RubyGems - win32-security - Versions diffs - 0.1.0 → 0.1.1 - Mend

win32-security 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

data/CHANGES CHANGED

@@ -1,2 +1,8 @@
+= 0.1.1 - 14-Jul-2009
+* Added some well known SID's as constants to the Win32::Security::SID class
+  for convenience, e.g. SID::World, SID::Everyone.
+* Fixes for the gemspec.
+* Changed license to Artistic 2.0.
 = 0.1.0 - 17-Dec-2008
-* Initial release
+* Initial release

data/lib/win32/security.rb CHANGED

@@ -25,7 +25,7 @@ module Win32
       extend Windows::Error
       # The version of the win32-security library
-      VERSION = '0.1.0'
+      VERSION = '0.1.1'
       # Returns whether or not the owner of the current process is running
       # with elevated security privileges.

data/lib/win32/security/sid.rb ADDED

@@ -0,0 +1,311 @@
+require 'windows/security'
+require 'windows/error'
+require 'windows/msvcrt/string'
+require 'windows/msvcrt/buffer'
+require 'socket'
+# The Win32 module serves as a namespace only.
+module Win32
+   # The Security class serves as a toplevel class namespace.
+   class Security
+      # The SID class encapsulates a Security Identifier.
+      class SID
+         include Windows::Security
+         include Windows::Error
+         include Windows::MSVCRT::String
+         extend Windows::Security
+         extend Windows::Error
+         extend Windows::MSVCRT::String
+         extend Windows::MSVCRT::Buffer
+         # Error class typically raised if any of the SID methods fail
+         class Error < StandardError; end
+         # The version of the Win32::Security::SID class.
+         VERSION = '0.1.1'
+         # Some constant SID's for your convenience, in string format.
+         # See http://support.microsoft.com/kb/243330 for details.
+         Null                        = 'S-1-0'
+         Nobody                      = 'S-1-0-0'
+         World                       = 'S-1-1'
+         Everyone                    = 'S-1-1-0'
+         Local                       = 'S-1-2'
+         Creator                     = 'S-1-3'
+         CreatorOwner                = 'S-1-3-0'
+         CreatorGroup                = 'S-1-3-1'
+         CreatorOwnerServer          = 'S-1-3-2'
+         CreatorGroupServer          = 'S-1-3-3'
+         NonUnique                   = 'S-1-4'
+         Nt                          = 'S-1-5'
+         Dialup                      = 'S-1-5-1'
+         Network                     = 'S-1-5-2'
+         Batch                       = 'S-1-5-3'
+         Interactive                 = 'S-1-5-4'
+         Service                     = 'S-1-5-6'
+         Anonymous                   = 'S-1-5-7'
+         Proxy                       = 'S-1-5-8'
+         EnterpriseDomainControllers = 'S-1-5-9'
+         PrincipalSelf               = 'S-1-5-10'
+         AuthenticatedUsers          = 'S-1-5-11'
+         RestrictedCode              = 'S-1-5-12'
+         TerminalServerUsers         = 'S-1-5-13'
+         LocalSystem                 = 'S-1-5-18'
+         NtLocal                     = 'S-1-5-19'
+         NtNetwork                   = 'S-1-5-20'
+         BuiltinAdministrators       = 'S-1-5-32-544'
+         BuiltinUsers                = 'S-1-5-32-545'
+         Guests                      = 'S-1-5-32-546'
+         PowerUsers                  = 'S-1-5-32-547'
+         AccountOperators            = 'S-1-5-32-548'
+         ServerOperators             = 'S-1-5-32-549'
+         PrintOperators              = 'S-1-5-32-550'
+         BackupOperators             = 'S-1-5-32-551'
+         Replicators                 = 'S-1-5-32-552'
+         # The binary SID object itself.
+         attr_reader :sid
+         # The account name passed to the constructor.
+         attr_reader :account
+         # The SID account type, e.g. 'user, 'group', etc.
+         attr_reader :account_type
+         # The domain the SID is on.
+         attr_reader :domain
+         # The host passed to the constructor, or the localhost if none
+         # was specified.
+         attr_reader :host
+         # Converts a binary SID to a string in S-R-I-S-S... format.
+         #
+         def self.sid_to_string(sid)
+            sid_addr = [sid].pack('p*').unpack('L')[0]
+            sid_buf  = 0.chr * 80
+            sid_ptr  = 0.chr * 4
+            unless ConvertSidToStringSid(sid_addr, sid_ptr)
+               raise Error, get_last_error
+            end
+            strcpy(sid_buf, sid_ptr.unpack('L')[0])
+            sid_buf.strip
+         end
+         # Converts a string in S-R-I-S-S... format back to a binary SID.
+         #
+         def self.string_to_sid(string)
+            sid_buf = 0.chr * 80
+            string_addr = [string].pack('p*').unpack('L')[0]
+            unless ConvertStringSidToSid(string_addr, sid_buf)
+               raise Error, get_last_error
+            end
+            sid_buf.strip
+         end
+         # Creates a new SID with +authority+ and up to 8 +subauthorities+,
+         # and returns new Win32::Security::SID object.
+         #
+         # Example:
+         #
+         #    sec = Security::SID.create(
+         #       Security::SID::SECURITY_WORLD_SID_AUTHORITY,
+         #       Security::SID::SECURITY_WORLD_RID
+         #    )
+         #
+         #    p sec
+         #
+         #    #<Win32::Security::SID:0x2c5a95c
+         #       @host="your_host",
+         #       @account="Everyone",
+         #       @account_type="well known group",
+         #       @sid="\001\001\000\000\000\000\000\001\000\000\000\000",
+         #       @domain=""
+         #    >
+         #
+         def self.create(authority, *sub_authorities)
+            if sub_authorities.length > 8
+               raise ArgumentError, "maximum of 8 subauthorities allowed"
+            end
+            sid = 0.chr * GetSidLengthRequired(sub_authorities.length)
+            auth = 0.chr * 5 + authority.chr
+            unless InitializeSid(sid, auth, sub_authorities.length)
+               raise Error, get_last_error
+            end
+            sub_authorities.each_index do |i|
+               value = [sub_authorities[i]].pack('L')
+               auth_ptr = GetSidSubAuthority(sid, i)
+               memcpy(auth_ptr, value, 4)
+            end
+            new(sid)
+         end
+         # Creates and returns a new Win32::Security::SID object, based on
+         # the account name, which may also be a binary SID. If a host is
+         # provided, then the information is retrieved from that host.
+         # Otherwise, the local host is used.
+         #
+         # Note that this does NOT create a new SID, but merely retrieves
+         # information for an existing SID. To create a new SID, use the
+         # SID.create method.
+         #
+         # Examples:
+         #
+         #    # User 'john' on the localhost
+         #    Win32::Security::SID.new('john')
+         #
+         #    # User 'jane' on a remote machine
+         #    Win32::Security::SID.new('jane', 'some_host')
+         #
+         #    # Binary SID
+         #    Win32::Security::SID.new("\001\000\000\000\000\000\001\000\000\000\000")
+         #
+         def initialize(account, host=Socket.gethostname)
+            bool   = false
+            sid    = 0.chr * 28
+            sid_cb = [sid.size].pack('L')
+            domain_buf = 0.chr * 80
+            domain_cch = [domain_buf.size].pack('L')
+            sid_name_use = 0.chr * 4
+            # If characters in the 0-10 range, assume it's a binary SID.
+            if account[0] < 10
+               bool = LookupAccountSid(
+                  host,
+                  [account].pack('p*').unpack('L')[0],
+                  sid,
+                  sid_cb,
+                  domain_buf,
+                  domain_cch,
+                  sid_name_use
+               )
+            else
+               bool = LookupAccountName(
+                  host,
+                  account,
+                  sid,
+                  sid_cb,
+                  domain_buf,
+                  domain_cch,
+                  sid_name_use
+               )
+            end
+            unless bool
+               raise Error, get_last_error
+            end
+            # The arguments are flipped if the account argument is binary
+            if account[0] < 10
+               @sid     = account
+               @account = sid.strip
+            else
+               @sid     = sid.strip
+               @account = account
+            end
+            @host   = host
+            @domain = domain_buf.strip
+            @account_type = get_account_type(sid_name_use.unpack('L')[0])
+         end
+         # Synonym for SID.new.
+         #
+         def self.open(account, host=Socket.gethostname)
+            new(account, host)
+         end
+         # Returns the binary SID in string format suitable for display,
+         # storage or transmission.
+         #
+         def to_s
+            sid_addr = [@sid].pack('p*').unpack('L').first
+            sid_buf  = 0.chr * 80
+            sid_ptr  = 0.chr * 4
+            unless ConvertSidToStringSid(sid_addr, sid_ptr)
+               raise Error, get_last_error
+            end
+            strcpy(sid_buf, sid_ptr.unpack('L').first)
+            sid_buf.strip
+         end
+         alias to_str to_s
+         # Returns whether or not the SID object is equal to +other+.
+         #
+         def ==(other)
+            EqualSid(@sid, other.sid)
+         end
+         # Returns whether or not the SID is a valid sid.
+         #
+         def valid?
+            IsValidSid(@sid)
+         end
+         # Returns whether or not the SID is a well known SID.
+         #
+         # Requires Windows XP or later. Earlier versions will raise a
+         # NoMethodError.
+         #
+         def well_known?
+            if defined? IsWellKnownSid
+               IsWellKnownSid(@sid)
+            else
+               raise NoMethodError, 'requires Windows XP or later'
+            end
+         end
+         # Returns the length of the SID object, in bytes.
+         #
+         def length
+            GetLengthSid(@sid)
+         end
+         private
+         # Converts a numeric account type into a human readable string.
+         #
+         def get_account_type(value)
+            case value
+               when SidTypeUser
+                  'user'
+               when SidTypeGroup
+                  'group'
+               when SidTypeDomain
+                  'domain'
+               when SidTypeAlias
+                  'alias'
+               when SidTypeWellKnownGroup
+                  'well known group'
+               when SidTypeDeletedAccount
+                  'deleted account'
+               when SidTypeInvalid
+                  'invalid'
+               when SidTypeUnknown
+                  'unknown'
+               when SidComputer
+                  'computer'
+            end
+         end
+      end
+   end
+end

data/test/test_acl.rb ADDED

@@ -0,0 +1,67 @@
+########################################################################
+# test_acl.rb
+#
+# Test suite for the Win32::Security::ACL class. You should run these
+# tests via the 'rake test' task.
+########################################################################
+require 'rubygems'
+gem 'test-unit'
+require 'win32/security'
+require 'test/unit'
+class TC_Win32_Security_Acl < Test::Unit::TestCase
+   def setup
+      @acl = Security::ACL.new
+   end
+   def test_version
+      assert_equal('0.1.0', Security::ACL::VERSION)
+   end
+   def test_ace_count
+      assert_respond_to(@acl, :ace_count)
+      assert_kind_of(Fixnum, @acl.ace_count)
+      assert_equal(0, @acl.ace_count)
+   end
+   def test_acl
+      assert_respond_to(@acl, :acl)
+      assert_kind_of(String, @acl.acl)
+   end
+   def test_add_access_allowed_ace
+      assert_respond_to(@acl, :add_access_allowed_ace)
+   end
+   def test_add_access_denied_ace
+      assert_respond_to(@acl, :add_access_denied_ace)
+   end
+   def test_add_ace
+      assert_respond_to(@acl, :add_ace)
+   end
+   def test_delete_ace
+      assert_respond_to(@acl, :delete_ace)
+   end
+   def test_find_ace
+      assert_respond_to(@acl, :find_ace)
+      assert_kind_of(Fixnum, @acl.find_ace)
+   end
+   def test_revision
+      assert_respond_to(@acl, :revision)
+      assert_kind_of(Fixnum, @acl.revision)
+   end
+   def test_is_valid
+      assert_respond_to(@acl, :valid?)
+      assert_equal(true, @acl.valid?)
+   end
+   def teardown
+      @acl = nil
+   end
+end

data/test/test_security.rb CHANGED

@@ -12,7 +12,7 @@ require 'win32/security'
 class TC_Win32_Security < Test::Unit::TestCase
    def test_version
-      assert_equal('0.1.0', Win32::Security::VERSION)
+      assert_equal('0.1.1', Win32::Security::VERSION)
    end
    def test_elevated_security

data/test/test_sid.rb CHANGED

@@ -23,7 +23,7 @@ class TC_Win32_Security_Sid < Test::Unit::TestCase
    end
    def test_version
-      assert_equal('0.1.0', Security::SID::VERSION)
+      assert_equal('0.1.1', Security::SID::VERSION)
    end
    def test_sid
@@ -108,6 +108,16 @@ class TC_Win32_Security_Sid < Test::Unit::TestCase
       assert_raise(Security::SID::Error){ Security::SID.new('bogus') }
    end
+   def test_well_known_sid_constants
+      assert_equal('S-1-0', Security::SID::Null)
+      assert_equal('S-1-0-0', Security::SID::Nobody)
+      assert_equal('S-1-1', Security::SID::World)
+      assert_equal('S-1-1-0', Security::SID::Everyone)
+      assert_equal('S-1-5-32-544', Security::SID::BuiltinAdministrators)
+      assert_equal('S-1-5-32-545', Security::SID::BuiltinUsers)
+      assert_equal('S-1-5-32-546', Security::SID::Guests)
+   end
    def teardown
       @sid = nil
    end

data/win32-security.gemspec CHANGED

@@ -1,32 +1,31 @@
-require "rubygems"
+require 'rubygems'
 spec = Gem::Specification.new do |gem|
-   gem.name        = "win32-security"
-   gem.version     = "0.1.0"
-   gem.authors     = ["Daniel J. Berger", "Park Heesob"]
-   gem.email       = "djberg96@gmail.com"
-   gem.homepage    = "http://www.rubyforge.org/projects/win32utils"
-   gem.platform    = Gem::Platform::RUBY
-   gem.summary     = "A library for dealing with aspects of Windows security."
-   gem.test_files  = Dir["test/*.rb"]
-   gem.has_rdoc    = true
-   gem.files       = Dir["lib/win32/*.rb"] + Dir["test/*"] + Dir["[A-Z]*"]
-   gem.files.reject! { |fn| fn.include? "CVS" }
-   gem.extra_rdoc_files = ["README", "CHANGES", "MANIFEST"]
-   gem.rubyforge_project = 'Win32Utils'
-   gem.add_dependency("windows-pr", ">= 0.9.8")
-   gem.add_dependency("test-unit", ">= 2.0.1")
-   gem.add_dependency("sys-admin", ">= 1.4.4")
+   gem.name       = 'win32-security'
+   gem.version    = '0.1.1'
+   gem.authors    = ['Daniel J. Berger', 'Park Heesob']
+   gem.email      = 'djberg96@gmail.com'
+   gem.homepage   = 'http://www.rubyforge.org/projects/win32utils'
+   gem.platform   = Gem::Platform::RUBY
+   gem.summary    = 'A library for dealing with aspects of Windows security.'
+   gem.test_files = Dir['test/*.rb']
+   gem.has_rdoc   = true
+   gem.files      = Dir['**/*'].reject{ |f| f.include?('CVS') }
+   gem.license    = 'Artistic 2.0'
+   gem.extra_rdoc_files  = ['README', 'CHANGES', 'MANIFEST']
+   gem.rubyforge_project = 'win32utils'
-   description = "The win32-security library provides an interface for dealing"
-   description << " with security aspects of MS Windows. It includes classes"
-   description << " for SID's, ACL's and ACE's."
+   gem.add_dependency('windows-pr', '>= 0.9.8')
+   gem.add_dependency('test-unit', '>= 2.0.1')
+   gem.add_dependency('sys-admin', '>= 1.4.4')
-   gem.description = description
+   gem.description = <<-EOF
+      The win32-security library provides an interface for dealing with
+      security related aspects of MS Windows. At the moment it provides an
+      interface for inspecting or creating SID's.
+   EOF
 end
-if $0 == __FILE__
-   Gem.manage_gems if Gem::RubyGemsVersion.to_f < 1.0
-   Gem::Builder.new(spec).build
-end
+Gem.manage_gems if Gem::RubyGemsVersion.to_f < 1.0
+Gem::Builder.new(spec).build

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: win32-security
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Daniel J. Berger
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2008-12-17 00:00:00 -07:00
+date: 2009-07-14 00:00:00 -06:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -43,7 +43,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 1.4.4
     version:
-description: The win32-security library provides an interface for dealing with security aspects of MS Windows. It includes classes for SID's, ACL's and ACE's.
+description: "      The win32-security library provides an interface for dealing with\n      security related aspects of MS Windows. At the moment it provides an\n      interface for inspecting or creating SID's.\n"
 email: djberg96@gmail.com
 executables: []
@@ -54,18 +54,20 @@ extra_rdoc_files:
 - CHANGES
 - MANIFEST
 files:
-- lib/win32/security.rb
-- test/test_security.rb
-- test/test_sid.rb
 - CHANGES
-- lib
+- lib/win32/security/sid.rb
+- lib/win32/security.rb
 - MANIFEST
 - Rakefile
 - README
-- test
+- test/test_acl.rb
+- test/test_security.rb
+- test/test_sid.rb
 - win32-security.gemspec
 has_rdoc: true
 homepage: http://www.rubyforge.org/projects/win32utils
+licenses:
+- Artistic 2.0
 post_install_message:
 rdoc_options: []
@@ -85,11 +87,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   version:
 requirements: []
-rubyforge_project: Win32Utils
-rubygems_version: 1.3.1
+rubyforge_project: win32utils
+rubygems_version: 1.3.4
 signing_key:
-specification_version: 2
+specification_version: 3
 summary: A library for dealing with aspects of Windows security.
 test_files:
+- test/test_acl.rb
 - test/test_security.rb
 - test/test_sid.rb