win32-file-security 1.0.6 → 1.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6c24eb63a2d55e6fcf4ee4b4c4769f76f48be445
-  data.tar.gz: ab52ba7a0c646b38879a515e15f2df5689f084cb
+  metadata.gz: 7d78cf022bde05e83c69f8448eee645a671cec91
+  data.tar.gz: 0b653b5f89467a6d5a849e239541ad8d77a56eb5
 SHA512:
-  metadata.gz: 7c8dc91168b6eb32ced302c3c3f4336aabdeb40819187fb233db82e64b5aeb95f769feebf6127a6a0f1c48aad32719ba8cd7026b41c6b72c3de1252aea5a682b
-  data.tar.gz: ea1905dce18c874e5dce984265c90d0ad8cf51df042af8b4af54a34811c331122f58abf0d695e999ec2d87bbb7612b26f8737a2868abd2d2bac53413861a50d2
+  metadata.gz: 9c86f9d2f234c94a2a7eedd40f1ce2697ed457a61160f586e6beb298536937f4cf8840185e05ccab5d58344046cb4c0189f7a984fb9d56dee2e1d2d7c495e905
+  data.tar.gz: f316e0361d33009dd23de19c9d21d06c0c0c93416f004d0cbf02a3c6bb3d8edd9dc85201418292dc0cc7ed46ec321556f91c0ee657810c9042cc954b6a0f10dc

data.tar.gz.sig

@@ -0,0 +1,2 @@
+��?�s�)���}�LJ�
f7��c@�������d:�FYn�/<��<�{Mj4��*Ζ|�x�S#t˜}�]�YG���"��,�B�QT>�ؠOJS�K+�2��$�Y�" ���H-�"���]w�f/A�Ⱥ�W����t��g���!DVI �w��D�V���s�&X�1֏���H	G
+#�z�K,���|bR�b��ž�'�

data/CHANGES

@@ -1,36 +1,45 @@
-= 1.0.6 - 28-May-2015
-* Handle the possibility of an empty/nil domain. Thanks go to n-nishizawa
-  for the spot.
-* Helper methods are only defined if not already defined.
-* Tests that were failing when run as admins in non-domain environments have
-  been modified to check for a domain first.
-
-= 1.0.5 - 2-May-2015
-* Added the File.supports_acls? singleton method.
-* The File.get_permissions and File.set_permissions methods now explicitly
-  raise an error if the filesystem does not support ACL's.
-* Fixed some deprecation warnings in the test suite.
-
-= 1.0.4 - 2-May-2014
-* All methods that accept a filename argument now honor objects that implement
-  either to_str or to_path.
-* Added some pathname tests.
-* Updated the gem:create Rakefile task.
-
-= 1.0.3 - 15-Apr-2013
-* Added the File.group method.
-* Added a working implementation of File.grpowned?
-* Pointer addition fixes that affected 64 bit versions of Ruby.
-
-= 1.0.2 - 8-Apr-2013
-* Fixed HANDLE prototype in underlying FFI code. This affects 64 bit
-  versions of Ruby.
-
-= 1.0.1 - 1-Jan-2013
-* Added a working implementation of File.owned?
-* Added a working implementation of File.chown.
-* Added the File.owner method.
-* Made the FFI functions private.
-
-= 1.0.0 - 19-Dec-2012
-* Initial release as an independent library.
+= 1.0.7 - 5-Nov-2015
+* Updated some tests so that they ignore case on ownership and permissions
+  checks. Caught by Appveyor.
+* This gem is now signed.
+* All gem related tasks in the Rakefile now assume Rubygems 2.x.
+* Added a win32-file-security.rb file for convenience.
+* Bug fix for the ownership test suite where a segfault could occur.
+* Added appveyor.yml file.
+
+= 1.0.6 - 28-May-2015
+* Handle the possibility of an empty/nil domain. Thanks go to n-nishizawa
+  for the spot.
+* Helper methods are only defined if not already defined.
+* Tests that were failing when run as admins in non-domain environments have
+  been modified to check for a domain first.
+
+= 1.0.5 - 2-May-2015
+* Added the File.supports_acls? singleton method.
+* The File.get_permissions and File.set_permissions methods now explicitly
+  raise an error if the filesystem does not support ACL's.
+* Fixed some deprecation warnings in the test suite.
+
+= 1.0.4 - 2-May-2014
+* All methods that accept a filename argument now honor objects that implement
+  either to_str or to_path.
+* Added some pathname tests.
+* Updated the gem:create Rakefile task.
+
+= 1.0.3 - 15-Apr-2013
+* Added the File.group method.
+* Added a working implementation of File.grpowned?
+* Pointer addition fixes that affected 64 bit versions of Ruby.
+
+= 1.0.2 - 8-Apr-2013
+* Fixed HANDLE prototype in underlying FFI code. This affects 64 bit
+  versions of Ruby.
+
+= 1.0.1 - 1-Jan-2013
+* Added a working implementation of File.owned?
+* Added a working implementation of File.chown.
+* Added the File.owner method.
+* Made the FFI functions private.
+
+= 1.0.0 - 19-Dec-2012
+* Initial release as an independent library.

data/MANIFEST

@@ -1,16 +1,18 @@
-* CHANGES
-* MANIFEST
-* Rakefile
-* README
-* win32-file-security.gemspec
-* lib/win32/file/security.rb
-* lib/win32/file/windows/constants.rb
-* lib/win32/file/windows/functions.rb
-* lib/win32/file/windows/structs.rb
-* test/test_win32_file_security_acls.rb
-* test/test_win32_file_security_constants.rb
-* test/test_win32_file_security_encryption.rb
-* test/test_win32_file_security_ffi.rb
-* test/test_win32_file_security_ownership.rb
-* test/test_win32_file_security_permissions.rb
-* test/test_win32_file_security_version.rb
+* CHANGES
+* MANIFEST
+* Rakefile
+* README
+* win32-file-security.gemspec
+* certs/djberg96_pub.pem
+* lib/win32-file-security.rb
+* lib/win32/file/security.rb
+* lib/win32/file/windows/constants.rb
+* lib/win32/file/windows/functions.rb
+* lib/win32/file/windows/structs.rb
+* test/test_win32_file_security_acls.rb
+* test/test_win32_file_security_constants.rb
+* test/test_win32_file_security_encryption.rb
+* test/test_win32_file_security_ffi.rb
+* test/test_win32_file_security_ownership.rb
+* test/test_win32_file_security_permissions.rb
+* test/test_win32_file_security_version.rb

data/README

@@ -1,47 +1,47 @@
-== Description
-  Additional methods for the File class that relate to file security on
-  the Microsoft Windows operating system.
-
-== Prerequisites
-  * ffi
-
-== Installation
-  gem install win32-file-security
-
-== Synopsis
-
-  require 'win32/file/security
-
-  p File.get_permissions('file.txt')
-
-  p File.owner('file.txt')
-  p File.owned?('file.txt')
-
-  p File.group('file.txt')
-  p File.grpowned?('file.txt')
-
-== Notes
-  Some of this library's methods already exist in the win32-file gem, so
-  you may not need this gem if you already have win32-file installed.
-
-== Known issues or bugs
-  None that I'm aware of.
-
-  Please report any issues you find on the github page at:
-
-  https://github.com/djberg96/win32-file-security/issues
-  
-== License
-  Artistic 2.0
-
-== Copyright
-  (C) 2003-2015, Daniel J. Berger, All Rights Reserved
-
-== Warranty
-  This package is provided "as is" and without any express or
-  implied warranties, including, without limitation, the implied
-  warranties of merchantability and fitness for a particular purpose.
-
-== Authors
-  * Daniel J. Berger
-  * Park Heesob
+== Description
+  Additional methods for the File class that relate to file security on
+  the Microsoft Windows operating system.
+
+== Prerequisites
+  * ffi
+
+== Installation
+  gem install win32-file-security
+
+== Synopsis
+
+  require 'win32/file/security
+
+  p File.get_permissions('file.txt')
+
+  p File.owner('file.txt')
+  p File.owned?('file.txt')
+
+  p File.group('file.txt')
+  p File.grpowned?('file.txt')
+
+== Notes
+  Some of this library's methods already exist in the win32-file gem, so
+  you may not need this gem if you already have win32-file installed.
+
+== Known issues or bugs
+  None that I'm aware of.
+
+  Please report any issues you find on the github page at:
+
+  https://github.com/djberg96/win32-file-security/issues
+  
+== License
+  Artistic 2.0
+
+== Copyright
+  (C) 2003-2015, Daniel J. Berger, All Rights Reserved
+
+== Warranty
+  This package is provided "as is" and without any express or
+  implied warranties, including, without limitation, the implied
+  warranties of merchantability and fitness for a particular purpose.
+
+== Authors
+  * Daniel J. Berger
+  * Park Heesob

data/Rakefile

@@ -1,69 +1,66 @@
-require 'rake'
-require 'rake/clean'
-require 'rake/testtask'
-
-CLEAN.include('**/*.gem', '**/*.rbc')
-
-namespace :gem do
-  desc 'Build the win32-file-security gem'
-  task :create => [:clean] do
-    spec = eval(IO.read('win32-file-security.gemspec'))
-    if Gem::VERSION < "2.0"
-      Gem::Builder.new(spec).build
-    else
-      require 'rubygems/package'
-      Gem::Package.build(spec)
-    end
-  end
-
-  desc "Install the win32-file-security gem"
-  task :install => [:create] do
-    file = Dir["*.gem"].first
-    sh "gem install -l #{file}"
-  end
-end
-
-namespace 'test' do
-  Rake::TestTask.new('all') do |t|
-    task :test => :clean
-    t.warning = true
-    t.verbose = true
-  end
-
-  Rake::TestTask.new('constants') do |t|
-    task :test => :clean
-    t.warning = true
-    t.verbose = true
-    t.test_files = FileList['test/test_win32_file_security_constants']
-  end
-
-  Rake::TestTask.new('encryption') do |t|
-    task :test => :clean
-    t.warning = true
-    t.verbose = true
-    t.test_files = FileList['test/test_win32_file_security_encryption']
-  end
-
-  Rake::TestTask.new('ffi') do |t|
-    task :test => :clean
-    t.warning = true
-    t.verbose = true
-    t.test_files = FileList['test/test_win32_file_security_ffi']
-  end
-
-  Rake::TestTask.new('ownership') do |t|
-    task :test => :clean
-    t.warning = true
-    t.verbose = true
-    t.test_files = FileList['test/test_win32_file_security_ownership']
-  end
-
-  Rake::TestTask.new('permissions') do |t|
-    task :test => :clean
-    t.warning = true
-    t.verbose = true
-    t.test_files = FileList['test/test_win32_file_security_permissions']
-  end
-end
-
-task :default => 'test:all'
+require 'rake'
+require 'rake/clean'
+require 'rake/testtask'
+
+CLEAN.include('**/*.gem', '**/*.rbc')
+
+namespace :gem do
+  desc 'Build the win32-file-security gem'
+  task :create => [:clean] do
+    require 'rubygems/package'
+    spec = eval(IO.read('win32-file-security.gemspec'))
+    spec.signing_key = File.join(Dir.home, '.ssh', 'gem-private_key.pem')
+    Gem::Package.build(spec)
+  end
+
+  desc "Install the win32-file-security gem"
+  task :install => [:create] do
+    file = Dir["*.gem"].first
+    sh "gem install -l #{file}"
+  end
+end
+
+namespace 'test' do
+  Rake::TestTask.new('all') do |t|
+    task :test => :clean
+    t.warning = true
+    t.verbose = true
+  end
+
+  Rake::TestTask.new('constants') do |t|
+    task :test => :clean
+    t.warning = true
+    t.verbose = true
+    t.test_files = FileList['test/test_win32_file_security_constants']
+  end
+
+  Rake::TestTask.new('encryption') do |t|
+    task :test => :clean
+    t.warning = true
+    t.verbose = true
+    t.test_files = FileList['test/test_win32_file_security_encryption']
+  end
+
+  Rake::TestTask.new('ffi') do |t|
+    task :test => :clean
+    t.warning = true
+    t.verbose = true
+    t.test_files = FileList['test/test_win32_file_security_ffi']
+  end
+
+  Rake::TestTask.new('ownership') do |t|
+    task :test => :clean
+    t.warning = true
+    t.verbose = true
+    t.test_files = FileList['test/test_win32_file_security_ownership']
+  end
+
+  Rake::TestTask.new('permissions') do |t|
+    task :test => :clean
+    t.warning = true
+    t.verbose = true
+    t.test_files = FileList['test/test_win32_file_security_permissions']
+  end
+end
+
+task :default => 'test:all'

data/appveyor.yml

@@ -0,0 +1,50 @@
+version: '{build}'
+branches:
+  only:
+  - master
+skip_tags: true
+clone_depth: 10
+environment:
+  matrix:
+  - ruby_version: 193
+    ruby_dir: 1.9.1
+  - ruby_version: 200
+    ruby_dir: 2.0.0
+  - ruby_version: 200-x64
+    ruby_dir: 2.0.0
+  - ruby_version: 21
+    ruby_dir: 2.1.0
+  - ruby_version: 21-x64
+    ruby_dir: 2.1.0
+  - ruby_version: 22
+    ruby_dir: 2.2.0
+  - ruby_version: 22-x64
+    ruby_dir: 2.2.0
+install:
+- ps: >-
+    $env:path = "C:\Ruby" + $env:ruby_version + "\bin;" + $env:path
+
+    $tpath = "C:\Ruby" + $env:ruby_version + "\lib\ruby\" + $env:ruby_dir + "\test"
+
+    if ((test-path $tpath) -eq $True){ rm -recurse -force $tpath }
+
+    gem update --system > $null
+
+    if ((gem query -i ffi) -eq $False){ gem install ffi --no-document }
+
+    if ((gem query -i test-unit -v ">= 3.0") -eq $False){ gem install test-unit --no-document }
+
+    if ((gem query -i sys-admin) -eq $False){ gem install sys-admin --no-document }
+
+    if ((gem query -i win32-security) -eq $False){ gem install win32-security --no-document }
+cache:
+- C:\Ruby193\lib\ruby\gems\1.9.1
+- C:\Ruby200\lib\ruby\gems\2.0.0
+- C:\Ruby200-x64\lib\ruby\gems\2.0.0
+- C:\Ruby21\lib\ruby\gems\2.1.0
+- C:\Ruby21-x64\lib\ruby\gems\2.1.0
+- C:\Ruby22\lib\ruby\gems\2.2.0
+- C:\Ruby22-x64\lib\ruby\gems\2.2.0
+build: off
+test_script:
+- cmd: rake

data/certs/djberg96_pub.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDcDCCAligAwIBAgIBATANBgkqhkiG9w0BAQUFADA/MREwDwYDVQQDDAhkamJl
+cmc5NjEVMBMGCgmSJomT8ixkARkWBWdtYWlsMRMwEQYKCZImiZPyLGQBGRYDY29t
+MB4XDTE1MDkwMjIwNDkxOFoXDTE2MDkwMTIwNDkxOFowPzERMA8GA1UEAwwIZGpi
+ZXJnOTYxFTATBgoJkiaJk/IsZAEZFgVnbWFpbDETMBEGCgmSJomT8ixkARkWA2Nv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMyTkvXqRp6hLs9eoJOS
+Hmi8kRYbq9Vkf15/hMxJpotYMgJVHHWrmDcC5Dye2PbnXjTkKf266Zw0PtT9h+lI
+S3ts9HO+vaCFSMwFFZmnWJSpQ3CNw2RcHxjWkk9yF7imEM8Kz9ojhiDXzBetdV6M
+gr0lV/alUr7TNVBDngbXEfTWscyXh1qd7xZ4EcOdsDktCe5G45N/o3662tPQvJsi
+FOF0CM/KuBsa/HL1/eoEmF4B3EKIRfTHrQ3hu20Kv3RJ88QM4ec2+0dd97uX693O
+zv6981fyEg+aXLkxrkViM/tz2qR2ZE0jPhHTREPYeMEgptRkTmWSKAuLVWrJEfgl
+DtkCAwEAAaN3MHUwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFEwe
+nn6bfJADmuIDiMSOzedOrL+xMB0GA1UdEQQWMBSBEmRqYmVyZzk2QGdtYWlsLmNv
+bTAdBgNVHRIEFjAUgRJkamJlcmc5NkBnbWFpbC5jb20wDQYJKoZIhvcNAQEFBQAD
+ggEBAHmNOCWoDVD75zHFueY0viwGDVP1BNGFC+yXcb7u2GlK+nEMCORqzURbYPf7
+tL+/hzmePIRz7i30UM//64GI1NLv9jl7nIwjhPpXpf7/lu2I9hOTsvwSumb5UiKC
+/sqBxI3sfj9pr79Wpv4MuikX1XPik7Ncb7NPsJPw06Lvyc3Hkg5X2XpPtLtS+Gr2
+wKJnmzb5rIPS1cmsqv0M9LPWflzfwoZ/SpnmhagP+g05p8bRNKjZSA2iImM/GyYZ
+EJYzxdPOrx2n6NYR3Hk+vHP0U7UBSveI6+qx+ndQYaeyCn+GRX2PKS9h66YF/Q1V
+tGSHgAmcLlkdGgan182qsE/4kKM=
+-----END CERTIFICATE-----

data/lib/win32-file-security.rb

@@ -0,0 +1 @@
+require_relative 'win32/file/security'

data/lib/win32/file/security.rb

@@ -1,959 +1,959 @@
-require_relative 'security/constants'
-require_relative 'security/structs'
-require_relative 'security/functions'
-require_relative 'security/helper'
-require 'socket'
-
-class File
-  include Windows::File::Constants
-  include Windows::File::Functions
-  extend Windows::File::Constants
-  extend Windows::File::Structs
-  extend Windows::File::Functions
-
-  # The version of the win32-file library
-  WIN32_FILE_SECURITY_VERSION = '1.0.6'
-
-  class << self
-    remove_method(:chown)
-    remove_method(:grpowned?)
-    remove_method(:owned?)
-
-    # Returns the encryption status of a file as a string. Possible return
-    # values are:
-    #
-    # * encryptable
-    # * encrypted
-    # * readonly
-    # * root directory (i.e. not encryptable)
-    # * system file (i.e. not encryptable)
-    # * unsupported
-    # * unknown
-    #
-    def encryption_status(file)
-      wide_file  = string_check(file).wincode
-      status_ptr = FFI::MemoryPointer.new(:ulong)
-
-      unless FileEncryptionStatusW(wide_file, status_ptr)
-        raise SystemCallError.new("FileEncryptionStatus", FFI.errno)
-      end
-
-      status = status_ptr.read_ulong
-
-      rvalue = case status
-        when FILE_ENCRYPTABLE
-          "encryptable"
-        when FILE_IS_ENCRYPTED
-          "encrypted"
-        when FILE_READ_ONLY
-          "readonly"
-        when FILE_ROOT_DIR
-          "root directory"
-        when FILE_SYSTEM_ATTR
-          "system file"
-        when FILE_SYSTEM_NOT_SUPPORTED
-          "unsupported"
-        else
-          "unknown"
-      end
-
-      rvalue
-    end
-
-    # Returns whether or not the root path of the specified file is
-    # encryptable. If no path or a relative path is specified, it will
-    # check against the root of the current directory.
-    #
-    # Be sure to include a trailing slash if specifying a root path.
-    #
-    # Examples:
-    #
-    #   p File.encryptable?
-    #   p File.encryptable?("D:/")
-    #   p File.encryptable?("C:/foo/bar.txt") # Same as 'C:\'
-    #
-    def encryptable?(file = nil)
-      bool = false
-      flags_ptr = FFI::MemoryPointer.new(:ulong)
-
-      if file
-        file = File.expand_path(string_check(file))
-        wide_file = file.wincode
-
-        if !PathIsRootW(wide_file)
-          unless PathStripToRootW(wide_file)
-            raise SystemCallError.new("PathStripToRoot", FFI.errno)
-          end
-        end
-      else
-        wide_file = nil
-      end
-
-      unless GetVolumeInformationW(wide_file, nil, 0, nil, nil, flags_ptr, nil, 0)
-        raise SystemCallError.new("GetVolumeInformation", FFI.errno)
-      end
-
-      flags = flags_ptr.read_ulong
-
-      if flags & FILE_SUPPORTS_ENCRYPTION > 0
-        bool = true
-      end
-
-      bool
-    end
-
-
-    # Returns whether or not the root path of the specified file supports
-    # ACL's. If no path or a relative path is specified, it will check against
-    # the root of the current directory.
-    #
-    # Be sure to include a trailing slash if specifying a root path.
-    #
-    # Examples:
-    #
-    #   p File.supports_acls?
-    #   p File.supports_acls?("D:/")
-    #   p File.supports_acls?("C:/foo/bar.txt") # Same as 'C:\'
-    #
-    def supports_acls?(file = nil)
-      bool = false
-      flags_ptr = FFI::MemoryPointer.new(:ulong)
-
-      if file
-        file = File.expand_path(string_check(file))
-        wide_file = file.wincode
-
-        if !PathIsRootW(wide_file)
-          unless PathStripToRootW(wide_file)
-            raise SystemCallError.new("PathStripToRoot", FFI.errno)
-          end
-        end
-      else
-        wide_file = nil
-      end
-
-      unless GetVolumeInformationW(wide_file, nil, 0, nil, nil, flags_ptr, nil, 0)
-        raise SystemCallError.new("GetVolumeInformation", FFI.errno)
-      end
-
-      flags = flags_ptr.read_ulong
-
-      if flags & FILE_PERSISTENT_ACLS > 0
-        bool = true
-      end
-
-      bool
-    end
-
-    # Encrypts a file or directory. All data streams in a file are encrypted.
-    # All new files created in an encrypted directory are encrypted.
-    #
-    # The caller must have the FILE_READ_DATA, FILE_WRITE_DATA,
-    # FILE_READ_ATTRIBUTES, FILE_WRITE_ATTRIBUTES, and SYNCHRONIZE access
-    # rights.
-    #
-    # Requires exclusive access to the file being encrypted, and will fail if
-    # another process is using the file or the file is marked read-only. If the
-    # file is compressed the file will be decompressed before encrypting it.
-    #
-    def encrypt(file)
-      unless EncryptFileW(string_check(file).wincode)
-        raise SystemCallError.new("EncryptFile", FFI.errno)
-      end
-      self
-    end
-
-    # Decrypts an encrypted file or directory.
-    #
-    # The caller must have the FILE_READ_DATA, FILE_WRITE_DATA,
-    # FILE_READ_ATTRIBUTES, FILE_WRITE_ATTRIBUTES, and SYNCHRONIZE access
-    # rights.
-    #
-    # Requires exclusive access to the file being decrypted, and will fail if
-    # another process is using the file. If the file is not encrypted an error
-    # is NOT raised, it's simply a no-op.
-    #
-    def decrypt(file)
-      unless DecryptFileW(string_check(file).wincode, 0)
-        raise SystemCallError.new("DecryptFile", FFI.errno)
-      end
-      self
-    end
-
-    # Returns a hash describing the current file permissions for the given
-    # file.  The account name is the key, and the value is an integer mask
-    # that corresponds to the security permissions for that file.
-    #
-    # To get a human readable version of the permissions, pass the value to
-    # the +File.securities+ method.
-    #
-    # You may optionally specify a host as the second argument. If no host is
-    # specified then the current host is used.
-    #
-    # Examples:
-    #
-    #   hash = File.get_permissions('test.txt')
-    #
-    #   p hash # => {"NT AUTHORITY\\SYSTEM"=>2032127, "BUILTIN\\Administrators"=>2032127, ...}
-    #
-    #   hash.each{ |name, mask|
-    #     p name
-    #     p File.securities(mask)
-    #   }
-    #
-    def get_permissions(file, host=nil)
-      # Check local filesystem to see if it supports ACL's. If not, bail early
-      # because the GetFileSecurity function will not fail on an unsupported FS.
-      if host.nil?
-        unless supports_acls?(file)
-          raise ArgumentError, "Filesystem does not implement ACL support"
-        end
-      end
-
-      wide_file = string_check(file).wincode
-      wide_host = host ? host.wincode : nil
-
-      size_needed_ptr = FFI::MemoryPointer.new(:ulong)
-      security_ptr    = FFI::MemoryPointer.new(:ulong)
-
-      # First pass, get the size needed
-      bool = GetFileSecurityW(
-        wide_file,
-        DACL_SECURITY_INFORMATION,
-        security_ptr,
-        security_ptr.size,
-        size_needed_ptr
-      )
-
-      errno = FFI.errno
-
-      if !bool && errno != ERROR_INSUFFICIENT_BUFFER
-        raise SystemCallError.new("GetFileSecurity", errno)
-      end
-
-      size_needed = size_needed_ptr.read_ulong
-
-      security_ptr = FFI::MemoryPointer.new(size_needed)
-
-      # Second pass, this time with the appropriately sized security pointer
-      bool = GetFileSecurityW(
-        wide_file,
-        DACL_SECURITY_INFORMATION,
-        security_ptr,
-        security_ptr.size,
-        size_needed_ptr
-      )
-
-      raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
-
-      control_ptr  = FFI::MemoryPointer.new(:ulong)
-      revision_ptr = FFI::MemoryPointer.new(:ulong)
-
-      unless GetSecurityDescriptorControl(security_ptr, control_ptr, revision_ptr)
-        raise SystemCallError.new("GetSecurityDescriptorControl", FFI.errno)
-      end
-
-      control = control_ptr.read_ulong
-
-      if control & SE_DACL_PRESENT == 0
-        raise ArgumentError, "No DACL present: explicit deny all"
-      end
-
-      dacl_pptr          = FFI::MemoryPointer.new(:pointer)
-      dacl_present_ptr   = FFI::MemoryPointer.new(:bool)
-      dacl_defaulted_ptr = FFI::MemoryPointer.new(:ulong)
-
-      bool = GetSecurityDescriptorDacl(
-        security_ptr,
-        dacl_present_ptr,
-        dacl_pptr,
-        dacl_defaulted_ptr
-      )
-
-      unless bool
-        raise SystemCallError.new("GetSecurityDescriptorDacl", FFI.errno)
-      end
-
-      acl = ACL.new(dacl_pptr.read_pointer)
-
-      if acl[:AclRevision] == 0
-        raise ArgumentError, "DACL is NULL: implicit access grant"
-      end
-
-      ace_count  = acl[:AceCount]
-      perms_hash = {}
-
-      0.upto(ace_count - 1){ |i|
-        ace_pptr = FFI::MemoryPointer.new(:pointer)
-        next unless GetAce(acl, i, ace_pptr)
-
-        access = ACCESS_ALLOWED_ACE.new(ace_pptr.read_pointer)
-
-        if access[:Header][:AceType] == ACCESS_ALLOWED_ACE_TYPE
-          name = FFI::MemoryPointer.new(:uchar, 260)
-          name_size = FFI::MemoryPointer.new(:ulong)
-          name_size.write_ulong(name.size)
-
-          domain = FFI::MemoryPointer.new(:uchar, 260)
-          domain_size = FFI::MemoryPointer.new(:ulong)
-          domain_size.write_ulong(domain.size)
-
-          use_ptr = FFI::MemoryPointer.new(:pointer)
-
-          bool = LookupAccountSidW(
-            wide_host,
-            ace_pptr.read_pointer + 8,
-            name,
-            name_size,
-            domain,
-            domain_size,
-            use_ptr
-          )
-
-          raise SystemCallError.new("LookupAccountSid", FFI.errno) unless bool
-
-          # The x2 multiplier is necessary due to wide char strings.
-          name = name.read_string(name_size.read_ulong * 2).wstrip
-
-          dsize = domain_size.read_ulong
-
-          # It's possible there is no domain.
-          if dsize > 0
-            domain = domain.read_string(dsize * 2).wstrip
-
-            unless domain.empty?
-              name = domain + '\\' + name
-            end
-          end
-
-          perms_hash[name] = access[:Mask]
-        end
-      }
-
-      perms_hash
-    end
-
-    # Sets the file permissions for the given file name.  The 'permissions'
-    # argument is a hash with an account name as the key, and the various
-    # permission constants as possible values. The possible constant values
-    # are:
-    #
-    # * FILE_READ_DATA
-    # * FILE_WRITE_DATA
-    # * FILE_APPEND_DATA
-    # * FILE_READ_EA
-    # * FILE_WRITE_EA
-    # * FILE_EXECUTE
-    # * FILE_DELETE_CHILD
-    # * FILE_READ_ATTRIBUTES
-    # * FILE_WRITE_ATTRIBUTES
-    # * FULL
-    # * READ
-    # * ADD
-    # * CHANGE
-    # * DELETE
-    # * READ_CONTROL
-    # * WRITE_DAC
-    # * WRITE_OWNER
-    # * SYNCHRONIZE
-    # * STANDARD_RIGHTS_ALL
-    # * STANDARD_RIGHTS_REQUIRED
-    # * STANDARD_RIGHTS_READ
-    # * STANDARD_RIGHTS_WRITE
-    # * STANDARD_RIGHTS_EXECUTE
-    # * SPECIFIC_RIGHTS_ALL
-    # * ACCESS_SYSTEM_SECURITY
-    # * MAXIMUM_ALLOWED
-    # * GENERIC_READ
-    # * GENERIC_WRITE
-    # * GENERIC_EXECUTE
-    # * GENERIC_ALL
-    #
-    # Example:
-    #
-    #   # Set locally
-    #   File.set_permissions(file, "userid" => File::GENERIC_ALL)
-    #
-    #   # Set a remote system
-    #   File.set_permissions(file, "host\\userid" => File::GENERIC_ALL)
-    #
-    def set_permissions(file, perms)
-      # Check local filesystem to see if it supports ACL's. If not, bail early
-      # because the GetFileSecurity function will not fail on an unsupported FS.
-      unless supports_acls?(file)
-        raise ArgumentError, "Filesystem does not implement ACL support"
-      end
-
-      wide_file = string_check(file).wincode
-      raise TypeError unless perms.kind_of?(Hash)
-
-      account_rights = 0
-      sec_desc = FFI::MemoryPointer.new(:pointer, SECURITY_DESCRIPTOR_MIN_LENGTH)
-
-      unless InitializeSecurityDescriptor(sec_desc, 1)
-        raise SystemCallError.new("InitializeSecurityDescriptor", FFI.errno)
-      end
-
-      acl_new = FFI::MemoryPointer.new(ACL, 100)
-
-      unless InitializeAcl(acl_new, acl_new.size, ACL_REVISION2)
-        raise SystemCallError.new("InitializeAcl", FFI.errno)
-      end
-
-      perms.each{ |account, mask|
-        next if mask.nil?
-
-        server, account = account.split("\\")
-
-        if ['BUILTIN', 'NT AUTHORITY'].include?(server.upcase)
-          wide_server = nil
-        else
-          wide_server = server.wincode
-        end
-
-        wide_account = account.wincode
-
-        sid = FFI::MemoryPointer.new(:uchar, 1024)
-        sid_size = FFI::MemoryPointer.new(:ulong)
-        sid_size.write_ulong(sid.size)
-
-        domain = FFI::MemoryPointer.new(:uchar, 260)
-        domain_size = FFI::MemoryPointer.new(:ulong)
-        domain_size.write_ulong(domain.size)
-
-        use_ptr = FFI::MemoryPointer.new(:ulong)
-
-        val = LookupAccountNameW(
-           wide_server,
-           wide_account,
-           sid,
-           sid_size,
-           domain,
-           domain_size,
-           use_ptr
-        )
-
-        raise SystemCallError.new("LookupAccountName", FFI.errno) unless val
-
-        all_ace = ACCESS_ALLOWED_ACE2.new
-
-        val = CopySid(
-          ALLOW_ACE_LENGTH - ACCESS_ALLOWED_ACE.size,
-          all_ace.to_ptr+8,
-          sid
-        )
-
-        raise SystemCallError.new("CopySid", FFI.errno) unless val
-
-        if (GENERIC_ALL & mask).nonzero?
-          account_rights = GENERIC_ALL & mask
-        elsif (GENERIC_RIGHTS_CHK & mask).nonzero?
-          account_rights = GENERIC_RIGHTS_MASK & mask
-        else
-          # Do nothing, leave it set to zero.
-        end
-
-        all_ace[:Header][:AceFlags] = INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE
-
-        2.times{
-          if account_rights != 0
-            all_ace[:Header][:AceSize] = 8 + GetLengthSid(sid)
-            all_ace[:Mask] = account_rights
-
-            val = AddAce(
-              acl_new,
-              ACL_REVISION2,
-              MAXDWORD,
-              all_ace,
-              all_ace[:Header][:AceSize]
-            )
-
-            raise SystemCallError.new("AddAce", FFI.errno) unless val
-
-            all_ace[:Header][:AceFlags] = CONTAINER_INHERIT_ACE
-          else
-            all_ace[:Header][:AceFlags] = 0
-          end
-
-          account_rights = REST_RIGHTS_MASK & mask
-        }
-      }
-
-      unless SetSecurityDescriptorDacl(sec_desc, true, acl_new, false)
-        raise SystemCallError.new("SetSecurityDescriptorDacl", FFI.errno)
-      end
-
-      unless SetFileSecurityW(wide_file, DACL_SECURITY_INFORMATION, sec_desc)
-        raise SystemCallError.new("SetFileSecurity", FFI.errno)
-      end
-
-      self
-    end
-
-    # Returns an array of human-readable strings that correspond to the
-    # permission flags.
-    #
-    # Example:
-    #
-    #   File.get_permissions('test.txt').each{ |name, mask|
-    #     puts name
-    #     p File.securities(mask)
-    #   }
-    #
-    def securities(mask)
-      sec_array = []
-
-      security_rights = {
-        'FULL'    => FULL,
-        'DELETE'  => DELETE,
-        'READ'    => READ,
-        'CHANGE'  => CHANGE,
-        'ADD'     => ADD
-      }
-
-      if mask == 0
-        sec_array.push('NONE')
-      else
-        if (mask & FULL) ^ FULL == 0
-          sec_array.push('FULL')
-        else
-          security_rights.each{ |string, numeric|
-            if (numeric & mask) ^ numeric == 0
-              sec_array.push(string)
-            end
-          }
-        end
-      end
-
-      sec_array
-    end
-
-    # Returns true if the effective user ID of the process is the same as the
-    # owner of the named file.
-    #
-    # Example:
-    #
-    #   p File.owned?('some_file.txt') # => true
-    #   p File.owned?('C:/Windows/regedit.ext') # => false
-    #--
-    # This method was redefined for MS Windows.
-    #
-    def owned?(file)
-      wide_file = string_check(file).wincode
-
-      return_value = false
-      size_needed_ptr = FFI::MemoryPointer.new(:ulong)
-
-      # First pass, get the size needed
-      bool = GetFileSecurityW(
-        wide_file,
-        OWNER_SECURITY_INFORMATION,
-        nil,
-        0,
-        size_needed_ptr
-      )
-
-      size_needed = size_needed_ptr.read_ulong
-
-      security_ptr = FFI::MemoryPointer.new(size_needed)
-
-      # Second pass, this time with the appropriately sized security pointer
-      bool = GetFileSecurityW(
-        wide_file,
-        OWNER_SECURITY_INFORMATION,
-        security_ptr,
-        security_ptr.size,
-        size_needed_ptr
-      )
-
-      raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
-
-      sid_ptr = FFI::MemoryPointer.new(:pointer)
-      defaulted = FFI::MemoryPointer.new(:bool)
-
-      unless GetSecurityDescriptorOwner(security_ptr, sid_ptr, defaulted)
-        raise SystemCallError.new("GetFileSecurity", FFI.errno)
-      end
-
-      sid = sid_ptr.read_pointer
-
-      token = FFI::MemoryPointer.new(:uintptr_t)
-
-      begin
-        # Get the current process sid
-        unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
-          raise SystemCallError, FFI.errno, "OpenProcessToken"
-        end
-
-        token   = token.read_pointer.to_i
-        rlength = FFI::MemoryPointer.new(:pointer)
-        tuser   = 0.chr * 512
-
-        bool = GetTokenInformation(
-          token,
-          TokenUser,
-          tuser,
-          tuser.size,
-          rlength
-        )
-
-        unless bool
-          raise SystemCallError, FFI.errno, "GetTokenInformation"
-        end
-
-        string_sid = tuser[FFI.type_size(:pointer)*2, (rlength.read_ulong - FFI.type_size(:pointer)*2)]
-
-        # Now compare the sid strings
-        if string_sid == sid.read_string(string_sid.size)
-          return_value = true
-        end
-      ensure
-        CloseHandle(token)
-      end
-
-      return_value
-    end
-
-    # Changes the owner of the named file(s) to the given owner (userid).
-    # It will typically require elevated privileges in order to change the
-    # owner of a file.
-    #
-    # This group argument is currently ignored, but is included in the method
-    # definition for compatibility with the current spec. Also note that the
-    # owner should be a string, not a numeric ID.
-    #
-    # Example:
-    #
-    #   File.chown('some_user', nil, 'some_file.txt')
-    #--
-    # In the future we may allow the owner argument to be a SID or a RID and
-    # simply adjust accordingly.
-    #
-    def chown(owner, group, *files)
-      token = FFI::MemoryPointer.new(:ulong)
-
-      begin
-        bool = OpenProcessToken(
-          GetCurrentProcess(),
-          TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
-          token
-        )
-
-        raise SystemCallError.new("OpenProcessToken", FFI.errno) unless bool
-
-        token_handle = token.read_ulong
-
-        privs = [
-          SE_SECURITY_NAME,
-          SE_TAKE_OWNERSHIP_NAME,
-          SE_BACKUP_NAME,
-          SE_RESTORE_NAME,
-          SE_CHANGE_NOTIFY_NAME
-        ]
-
-        privs.each{ |name|
-          luid = LUID.new
-
-          unless LookupPrivilegeValueA(nil, name, luid)
-            raise SystemCallError.new("LookupPrivilegeValue", FFI.errno)
-          end
-
-          tp = TOKEN_PRIVILEGES.new
-          tp[:PrivilegeCount] = 1
-          tp[:Privileges][0][:Luid] = luid
-          tp[:Privileges][0][:Attributes] = SE_PRIVILEGE_ENABLED
-
-          unless AdjustTokenPrivileges(token_handle, false, tp, 0, nil, nil)
-            raise SystemCallError.new("AdjustTokenPrivileges", FFI.errno)
-          end
-        }
-
-        sid      = FFI::MemoryPointer.new(:uchar)
-        sid_size = FFI::MemoryPointer.new(:ulong)
-        dom      = FFI::MemoryPointer.new(:uchar)
-        dom_size = FFI::MemoryPointer.new(:ulong)
-        use      = FFI::MemoryPointer.new(:ulong)
-
-        wowner = owner.wincode
-
-        # First run, get needed sizes
-        LookupAccountNameW(nil, wowner, sid, sid_size, dom, dom_size, use)
-
-        sid = FFI::MemoryPointer.new(:uchar, sid_size.read_ulong * 2)
-        dom = FFI::MemoryPointer.new(:uchar, dom_size.read_ulong * 2)
-
-        # Second run with required sizes
-        unless LookupAccountNameW(nil, wowner, sid, sid_size, dom, dom_size, use)
-          raise SystemCallError.new("LookupAccountName", FFI.errno)
-        end
-
-        files.each{ |file|
-          wfile = string_check(file).wincode
-
-          size = FFI::MemoryPointer.new(:ulong)
-          sec  = FFI::MemoryPointer.new(:ulong)
-
-          # First pass, get the size needed
-          GetFileSecurityW(wfile, OWNER_SECURITY_INFORMATION, sec, sec.size, size)
-
-          security = FFI::MemoryPointer.new(size.read_ulong)
-
-          # Second pass, this time with the appropriately sized security pointer
-          bool = GetFileSecurityW(
-            wfile,
-            OWNER_SECURITY_INFORMATION,
-            security,
-            security.size,
-            size
-          )
-
-          raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
-
-          unless InitializeSecurityDescriptor(security, SECURITY_DESCRIPTOR_REVISION)
-            raise SystemCallError.new("InitializeSecurityDescriptor", FFI.errno)
-          end
-
-          unless SetSecurityDescriptorOwner(security, sid, false)
-            raise SystemCallError.new("SetSecurityDescriptorOwner", FFI.errno)
-          end
-
-          unless SetFileSecurityW(wfile, OWNER_SECURITY_INFORMATION, security)
-            raise SystemCallError.new("SetFileSecurity", FFI.errno)
-          end
-        }
-      ensure
-        CloseHandle(token.read_ulong)
-      end
-
-      files.size
-    end
-
-    # Returns the owner of the specified file in domain\\userid format.
-    #
-    # Example:
-    #
-    #   p File.owner('some_file.txt') # => "your_domain\\some_user"
-    #
-    def owner(file)
-      file = string_check(file).wincode
-      size_needed = FFI::MemoryPointer.new(:ulong)
-
-      # First pass, get the size needed
-      bool = GetFileSecurityW(
-        file,
-        OWNER_SECURITY_INFORMATION,
-        nil,
-        0,
-        size_needed
-      )
-
-      security = FFI::MemoryPointer.new(size_needed.read_ulong)
-
-      # Second pass, this time with the appropriately sized security pointer
-      bool = GetFileSecurityW(
-        file,
-        OWNER_SECURITY_INFORMATION,
-        security,
-        security.size,
-        size_needed
-      )
-
-      raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
-
-      sid = FFI::MemoryPointer.new(:pointer)
-      defaulted = FFI::MemoryPointer.new(:bool)
-
-      unless GetSecurityDescriptorOwner(security, sid, defaulted)
-        raise SystemCallError.new("GetFileSecurity", FFI.errno)
-      end
-
-      sid = sid.read_pointer
-
-      name      = FFI::MemoryPointer.new(:uchar)
-      name_size = FFI::MemoryPointer.new(:ulong)
-      dom       = FFI::MemoryPointer.new(:uchar)
-      dom_size  = FFI::MemoryPointer.new(:ulong)
-      use       = FFI::MemoryPointer.new(:int)
-
-      # First call, get sizes needed
-      LookupAccountSidW(nil, sid, name, name_size, dom, dom_size, use)
-
-      name = FFI::MemoryPointer.new(:uchar, name_size.read_ulong * 2)
-      dom  = FFI::MemoryPointer.new(:uchar, dom_size.read_ulong * 2)
-
-      # Second call, get desired information
-      unless LookupAccountSidW(nil, sid, name, name_size, dom, dom_size, use)
-        raise SystemCallError.new("LookupAccountSid", FFI.errno)
-      end
-
-      name = name.read_string(name.size).wstrip
-      domain = dom.read_string(dom.size).wstrip
-
-      domain << "\\" << name
-    end
-
-    # Returns the primary group of the specified file in domain\\userid format.
-    #
-    # Example:
-    #
-    #   p File.group('some_file.txt') # => "your_domain\\some_group"
-    #
-    def group(file)
-      file = string_check(file).wincode
-      size_needed = FFI::MemoryPointer.new(:ulong)
-
-      # First pass, get the size needed
-      bool = GetFileSecurityW(
-        file,
-        GROUP_SECURITY_INFORMATION,
-        nil,
-        0,
-        size_needed
-      )
-
-      security = FFI::MemoryPointer.new(size_needed.read_ulong)
-
-      # Second pass, this time with the appropriately sized security pointer
-      bool = GetFileSecurityW(
-        file,
-        GROUP_SECURITY_INFORMATION,
-        security,
-        security.size,
-        size_needed
-      )
-
-      raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
-
-      sid = FFI::MemoryPointer.new(:pointer)
-      defaulted = FFI::MemoryPointer.new(:bool)
-
-      unless GetSecurityDescriptorGroup(security, sid, defaulted)
-        raise SystemCallError.new("GetFileSecurity", FFI.errno)
-      end
-
-      sid = sid.read_pointer
-
-      name      = FFI::MemoryPointer.new(:uchar)
-      name_size = FFI::MemoryPointer.new(:ulong)
-      dom       = FFI::MemoryPointer.new(:uchar)
-      dom_size  = FFI::MemoryPointer.new(:ulong)
-      use       = FFI::MemoryPointer.new(:int)
-
-      # First call, get sizes needed
-      LookupAccountSidW(nil, sid, name, name_size, dom, dom_size, use)
-
-      name = FFI::MemoryPointer.new(:uchar, name_size.read_ulong * 2)
-      dom  = FFI::MemoryPointer.new(:uchar, dom_size.read_ulong * 2)
-
-      # Second call, get desired information
-      unless LookupAccountSidW(nil, sid, name, name_size, dom, dom_size, use)
-        raise SystemCallError.new("LookupAccountSid", FFI.errno)
-      end
-
-      name = name.read_string(name.size).wstrip
-      domain = dom.read_string(dom.size).wstrip
-
-      domain << "\\" << name
-    end
-
-    # Returns true if the primary group ID of the process is the same
-    # as the owner of the named file.
-    #
-    # Example:
-    #
-    #   p File.grpowned?('some_file.txt') # => true
-    #   p File.grpowned?('C:/Windows/regedit.exe') # => false
-    #--
-    # This method was redefined for MS Windows.
-    #
-    def grpowned?(file)
-      wide_file = string_check(file).wincode
-
-      return_value = false
-      size_needed_ptr = FFI::MemoryPointer.new(:ulong)
-
-      # First pass, get the size needed
-      bool = GetFileSecurityW(
-        wide_file,
-        GROUP_SECURITY_INFORMATION,
-        nil,
-        0,
-        size_needed_ptr
-      )
-
-      size_needed = size_needed_ptr.read_ulong
-
-      security_ptr = FFI::MemoryPointer.new(size_needed)
-
-      # Second pass, this time with the appropriately sized security pointer
-      bool = GetFileSecurityW(
-        wide_file,
-        GROUP_SECURITY_INFORMATION,
-        security_ptr,
-        security_ptr.size,
-        size_needed_ptr
-      )
-
-      raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
-
-      sid_ptr = FFI::MemoryPointer.new(:pointer)
-      defaulted = FFI::MemoryPointer.new(:bool)
-      pstring_sid = FFI::MemoryPointer.new(:string)
-
-      unless GetSecurityDescriptorGroup(security_ptr, sid_ptr, defaulted)
-        raise SystemCallError.new("GetFileSecurity", FFI.errno)
-      end
-
-      sid = sid_ptr.read_pointer
-      ConvertSidToStringSidA(sid, pstring_sid)
-      file_string_sid = pstring_sid.read_pointer.read_string
-
-      token = FFI::MemoryPointer.new(:uintptr_t)
-
-      begin
-        # Get the current process sid
-        unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
-          raise SystemCallError, FFI.errno, "OpenProcessToken"
-        end
-
-        token   = token.read_pointer.to_i
-        rlength = FFI::MemoryPointer.new(:ulong)
-        tgroup  = TOKEN_GROUP.new
-
-        bool = GetTokenInformation(
-          token,
-          TokenGroups,
-          tgroup,
-          tgroup.size,
-          rlength
-        )
-
-        unless bool
-          raise SystemCallError.new("GetTokenInformation", FFI.errno)
-        end
-
-        ConvertSidToStringSidA(tgroup[:Groups][0][:Sid], pstring_sid)
-        string_sid = pstring_sid.read_pointer.read_string
-
-        # Now compare the sid strings
-        if string_sid == file_string_sid
-          return_value = true
-        end
-      ensure
-        CloseHandle(token)
-      end
-
-      return_value
-    end
-
-    private
-
-    # Simulate MRI's contortions for a stringiness check.
-    def string_check(arg)
-      return arg if arg.is_a?(String)
-      return arg.send(:to_str) if arg.respond_to?(:to_str, true) # MRI honors it, even if private
-      return arg.to_path if arg.respond_to?(:to_path)
-      raise TypeError
-    end
-  end
-end
+require_relative 'security/constants'
+require_relative 'security/structs'
+require_relative 'security/functions'
+require_relative 'security/helper'
+require 'socket'
+
+class File
+  include Windows::File::Constants
+  include Windows::File::Functions
+  extend Windows::File::Constants
+  extend Windows::File::Structs
+  extend Windows::File::Functions
+
+  # The version of the win32-file library
+  WIN32_FILE_SECURITY_VERSION = '1.0.7'
+
+  class << self
+    remove_method(:chown)
+    remove_method(:grpowned?)
+    remove_method(:owned?)
+
+    # Returns the encryption status of a file as a string. Possible return
+    # values are:
+    #
+    # * encryptable
+    # * encrypted
+    # * readonly
+    # * root directory (i.e. not encryptable)
+    # * system file (i.e. not encryptable)
+    # * unsupported
+    # * unknown
+    #
+    def encryption_status(file)
+      wide_file  = string_check(file).wincode
+      status_ptr = FFI::MemoryPointer.new(:ulong)
+
+      unless FileEncryptionStatusW(wide_file, status_ptr)
+        raise SystemCallError.new("FileEncryptionStatus", FFI.errno)
+      end
+
+      status = status_ptr.read_ulong
+
+      rvalue = case status
+        when FILE_ENCRYPTABLE
+          "encryptable"
+        when FILE_IS_ENCRYPTED
+          "encrypted"
+        when FILE_READ_ONLY
+          "readonly"
+        when FILE_ROOT_DIR
+          "root directory"
+        when FILE_SYSTEM_ATTR
+          "system file"
+        when FILE_SYSTEM_NOT_SUPPORTED
+          "unsupported"
+        else
+          "unknown"
+      end
+
+      rvalue
+    end
+
+    # Returns whether or not the root path of the specified file is
+    # encryptable. If no path or a relative path is specified, it will
+    # check against the root of the current directory.
+    #
+    # Be sure to include a trailing slash if specifying a root path.
+    #
+    # Examples:
+    #
+    #   p File.encryptable?
+    #   p File.encryptable?("D:/")
+    #   p File.encryptable?("C:/foo/bar.txt") # Same as 'C:\'
+    #
+    def encryptable?(file = nil)
+      bool = false
+      flags_ptr = FFI::MemoryPointer.new(:ulong)
+
+      if file
+        file = File.expand_path(string_check(file))
+        wide_file = file.wincode
+
+        if !PathIsRootW(wide_file)
+          unless PathStripToRootW(wide_file)
+            raise SystemCallError.new("PathStripToRoot", FFI.errno)
+          end
+        end
+      else
+        wide_file = nil
+      end
+
+      unless GetVolumeInformationW(wide_file, nil, 0, nil, nil, flags_ptr, nil, 0)
+        raise SystemCallError.new("GetVolumeInformation", FFI.errno)
+      end
+
+      flags = flags_ptr.read_ulong
+
+      if flags & FILE_SUPPORTS_ENCRYPTION > 0
+        bool = true
+      end
+
+      bool
+    end
+
+
+    # Returns whether or not the root path of the specified file supports
+    # ACL's. If no path or a relative path is specified, it will check against
+    # the root of the current directory.
+    #
+    # Be sure to include a trailing slash if specifying a root path.
+    #
+    # Examples:
+    #
+    #   p File.supports_acls?
+    #   p File.supports_acls?("D:/")
+    #   p File.supports_acls?("C:/foo/bar.txt") # Same as 'C:\'
+    #
+    def supports_acls?(file = nil)
+      bool = false
+      flags_ptr = FFI::MemoryPointer.new(:ulong)
+
+      if file
+        file = File.expand_path(string_check(file))
+        wide_file = file.wincode
+
+        if !PathIsRootW(wide_file)
+          unless PathStripToRootW(wide_file)
+            raise SystemCallError.new("PathStripToRoot", FFI.errno)
+          end
+        end
+      else
+        wide_file = nil
+      end
+
+      unless GetVolumeInformationW(wide_file, nil, 0, nil, nil, flags_ptr, nil, 0)
+        raise SystemCallError.new("GetVolumeInformation", FFI.errno)
+      end
+
+      flags = flags_ptr.read_ulong
+
+      if flags & FILE_PERSISTENT_ACLS > 0
+        bool = true
+      end
+
+      bool
+    end
+
+    # Encrypts a file or directory. All data streams in a file are encrypted.
+    # All new files created in an encrypted directory are encrypted.
+    #
+    # The caller must have the FILE_READ_DATA, FILE_WRITE_DATA,
+    # FILE_READ_ATTRIBUTES, FILE_WRITE_ATTRIBUTES, and SYNCHRONIZE access
+    # rights.
+    #
+    # Requires exclusive access to the file being encrypted, and will fail if
+    # another process is using the file or the file is marked read-only. If the
+    # file is compressed the file will be decompressed before encrypting it.
+    #
+    def encrypt(file)
+      unless EncryptFileW(string_check(file).wincode)
+        raise SystemCallError.new("EncryptFile", FFI.errno)
+      end
+      self
+    end
+
+    # Decrypts an encrypted file or directory.
+    #
+    # The caller must have the FILE_READ_DATA, FILE_WRITE_DATA,
+    # FILE_READ_ATTRIBUTES, FILE_WRITE_ATTRIBUTES, and SYNCHRONIZE access
+    # rights.
+    #
+    # Requires exclusive access to the file being decrypted, and will fail if
+    # another process is using the file. If the file is not encrypted an error
+    # is NOT raised, it's simply a no-op.
+    #
+    def decrypt(file)
+      unless DecryptFileW(string_check(file).wincode, 0)
+        raise SystemCallError.new("DecryptFile", FFI.errno)
+      end
+      self
+    end
+
+    # Returns a hash describing the current file permissions for the given
+    # file.  The account name is the key, and the value is an integer mask
+    # that corresponds to the security permissions for that file.
+    #
+    # To get a human readable version of the permissions, pass the value to
+    # the +File.securities+ method.
+    #
+    # You may optionally specify a host as the second argument. If no host is
+    # specified then the current host is used.
+    #
+    # Examples:
+    #
+    #   hash = File.get_permissions('test.txt')
+    #
+    #   p hash # => {"NT AUTHORITY\\SYSTEM"=>2032127, "BUILTIN\\Administrators"=>2032127, ...}
+    #
+    #   hash.each{ |name, mask|
+    #     p name
+    #     p File.securities(mask)
+    #   }
+    #
+    def get_permissions(file, host=nil)
+      # Check local filesystem to see if it supports ACL's. If not, bail early
+      # because the GetFileSecurity function will not fail on an unsupported FS.
+      if host.nil?
+        unless supports_acls?(file)
+          raise ArgumentError, "Filesystem does not implement ACL support"
+        end
+      end
+
+      wide_file = string_check(file).wincode
+      wide_host = host ? host.wincode : nil
+
+      size_needed_ptr = FFI::MemoryPointer.new(:ulong)
+      security_ptr    = FFI::MemoryPointer.new(:ulong)
+
+      # First pass, get the size needed
+      bool = GetFileSecurityW(
+        wide_file,
+        DACL_SECURITY_INFORMATION,
+        security_ptr,
+        security_ptr.size,
+        size_needed_ptr
+      )
+
+      errno = FFI.errno
+
+      if !bool && errno != ERROR_INSUFFICIENT_BUFFER
+        raise SystemCallError.new("GetFileSecurity", errno)
+      end
+
+      size_needed = size_needed_ptr.read_ulong
+
+      security_ptr = FFI::MemoryPointer.new(size_needed)
+
+      # Second pass, this time with the appropriately sized security pointer
+      bool = GetFileSecurityW(
+        wide_file,
+        DACL_SECURITY_INFORMATION,
+        security_ptr,
+        security_ptr.size,
+        size_needed_ptr
+      )
+
+      raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
+
+      control_ptr  = FFI::MemoryPointer.new(:ulong)
+      revision_ptr = FFI::MemoryPointer.new(:ulong)
+
+      unless GetSecurityDescriptorControl(security_ptr, control_ptr, revision_ptr)
+        raise SystemCallError.new("GetSecurityDescriptorControl", FFI.errno)
+      end
+
+      control = control_ptr.read_ulong
+
+      if control & SE_DACL_PRESENT == 0
+        raise ArgumentError, "No DACL present: explicit deny all"
+      end
+
+      dacl_pptr          = FFI::MemoryPointer.new(:pointer)
+      dacl_present_ptr   = FFI::MemoryPointer.new(:bool)
+      dacl_defaulted_ptr = FFI::MemoryPointer.new(:ulong)
+
+      bool = GetSecurityDescriptorDacl(
+        security_ptr,
+        dacl_present_ptr,
+        dacl_pptr,
+        dacl_defaulted_ptr
+      )
+
+      unless bool
+        raise SystemCallError.new("GetSecurityDescriptorDacl", FFI.errno)
+      end
+
+      acl = ACL.new(dacl_pptr.read_pointer)
+
+      if acl[:AclRevision] == 0
+        raise ArgumentError, "DACL is NULL: implicit access grant"
+      end
+
+      ace_count  = acl[:AceCount]
+      perms_hash = {}
+
+      0.upto(ace_count - 1){ |i|
+        ace_pptr = FFI::MemoryPointer.new(:pointer)
+        next unless GetAce(acl, i, ace_pptr)
+
+        access = ACCESS_ALLOWED_ACE.new(ace_pptr.read_pointer)
+
+        if access[:Header][:AceType] == ACCESS_ALLOWED_ACE_TYPE
+          name = FFI::MemoryPointer.new(:uchar, 260)
+          name_size = FFI::MemoryPointer.new(:ulong)
+          name_size.write_ulong(name.size)
+
+          domain = FFI::MemoryPointer.new(:uchar, 260)
+          domain_size = FFI::MemoryPointer.new(:ulong)
+          domain_size.write_ulong(domain.size)
+
+          use_ptr = FFI::MemoryPointer.new(:pointer)
+
+          bool = LookupAccountSidW(
+            wide_host,
+            ace_pptr.read_pointer + 8,
+            name,
+            name_size,
+            domain,
+            domain_size,
+            use_ptr
+          )
+
+          raise SystemCallError.new("LookupAccountSid", FFI.errno) unless bool
+
+          # The x2 multiplier is necessary due to wide char strings.
+          name = name.read_string(name_size.read_ulong * 2).wstrip
+
+          dsize = domain_size.read_ulong
+
+          # It's possible there is no domain.
+          if dsize > 0
+            domain = domain.read_string(dsize * 2).wstrip
+
+            unless domain.empty?
+              name = domain + '\\' + name
+            end
+          end
+
+          perms_hash[name] = access[:Mask]
+        end
+      }
+
+      perms_hash
+    end
+
+    # Sets the file permissions for the given file name.  The 'permissions'
+    # argument is a hash with an account name as the key, and the various
+    # permission constants as possible values. The possible constant values
+    # are:
+    #
+    # * FILE_READ_DATA
+    # * FILE_WRITE_DATA
+    # * FILE_APPEND_DATA
+    # * FILE_READ_EA
+    # * FILE_WRITE_EA
+    # * FILE_EXECUTE
+    # * FILE_DELETE_CHILD
+    # * FILE_READ_ATTRIBUTES
+    # * FILE_WRITE_ATTRIBUTES
+    # * FULL
+    # * READ
+    # * ADD
+    # * CHANGE
+    # * DELETE
+    # * READ_CONTROL
+    # * WRITE_DAC
+    # * WRITE_OWNER
+    # * SYNCHRONIZE
+    # * STANDARD_RIGHTS_ALL
+    # * STANDARD_RIGHTS_REQUIRED
+    # * STANDARD_RIGHTS_READ
+    # * STANDARD_RIGHTS_WRITE
+    # * STANDARD_RIGHTS_EXECUTE
+    # * SPECIFIC_RIGHTS_ALL
+    # * ACCESS_SYSTEM_SECURITY
+    # * MAXIMUM_ALLOWED
+    # * GENERIC_READ
+    # * GENERIC_WRITE
+    # * GENERIC_EXECUTE
+    # * GENERIC_ALL
+    #
+    # Example:
+    #
+    #   # Set locally
+    #   File.set_permissions(file, "userid" => File::GENERIC_ALL)
+    #
+    #   # Set a remote system
+    #   File.set_permissions(file, "host\\userid" => File::GENERIC_ALL)
+    #
+    def set_permissions(file, perms)
+      # Check local filesystem to see if it supports ACL's. If not, bail early
+      # because the GetFileSecurity function will not fail on an unsupported FS.
+      unless supports_acls?(file)
+        raise ArgumentError, "Filesystem does not implement ACL support"
+      end
+
+      wide_file = string_check(file).wincode
+      raise TypeError unless perms.kind_of?(Hash)
+
+      account_rights = 0
+      sec_desc = FFI::MemoryPointer.new(:pointer, SECURITY_DESCRIPTOR_MIN_LENGTH)
+
+      unless InitializeSecurityDescriptor(sec_desc, 1)
+        raise SystemCallError.new("InitializeSecurityDescriptor", FFI.errno)
+      end
+
+      acl_new = FFI::MemoryPointer.new(ACL, 100)
+
+      unless InitializeAcl(acl_new, acl_new.size, ACL_REVISION2)
+        raise SystemCallError.new("InitializeAcl", FFI.errno)
+      end
+
+      perms.each{ |account, mask|
+        next if mask.nil?
+
+        server, account = account.split("\\")
+
+        if ['BUILTIN', 'NT AUTHORITY'].include?(server.upcase)
+          wide_server = nil
+        else
+          wide_server = server.wincode
+        end
+
+        wide_account = account.wincode
+
+        sid = FFI::MemoryPointer.new(:uchar, 1024)
+        sid_size = FFI::MemoryPointer.new(:ulong)
+        sid_size.write_ulong(sid.size)
+
+        domain = FFI::MemoryPointer.new(:uchar, 260)
+        domain_size = FFI::MemoryPointer.new(:ulong)
+        domain_size.write_ulong(domain.size)
+
+        use_ptr = FFI::MemoryPointer.new(:ulong)
+
+        val = LookupAccountNameW(
+           wide_server,
+           wide_account,
+           sid,
+           sid_size,
+           domain,
+           domain_size,
+           use_ptr
+        )
+
+        raise SystemCallError.new("LookupAccountName", FFI.errno) unless val
+
+        all_ace = ACCESS_ALLOWED_ACE2.new
+
+        val = CopySid(
+          ALLOW_ACE_LENGTH - ACCESS_ALLOWED_ACE.size,
+          all_ace.to_ptr+8,
+          sid
+        )
+
+        raise SystemCallError.new("CopySid", FFI.errno) unless val
+
+        if (GENERIC_ALL & mask).nonzero?
+          account_rights = GENERIC_ALL & mask
+        elsif (GENERIC_RIGHTS_CHK & mask).nonzero?
+          account_rights = GENERIC_RIGHTS_MASK & mask
+        else
+          # Do nothing, leave it set to zero.
+        end
+
+        all_ace[:Header][:AceFlags] = INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE
+
+        2.times{
+          if account_rights != 0
+            all_ace[:Header][:AceSize] = 8 + GetLengthSid(sid)
+            all_ace[:Mask] = account_rights
+
+            val = AddAce(
+              acl_new,
+              ACL_REVISION2,
+              MAXDWORD,
+              all_ace,
+              all_ace[:Header][:AceSize]
+            )
+
+            raise SystemCallError.new("AddAce", FFI.errno) unless val
+
+            all_ace[:Header][:AceFlags] = CONTAINER_INHERIT_ACE
+          else
+            all_ace[:Header][:AceFlags] = 0
+          end
+
+          account_rights = REST_RIGHTS_MASK & mask
+        }
+      }
+
+      unless SetSecurityDescriptorDacl(sec_desc, 1, acl_new, 0)
+        raise SystemCallError.new("SetSecurityDescriptorDacl", FFI.errno)
+      end
+
+      unless SetFileSecurityW(wide_file, DACL_SECURITY_INFORMATION, sec_desc)
+        raise SystemCallError.new("SetFileSecurity", FFI.errno)
+      end
+
+      self
+    end
+
+    # Returns an array of human-readable strings that correspond to the
+    # permission flags.
+    #
+    # Example:
+    #
+    #   File.get_permissions('test.txt').each{ |name, mask|
+    #     puts name
+    #     p File.securities(mask)
+    #   }
+    #
+    def securities(mask)
+      sec_array = []
+
+      security_rights = {
+        'FULL'    => FULL,
+        'DELETE'  => DELETE,
+        'READ'    => READ,
+        'CHANGE'  => CHANGE,
+        'ADD'     => ADD
+      }
+
+      if mask == 0
+        sec_array.push('NONE')
+      else
+        if (mask & FULL) ^ FULL == 0
+          sec_array.push('FULL')
+        else
+          security_rights.each{ |string, numeric|
+            if (numeric & mask) ^ numeric == 0
+              sec_array.push(string)
+            end
+          }
+        end
+      end
+
+      sec_array
+    end
+
+    # Returns true if the effective user ID of the process is the same as the
+    # owner of the named file.
+    #
+    # Example:
+    #
+    #   p File.owned?('some_file.txt') # => true
+    #   p File.owned?('C:/Windows/regedit.ext') # => false
+    #--
+    # This method was redefined for MS Windows.
+    #
+    def owned?(file)
+      wide_file = string_check(file).wincode
+
+      return_value = false
+      size_needed_ptr = FFI::MemoryPointer.new(:ulong)
+
+      # First pass, get the size needed
+      bool = GetFileSecurityW(
+        wide_file,
+        OWNER_SECURITY_INFORMATION,
+        nil,
+        0,
+        size_needed_ptr
+      )
+
+      size_needed = size_needed_ptr.read_ulong
+
+      security_ptr = FFI::MemoryPointer.new(size_needed)
+
+      # Second pass, this time with the appropriately sized security pointer
+      bool = GetFileSecurityW(
+        wide_file,
+        OWNER_SECURITY_INFORMATION,
+        security_ptr,
+        security_ptr.size,
+        size_needed_ptr
+      )
+
+      raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
+
+      sid_ptr = FFI::MemoryPointer.new(:pointer)
+      defaulted = FFI::MemoryPointer.new(:int)
+
+      unless GetSecurityDescriptorOwner(security_ptr, sid_ptr, defaulted)
+        raise SystemCallError.new("GetFileSecurity", FFI.errno)
+      end
+
+      sid = sid_ptr.read_pointer
+
+      token = FFI::MemoryPointer.new(:uintptr_t)
+
+      begin
+        # Get the current process sid
+        unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
+          raise SystemCallError, FFI.errno, "OpenProcessToken"
+        end
+
+        token   = token.read_pointer.to_i
+        rlength = FFI::MemoryPointer.new(:pointer)
+        tuser   = 0.chr * 512
+
+        bool = GetTokenInformation(
+          token,
+          TokenUser,
+          tuser,
+          tuser.size,
+          rlength
+        )
+
+        unless bool
+          raise SystemCallError, FFI.errno, "GetTokenInformation"
+        end
+
+        string_sid = tuser[FFI.type_size(:pointer)*2, (rlength.read_ulong - FFI.type_size(:pointer)*2)]
+
+        # Now compare the sid strings
+        if string_sid == sid.read_string(string_sid.size)
+          return_value = true
+        end
+      ensure
+        CloseHandle(token)
+      end
+
+      return_value
+    end
+
+    # Changes the owner of the named file(s) to the given owner (userid).
+    # It will typically require elevated privileges in order to change the
+    # owner of a file.
+    #
+    # This group argument is currently ignored, but is included in the method
+    # definition for compatibility with the current spec. Also note that the
+    # owner should be a string, not a numeric ID.
+    #
+    # Example:
+    #
+    #   File.chown('some_user', nil, 'some_file.txt')
+    #--
+    # In the future we may allow the owner argument to be a SID or a RID and
+    # simply adjust accordingly.
+    #
+    def chown(owner, group, *files)
+      token = FFI::MemoryPointer.new(:ulong)
+
+      begin
+        bool = OpenProcessToken(
+          GetCurrentProcess(),
+          TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
+          token
+        )
+
+        raise SystemCallError.new("OpenProcessToken", FFI.errno) unless bool
+
+        token_handle = token.read_ulong
+
+        privs = [
+          SE_SECURITY_NAME,
+          SE_TAKE_OWNERSHIP_NAME,
+          SE_BACKUP_NAME,
+          SE_RESTORE_NAME,
+          SE_CHANGE_NOTIFY_NAME
+        ]
+
+        privs.each{ |name|
+          luid = LUID.new
+
+          unless LookupPrivilegeValueA(nil, name, luid)
+            raise SystemCallError.new("LookupPrivilegeValue", FFI.errno)
+          end
+
+          tp = TOKEN_PRIVILEGES.new
+          tp[:PrivilegeCount] = 1
+          tp[:Privileges][0][:Luid] = luid
+          tp[:Privileges][0][:Attributes] = SE_PRIVILEGE_ENABLED
+
+          unless AdjustTokenPrivileges(token_handle, 0, tp, 0, nil, nil)
+            raise SystemCallError.new("AdjustTokenPrivileges", FFI.errno)
+          end
+        }
+
+        sid      = FFI::MemoryPointer.new(:uchar)
+        sid_size = FFI::MemoryPointer.new(:ulong)
+        dom      = FFI::MemoryPointer.new(:uchar)
+        dom_size = FFI::MemoryPointer.new(:ulong)
+        use      = FFI::MemoryPointer.new(:ulong)
+
+        wowner = owner.wincode
+
+        # First run, get needed sizes
+        LookupAccountNameW(nil, wowner, sid, sid_size, dom, dom_size, use)
+
+        sid = FFI::MemoryPointer.new(:uchar, sid_size.read_ulong * 2)
+        dom = FFI::MemoryPointer.new(:uchar, dom_size.read_ulong * 2)
+
+        # Second run with required sizes
+        unless LookupAccountNameW(nil, wowner, sid, sid_size, dom, dom_size, use)
+          raise SystemCallError.new("LookupAccountName", FFI.errno)
+        end
+
+        files.each{ |file|
+          wfile = string_check(file).wincode
+
+          size = FFI::MemoryPointer.new(:ulong)
+          sec  = FFI::MemoryPointer.new(:ulong)
+
+          # First pass, get the size needed
+          GetFileSecurityW(wfile, OWNER_SECURITY_INFORMATION, sec, sec.size, size)
+
+          security = FFI::MemoryPointer.new(size.read_ulong)
+
+          # Second pass, this time with the appropriately sized security pointer
+          bool = GetFileSecurityW(
+            wfile,
+            OWNER_SECURITY_INFORMATION,
+            security,
+            security.size,
+            size
+          )
+
+          raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
+
+          unless InitializeSecurityDescriptor(security, SECURITY_DESCRIPTOR_REVISION)
+            raise SystemCallError.new("InitializeSecurityDescriptor", FFI.errno)
+          end
+
+          unless SetSecurityDescriptorOwner(security, sid, 0)
+            raise SystemCallError.new("SetSecurityDescriptorOwner", FFI.errno)
+          end
+
+          unless SetFileSecurityW(wfile, OWNER_SECURITY_INFORMATION, security)
+            raise SystemCallError.new("SetFileSecurity", FFI.errno)
+          end
+        }
+      ensure
+        CloseHandle(token.read_ulong)
+      end
+
+      files.size
+    end
+
+    # Returns the owner of the specified file in domain\\userid format.
+    #
+    # Example:
+    #
+    #   p File.owner('some_file.txt') # => "your_domain\\some_user"
+    #
+    def owner(file)
+      file = string_check(file).wincode
+      size_needed = FFI::MemoryPointer.new(:ulong)
+
+      # First pass, get the size needed
+      bool = GetFileSecurityW(
+        file,
+        OWNER_SECURITY_INFORMATION,
+        nil,
+        0,
+        size_needed
+      )
+
+      security = FFI::MemoryPointer.new(size_needed.read_ulong)
+
+      # Second pass, this time with the appropriately sized security pointer
+      bool = GetFileSecurityW(
+        file,
+        OWNER_SECURITY_INFORMATION,
+        security,
+        security.size,
+        size_needed
+      )
+
+      raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
+
+      sid = FFI::MemoryPointer.new(:pointer)
+      defaulted = FFI::MemoryPointer.new(:int)
+
+      unless GetSecurityDescriptorOwner(security, sid, defaulted)
+        raise SystemCallError.new("GetFileSecurity", FFI.errno)
+      end
+
+      sid = sid.read_pointer
+
+      name      = FFI::MemoryPointer.new(:uchar)
+      name_size = FFI::MemoryPointer.new(:ulong)
+      dom       = FFI::MemoryPointer.new(:uchar)
+      dom_size  = FFI::MemoryPointer.new(:ulong)
+      use       = FFI::MemoryPointer.new(:int)
+
+      # First call, get sizes needed
+      LookupAccountSidW(nil, sid, name, name_size, dom, dom_size, use)
+
+      name = FFI::MemoryPointer.new(:uchar, name_size.read_ulong * 2)
+      dom  = FFI::MemoryPointer.new(:uchar, dom_size.read_ulong * 2)
+
+      # Second call, get desired information
+      unless LookupAccountSidW(nil, sid, name, name_size, dom, dom_size, use)
+        raise SystemCallError.new("LookupAccountSid", FFI.errno)
+      end
+
+      name = name.read_string(name.size).wstrip
+      domain = dom.read_string(dom.size).wstrip
+
+      domain << "\\" << name
+    end
+
+    # Returns the primary group of the specified file in domain\\userid format.
+    #
+    # Example:
+    #
+    #   p File.group('some_file.txt') # => "your_domain\\some_group"
+    #
+    def group(file)
+      file = string_check(file).wincode
+      size_needed = FFI::MemoryPointer.new(:ulong)
+
+      # First pass, get the size needed
+      bool = GetFileSecurityW(
+        file,
+        GROUP_SECURITY_INFORMATION,
+        nil,
+        0,
+        size_needed
+      )
+
+      security = FFI::MemoryPointer.new(size_needed.read_ulong)
+
+      # Second pass, this time with the appropriately sized security pointer
+      bool = GetFileSecurityW(
+        file,
+        GROUP_SECURITY_INFORMATION,
+        security,
+        security.size,
+        size_needed
+      )
+
+      raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
+
+      sid = FFI::MemoryPointer.new(:pointer)
+      defaulted = FFI::MemoryPointer.new(:int)
+
+      unless GetSecurityDescriptorGroup(security, sid, defaulted)
+        raise SystemCallError.new("GetFileSecurity", FFI.errno)
+      end
+
+      sid = sid.read_pointer
+
+      name      = FFI::MemoryPointer.new(:uchar)
+      name_size = FFI::MemoryPointer.new(:ulong)
+      dom       = FFI::MemoryPointer.new(:uchar)
+      dom_size  = FFI::MemoryPointer.new(:ulong)
+      use       = FFI::MemoryPointer.new(:int)
+
+      # First call, get sizes needed
+      LookupAccountSidW(nil, sid, name, name_size, dom, dom_size, use)
+
+      name = FFI::MemoryPointer.new(:uchar, name_size.read_ulong * 2)
+      dom  = FFI::MemoryPointer.new(:uchar, dom_size.read_ulong * 2)
+
+      # Second call, get desired information
+      unless LookupAccountSidW(nil, sid, name, name_size, dom, dom_size, use)
+        raise SystemCallError.new("LookupAccountSid", FFI.errno)
+      end
+
+      name = name.read_string(name.size).wstrip
+      domain = dom.read_string(dom.size).wstrip
+
+      domain << "\\" << name
+    end
+
+    # Returns true if the primary group ID of the process is the same
+    # as the owner of the named file.
+    #
+    # Example:
+    #
+    #   p File.grpowned?('some_file.txt') # => true
+    #   p File.grpowned?('C:/Windows/regedit.exe') # => false
+    #--
+    # This method was redefined for MS Windows.
+    #
+    def grpowned?(file)
+      wide_file = string_check(file).wincode
+
+      return_value = false
+      size_needed_ptr = FFI::MemoryPointer.new(:ulong)
+
+      # First pass, get the size needed
+      bool = GetFileSecurityW(
+        wide_file,
+        GROUP_SECURITY_INFORMATION,
+        nil,
+        0,
+        size_needed_ptr
+      )
+
+      size_needed = size_needed_ptr.read_ulong
+
+      security_ptr = FFI::MemoryPointer.new(size_needed)
+
+      # Second pass, this time with the appropriately sized security pointer
+      bool = GetFileSecurityW(
+        wide_file,
+        GROUP_SECURITY_INFORMATION,
+        security_ptr,
+        security_ptr.size,
+        size_needed_ptr
+      )
+
+      raise SystemCallError.new("GetFileSecurity", FFI.errno) unless bool
+
+      sid_ptr = FFI::MemoryPointer.new(:pointer)
+      defaulted = FFI::MemoryPointer.new(:int)
+      pstring_sid = FFI::MemoryPointer.new(:string)
+
+      unless GetSecurityDescriptorGroup(security_ptr, sid_ptr, defaulted)
+        raise SystemCallError.new("GetFileSecurity", FFI.errno)
+      end
+
+      sid = sid_ptr.read_pointer
+      ConvertSidToStringSidA(sid, pstring_sid)
+      file_string_sid = pstring_sid.read_pointer.read_string
+
+      token = FFI::MemoryPointer.new(:uintptr_t)
+
+      begin
+        # Get the current process sid
+        unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
+          raise SystemCallError, FFI.errno, "OpenProcessToken"
+        end
+
+        token   = token.read_pointer.to_i
+        rlength = FFI::MemoryPointer.new(:ulong)
+        tgroup  = TOKEN_GROUP.new
+
+        bool = GetTokenInformation(
+          token,
+          TokenGroups,
+          tgroup,
+          tgroup.size,
+          rlength
+        )
+
+        unless bool
+          raise SystemCallError.new("GetTokenInformation", FFI.errno)
+        end
+
+        ConvertSidToStringSidA(tgroup[:Groups][0][:Sid], pstring_sid)
+        string_sid = pstring_sid.read_pointer.read_string
+
+        # Now compare the sid strings
+        if string_sid == file_string_sid
+          return_value = true
+        end
+      ensure
+        CloseHandle(token)
+      end
+
+      return_value
+    end
+
+    private
+
+    # Simulate MRI's contortions for a stringiness check.
+    def string_check(arg)
+      return arg if arg.is_a?(String)
+      return arg.send(:to_str) if arg.respond_to?(:to_str, true) # MRI honors it, even if private
+      return arg.to_path if arg.respond_to?(:to_path)
+      raise TypeError
+    end
+  end
+end