win32-file-security 1.0.0 → 1.0.1

data/CHANGES

@@ -1,2 +1,8 @@
+= 1.0.1 - 1-Jan-2013
+* Added a working implementation of File.owned?
+* Added a working implementation of File.chown.
+* Added the File.owner method.
+* Made the FFI functions private.
+
 = 1.0.0 - 19-Dec-2012
 * Initial release as an independent library.

data/README

@@ -13,6 +13,8 @@
   require 'win32/file/security
 
   p File.get_permissions('file.txt')
+  p File.owner('file.txt')
+  p File.owned?('file.txt')
 
 == Notes
   If you have the win32-file gem already installed then you do not need this
@@ -33,7 +35,7 @@
   Artistic 2.0
 
 == Copyright
-  (C) 2003-2012, Daniel J. Berger, All Rights Reserved
+  (C) 2003-2013, Daniel J. Berger, All Rights Reserved
 
 == Warranty
   This package is provided "as is" and without any express or

data/Rakefile

@@ -25,6 +25,13 @@ namespace 'test' do
     t.verbose = true
   end
 
+  Rake::TestTask.new('constants') do |t|
+    task :test => :clean
+    t.warning = true
+    t.verbose = true
+    t.test_files = FileList['test/test_win32_file_security_constants']
+  end
+
   Rake::TestTask.new('encryption') do |t|
     task :test => :clean
     t.warning = true
@@ -32,6 +39,20 @@ namespace 'test' do
     t.test_files = FileList['test/test_win32_file_security_encryption']
   end
 
+  Rake::TestTask.new('ffi') do |t|
+    task :test => :clean
+    t.warning = true
+    t.verbose = true
+    t.test_files = FileList['test/test_win32_file_security_ffi']
+  end
+
+  Rake::TestTask.new('ownership') do |t|
+    task :test => :clean
+    t.warning = true
+    t.verbose = true
+    t.test_files = FileList['test/test_win32_file_security_ownership']
+  end
+
   Rake::TestTask.new('permissions') do |t|
     task :test => :clean
     t.warning = true

data/lib/win32/file/{windows → security}/constants.rb

@@ -1,18 +1,33 @@
 module Windows
   module File
     module Constants
-      SE_DACL_PRESENT           = 4
-      DACL_SECURITY_INFORMATION = 4
-      ACCESS_ALLOWED_ACE_TYPE   = 0
-      ERROR_INSUFFICIENT_BUFFER = 122
-      ACL_REVISION2             = 2
-      ALLOW_ACE_LENGTH          = 62
-      OBJECT_INHERIT_ACE        = 0x1
-      CONTAINER_INHERIT_ACE     = 0x2
-      INHERIT_ONLY_ACE          = 0x8
-      MAXDWORD                  = 0xFFFFFFFF
+      SE_DACL_PRESENT            = 4
+      OWNER_SECURITY_INFORMATION = 1
+      DACL_SECURITY_INFORMATION  = 4
+      ACCESS_ALLOWED_ACE_TYPE    = 0
+      ERROR_INSUFFICIENT_BUFFER  = 122
+      ACL_REVISION2              = 2
+      ALLOW_ACE_LENGTH           = 62
+      OBJECT_INHERIT_ACE         = 0x1
+      CONTAINER_INHERIT_ACE      = 0x2
+      INHERIT_ONLY_ACE           = 0x8
+      MAXDWORD                   = 0xFFFFFFFF
+      TOKEN_QUERY                = 0x00000008
+      TOKEN_ADJUST_PRIVILEGES    = 0x0020
+      TokenUser                  = 1
+
+      SECURITY_DESCRIPTOR_REVISION   = 1
       SECURITY_DESCRIPTOR_MIN_LENGTH = 20
 
+      SE_KERNEL_OBJECT       = 6
+      SE_FILE_OBJECT         = 1
+      SE_PRIVILEGE_ENABLED   = 0x00000002
+      SE_SECURITY_NAME       = "SeSecurityPrivilege"
+      SE_TAKE_OWNERSHIP_NAME = "SeTakeOwnershipPrivilege"
+      SE_BACKUP_NAME         = "SeBackupPrivilege"
+      SE_RESTORE_NAME        = "SeRestorePrivilege"
+      SE_CHANGE_NOTIFY_NAME  = "SeChangeNotifyPrivilege"
+
       ## Security Rights
 
       SYNCHRONIZE                  = 0x100000
@@ -30,6 +45,9 @@ module Windows
       GENERIC_ALL                  = 0x10000000
       GENERIC_RIGHTS_CHK           = 0xF0000000
       REST_RIGHTS_MASK             = 0x001FFFFF
+      READ_CONTROL                 = 0x20000
+      WRITE_DAC                    = 0x40000
+      WRITE_OWNER                  = 0x80000
 
       FILE_READ_DATA               = 1
       FILE_LIST_DIRECTORY          = 1

data/lib/win32/file/security/functions.rb

@@ -0,0 +1,62 @@
+require 'ffi'
+
+module Windows
+  module File
+    module Functions
+
+      # Make FFI functions private
+      module FFI::Library
+        def attach_pfunc(*args)
+          attach_function(*args)
+          private args[0]
+        end
+      end
+
+      extend FFI::Library
+
+      # For convenience
+      typedef :pointer, :ptr
+      typedef :buffer_in, :buf_in
+      typedef :buffer_out, :buf_out
+      typedef :string, :str
+
+
+      ffi_lib :advapi32
+
+      attach_pfunc :AddAce, [:ptr, :ulong, :ulong, :ptr, :ulong], :bool
+      attach_pfunc :AdjustTokenPrivileges, [:ulong, :bool, :ptr, :ulong, :ptr, :ptr], :bool
+      attach_pfunc :CopySid, [:ulong, :ptr, :ptr], :bool
+      attach_pfunc :EncryptFileW, [:buf_in], :bool
+      attach_pfunc :DecryptFileW, [:buf_in, :ulong], :bool
+      attach_pfunc :FileEncryptionStatusW, [:buf_in, :ptr], :bool
+      attach_pfunc :GetAce, [:ptr, :ulong, :ptr], :bool
+      attach_pfunc :GetFileSecurityW, [:buf_in, :ulong, :ptr, :ulong, :ptr], :bool
+      attach_pfunc :GetLengthSid, [:ptr], :ulong
+      attach_pfunc :GetSecurityDescriptorControl, [:ptr, :ptr, :ptr], :bool
+      attach_pfunc :GetSecurityDescriptorOwner, [:ptr, :ptr, :ptr], :bool
+      attach_pfunc :GetSecurityDescriptorDacl, [:ptr, :ptr, :ptr, :ptr], :ulong
+      attach_pfunc :GetSecurityInfo, [:ulong, :ulong, :ulong, :ptr, :ptr, :ptr, :ptr, :ptr], :ulong
+      attach_pfunc :GetTokenInformation, [:ulong, :int, :ptr, :ulong, :ptr], :bool
+      attach_pfunc :InitializeAcl, [:ptr, :ulong, :ulong], :bool
+      attach_pfunc :InitializeSecurityDescriptor, [:ptr, :ulong], :bool
+      attach_pfunc :LookupAccountNameW, [:buf_in, :buf_in, :ptr, :ptr, :ptr, :ptr, :ptr], :bool
+      attach_pfunc :LookupAccountSidW, [:buf_in, :ptr, :ptr, :ptr, :ptr, :ptr, :ptr], :bool
+      attach_pfunc :LookupPrivilegeValueA, [:str, :str, :ptr], :bool
+      attach_pfunc :OpenProcessToken, [:ulong, :ulong, :ptr], :bool
+      attach_pfunc :SetFileSecurityW, [:buf_in, :ulong, :ptr], :bool
+      attach_pfunc :SetSecurityDescriptorDacl, [:ptr, :bool, :ptr, :bool], :bool
+      attach_pfunc :SetSecurityDescriptorOwner, [:ptr, :ptr, :bool], :bool
+
+      ffi_lib :kernel32
+
+      attach_pfunc :CloseHandle, [:ulong], :bool
+      attach_pfunc :GetCurrentProcess, [], :ulong
+      attach_pfunc :GetVolumeInformationW, [:buf_in, :buf_out, :ulong, :ptr, :ptr, :ptr, :buf_out, :ulong], :bool
+
+      ffi_lib :shlwapi
+
+      attach_pfunc :PathStripToRootW, [:buf_in], :bool
+      attach_pfunc :PathIsRootW, [:buf_in], :bool
+    end
+  end
+end

data/lib/win32/file/security/helper.rb

@@ -0,0 +1,7 @@
+class String
+  # Convenience method for converting strings to UTF-16LE for wide character
+  # functions that require it.
+  def wincode
+    (self.tr(File::SEPARATOR, File::ALT_SEPARATOR) + 0.chr).encode('UTF-16LE')
+  end
+end

data/lib/win32/file/{windows → security}/structs.rb

@@ -24,7 +24,7 @@ module Windows
           :Header, ACE_HEADER,
           :Mask, :ulong,
           :SidStart, :ulong,
-	  :dummy, [:uchar, 40]
+          :dummy, [:uchar, 40]
         )
       end
 
@@ -37,6 +37,21 @@ module Windows
           :Sbz2, :ushort
         )
       end
+
+      class LUID < FFI::Struct
+        layout(:LowPart, :ulong, :HighPart, :long)
+      end
+
+      class LUID_AND_ATTRIBUTES < FFI::Struct
+        layout(:Luid, LUID, :Attributes, :ulong)
+      end
+
+      class TOKEN_PRIVILEGES < FFI::Struct
+        layout(
+          :PrivilegeCount, :ulong,
+          :Privileges, [LUID_AND_ATTRIBUTES, 1]
+        )
+      end
     end
   end
 end

data/lib/win32/file/security.rb

@@ -1,6 +1,8 @@
-require File.join(File.dirname(__FILE__), 'windows', 'constants')
-require File.join(File.dirname(__FILE__), 'windows', 'structs')
-require File.join(File.dirname(__FILE__), 'windows', 'functions')
+require File.join(File.dirname(__FILE__), 'security', 'constants')
+require File.join(File.dirname(__FILE__), 'security', 'structs')
+require File.join(File.dirname(__FILE__), 'security', 'functions')
+require File.join(File.dirname(__FILE__), 'security', 'helper')
+require 'socket'
 
 class File
   include Windows::File::Constants
@@ -10,9 +12,11 @@ class File
   extend Windows::File::Functions
 
   # The version of the win32-file library
-  WIN32_FILE_SECURITY_VERSION = '1.0.0'
+  WIN32_FILE_SECURITY_VERSION = '1.0.1'
 
   class << self
+    remove_method(:owned?)
+    remove_method(:chown)
 
     # Returns the encryption status of a file as a string. Possible return
     # values are:
@@ -188,9 +192,7 @@ class File
         size_needed_ptr
       )
 
-      unless bool
-        raise SystemCallError.new("GetFileSecurity", FFI.errno)
-      end
+      raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
 
       control_ptr  = FFI::MemoryPointer.new(:ulong)
       revision_ptr = FFI::MemoryPointer.new(:ulong)
@@ -246,7 +248,7 @@ class File
 
           use_ptr = FFI::MemoryPointer.new(:pointer)
 
-          val = LookupAccountSidW(
+          bool = LookupAccountSidW(
             wide_host,
             ace_pptr.read_pointer + 8,
             name,
@@ -256,9 +258,7 @@ class File
             use_ptr
           )
 
-          if val == 0
-            raise SystemCallError.new("LookupAccountSid", FFI.errno)
-          end
+          raise SystemCallError.new("LookupAccountSid", FFI.errno) unless bool
 
           # The x2 multiplier is necessary due to wide char strings.
           name = name.read_string(name_size.read_ulong * 2).delete(0.chr)
@@ -289,7 +289,6 @@ class File
     # * FILE_DELETE_CHILD
     # * FILE_READ_ATTRIBUTES
     # * FILE_WRITE_ATTRIBUTES
-    # * STANDARD_RIGHTS_ALL
     # * FULL
     # * READ
     # * ADD
@@ -299,11 +298,11 @@ class File
     # * WRITE_DAC
     # * WRITE_OWNER
     # * SYNCHRONIZE
+    # * STANDARD_RIGHTS_ALL
     # * STANDARD_RIGHTS_REQUIRED
     # * STANDARD_RIGHTS_READ
     # * STANDARD_RIGHTS_WRITE
     # * STANDARD_RIGHTS_EXECUTE
-    # * STANDARD_RIGHTS_ALL
     # * SPECIFIC_RIGHTS_ALL
     # * ACCESS_SYSTEM_SECURITY
     # * MAXIMUM_ALLOWED
@@ -466,5 +465,267 @@ class File
 
       sec_array
     end
+
+    # Returns true if the effective user ID of the process is the same as the
+    # owner of the named file.
+    #
+    # Example:
+    #
+    #   p File.owned?('some_file.txt') # => true
+    #   p File.owned?('C:/Windows/regedit.ext') # => false
+    #--
+    # This method was redefined for MS Windows.
+    #
+    def owned?(file)
+      return_value = false
+      wide_file = file.wincode
+      size_needed_ptr = FFI::MemoryPointer.new(:ulong)
+
+      # First pass, get the size needed
+      bool = GetFileSecurityW(
+        wide_file,
+        OWNER_SECURITY_INFORMATION,
+        nil,
+        0,
+        size_needed_ptr
+      )
+
+      size_needed = size_needed_ptr.read_ulong
+
+      security_ptr = FFI::MemoryPointer.new(size_needed)
+
+      # Second pass, this time with the appropriately sized security pointer
+      bool = GetFileSecurityW(
+        wide_file,
+        OWNER_SECURITY_INFORMATION,
+        security_ptr,
+        security_ptr.size,
+        size_needed_ptr
+      )
+
+      raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
+
+      sid_ptr = FFI::MemoryPointer.new(:pointer)
+      defaulted = FFI::MemoryPointer.new(:bool)
+
+      unless GetSecurityDescriptorOwner(security_ptr, sid_ptr, defaulted)
+        raise SystemCallError.new("GetFileSecurity", FFI.errno)
+      end
+
+      sid = sid_ptr.read_pointer
+
+      token = FFI::MemoryPointer.new(:ulong)
+
+      begin
+        # Get the current process sid
+        unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
+          raise SystemCallError, FFI.errno, "OpenProcessToken"
+        end
+
+        token   = token.read_ulong
+        rlength = FFI::MemoryPointer.new(:ulong)
+        tuser   = 0.chr * 512
+
+        bool = GetTokenInformation(
+          token,
+          TokenUser,
+          tuser,
+          tuser.size,
+          rlength
+        )
+
+        unless bool
+          raise SystemCallError, FFI.errno, "GetTokenInformation"
+        end
+
+        string_sid = tuser[8, (rlength.read_ulong - 8)]
+
+        # Now compare the sid strings
+        if string_sid == sid.read_string(string_sid.size)
+          return_value = true
+        end
+      ensure
+        CloseHandle(token)
+      end
+
+      return_value
+    end
+
+    # Changes the owner of the named file(s) to the given owner (userid).
+    # It will typically require elevated privileges in order to change the
+    # owner of a file.
+    #
+    # This group argument is currently ignored, but is included in the method
+    # definition for compatibility with the current spec. Also note that the
+    # owner should be a string, not a numeric ID.
+    #
+    # Example:
+    #
+    #   File.chown('some_user', nil, 'some_file.txt')
+    #--
+    # In the future we may allow the owner argument to be a SID or a RID and
+    # simply adjust accordingly.
+    #
+    def chown(owner, group, *files)
+      token = FFI::MemoryPointer.new(:ulong)
+
+      begin
+        bool = OpenProcessToken(
+          GetCurrentProcess(),
+          TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
+          token
+        )
+
+        raise SystemCallError.new("OpenProcessToken", FFI.errno) unless bool
+
+        token_handle = token.read_ulong
+
+        privs = [
+          SE_SECURITY_NAME,
+          SE_TAKE_OWNERSHIP_NAME,
+          SE_BACKUP_NAME,
+          SE_RESTORE_NAME,
+          SE_CHANGE_NOTIFY_NAME
+        ]
+
+        privs.each{ |name|
+          luid = LUID.new
+
+          unless LookupPrivilegeValueA(nil, name, luid)
+            raise SystemCallError.new("LookupPrivilegeValue", FFI.errno)
+          end
+
+          tp = TOKEN_PRIVILEGES.new
+          tp[:PrivilegeCount] = 1
+          tp[:Privileges][0][:Luid] = luid
+          tp[:Privileges][0][:Attributes] = SE_PRIVILEGE_ENABLED
+
+          unless AdjustTokenPrivileges(token_handle, false, tp, 0, nil, nil)
+            raise SystemCallError.new("AdjustTokenPrivileges", FFI.errno)
+          end
+        }
+
+        sid      = FFI::MemoryPointer.new(:uchar)
+        sid_size = FFI::MemoryPointer.new(:ulong)
+        dom      = FFI::MemoryPointer.new(:uchar)
+        dom_size = FFI::MemoryPointer.new(:ulong)
+        use      = FFI::MemoryPointer.new(:ulong)
+
+        wowner = owner.wincode
+
+        # First run, get needed sizes
+        LookupAccountNameW(nil, wowner, sid, sid_size, dom, dom_size, use)
+
+        sid = FFI::MemoryPointer.new(:uchar, sid_size.read_ulong * 2)
+        dom = FFI::MemoryPointer.new(:uchar, dom_size.read_ulong * 2)
+
+        # Second run with required sizes
+        unless LookupAccountNameW(nil, wowner, sid, sid_size, dom, dom_size, use)
+          raise SystemCallError.new("LookupAccountName", FFI.errno)
+        end
+
+        files.each{ |file|
+          wfile = file.wincode
+
+          size = FFI::MemoryPointer.new(:ulong)
+          sec  = FFI::MemoryPointer.new(:ulong)
+
+          # First pass, get the size needed
+          GetFileSecurityW(wfile, OWNER_SECURITY_INFORMATION, sec, sec.size, size)
+
+          security = FFI::MemoryPointer.new(size.read_ulong)
+
+          # Second pass, this time with the appropriately sized security pointer
+          bool = GetFileSecurityW(
+            wfile,
+            OWNER_SECURITY_INFORMATION,
+            security,
+            security.size,
+            size
+          )
+
+          raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
+
+          unless InitializeSecurityDescriptor(security, SECURITY_DESCRIPTOR_REVISION)
+            raise SystemCallError.new("InitializeSecurityDescriptor", FFI.errno)
+          end
+
+          unless SetSecurityDescriptorOwner(security, sid, false)
+            raise SystemCallError.new("SetSecurityDescriptorOwner", FFI.errno)
+          end
+
+          unless SetFileSecurityW(wfile, OWNER_SECURITY_INFORMATION, security)
+            raise SystemCallError.new("SetFileSecurity", FFI.errno)
+          end
+        }
+      ensure
+        CloseHandle(token.read_ulong)
+      end
+
+      files.size
+    end
+
+    # Returns the owner of the specified file in domain\\userid format.
+    #
+    # Example:
+    #
+    #   p File.owner('some_file.txt') # => "your_domain\\some_user"
+    #
+    def owner(file)
+      size_needed = FFI::MemoryPointer.new(:ulong)
+
+      # First pass, get the size needed
+      bool = GetFileSecurityW(
+        file.wincode,
+        OWNER_SECURITY_INFORMATION,
+        nil,
+        0,
+        size_needed
+      )
+
+      security = FFI::MemoryPointer.new(size_needed.read_ulong)
+
+      # Second pass, this time with the appropriately sized security pointer
+      bool = GetFileSecurityW(
+        file.wincode,
+        OWNER_SECURITY_INFORMATION,
+        security,
+        security.size,
+        size_needed
+      )
+
+      raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
+
+      sid = FFI::MemoryPointer.new(:pointer)
+      defaulted = FFI::MemoryPointer.new(:bool)
+
+      unless GetSecurityDescriptorOwner(security, sid, defaulted)
+        raise SystemCallError.new("GetFileSecurity", FFI.errno)
+      end
+
+      sid = sid.read_pointer
+
+      name      = FFI::MemoryPointer.new(:uchar)
+      name_size = FFI::MemoryPointer.new(:ulong)
+      dom       = FFI::MemoryPointer.new(:uchar)
+      dom_size  = FFI::MemoryPointer.new(:ulong)
+      use       = FFI::MemoryPointer.new(:pointer)
+
+      # First call, get sizes needed
+      LookupAccountSidW(nil, sid, name, name_size, dom, dom_size, use)
+
+      name = FFI::MemoryPointer.new(:uchar, name_size.read_ulong * 2)
+      dom  = FFI::MemoryPointer.new(:uchar, dom_size.read_ulong * 2)
+
+      # Second call, get desired information
+      unless LookupAccountSidW(nil, sid, name, name_size, dom, dom_size, use)
+        raise SystemCallError.new("LookupAccountSid", FFI.errno)
+      end
+
+      name = name.read_string(name.size).tr(0.chr, '').strip
+      domain = dom.read_string(dom.size).tr(0.chr, '').strip
+
+      domain << "\\" << name
+    end
   end
 end

data/test/test_win32_file_security_constants.rb

@@ -0,0 +1,54 @@
+########################################################################
+# test_win32_file_security_constants.rb
+#
+# Tests to ensure that certain constants are defined for the
+# win32-file-security library.
+########################################################################
+require 'test-unit'
+require 'win32/file/security'
+
+class TC_Win32_File_Constants < Test::Unit::TestCase
+  test "file security rights constants are defined" do
+    assert_not_nil(File::FILE_READ_DATA)
+    assert_not_nil(File::FILE_WRITE_DATA)
+    assert_not_nil(File::FILE_APPEND_DATA)
+    assert_not_nil(File::FILE_READ_EA)
+    assert_not_nil(File::FILE_EXECUTE)
+    assert_not_nil(File::FILE_DELETE_CHILD)
+    assert_not_nil(File::FILE_READ_ATTRIBUTES)
+    assert_not_nil(File::FILE_WRITE_ATTRIBUTES)
+  end
+
+  test "standard security rights constants are defined" do
+    assert_not_nil(File::STANDARD_RIGHTS_ALL)
+    assert_not_nil(File::STANDARD_RIGHTS_REQUIRED)
+    assert_not_nil(File::STANDARD_RIGHTS_READ)
+    assert_not_nil(File::STANDARD_RIGHTS_WRITE)
+    assert_not_nil(File::STANDARD_RIGHTS_EXECUTE)
+  end
+
+  test "generic security rights constants are defined" do
+    assert_not_nil(File::GENERIC_READ)
+    assert_not_nil(File::GENERIC_WRITE)
+    assert_not_nil(File::GENERIC_EXECUTE)
+    assert_not_nil(File::GENERIC_ALL)
+  end
+
+  test "combined security rights constants are defined" do
+    assert_not_nil(File::FULL)
+    assert_not_nil(File::READ)
+    assert_not_nil(File::CHANGE)
+    assert_not_nil(File::ADD)
+    assert_not_nil(File::DELETE)
+  end
+
+  test "miscellaneous security rights constants are defined" do
+    assert_not_nil(File::READ_CONTROL)
+    assert_not_nil(File::WRITE_DAC)
+    assert_not_nil(File::WRITE_OWNER)
+    assert_not_nil(File::SYNCHRONIZE)
+    assert_not_nil(File::SPECIFIC_RIGHTS_ALL)
+    assert_not_nil(File::ACCESS_SYSTEM_SECURITY)
+    assert_not_nil(File::MAXIMUM_ALLOWED)
+  end
+end

data/test/test_win32_file_security_ffi.rb

@@ -0,0 +1,33 @@
+#############################################################################
+# test_win32_file_security_ffi.rb
+#
+# Tests to ensure that the FFI functions are private
+#############################################################################
+require 'test-unit'
+require 'win32/file/security'
+
+class TC_Win32_File_Security_FFI < Test::Unit::TestCase
+  def setup
+    @singleton_methods = File.methods.map{ |m| m.to_s }
+    @instance_methods  = File.instance_methods.map{ |m| m.to_s }
+  end
+
+  test "internal ffi functions are not public as singleton methods" do
+    assert_false(@singleton_methods.include?('AddAce'))
+    assert_false(@singleton_methods.include?('CloseHandle'))
+    assert_false(@singleton_methods.include?('GetFileSecurityW'))
+    assert_false(@singleton_methods.include?('PathIsRootW'))
+  end
+
+  test "internal ffi functions are not public as instance methods" do
+    assert_false(@instance_methods.include?('AddAce'))
+    assert_false(@instance_methods.include?('CloseHandle'))
+    assert_false(@instance_methods.include?('GetFileSecurityW'))
+    assert_false(@instance_methods.include?('PathIsRootW'))
+  end
+
+  def teardown
+    @singleton_methods = nil
+    @instance_methods = nil
+  end
+end

data/test/test_win32_file_security_ownership.rb

@@ -0,0 +1,108 @@
+#############################################################################
+# test_win32_file_ownership.rb
+#
+# Test case for the file ownership related methods
+#############################################################################
+require 'etc'
+require 'socket'
+require 'sys/admin'
+require 'test-unit'
+require 'win32/security'
+require 'win32/file/security'
+
+class TC_Win32_File_Security_Ownership < Test::Unit::TestCase
+  def self.startup
+    Dir.chdir(File.dirname(File.expand_path(File.basename(__FILE__))))
+    @@file = File.join(Dir.pwd, 'ownership_test.txt')
+    File.open(@@file, 'w'){ |fh| fh.puts "This is an ownership test." }
+
+    @@host  = Socket.gethostname
+    @@temp  = "Temp"
+    @@login = Etc.getlogin
+
+    if Win32::Security.elevated_security?
+      Sys::Admin.add_user(:name => @@temp, :description => "Delete Me")
+    end
+  end
+
+  def setup
+    @elevated = Win32::Security.elevated_security?
+  end
+
+  test "owned? method basic functionality" do
+    assert_respond_to(File, :owned?)
+    assert_nothing_raised{ File.owned?(@@file) }
+    assert_boolean(File.owned?(@@file))
+  end
+
+  test "owned? method returns expected result" do
+    if Win32::Security.elevated_security?
+      assert_false(File.owned?(@@file))
+    else
+      assert_true(File.owned?(@@file))
+    end
+    assert_false(File.owned?("C:\\Windows\\regedit.exe"))
+  end
+
+  test "owned? requires a single argument" do
+    assert_raise(ArgumentError){ File.owned? }
+    assert_raise(ArgumentError){ File.owned?(@@file, @@file) }
+  end
+
+  test "owner method basic functionality" do
+    assert_respond_to(File, :owner)
+    assert_nothing_raised{ File.owner(@@file) }
+    assert_kind_of(String, File.owner(@@file))
+  end
+
+  test "owner method returns the expected value" do
+    if Win32::Security.elevated_security?
+      expected = "BUILTIN\\Administrators"
+    else
+      expected = @@host + "\\" + @@login
+    end
+    assert_equal(expected, File.owner(@@file))
+  end
+
+  test "owner method requires a single argument" do
+    assert_raise(ArgumentError){ File.owner }
+    assert_raise(ArgumentError){ File.owner(@@file, @@file) }
+  end
+
+  test "chown method basic functionality" do
+    assert_respond_to(File, :chown)
+  end
+
+  test "chown works as expected" do
+    omit_unless(@elevated)
+    original_owner = File.owner(@@file)
+    expected_owner = @@host + "\\" + @@temp
+
+    assert_nothing_raised{ File.chown(@@temp, nil, @@file) }
+    assert_equal(expected_owner, File.owner(@@file))
+    assert_nothing_raised{ File.chown(original_owner, nil, @@file) }
+    assert_equal(original_owner, File.owner(@@file))
+  end
+
+  test "chown returns the number of files processed" do
+    omit_unless(@elevated)
+    assert_equal(1, File.chown(@@temp, nil, @@file))
+  end
+
+  test "chown requires at least two arguments" do
+    assert_raise(ArgumentError){ File.chown }
+    assert_raise(ArgumentError){ File.chown(@@temp) }
+  end
+
+  def teardown
+    @elevated = nil
+  end
+
+  def self.shutdown
+    Sys::Admin.delete_user(@@temp) if Win32::Security.elevated_security?
+    File.delete(@@file) if File.exists?(@@file)
+    @@file = nil
+    @@login = nil
+    @@host = nil
+  end
+end

data/test/test_win32_file_security_version.rb

@@ -8,6 +8,6 @@ require 'win32/file/security'
 
 class TC_Win32_File_Security_Version < Test::Unit::TestCase
   test "version is set to expected value" do
-    assert_equal('1.0.0', File::WIN32_FILE_SECURITY_VERSION)
+    assert_equal('1.0.1', File::WIN32_FILE_SECURITY_VERSION)
   end
 end

data/win32-file-security.gemspec

@@ -2,7 +2,7 @@ require 'rubygems'
 
 Gem::Specification.new do |spec|
   spec.name       = 'win32-file-security'
-  spec.version    = '1.0.0'
+  spec.version    = '1.0.1'
   spec.authors    = ['Daniel J. Berger', 'Park Heesob']
   spec.license    = 'Artistic 2.0'
   spec.email      = 'djberg96@gmail.com'
@@ -17,6 +17,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency('ffi')
   spec.add_development_dependency('test-unit')
   spec.add_development_dependency('win32-security')
+  spec.add_development_dependency('sys-admin')
 
   spec.description = <<-EOF
     The win32-file-security library adds security related methods to the

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: win32-file-security
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-12-19 00:00:00.000000000 Z
+date: 2013-01-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -60,6 +60,22 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: sys-admin
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: ! "    The win32-file-security library adds security related methods
   to the\n    core File class for MS Windows. This includes the ability to get or\n
   \   set permissions, as well as encrypt or decrypt files.\n"
@@ -72,14 +88,18 @@ extra_rdoc_files:
 - MANIFEST
 files:
 - CHANGES
+- lib/win32/file/security/constants.rb
+- lib/win32/file/security/functions.rb
+- lib/win32/file/security/helper.rb
+- lib/win32/file/security/structs.rb
 - lib/win32/file/security.rb
-- lib/win32/file/windows/constants.rb
-- lib/win32/file/windows/functions.rb
-- lib/win32/file/windows/structs.rb
 - MANIFEST
 - Rakefile
 - README
+- test/test_win32_file_security_constants.rb
 - test/test_win32_file_security_encryption.rb
+- test/test_win32_file_security_ffi.rb
+- test/test_win32_file_security_ownership.rb
 - test/test_win32_file_security_permissions.rb
 - test/test_win32_file_security_version.rb
 - win32-file-security.gemspec
@@ -109,6 +129,9 @@ signing_key:
 specification_version: 3
 summary: File security methods for the File class on MS Windows
 test_files:
+- test/test_win32_file_security_constants.rb
 - test/test_win32_file_security_encryption.rb
+- test/test_win32_file_security_ffi.rb
+- test/test_win32_file_security_ownership.rb
 - test/test_win32_file_security_permissions.rb
 - test/test_win32_file_security_version.rb

data/lib/win32/file/windows/functions.rb

@@ -1,46 +0,0 @@
-require 'ffi'
-
-module Windows
-  module File
-    module Functions
-      extend FFI::Library
-      ffi_lib :advapi32
-
-      attach_function :AddAce, [:pointer, :ulong, :ulong, :pointer, :ulong], :bool
-      attach_function :CopySid, [:ulong, :pointer, :pointer], :bool
-      attach_function :EncryptFileW, [:buffer_in], :bool
-      attach_function :DecryptFileW, [:buffer_in, :ulong], :bool
-      attach_function :FileEncryptionStatusW, [:buffer_in, :pointer], :bool
-      attach_function :GetAce, [:pointer, :ulong, :pointer], :bool
-      attach_function :GetFileSecurityW, [:buffer_in, :ulong, :pointer, :ulong, :pointer], :bool
-      attach_function :GetLengthSid, [:pointer], :ulong
-      attach_function :GetSecurityDescriptorControl, [:pointer, :pointer, :pointer], :bool
-      attach_function :GetSecurityDescriptorDacl, [:pointer, :pointer, :pointer, :pointer], :ulong
-      attach_function :InitializeAcl, [:pointer, :ulong, :ulong], :bool
-      attach_function :InitializeSecurityDescriptor, [:pointer, :ulong], :bool
-      attach_function :LookupAccountNameW, [:buffer_in, :buffer_in, :pointer, :pointer, :pointer, :pointer, :pointer], :bool
-      attach_function :LookupAccountSidW, [:buffer_in, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :bool
-      attach_function :SetFileSecurityW, [:buffer_in, :ulong, :pointer], :bool
-      attach_function :SetSecurityDescriptorDacl, [:pointer, :bool, :pointer, :bool], :bool
-
-      ffi_lib :kernel32
-
-      attach_function :GetVolumeInformationW,
-        [:buffer_in, :buffer_out, :ulong, :pointer, :pointer, :pointer, :buffer_out, :ulong],
-        :bool
-
-      ffi_lib :shlwapi
-
-      attach_function :PathStripToRootW, [:buffer_in], :bool
-      attach_function :PathIsRootW, [:buffer_in], :bool
-    end
-  end
-end
-
-class String
-  # Convenience method for converting strings to UTF-16LE for wide character
-  # functions that require it.
-  def wincode
-    (self.tr(File::SEPARATOR, File::ALT_SEPARATOR) + 0.chr).encode('UTF-16LE')
-  end
-end