RubyGems - facter - Versions diffs - 2.4.6-x64-mingw32 → 2.5.0-x64-mingw32 - Mend

facter 2.4.6-x64-mingw32 → 2.5.0-x64-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

checksums.yaml +7 -0
data/Gemfile +8 -8
data/ext/build_defaults.yaml +1 -1
data/ext/project_data.yaml +1 -6
data/lib/facter/ec2.rb +8 -1
data/lib/facter/ec2/rest.rb +3 -5
data/lib/facter/gce/metadata.rb +1 -1
data/lib/facter/kernelrelease.rb +2 -7
data/lib/facter/operatingsystem/linux.rb +15 -10
data/lib/facter/operatingsystem/windows.rb +22 -23
data/lib/facter/util/config.rb +3 -3
data/lib/facter/util/ec2.rb +2 -2
data/lib/facter/util/ip.rb +4 -4
data/lib/facter/util/memory.rb +1 -1
data/lib/facter/util/windows.rb +10 -0
data/lib/facter/util/windows/api_types.rb +143 -0
data/lib/facter/util/windows/dir.rb +41 -0
data/lib/facter/util/windows/error.rb +85 -0
data/lib/facter/util/windows/process.rb +285 -0
data/lib/facter/util/windows/user.rb +180 -0
data/lib/facter/util/windows_root.rb +2 -2
data/lib/facter/util/wmi.rb +35 -2
data/lib/facter/version.rb +1 -1
data/lib/facter/virtual.rb +2 -0
data/spec/fixtures/unit/interfaces/ifconfig_net_tools_1.60_v6.txt +9 -0
data/spec/integration/util/windows/user_spec.rb +59 -0
data/spec/spec_helper.rb +0 -7
data/spec/unit/ec2/rest_spec.rb +14 -8
data/spec/unit/interfaces_spec.rb +10 -0
data/spec/unit/ipaddress6_spec.rb +1 -0
data/spec/unit/kernelrelease_spec.rb +1 -4
data/spec/unit/memory_spec.rb +1 -1
data/spec/unit/operatingsystem/windows_spec.rb +47 -40
data/spec/unit/util/ec2_spec.rb +3 -3
metadata +670 -696

data/lib/facter/util/windows/dir.rb ADDED

@@ -0,0 +1,41 @@
+require 'facter/util/windows'
+require 'ffi'
+module Facter::Util::Windows::Dir
+  extend FFI::Library
+  COMMON_APPDATA = 0x0023
+  S_OK           = 0x0
+  MAX_PATH       = 260;
+  def get_common_appdata
+    common_appdata = ''
+    # this pointer actually points to a :lpwstr (pointer) since we're letting Windows allocate for us
+    FFI::MemoryPointer.new(:pointer, ((MAX_PATH + 1) * 2)) do |buffer_ptr|
+      # hwndOwner, nFolder, hToken, dwFlags, pszPath
+      if SHGetFolderPathW(0, COMMON_APPDATA, 0, 0, buffer_ptr) != S_OK
+        raise Facter::Util::Windows::Error.new("Could not find COMMON_APPDATA path")
+      end
+      common_appdata = buffer_ptr.read_arbitrary_wide_string_up_to(MAX_PATH + 1)
+    end
+    common_appdata
+  end
+  module_function :get_common_appdata
+  ffi_convention :stdcall
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/bb762181(v=vs.85).aspx
+  # HRESULT SHGetFolderPath(
+  #   _In_  HWND   hwndOwner,
+  #   _In_  int    nFolder,
+  #   _In_  HANDLE hToken,
+  #   _In_  DWORD  dwFlags,
+  #   _Out_ LPTSTR pszPath
+  # );
+  ffi_lib :shell32
+  attach_function_private :SHGetFolderPathW,
+    [:handle, :int32, :handle, :dword, :lpwstr], :hresult
+end

data/lib/facter/util/windows/error.rb ADDED

@@ -0,0 +1,85 @@
+require 'facter/util/windows'
+# represents an error resulting from a Win32 error code
+class Facter::Util::Windows::Error < RuntimeError
+  require 'ffi'
+  extend FFI::Library
+  attr_reader :code
+  attr_reader :original
+  # NOTE: FFI.errno only works properly when prior Win32 calls have been made
+  # through FFI bindings.  Calls made through Win32API do not have their error
+  # codes captured by FFI.errno
+  def initialize(message, code = FFI.errno, original = nil)
+    @original = original
+    super(message + ":  #{self.class.format_error_code(code)}")
+    @code = code
+  end
+  # Helper method that wraps FormatMessage that returns a human readable string.
+  def self.format_error_code(code)
+    # specifying 0 will look for LANGID in the following order
+    # 1.Language neutral
+    # 2.Thread LANGID, based on the thread's locale value
+    # 3.User default LANGID, based on the user's default locale value
+    # 4.System default LANGID, based on the system default locale value
+    # 5.US English
+    dwLanguageId = 0
+    flags = FORMAT_MESSAGE_ALLOCATE_BUFFER |
+        FORMAT_MESSAGE_FROM_SYSTEM |
+        FORMAT_MESSAGE_ARGUMENT_ARRAY |
+        FORMAT_MESSAGE_IGNORE_INSERTS |
+        FORMAT_MESSAGE_MAX_WIDTH_MASK
+    error_string = ''
+    # this pointer actually points to a :lpwstr (pointer) since we're letting Windows allocate for us
+    FFI::MemoryPointer.new(:pointer, 1) do |buffer_ptr|
+      length = FormatMessageW(flags, FFI::Pointer::NULL, code, dwLanguageId,
+                              buffer_ptr, 0, FFI::Pointer::NULL)
+      if length == FFI::WIN32_FALSE
+        # can't raise same error type here or potentially recurse infinitely
+        raise Facter::Error.new("FormatMessageW could not format code #{code}")
+      end
+      # returns an FFI::Pointer with autorelease set to false, which is what we want
+      buffer_ptr.read_win32_local_pointer do |wide_string_ptr|
+        if wide_string_ptr.null?
+          raise Facter::Error.new("FormatMessageW failed to allocate buffer for code #{code}")
+        end
+        error_string = wide_string_ptr.read_wide_string(length)
+      end
+    end
+    error_string
+  end
+  ERROR_FILE_NOT_FOUND      = 2
+  ERROR_ACCESS_DENIED       = 5
+  FORMAT_MESSAGE_ALLOCATE_BUFFER   = 0x00000100
+  FORMAT_MESSAGE_IGNORE_INSERTS    = 0x00000200
+  FORMAT_MESSAGE_FROM_SYSTEM       = 0x00001000
+  FORMAT_MESSAGE_ARGUMENT_ARRAY    = 0x00002000
+  FORMAT_MESSAGE_MAX_WIDTH_MASK    = 0x000000FF
+  ffi_convention :stdcall
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/ms679351(v=vs.85).aspx
+  # DWORD WINAPI FormatMessage(
+  #   _In_      DWORD dwFlags,
+  #   _In_opt_  LPCVOID lpSource,
+  #   _In_      DWORD dwMessageId,
+  #   _In_      DWORD dwLanguageId,
+  #   _Out_     LPTSTR lpBuffer,
+  #   _In_      DWORD nSize,
+  #   _In_opt_  va_list *Arguments
+  # );
+  # NOTE: since we're not preallocating the buffer, use a :pointer for lpBuffer
+  ffi_lib :kernel32
+  attach_function_private :FormatMessageW,
+                          [:dword, :lpcvoid, :dword, :dword, :pointer, :dword, :pointer], :dword
+end

data/lib/facter/util/windows/process.rb ADDED

@@ -0,0 +1,285 @@
+require 'facter/util/windows'
+require 'ffi'
+module Facter::Util::Windows::Process
+  extend FFI::Library
+  def get_current_process
+    # this pseudo-handle does not require closing per MSDN docs
+    GetCurrentProcess()
+  end
+  module_function :get_current_process
+  def open_process_token(handle, desired_access, &block)
+    token_handle = nil
+    begin
+      FFI::MemoryPointer.new(:handle, 1) do |token_handle_ptr|
+        result = OpenProcessToken(handle, desired_access, token_handle_ptr)
+        if result == FFI::WIN32_FALSE
+          raise Facter::Util::Windows::Error.new(
+              "OpenProcessToken(#{handle}, #{desired_access.to_s(8)}, #{token_handle_ptr})")
+        end
+        yield token_handle = token_handle_ptr.read_handle
+      end
+      token_handle
+    ensure
+      FFI::WIN32.CloseHandle(token_handle) if token_handle
+    end
+    # token_handle has had CloseHandle called against it, so nothing to return
+    nil
+  end
+  module_function :open_process_token
+  def get_token_information(token_handle, token_information, &block)
+    # to determine buffer size
+    FFI::MemoryPointer.new(:dword, 1) do |return_length_ptr|
+      result = GetTokenInformation(token_handle, token_information, nil, 0, return_length_ptr)
+      return_length = return_length_ptr.read_dword
+      if return_length <= 0
+        raise Facter::Util::Windows::Error.new(
+            "GetTokenInformation(#{token_handle}, #{token_information}, nil, 0, #{return_length_ptr})")
+      end
+      # re-call API with properly sized buffer for all results
+      FFI::MemoryPointer.new(return_length) do |token_information_buf|
+        result = GetTokenInformation(token_handle, token_information,
+                                     token_information_buf, return_length, return_length_ptr)
+        if result == FFI::WIN32_FALSE
+          raise Facter::Util::Windows::Error.new(
+              "GetTokenInformation(#{token_handle}, #{token_information}, #{token_information_buf}, " +
+                  "#{return_length}, #{return_length_ptr})")
+        end
+        yield token_information_buf
+      end
+    end
+    # GetTokenInformation buffer has been cleaned up by this point, nothing to return
+    nil
+  end
+  module_function :get_token_information
+  def parse_token_information_as_token_elevation(token_information_buf)
+    TOKEN_ELEVATION.new(token_information_buf)
+  end
+  module_function :parse_token_information_as_token_elevation
+  TOKEN_QUERY = 0x0008
+  # Returns whether or not the owner of the current process is running
+  # with elevated security privileges.
+  #
+  # Only supported on Windows Vista or later.
+  #
+  def elevated_security?
+    # default / pre-Vista
+    elevated = false
+    handle = nil
+    begin
+      handle = get_current_process
+      open_process_token(handle, TOKEN_QUERY) do |token_handle|
+        get_token_information(token_handle, :TokenElevation) do |token_info|
+          token_elevation = parse_token_information_as_token_elevation(token_info)
+          # TokenIsElevated member of the TOKEN_ELEVATION struct
+          elevated = token_elevation[:TokenIsElevated] != 0
+        end
+      end
+      elevated
+    rescue Facter::Util::Windows::Error => e
+      raise e if e.code != ERROR_NO_SUCH_PRIVILEGE
+    ensure
+      FFI::WIN32.CloseHandle(handle) if handle
+    end
+  end
+  module_function :elevated_security?
+  STATUS_SUCCESS = 0
+  def os_version(&block)
+    FFI::MemoryPointer.new(OSVERSIONINFOEX.size) do |ver_ptr|
+      ver = OSVERSIONINFOEX.new(ver_ptr)
+      ver[:dwOSVersionInfoSize] = OSVERSIONINFOEX.size
+      result = RtlGetVersion(ver_ptr)
+      if result != STATUS_SUCCESS
+        raise RuntimeError, 'Calling Windows RtlGetVersion failed'
+      end
+      yield ver
+    end
+    # ver_ptr has already had free called, so nothing to return
+    nil
+  end
+  module_function :os_version
+  def windows_major_version
+    ver = 0
+    self.os_version do |version|
+      ver = version[:dwMajorVersion]
+    end
+    ver
+  end
+  module_function :windows_major_version
+  def os_version_string
+    ver = ''
+    self.os_version do |version|
+      ver = "#{version[:dwMajorVersion]}.#{version[:dwMinorVersion]}.#{version[:dwBuildNumber]}"
+    end
+    ver
+  end
+  module_function :os_version_string
+  SM_SERVERR2 = 89
+  def is_2003_r2?
+    # Peculiar API from user32 - the docs for SM_SERVER2 indicate
+    # The build number if the system is Windows Server 2003 R2; otherwise, 0.
+    GetSystemMetrics(SM_SERVERR2) != 0
+  end
+  module_function :is_2003_r2?
+  def supports_elevated_security?
+    windows_major_version >= 6
+  end
+  module_function :supports_elevated_security?
+  ffi_convention :stdcall
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/ms683179(v=vs.85).aspx
+  # HANDLE WINAPI GetCurrentProcess(void);
+  ffi_lib :kernel32
+  attach_function_private :GetCurrentProcess, [], :handle
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379295(v=vs.85).aspx
+  # BOOL WINAPI OpenProcessToken(
+  #   _In_   HANDLE ProcessHandle,
+  #   _In_   DWORD DesiredAccess,
+  #   _Out_  PHANDLE TokenHandle
+  # );
+  ffi_lib :advapi32
+  attach_function_private :OpenProcessToken,
+                          [:handle, :dword, :phandle], :win32_bool
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379626(v=vs.85).aspx
+  TOKEN_INFORMATION_CLASS = enum(
+      :TokenUser, 1,
+      :TokenGroups,
+      :TokenPrivileges,
+      :TokenOwner,
+      :TokenPrimaryGroup,
+      :TokenDefaultDacl,
+      :TokenSource,
+      :TokenType,
+      :TokenImpersonationLevel,
+      :TokenStatistics,
+      :TokenRestrictedSids,
+      :TokenSessionId,
+      :TokenGroupsAndPrivileges,
+      :TokenSessionReference,
+      :TokenSandBoxInert,
+      :TokenAuditPolicy,
+      :TokenOrigin,
+      :TokenElevationType,
+      :TokenLinkedToken,
+      :TokenElevation,
+      :TokenHasRestrictions,
+      :TokenAccessInformation,
+      :TokenVirtualizationAllowed,
+      :TokenVirtualizationEnabled,
+      :TokenIntegrityLevel,
+      :TokenUIAccess,
+      :TokenMandatoryPolicy,
+      :TokenLogonSid,
+      :TokenIsAppContainer,
+      :TokenCapabilities,
+      :TokenAppContainerSid,
+      :TokenAppContainerNumber,
+      :TokenUserClaimAttributes,
+      :TokenDeviceClaimAttributes,
+      :TokenRestrictedUserClaimAttributes,
+      :TokenRestrictedDeviceClaimAttributes,
+      :TokenDeviceGroups,
+      :TokenRestrictedDeviceGroups,
+      :TokenSecurityAttributes,
+      :TokenIsRestricted,
+      :MaxTokenInfoClass
+  )
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/bb530717(v=vs.85).aspx
+  # typedef struct _TOKEN_ELEVATION {
+  #   DWORD TokenIsElevated;
+  # } TOKEN_ELEVATION, *PTOKEN_ELEVATION;
+  class TOKEN_ELEVATION < FFI::Struct
+    layout :TokenIsElevated, :dword
+  end
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa446671(v=vs.85).aspx
+  # BOOL WINAPI GetTokenInformation(
+  #   _In_       HANDLE TokenHandle,
+  #   _In_       TOKEN_INFORMATION_CLASS TokenInformationClass,
+  #   _Out_opt_  LPVOID TokenInformation,
+  #   _In_       DWORD TokenInformationLength,
+  #   _Out_      PDWORD ReturnLength
+  # );
+  ffi_lib :advapi32
+  attach_function_private :GetTokenInformation,
+                          [:handle, TOKEN_INFORMATION_CLASS, :lpvoid, :dword, :pdword ], :win32_bool
+  # https://msdn.microsoft.com/en-us/library/windows/hardware/ff563620(v=vs.85).aspx
+  # typedef struct _OSVERSIONINFOEXW {
+  #   ULONG  dwOSVersionInfoSize;
+  #   ULONG  dwMajorVersion;
+  #   ULONG  dwMinorVersion;
+  #   ULONG  dwBuildNumber;
+  #   ULONG  dwPlatformId;
+  #   WCHAR  szCSDVersion[128];
+  #   USHORT wServicePackMajor;
+  #   USHORT wServicePackMinor;
+  #   USHORT wSuiteMask;
+  #   UCHAR  wProductType;
+  #   UCHAR  wReserved;
+  # } RTL_OSVERSIONINFOEXW, *PRTL_OSVERSIONINFOEXW;
+  class OSVERSIONINFOEX < FFI::Struct
+    layout(
+      :dwOSVersionInfoSize, :win32_ulong,
+      :dwMajorVersion, :win32_ulong,
+      :dwMinorVersion, :win32_ulong,
+      :dwBuildNumber, :win32_ulong,
+      :dwPlatformId, :win32_ulong,
+      :szCSDVersion, [:wchar, 128],
+      :wServicePackMajor, :ushort,
+      :wServicePackMinor, :ushort,
+      :wSuiteMask, :ushort,
+      :wProductType, :uchar,
+      :wReserved, :uchar,
+    )
+  end
+  # NTSTATUS -> :int32 (defined in winerror.h / ntstatus.h)
+  # https://msdn.microsoft.com/en-us/library/windows/hardware/ff561910(v=vs.85).aspx
+  # NTSTATUS RtlGetVersion(
+  #   _Out_ PRTL_OSVERSIONINFOW lpVersionInformation
+  # );
+  ffi_lib [FFI::CURRENT_PROCESS, :ntdll]
+  attach_function :RtlGetVersion, [:pointer], :int32
+  # C++ int is a signed 32-bit integer
+  # int WINAPI GetSystemMetrics(
+  #   _In_ int nIndex
+  # );
+  ffi_lib :user32
+  attach_function :GetSystemMetrics, [:int32], :int32
+end

data/lib/facter/util/windows/user.rb ADDED

@@ -0,0 +1,180 @@
+require 'facter/util/windows'
+require 'ffi'
+module Facter::Util::Windows::User
+  extend FFI::Library
+  def admin?
+    elevated_supported = Facter::Util::Windows::Process.supports_elevated_security?
+    # if Vista or later, check for unrestricted process token
+    return Facter::Util::Windows::Process.elevated_security? if elevated_supported
+    # otherwise 2003 or less
+    check_token_membership
+  end
+  module_function :admin?
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/ee207397(v=vs.85).aspx
+  SECURITY_MAX_SID_SIZE = 68
+  def check_token_membership
+    is_admin = false
+    FFI::MemoryPointer.new(:byte, SECURITY_MAX_SID_SIZE) do |sid_pointer|
+      FFI::MemoryPointer.new(:dword, 1) do |size_pointer|
+        size_pointer.write_uint32(SECURITY_MAX_SID_SIZE)
+        if CreateWellKnownSid(:WinBuiltinAdministratorsSid, FFI::Pointer::NULL, sid_pointer, size_pointer) == FFI::WIN32_FALSE
+          raise Facter::Util::Windows::Error.new("Failed to create administrators SID")
+        end
+      end
+      if IsValidSid(sid_pointer) == FFI::WIN32_FALSE
+        raise RuntimeError,"Invalid SID"
+      end
+      FFI::MemoryPointer.new(:win32_bool, 1) do |ismember_pointer|
+        if CheckTokenMembership(FFI::Pointer::NULL_HANDLE, sid_pointer, ismember_pointer) == FFI::WIN32_FALSE
+          raise Facter::Util::Windows::Error.new("Failed to check membership")
+        end
+        # Is administrators SID enabled in calling thread's access token?
+        is_admin = ismember_pointer.read_win32_bool
+      end
+    end
+    is_admin
+  end
+  module_function :check_token_membership
+  ffi_convention :stdcall
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa376389(v=vs.85).aspx
+  # BOOL WINAPI CheckTokenMembership(
+  #   _In_opt_  HANDLE TokenHandle,
+  #   _In_      PSID SidToCheck,
+  #   _Out_     PBOOL IsMember
+  # );
+  ffi_lib :advapi32
+  attach_function_private :CheckTokenMembership,
+                          [:handle, :pointer, :pbool], :win32_bool
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379650(v=vs.85).aspx
+  WELL_KNOWN_SID_TYPE = enum(
+      :WinNullSid                                   , 0,
+      :WinWorldSid                                  , 1,
+      :WinLocalSid                                  , 2,
+      :WinCreatorOwnerSid                           , 3,
+      :WinCreatorGroupSid                           , 4,
+      :WinCreatorOwnerServerSid                     , 5,
+      :WinCreatorGroupServerSid                     , 6,
+      :WinNtAuthoritySid                            , 7,
+      :WinDialupSid                                 , 8,
+      :WinNetworkSid                                , 9,
+      :WinBatchSid                                  , 10,
+      :WinInteractiveSid                            , 11,
+      :WinServiceSid                                , 12,
+      :WinAnonymousSid                              , 13,
+      :WinProxySid                                  , 14,
+      :WinEnterpriseControllersSid                  , 15,
+      :WinSelfSid                                   , 16,
+      :WinAuthenticatedUserSid                      , 17,
+      :WinRestrictedCodeSid                         , 18,
+      :WinTerminalServerSid                         , 19,
+      :WinRemoteLogonIdSid                          , 20,
+      :WinLogonIdsSid                               , 21,
+      :WinLocalSystemSid                            , 22,
+      :WinLocalServiceSid                           , 23,
+      :WinNetworkServiceSid                         , 24,
+      :WinBuiltinDomainSid                          , 25,
+      :WinBuiltinAdministratorsSid                  , 26,
+      :WinBuiltinUsersSid                           , 27,
+      :WinBuiltinGuestsSid                          , 28,
+      :WinBuiltinPowerUsersSid                      , 29,
+      :WinBuiltinAccountOperatorsSid                , 30,
+      :WinBuiltinSystemOperatorsSid                 , 31,
+      :WinBuiltinPrintOperatorsSid                  , 32,
+      :WinBuiltinBackupOperatorsSid                 , 33,
+      :WinBuiltinReplicatorSid                      , 34,
+      :WinBuiltinPreWindows2000CompatibleAccessSid  , 35,
+      :WinBuiltinRemoteDesktopUsersSid              , 36,
+      :WinBuiltinNetworkConfigurationOperatorsSid   , 37,
+      :WinAccountAdministratorSid                   , 38,
+      :WinAccountGuestSid                           , 39,
+      :WinAccountKrbtgtSid                          , 40,
+      :WinAccountDomainAdminsSid                    , 41,
+      :WinAccountDomainUsersSid                     , 42,
+      :WinAccountDomainGuestsSid                    , 43,
+      :WinAccountComputersSid                       , 44,
+      :WinAccountControllersSid                     , 45,
+      :WinAccountCertAdminsSid                      , 46,
+      :WinAccountSchemaAdminsSid                    , 47,
+      :WinAccountEnterpriseAdminsSid                , 48,
+      :WinAccountPolicyAdminsSid                    , 49,
+      :WinAccountRasAndIasServersSid                , 50,
+      :WinNTLMAuthenticationSid                     , 51,
+      :WinDigestAuthenticationSid                   , 52,
+      :WinSChannelAuthenticationSid                 , 53,
+      :WinThisOrganizationSid                       , 54,
+      :WinOtherOrganizationSid                      , 55,
+      :WinBuiltinIncomingForestTrustBuildersSid     , 56,
+      :WinBuiltinPerfMonitoringUsersSid             , 57,
+      :WinBuiltinPerfLoggingUsersSid                , 58,
+      :WinBuiltinAuthorizationAccessSid             , 59,
+      :WinBuiltinTerminalServerLicenseServersSid    , 60,
+      :WinBuiltinDCOMUsersSid                       , 61,
+      :WinBuiltinIUsersSid                          , 62,
+      :WinIUserSid                                  , 63,
+      :WinBuiltinCryptoOperatorsSid                 , 64,
+      :WinUntrustedLabelSid                         , 65,
+      :WinLowLabelSid                               , 66,
+      :WinMediumLabelSid                            , 67,
+      :WinHighLabelSid                              , 68,
+      :WinSystemLabelSid                            , 69,
+      :WinWriteRestrictedCodeSid                    , 70,
+      :WinCreatorOwnerRightsSid                     , 71,
+      :WinCacheablePrincipalsGroupSid               , 72,
+      :WinNonCacheablePrincipalsGroupSid            , 73,
+      :WinEnterpriseReadonlyControllersSid          , 74,
+      :WinAccountReadonlyControllersSid             , 75,
+      :WinBuiltinEventLogReadersGroup               , 76,
+      :WinNewEnterpriseReadonlyControllersSid       , 77,
+      :WinBuiltinCertSvcDComAccessGroup             , 78,
+      :WinMediumPlusLabelSid                        , 79,
+      :WinLocalLogonSid                             , 80,
+      :WinConsoleLogonSid                           , 81,
+      :WinThisOrganizationCertificateSid            , 82,
+      :WinApplicationPackageAuthoritySid            , 83,
+      :WinBuiltinAnyPackageSid                      , 84,
+      :WinCapabilityInternetClientSid               , 85,
+      :WinCapabilityInternetClientServerSid         , 86,
+      :WinCapabilityPrivateNetworkClientServerSid   , 87,
+      :WinCapabilityPicturesLibrarySid              , 88,
+      :WinCapabilityVideosLibrarySid                , 89,
+      :WinCapabilityMusicLibrarySid                 , 90,
+      :WinCapabilityDocumentsLibrarySid             , 91,
+      :WinCapabilitySharedUserCertificatesSid       , 92,
+      :WinCapabilityEnterpriseAuthenticationSid     , 93,
+      :WinCapabilityRemovableStorageSid             , 94
+  )
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa446585(v=vs.85).aspx
+  # BOOL WINAPI CreateWellKnownSid(
+  #   _In_       WELL_KNOWN_SID_TYPE WellKnownSidType,
+  #   _In_opt_   PSID DomainSid,
+  #   _Out_opt_  PSID pSid,
+  #   _Inout_    DWORD *cbSid
+  # );
+  ffi_lib :advapi32
+  attach_function_private :CreateWellKnownSid,
+                          [WELL_KNOWN_SID_TYPE, :pointer, :pointer, :lpdword], :win32_bool
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379151(v=vs.85).aspx
+  # BOOL WINAPI IsValidSid(
+  #   _In_  PSID pSid
+  # );
+  ffi_lib :advapi32
+  attach_function_private :IsValidSid,
+                          [:pointer], :win32_bool
+end