb +10 -0
data/spec/unit/ipaddress6_spec.rb +1 -0
data/spec/unit/kernelrelease_spec.rb +1 -4
data/spec/unit/memory_spec.rb +1 -1
data/spec/unit/operatingsystem/windows_spec.rb +47 -40
data/spec/unit/util/ec2_spec.rb +3 -3
metadata +670 -696

data/lib/facter/util/windows/dir.rb ADDED

@@ -0,0 +1,41 @@
+require 'facter/util/windows'
+require 'ffi'
+module Facter::Util::Windows::Dir
+  extend FFI::Library
+  COMMON_APPDATA = 0x0023
+  S_OK           = 0x0
+  MAX_PATH       = 260;
+  def get_common_appdata
+    common_appdata = ''
+    # this pointer actually points to a :lpwstr (pointer) since we're letting Windows allocate for us
+    FFI::MemoryPointer.new(:pointer, ((MAX_PATH + 1) * 2)) do |buffer_ptr|
+      # hwndOwner, nFolder, hToken, dwFlags, pszPath
+      if SHGetFolderPathW(0, COMMON_APPDATA, 0, 0, buffer_ptr) != S_OK
+        raise Facter::Util::Windows::Error.new("Could not find COMMON_APPDATA path")
+      end
+      common_appdata = buffer_ptr.read_arbitrary_wide_string_up_to(MAX_PATH + 1)
+    end
+    common_appdata
+  end
+  module_function :get_common_appdata
+  ffi_convention :stdcall
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/bb762181(v=vs.85).aspx
+  # HRESULT SHGetFolderPath(
+  #   _In_  HWND   hwndOwner,
+  #   _In_  int    nFolder,
+  #   _In_  HANDLE hToken,
+  #   _In_  DWORD  dwFlags,
+  #   _Out_ LPTSTR pszPath
+  # );
+  ffi_lib :shell32
+  attach_function_private :SHGetFolderPathW,
+    [:handle, :int32, :handle, :dword, :lpwstr], :hresult
+end

data/lib/facter/util/windows/error.rb ADDED

@@ -0,0 +1,85 @@
+require 'facter/util/windows'
+# represents an error resulting from a Win32 error code
+class Facter::Util::Windows::Error < RuntimeError
+  require 'ffi'
+  extend FFI::Library
+  attr_reader :code
+  attr_reader :original
+  # NOTE: FFI.errno only works properly when prior Win32 calls have been made
+  # through FFI bindings.  Calls made through Win32API do not have their error
+  # codes captured by FFI.errno
+  def initialize(message, code = FFI.errno, original = nil)
+    @original = original
+    super(message + ":  #{self.class.format_error_code(code)}")
+    @code = code
+  end
+  # Helper method that wraps FormatMessage that returns a human readable string.
+  def self.format_error_code(code)
+    # specifying 0 will look for LANGID in the following order
+    # 1.Language neutral
+    # 2.Thread LANGID, based on the thread's locale value
+    # 3.User default LANGID, based on the user's default locale value
+    # 4.System default LANGID, based on the system default locale value
+    # 5.US English
+    dwLanguageId = 0
+    flags = FORMAT_MESSAGE_ALLOCATE_BUFFER |
+        FORMAT_MESSAGE_FROM_SYSTEM |
+        FORMAT_MESSAGE_ARGUMENT_ARRAY |
+        FORMAT_MESSAGE_IGNORE_INSERTS |
+        FORMAT_MESSAGE_MAX_WIDTH_MASK
+    error_string = ''
+    # this pointer actually points to a :lpwstr (pointer) since we're letting Windows allocate for us
+    FFI::MemoryPointer.new(:pointer, 1) do |buffer_ptr|
+      length = FormatMessageW(flags, FFI::Pointer::NULL, code, dwLanguageId,
+                              buffer_ptr, 0, FFI::Pointer::NULL)
+      if length == FFI::WIN32_FALSE
+        # can't raise same error type here or potentially recurse infinitely
+        raise Facter::Error.new("FormatMessageW could not format code #{code}")
+      end
+      # returns an FFI::Pointer with autorelease set to false, which is what we want
+      buffer_ptr.read_win32_local_pointer do |wide_string_ptr|
+        if wide_string_ptr.null?
+          raise Facter::Error.new("FormatMessageW failed to allocate buffer for code #{code}")
+        end
+        error_string = wide_string_ptr.read_wide_string(length)
+      end
+    end
+    error_string
+  end
+  ERROR_FILE_NOT_FOUND      = 2
+  ERROR_ACCESS_DENIED       = 5
+  FORMAT_MESSAGE_ALLOCATE_BUFFER   = 0x00000100
+  FORMAT_MESSAGE_IGNORE_INSERTS    = 0x00000200
+  FORMAT_MESSAGE_FROM_SYSTEM       = 0x00001000
+  FORMAT_MESSAGE_ARGUMENT_ARRAY    = 0x00002000
+  FORMAT_MESSAGE_MAX_WIDTH_MASK    = 0x000000FF
+  ffi_convention :stdcall
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/ms679351(v=vs.85).aspx
+  # DWORD WINAPI FormatMessage(
+  #   _In_      DWORD dwFlags,
+  #   _In_opt_  LPCVOID lpSource,
+  #   _In_      DWORD dwMessageId,
+  #   _In_      DWORD dwLanguageId,
+  #   _Out_     LPTSTR lpBuffer,
+  #   _In_      DWORD nSize,
+  #   _In_opt_  va_list *Arguments
+  # );
+  # NOTE: since we're not preallocating the buffer, use a :pointer for lpBuffer
+  ffi_lib :kernel32
+  attach_function_private :FormatMessageW,
+                          [:dword, :lpcvoid, :dword, :dword, :pointer, :dword, :pointer], :dword
+end

data/lib/facter/util/windows/process.rb ADDED

@@ -0,0 +1,285 @@
+require 'facter/util/windows'
+require 'ffi'
+module Facter::Util::Windows::Process
+  extend FFI::Library
+  def get_current_process
+    # this pseudo-handle does not require closing per MSDN docs
+    GetCurrentProcess()
+  end
+  module_function :get_current_process
+  def open_process_token(handle, desired_access, &block)
+    token_handle = nil
+    begin
+      FFI::MemoryPointer.new(:handle, 1) do |token_handle_ptr|
+        result = OpenProcessToken(handle, desired_access, token_handle_ptr)
+        if result == FFI::WIN32_FALSE
+          raise Facter::Util::Windows::Error.new(
+              "OpenProcessToken(#{handle}, #{desired_access.to_s(8)}, #{token_handle_ptr})")
+        end
+        yield token_handle = token_handle_ptr.read_handle
+      end
+      token_handle
+    ensure
+      FFI::WIN32.CloseHandle(token_handle) if token_handle
+    end
+    # token_handle has had CloseHandle called against it, so nothing to return
+    nil
+  end
+  module_function :open_process_token
+  def get_token_information(token_handle, token_information, &block)
+    # to determine buffer size
+    FFI::MemoryPointer.new(:dword, 1) do |return_length_ptr|
+      result = GetTokenInformation(token_handle, token_information, nil, 0, return_length_ptr)
+      return_length = return_length_ptr.read_dword
+      if return_length <= 0
+        raise Facter::Util::Windows::Error.new(
+            "GetTokenInformation(#{token_handle}, #{token_information}, nil, 0, #{return_length_ptr})")
+      end
+      # re-call API with properly sized buffer for all results
+      FFI::MemoryPointer.new(return_length) do |token_information_buf|
+        result = GetTokenInformation(token_handle, token_information,
+                                     token_information_buf, return_length, return_length_ptr)
+        if result == FFI::WIN32_FALSE
+          raise Facter::Util::Windows::Error.new(
+              "GetTokenInformation(#{token_handle}, #{token_information}, #{token_information_buf}, " +
+                  "#{return_length}, #{return_length_ptr})")
+        end
+        yield token_information_buf
+      end
+    end
+    # GetTokenInformation buffer has been cleaned up by this point, nothing to return
+    nil
+  end
+  module_function :get_token_information
+  def parse_token_information_as_token_elevation(token_information_buf)
+    TOKEN_ELEVATION.new(token_information_buf)
+  end
+  module_function :parse_token_information_as_token_elevation
+  TOKEN_QUERY = 0x0008
+  # Returns whether or not the owner of the current process is running
+  # with elevated security privileges.
+  #
+  # Only supported on Windows Vista or later.
+  #
+  def elevated_security?
+    # default / pre-Vista
+    elevated = false
+    handle = nil
+    begin
+      handle = get_current_process
+      open_process_token(handle, TOKEN_QUERY) do |token_handle|
+        get_token_information(token_handle, :TokenElevation) do |token_info|
+          token_elevation = parse_token_information_as_token_elevation(token_info)
+          # TokenIsElevated member of the TOKEN_ELEVATION struct
+          elevated = token_elevation[:TokenIsElevated] != 0
+        end
+      end
+      elevated
+    rescue Facter::Util::Windows::Error => e
+      raise e if e.code != ERROR_NO_SUCH_PRIVILEGE
+    ensure
+      FFI::WIN32.CloseHandle(handle) if handle
+    end
+  end
+  module_function :elevated_security?
+  STATUS_SUCCESS = 0
+  def os_version(&block)
+    FFI::MemoryPointer.new(OSVERSIONINFOEX.size) do |ver_ptr|
+      ver = OSVERSIONINFOEX.new(ver_ptr)
+      ver[:dwOSVersionInfoSize] = OSVERSIONINFOEX.size
+      result = RtlGetVersion(ver_ptr)
+      if result != STATUS_SUCCESS
+        raise RuntimeError, 'Calling Windows RtlGetVersion failed'
+      end
+      yield ver
+    end
+    # ver_ptr has already had free called, so nothing to return
+    nil
+  end
+  module_function :os_version
+  def windows_major_version
+    ver = 0
+    self.os_version do |version|
+      ver = version[:dwMajorVersion]
+    end
+    ver
+  end
+  module_function :windows_major_version
+  def os_version_string
+    ver = ''
+    self.os_version do |version|
+      ver = "#{version[:dwMajorVersion]}.#{version[:dwMinorVersion]}.#{version[:dwBuildNumber]}"
+    end
+    ver
+  end
+  module_function :os_version_string
+  SM_SERVERR2 = 89
+  def is_2003_r2?
+    # Peculiar API from user32 - the docs for SM_SERVER2 indicate
+    # The build number if the system is Windows Server 2003 R2; otherwise, 0.
+    GetSystemMetrics(SM_SERVERR2) != 0
+  end
+  module_function :is_2003_r2?
+  def supports_elevated_security?
+    windows_major_version >= 6
+  end
+  module_function :supports_elevated_security?
+  ffi_convention :stdcall
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/ms683179(v=vs.85).aspx
+  # HANDLE WINAPI GetCurrentProcess(void);
+  ffi_lib :kernel32
+  attach_function_private :GetCurrentProcess, [], :handle
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379295(v=vs.85).aspx
+  # BOOL WINAPI OpenProcessToken(
+  #   _In_   HANDLE ProcessHandle,
+  #   _In_   DWORD DesiredAccess,
+  #   _Out_  PHANDLE TokenHandle
+  # );
+  ffi_lib :advapi32
+  attach_function_private :OpenProcessToken,
+                          [:handle, :dword, :phandle], :win32_bool
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379626(v=vs.85).aspx
+  TOKEN_INFORMATION_CLASS = enum(
+      :TokenUser, 1,
+      :TokenGroups,
+      :TokenPrivileges,
+      :TokenOwner,
+      :TokenPrimaryGroup,
+      :TokenDefaultDacl,
+      :TokenSource,
+      :TokenType,
+      :TokenImpersonationLevel,
+      :TokenStatistics,
+      :TokenRestrictedSids,
+      :TokenSessionId,
+      :TokenGroupsAndPrivileges,
+      :TokenSessionReference,
+      :TokenSandBoxInert,
+      :TokenAuditPolicy,
+      :TokenOrigin,
+      :TokenElevationType,
+      :TokenLinkedToken,
+      :TokenElevation,
+      :TokenHasRestrictions,
+      :TokenAccessInformation,
+      :TokenVirtualizationAllowed,
+      :TokenVirtualizationEnabled,
+      :TokenIntegrityLevel,
+      :TokenUIAccess,
+      :TokenMandatoryPolicy,
+      :TokenLogonSid,
+      :TokenIsAppContainer,
+      :TokenCapabilities,
+      :TokenAppContainerSid,
+      :TokenAppContainerNumber,
+      :TokenUserClaimAttributes,
+      :TokenDeviceClaimAttributes,
+      :TokenRestrictedUserClaimAttributes,
+      :TokenRestrictedDeviceClaimAttributes,
+      :TokenDeviceGroups,
+      :TokenRestrictedDeviceGroups,
+      :TokenSecurityAttributes,
+      :TokenIsRestricted,
+      :MaxTokenInfoClass
+  )
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/bb530717(v=vs.85).aspx
+  # typedef struct _TOKEN_ELEVATION {
+  #   DWORD TokenIsElevated;
+  # } TOKEN_ELEVATION, *PTOKEN_ELEVATION;
+  class TOKEN_ELEVATION < FFI::Struct
+    layout :TokenIsElevated, :dword
+  end
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa446671(v=vs.85).aspx
+  # BOOL WINAPI GetTokenInformation(
+  #   _In_       HANDLE TokenHandle,
+  #   _In_       TOKEN_INFORMATION_CLASS TokenInformationClass,
+  #   _Out_opt_  LPVOID TokenInformation,
+  #   _In_       DWORD TokenInformationLength,
+  #   _Out_      PDWORD ReturnLength
+  # );
+  ffi_lib :advapi32
+  attach_function_private :GetTokenInformation,
+                          [:handle, TOKEN_INFORMATION_CLASS, :lpvoid, :dword, :pdword ], :win32_bool
+  # https://msdn.microsoft.com/en-us/library/windows/hardware/ff563620(v=vs.85).aspx
+  # typedef struct _OSVERSIONINFOEXW {
+  #   ULONG  dwOSVersionInfoSize;
+  #   ULONG  dwMajorVersion;
+  #   ULONG  dwMinorVersion;
+  #   ULONG  dwBuildNumber;
+  #   ULONG  dwPlatformId;
+  #   WCHAR  szCSDVersion[128];
+  #   USHORT wServicePackMajor;
+  #   USHORT wServicePackMinor;
+  #   USHORT wSuiteMask;
+  #   UCHAR  wProductType;
+  #   UCHAR  wReserved;
+  # } RTL_OSVERSIONINFOEXW, *PRTL_OSVERSIONINFOEXW;
+  class OSVERSIONINFOEX < FFI::Struct
+    layout(
+      :dwOSVersionInfoSize, :win32_ulong,
+      :dwMajorVersion, :win32_ulong,
+      :dwMinorVersion, :win32_ulong,
+      :dwBuildNumber, :win32_ulong,
+      :dwPlatformId, :win32_ulong,
+      :szCSDVersion, [:wchar, 128],
+      :wServicePackMajor, :ushort,
+      :wServicePackMinor, :ushort,
+      :wSuiteMask, :ushort,
+      :wProductType, :uchar,
+      :wReserved, :uchar,
+    )
+  end
+  # NTSTATUS -> :int32 (defined in winerror.h / ntstatus.h)
+  # https://msdn.microsoft.com/en-us/library/windows/hardware/ff561910(v=vs.85).aspx
+  # NTSTATUS RtlGetVersion(
+  #   _Out_ PRTL_OSVERSIONINFOW lpVersionInformation
+  # );
+  ffi_lib [FFI::CURRENT_PROCESS, :ntdll]
+  attach_function :RtlGetVersion, [:pointer], :int32
+  # C++ int is a signed 32-bit integer
+  # int WINAPI GetSystemMetrics(
+  #   _In_ int nIndex
+  # );
+  ffi_lib :user32
+  attach_function :GetSystemMetrics, [:int32], :int32
+end

data/lib/facter/util/windows/user.rb ADDED

@@ -0,0 +1,180 @@
+require 'facter/util/windows'
+require 'ffi'
+module Facter::Util::Windows::User
+  extend FFI::Library
+  def admin?
+    elevated_supported = Facter::Util::Windows::Process.supports_elevated_security?
+    # if Vista or later, check for unrestricted process token
+    return Facter::Util::Windows::Process.elevated_security? if elevated_supported
+    # otherwise 2003 or less
+    check_token_membership
+  end
+  module_function :admin?
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/ee207397(v=vs.85).aspx
+  SECURITY_MAX_SID_SIZE = 68
+  def check_token_membership
+    is_admin = false
+    FFI::MemoryPointer.new(:byte, SECURITY_MAX_SID_SIZE) do |sid_pointer|
+      FFI::MemoryPointer.new(:dword, 1) do |size_pointer|
+        size_pointer.write_uint32(SECURITY_MAX_SID_SIZE)
+        if CreateWellKnownSid(:WinBuiltinAdministratorsSid, FFI::Pointer::NULL, sid_pointer, size_pointer) == FFI::WIN32_FALSE
+          raise Facter::Util::Windows::Error.new("Failed to create administrators SID")
+        end
+      end
+      if IsValidSid(sid_pointer) == FFI::WIN32_FALSE
+        raise RuntimeError,"Invalid SID"
+      end
+      FFI::MemoryPointer.new(:win32_bool, 1) do |ismember_pointer|
+        if CheckTokenMembership(FFI::Pointer::NULL_HANDLE, sid_pointer, ismember_pointer) == FFI::WIN32_FALSE
+          raise Facter::Util::Windows::Error.new("Failed to check membership")
+        end
+        # Is administrators SID enabled in calling thread's access token?
+        is_admin = ismember_pointer.read_win32_bool
+      end
+    end
+    is_admin
+  end
+  module_function :check_token_membership
+  ffi_convention :stdcall
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa376389(v=vs.85).aspx
+  # BOOL WINAPI CheckTokenMembership(
+  #   _In_opt_  HANDLE TokenHandle,
+  #   _In_      PSID SidToCheck,
+  #   _Out_     PBOOL IsMember
+  # );
+  ffi_lib :advapi32
+  attach_function_private :CheckTokenMembership,
+                          [:handle, :pointer, :pbool], :win32_bool
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379650(v=vs.85).aspx
+  WELL_KNOWN_SID_TYPE = enum(
+      :WinNullSid                                   , 0,
+      :WinWorldSid                                  , 1,
+      :WinLocalSid                                  , 2,
+      :WinCreatorOwnerSid                           , 3,
+      :WinCreatorGroupSid                           , 4,
+      :WinCreatorOwnerServerSid                     , 5,
+      :WinCreatorGroupServerSid                     , 6,
+      :WinNtAuthoritySid                            , 7,
+      :WinDialupSid                                 , 8,
+      :WinNetworkSid                                , 9,
+      :WinBatchSid                                  , 10,
+      :WinInteractiveSid                            , 11,
+      :WinServiceSid                                , 12,
+      :WinAnonymousSid                              , 13,
+      :WinProxySid                                  , 14,
+      :WinEnterpriseControllersSid                  , 15,
+      :WinSelfSid                                   , 16,
+      :WinAuthenticatedUserSid                      , 17,
+      :WinRestrictedCodeSid                         , 18,
+      :WinTerminalServerSid                         , 19,
+      :WinRemoteLogonIdSid                          , 20,
+      :WinLogonIdsSid                               , 21,
+      :WinLocalSystemSid                            , 22,
+      :WinLocalServiceSid                           , 23,
+      :WinNetworkServiceSid                         , 24,
+      :WinBuiltinDomainSid                          , 25,
+      :WinBuiltinAdministratorsSid                  , 26,
+      :WinBuiltinUsersSid                           , 27,
+      :WinBuiltinGuestsSid                          , 28,
+      :WinBuiltinPowerUsersSid                      , 29,
+      :WinBuiltinAccountOperatorsSid                , 30,
+      :WinBuiltinSystemOperatorsSid                 , 31,
+      :WinBuiltinPrintOperatorsSid                  , 32,
+      :WinBuiltinBackupOperatorsSid                 , 33,
+      :WinBuiltinReplicatorSid                      , 34,
+      :WinBuiltinPreWindows2000CompatibleAccessSid  , 35,
+      :WinBuiltinRemoteDesktopUsersSid              , 36,
+      :WinBuiltinNetworkConfigurationOperatorsSid   , 37,
+      :WinAccountAdministratorSid                   , 38,
+      :WinAccountGuestSid                           , 39,
+      :WinAccountKrbtgtSid                          , 40,
+      :WinAccountDomainAdminsSid                    , 41,
+      :WinAccountDomainUsersSid                     , 42,
+      :WinAccountDomainGuestsSid                    , 43,
+      :WinAccountComputersSid                       , 44,
+      :WinAccountControllersSid                     , 45,
+      :WinAccountCertAdminsSid                      , 46,
+      :WinAccountSchemaAdminsSid                    , 47,
+      :WinAccountEnterpriseAdminsSid                , 48,
+      :WinAccountPolicyAdminsSid                    , 49,
+      :WinAccountRasAndIasServersSid                , 50,
+      :WinNTLMAuthenticationSid                     , 51,
+      :WinDigestAuthenticationSid                   , 52,
+      :WinSChannelAuthenticationSid                 , 53,
+      :WinThisOrganizationSid                       , 54,
+      :WinOtherOrganizationSid                      , 55,
+      :WinBuiltinIncomingForestTrustBuildersSid     , 56,
+      :WinBuiltinPerfMonitoringUsersSid             , 57,
+      :WinBuiltinPerfLoggingUsersSid                , 58,
+      :WinBuiltinAuthorizationAccessSid             , 59,
+      :WinBuiltinTerminalServerLicenseServersSid    , 60,
+      :WinBuiltinDCOMUsersSid                       , 61,
+      :WinBuiltinIUsersSid                          , 62,
+      :WinIUserSid                                  , 63,
+      :WinBuiltinCryptoOperatorsSid                 , 64,
+      :WinUntrustedLabelSid                         , 65,
+      :WinLowLabelSid                               , 66,
+      :WinMediumLabelSid                            , 67,
+      :WinHighLabelSid                              , 68,
+      :WinSystemLabelSid                            , 69,
+      :WinWriteRestrictedCodeSid                    , 70,
+      :WinCreatorOwnerRightsSid                     , 71,
+      :WinCacheablePrincipalsGroupSid               , 72,
+      :WinNonCacheablePrincipalsGroupSid            , 73,
+      :WinEnterpriseReadonlyControllersSid          , 74,
+      :WinAccountReadonlyControllersSid             , 75,
+      :WinBuiltinEventLogReadersGroup               , 76,
+      :WinNewEnterpriseReadonlyControllersSid       , 77,
+      :WinBuiltinCertSvcDComAccessGroup             , 78,
+      :WinMediumPlusLabelSid                        , 79,
+      :WinLocalLogonSid                             , 80,
+      :WinConsoleLogonSid                           , 81,
+      :WinThisOrganizationCertificateSid            , 82,
+      :WinApplicationPackageAuthoritySid            , 83,
+      :WinBuiltinAnyPackageSid                      , 84,
+      :WinCapabilityInternetClientSid               , 85,
+      :WinCapabilityInternetClientServerSid         , 86,
+      :WinCapabilityPrivateNetworkClientServerSid   , 87,
+      :WinCapabilityPicturesLibrarySid              , 88,
+      :WinCapabilityVideosLibrarySid                , 89,
+      :WinCapabilityMusicLibrarySid                 , 90,
+      :WinCapabilityDocumentsLibrarySid             , 91,
+      :WinCapabilitySharedUserCertificatesSid       , 92,
+      :WinCapabilityEnterpriseAuthenticationSid     , 93,
+      :WinCapabilityRemovableStorageSid             , 94
+  )
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa446585(v=vs.85).aspx
+  # BOOL WINAPI CreateWellKnownSid(
+  #   _In_       WELL_KNOWN_SID_TYPE WellKnownSidType,
+  #   _In_opt_   PSID DomainSid,
+  #   _Out_opt_  PSID pSid,
+  #   _Inout_    DWORD *cbSid
+  # );
+  ffi_lib :advapi32
+  attach_function_private :CreateWellKnownSid,
+                          [WELL_KNOWN_SID_TYPE, :pointer, :pointer, :lpdword], :win32_bool
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379151(v=vs.85).aspx
+  # BOOL WINAPI IsValidSid(
+  #   _In_  PSID pSid
+  # );
+  ffi_lib :advapi32
+  attach_function_private :IsValidSid,
+                          [:pointer], :win32_bool
+end