RubyGems - win32-security - Versions diffs - 0.1.2 → 0.1.3 - Mend

win32-security 0.1.2 → 0.1.3

Files changed (11) hide show

data/CHANGES +6 -0
data/README +19 -19
data/Rakefile +37 -28
data/lib/win32/security.rb +40 -39
data/lib/win32/security/ace.rb +26 -26
data/lib/win32/security/acl.rb +136 -136
data/lib/win32/security/sid.rb +356 -292
data/test/test_security.rb +13 -1
data/test/test_sid.rb +125 -117
data/win32-security.gemspec +20 -24
metadata +70 -56

data/CHANGES CHANGED Viewed

@@ -1,3 +1,9 @@
+= 0.1.3 - 12-Jul-2012
+* The SID.new method now defaults to the owner of the current thread if
+  no account name is provided.
+* Updates to the gemspec, Rakefile, and SID tests, including updates to
+  some of the gemspec dependencies.
 = 0.1.2 - 2-Aug-2009
 * Now compatible with Ruby 1.9.x.
 * Switched test-unit and sys-admin from standard dependencies to development

data/README CHANGED Viewed

@@ -1,35 +1,35 @@
 = Description
-   A security library for MS Windows that allows you to open existing or
-   create new security identifiers (SID's).
+  A security library for MS Windows that allows you to open existing or
+  create new security identifiers (SID's).
 = Synopsis
-   require 'win32/security'
-   include Win32
+  require 'win32/security'
+  include Win32
-   sid = Security::SID.open('djberge')
+  sid = Security::SID.open('some_user')
-   sid.valid? # => true
-   sid.to_s   # => "S-1-5-21-3733855671-1102023144-2002619019-1000"
-   sid.length # => 28
-   sid.sid    # => "\001\005\000\000\000\000\000\005\025\000\000\000..."
+  sid.valid? # => true
+  sid.to_s   # => "S-1-5-21-3733855671-1102023144-2002619019-1000"
+  sid.length # => 28
+  sid.sid    # => "\001\005\000\000\000\000\000\005\025\000\000\000..."
 == Future Plans
-   Create classes that encapsulate ACL's, ACE's, Token's, etc.
+  Create classes that encapsulate ACL's, ACE's, Token's, etc.
-   There are some unfinished versions of the ACL and ACE classes in CVS
-   if you're interested in taking a look.
+  There are some unfinished versions of the ACL and ACE classes in the
+  repo if you're interested in taking a look.
 == Known Issues
-   None that I'm aware of. Please file any bug reports on the project page
-   at http://www.rubyforge.org/projects/win32utils.
+  None that I'm aware of. Please file any bug reports on the project page
+  at http://www.rubyforge.org/projects/win32utils.
 == License
-   Ruby's
+  Artistic 2.0
 == Copyright
-   (C) 2003-2009 Daniel J. Berger
-   All Rights Reserved
+  (C) 2003-2012 Daniel J. Berger
+  All Rights Reserved
 == Authors
-   Daniel J. Berger
-   Park Heesob
+  Daniel J. Berger
+  Park Heesob

data/Rakefile CHANGED Viewed

@@ -1,37 +1,46 @@
 require 'rake'
 require 'rake/testtask'
 require 'rbconfig'
-include Config
-desc 'Cleanup any temp files left over by Test::Unit'
-task :clean do
-   Dir['*'].each{ |file|
-      file = File.expand_path(file)
-      next unless File.directory?(file)
-      next if file =~ /CVS/
-      Dir.chdir(file) do
-         rm_rf '.test-result' if File.exists?('.test-result')
-      end
-   }
+namespace :gem do
+  desc "Remove any .gem files in the project"
+  task :clean do
+    Dir['*.gem'].each{ |f| File.delete(f) }
+  end
-desc 'Install the win32-security package (non-gem)'
-task :install do
-   install_dir = File.join(CONFIG["sitelibdir"], 'win32', 'security')
-   mkdir_p(install_dir) unless File.exists?(install_dir)
-   cp 'lib/win32/security.rb', File.dirname(install_dir), :verbose => true
-   cp 'lib/win32/security/acl.rb', install_dir, :verbose => true
-   cp 'lib/win32/security/sid.rb', install_dir, :verbose => true
-end
+  desc "Create the win32-security gem"
+  task :create => [:clean] do
+    spec = eval(IO.read('win32-security.gemspec'))
+    Gem::Builder.new(spec).build
+  end
-task :install_gem do
-   ruby 'win32-security.gemspec'
-   file = Dir["*.gem"].first
-   sh "gem install #{file}"
+  desc "Install the win32-security gem"
+  task :install => [:create] do
+    ruby 'win32-security.gemspec'
+    file = Dir["*.gem"].first
+    sh "gem install #{file}"
+  end
 end
-# TODO: Add more test files as more classes are added.
-Rake::TestTask.new do |t|
-   t.verbose = true
-   t.warning = true
-   t.test_files = Dir['test/test_sid.rb', 'test/test_security.rb']
+namespace :test do
+  Rake::TestTask.new(:security) do |t|
+    t.verbose = true
+    t.warning = true
+    t.test_files = Dir['test/test_security.rb']
+  end
+  Rake::TestTask.new(:sid) do |t|
+    t.verbose = true
+    t.warning = true
+    t.test_files = Dir['test/test_sid.rb']
+  end
+  # ACL class isn't ready yet
+  Rake::TestTask.new(:all) do |t|
+    t.verbose = true
+    t.warning = true
+    t.test_files = Dir['test/test_sid.rb', 'test/test_security.rb']
+  end
 end
+task :default => 'test:all'

data/lib/win32/security.rb CHANGED Viewed

@@ -6,59 +6,60 @@ require 'windows/security'
 require 'windows/handle'
 require 'windows/error'
-$LOAD_PATH.unshift(File.dirname(File.dirname(File.expand_path(__FILE__))))
 # The Win32 module serves as a namespace only.
 module Win32
-   # The Security class encapsulates security aspects of MS Windows.
-   class Security
+  # The Security class encapsulates security aspects of MS Windows.
+  class Security
-      # Base error class for all Win32::Security errors.
-      class Error < StandardError; end
+    # Base error class for all Win32::Security errors.
+    class Error < StandardError; end
-      include Windows::Security
+    include Windows::Security
-      extend Windows::Process
-      extend Windows::Security
-      extend Windows::Handle
-      extend Windows::Error
+    extend Windows::Process
+    extend Windows::Security
+    extend Windows::Handle
+    extend Windows::Error
-      # The version of the win32-security library
-      VERSION = '0.1.2'
+    # The version of the win32-security library
+    VERSION = '0.1.3'
-      # Returns whether or not the owner of the current process is running
-      # with elevated security privileges.
-      #
-      def self.elevated_security?
-         token = 0.chr * 4
+    # Returns whether or not the owner of the current process is running
+    # with elevated security privileges.
+    #
+    # Only supported on Windows Vista or later.
+    #
+    def self.elevated_security?
+      token = 0.chr * 4
-         unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
-            raise Error, get_last_error
-         end
+      unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
+        raise Error, get_last_error
+      end
-         begin
-            token = token.unpack('V')[0]
+      begin
+        token = token.unpack('V')[0]
-            te = 0.chr * 4 # TOKEN_ELEVATION
-            rl = 0.chr * 4 # Return length
+        te = 0.chr * 4 # TOKEN_ELEVATION
+        rl = 0.chr * 4 # Return length
-            bool = GetTokenInformation(
-               token,
-               TokenElevation,
-               te,
-               te.size,
-               rl
-            )
+        bool = GetTokenInformation(
+          token,
+          TokenElevation,
+          te,
+          te.size,
+          rl
+        )
-            raise Error, get_last_error unless bool
-         ensure
-            CloseHandle(token)
-         end
-         te.unpack('L')[0] != 0
+        raise Error, get_last_error unless bool
+      ensure
+        CloseHandle(token)
       end
-   end
+      # TokenIsElevated member of the TOKEN_ELEVATION struct
+      te.unpack('L')[0] != 0
+    end
+  end
 end
 require 'win32/security/sid'

data/lib/win32/security/ace.rb CHANGED Viewed

@@ -1,39 +1,39 @@
 # The Win32 module serves as a namespace only.
 module Win32
-   # The Security class serves as a toplevel class namespace.
-   class Security
+  # The Security class serves as a toplevel class namespace.
+  class Security
-      # The ACE class encapsulates an Access Control Entry, an element within
-      # an Access Control List.
-      class ACE
-         # The version of the Win32::Security::ACE class.
-         VERSION = '0.1.0'
+    # The ACE class encapsulates an Access Control Entry, an element within
+    # an Access Control List.
+    class ACE
+      # The version of the Win32::Security::ACE class.
+      VERSION = '0.1.0'
-         # The ACE type, e.g. ACCESS_ALLOWED, ACCESS_DENIED, etc.
-         attr_accessor :ace_type
+      # The ACE type, e.g. ACCESS_ALLOWED, ACCESS_DENIED, etc.
+      attr_accessor :ace_type
-         # The ACE mask, e.g. INHERITED_ACE
-         attr_accessor :ace_mask
+      # The ACE mask, e.g. INHERITED_ACE
+      attr_accessor :ace_mask
-         # Standard access rights, e.g. GENERIC_READ, GENERIC_WRITE, etc
-         attr_accessor :access_mask
+      # Standard access rights, e.g. GENERIC_READ, GENERIC_WRITE, etc
+      attr_accessor :access_mask
-         # Bit flags that indicate whether the ObjectType and
-         # InheritedObjectType members are present. This value is set
-         # internally based on the values passed to the ACE#object_type or
-         # ACE#inherited_object_type methods, if any.
-         attr_reader :flags
+      # Bit flags that indicate whether the ObjectType and
+      # InheritedObjectType members are present. This value is set
+      # internally based on the values passed to the ACE#object_type or
+      # ACE#inherited_object_type methods, if any.
+      attr_reader :flags
-         # A Win32::Security::GUID object that identifies the type of child
-         # object that can inherit the ACE.
-         attr_accessor :object_type
+      # A Win32::Security::GUID object that identifies the type of child
+      # object that can inherit the ACE.
+      attr_accessor :object_type
-         attr_accessor :inherited_object_type
+      attr_accessor :inherited_object_type
-         def initialize
-            yield self if block_given?
-         end
+      def initialize
+        yield self if block_given?
       end
-   end
+    end
+  end
 end

data/lib/win32/security/acl.rb CHANGED Viewed

@@ -6,143 +6,143 @@ require 'windows/msvcrt/buffer'
 # The Win32 module serves as a namespace only.
 module Win32
-   # The Security class serves as a toplevel class namespace.
-   class Security
+  # The Security class serves as a toplevel class namespace.
+  class Security
-      # The ACL class encapsulates an Access Control List.
-      class ACL
-         include Windows::Error
-         include Windows::Security
-         include Windows::Limits
-         include Windows::MSVCRT::Buffer
+    # The ACL class encapsulates an Access Control List.
+    class ACL
+      include Windows::Error
+      include Windows::Security
+      include Windows::Limits
+      include Windows::MSVCRT::Buffer
-         # The version of the Win32::Security::ACL class.
-         VERSION = '0.1.0'
-         # The binary representation of the ACL structure
-         attr_reader :acl
-         # The revision level.
-         attr_reader :revision
-         # Creates and returns a new Win32::Security::ACL object. This object
-         # encapsulates an ACL structure, including a binary representation of
-         # the ACL itself, and the revision information.
-         #
-         def initialize(revision = ACL_REVISION)
-            acl = 0.chr * 8 # This can be increased later as needed
-            unless InitializeAcl(acl, acl.size, revision)
-               raise Error, get_last_error
-            end
-            @acl = acl
-            @revision = revision
-         end
-         # Returns the number of ACE's in the ACL object.
-         #
-         def ace_count
-            buf = 0.chr * 12 # sizeof(ACL_SIZE_INFORMATION)
-            unless GetAclInformation(@acl, buf, buf.size, AclSizeInformation)
-               raise Error, get_last_error
-            end
-            buf[0, 4].unpack('L')[0]
-         end
-         # Adds an access allowed ACE to the given +sid+. The +mask+ is a
-         # bitwise OR'd value of access rights.
-         #
-         def add_access_allowed_ace(sid, mask=0)
-            unless AddAccessAllowedAce(@acl, @revision, mask, sid)
-               raise Error, get_last_error
-            end
-         end
-         # Adds an access denied ACE to the given +sid+.
-         #
-         def add_access_denied_ace(sid, mask=0)
-            unless AddAccessDeniedAce(@acl, @revision, mask, sid)
-               raise Error, get_last_error
-            end
-         end
-         # Adds an ACE to the ACL object with the given +revision+ at +index+
-         # or the end of the chain if no index is specified.
-         #
-         # Returns the index if successful.
-         #--
-         # This is untested and will require an actual implementation of
-         # Win32::Security::Ace before it can work properly.
-         #
-         def add_ace(ace, index=MAXDWORD)
-            unless AddAce(@acl, @revision, index, ace, ace.length)
-               raise Error, get_last_error
-            end
-            index
-         end
-         # Deletes an ACE from the ACL object at +index+, or from the end of
-         # the chain if no index is specified.
-         #
-         # Returns the index if successful.
-         #--
-         # This is untested and will require an actual implementation of
-         # Win32::Security::Ace before it can work properly.
-         #
-         def delete_ace(index=MAXDWORD)
-            unless DeleteAce(@ace, index)
-               raise Error, get_last_error
-            end
-            index
-         end
-         # Finds and returns a pointer (address) to an ACE in the ACL at the
-         # given +index+. If no index is provided, then an address to the
-         # first free byte of the ACL is returned.
-         #
-         def find_ace(index = nil)
-            ptr = [0].pack('L')
-            if index.nil?
-               unless FindFirstFreeAce(@acl, ptr)
-                  raise Error, get_last_error
-               end
-            else
-               unless GetAce(@acl, index, ptr)
-                  raise Error, get_last_error
-               end
-            end
-            [ptr].pack('p*').unpack('L')[0]
-         end
-         # Sets the revision information level, where the +revision_level+
-         # can be ACL_REVISION1, ACL_REVISION2, ACL_REVISION3 or ACL_REVISION4.
-         #
-         # Returns the revision level if successful.
-         #
-         def revision=(revision_level)
-            buf = [revision_level].pack('L')
-            unless SetAclInformation(@acl, buf, buf.size, AclRevisionInformation)
-               raise Error, get_last_error
-            end
-            @revision = revision_level
-            revision_level
-         end
-         # Returns whether or not the ACL is a valid ACL.
-         #
-         def valid?
-            IsValidAcl(@acl)
-         end
+      # The version of the Win32::Security::ACL class.
+      VERSION = '0.1.0'
+      # The binary representation of the ACL structure
+      attr_reader :acl
+      # The revision level.
+      attr_reader :revision
+      # Creates and returns a new Win32::Security::ACL object. This object
+      # encapsulates an ACL structure, including a binary representation of
+      # the ACL itself, and the revision information.
+      #
+      def initialize(revision = ACL_REVISION)
+        acl = 0.chr * 8 # This can be increased later as needed
+        unless InitializeAcl(acl, acl.size, revision)
+          raise Error, get_last_error
+        end
+        @acl = acl
+        @revision = revision
+      end
+      # Returns the number of ACE's in the ACL object.
+      #
+      def ace_count
+        buf = 0.chr * 12 # sizeof(ACL_SIZE_INFORMATION)
+        unless GetAclInformation(@acl, buf, buf.size, AclSizeInformation)
+          raise Error, get_last_error
+        end
+        buf[0, 4].unpack('L')[0]
+      end
+      # Adds an access allowed ACE to the given +sid+. The +mask+ is a
+      # bitwise OR'd value of access rights.
+      #
+      def add_access_allowed_ace(sid, mask=0)
+        unless AddAccessAllowedAce(@acl, @revision, mask, sid)
+          raise Error, get_last_error
+        end
+      end
+      # Adds an access denied ACE to the given +sid+.
+      #
+      def add_access_denied_ace(sid, mask=0)
+        unless AddAccessDeniedAce(@acl, @revision, mask, sid)
+          raise Error, get_last_error
+        end
+      end
+      # Adds an ACE to the ACL object with the given +revision+ at +index+
+      # or the end of the chain if no index is specified.
+      #
+      # Returns the index if successful.
+      #--
+      # This is untested and will require an actual implementation of
+      # Win32::Security::Ace before it can work properly.
+      #
+      def add_ace(ace, index=MAXDWORD)
+        unless AddAce(@acl, @revision, index, ace, ace.length)
+          raise Error, get_last_error
+        end
+        index
+      end
+      # Deletes an ACE from the ACL object at +index+, or from the end of
+      # the chain if no index is specified.
+      #
+      # Returns the index if successful.
+      #--
+      # This is untested and will require an actual implementation of
+      # Win32::Security::Ace before it can work properly.
+      #
+      def delete_ace(index=MAXDWORD)
+        unless DeleteAce(@ace, index)
+          raise Error, get_last_error
+        end
+        index
+      end
+      # Finds and returns a pointer (address) to an ACE in the ACL at the
+      # given +index+. If no index is provided, then an address to the
+      # first free byte of the ACL is returned.
+      #
+      def find_ace(index = nil)
+        ptr = [0].pack('L')
+        if index.nil?
+          unless FindFirstFreeAce(@acl, ptr)
+            raise Error, get_last_error
+          end
+        else
+          unless GetAce(@acl, index, ptr)
+            raise Error, get_last_error
+          end
+        end
+        [ptr].pack('p*').unpack('L')[0]
+      end
+      # Sets the revision information level, where the +revision_level+
+      # can be ACL_REVISION1, ACL_REVISION2, ACL_REVISION3 or ACL_REVISION4.
+      #
+      # Returns the revision level if successful.
+      #
+      def revision=(revision_level)
+        buf = [revision_level].pack('L')
+        unless SetAclInformation(@acl, buf, buf.size, AclRevisionInformation)
+          raise Error, get_last_error
+        end
+        @revision = revision_level
+        revision_level
+      end
+      # Returns whether or not the ACL is a valid ACL.
+      #
+      def valid?
+        IsValidAcl(@acl)
       end
-   end
+    end
+  end
 end