win32-security 0.1.4 → 0.2.0

data/lib/win32/security/windows/constants.rb

@@ -0,0 +1,121 @@
+module Windows
+  module Security
+    module Constants
+      TOKEN_QUERY = 8
+      ERROR_NO_TOKEN = 1008
+
+      # ACL Revisions
+
+      ACL_REVISION1 = 1
+      ACL_REVISION  = 2
+      ACL_REVISION2 = 2
+      ACL_REVISION3 = 3
+      ACL_REVISION4 = 4
+
+      # ACL Information Classes
+
+      AclRevisionInformation = 1
+      AclSizeInformation     = 2
+
+      # Identifier Authorities
+
+      SECURITY_NULL_SID_AUTHORITY         = 0
+      SECURITY_WORLD_SID_AUTHORITY        = 1
+      SECURITY_LOCAL_SID_AUTHORITY        = 2
+      SECURITY_CREATOR_SID_AUTHORITY      = 3
+      SECURITY_NON_UNIQUE_AUTHORITY       = 4
+      SECURITY_NT_AUTHORITY               = 5
+      SECURITY_RESOURCE_MANAGER_AUTHORITY = 9
+
+      # Subauthorities
+
+      SECURITY_NULL_RID                 = 0x00000000
+      SECURITY_WORLD_RID                = 0x00000000
+      SECURITY_LOCAL_RID                = 0x00000000
+      SECURITY_CREATOR_OWNER_RID        = 0x00000000
+      SECURITY_CREATOR_GROUP_RID        = 0x00000001
+      SECURITY_CREATOR_OWNER_SERVER_RID = 0x00000002
+      SECURITY_CREATOR_GROUP_SERVER_RID = 0x00000003
+      SECURITY_DIALUP_RID               = 0x00000001
+      SECURITY_NETWORK_RID              = 0x00000002
+      SECURITY_BATCH_RID                = 0x00000003
+      SECURITY_INTERACTIVE_RID          = 0x00000004
+      SECURITY_LOGON_IDS_RID            = 0x00000005
+      SECURITY_LOGON_IDS_RID_COUNT      = 3
+      SECURITY_SERVICE_RID              = 0x00000006
+      SECURITY_ANONYMOUS_LOGON_RID      = 0x00000007
+      SECURITY_PROXY_RID                = 0x00000008
+
+      SECURITY_ENTERPRISE_CONTROLLERS_RID   = 0x00000009
+      SECURITY_SERVER_LOGON_RID             = SECURITY_ENTERPRISE_CONTROLLERS_RID
+      SECURITY_PRINCIPAL_SELF_RID           = 0x0000000A
+      SECURITY_AUTHENTICATED_USER_RID       = 0x0000000B
+      SECURITY_RESTRICTED_CODE_RID          = 0x0000000C
+      SECURITY_TERMINAL_SERVER_RID          = 0x0000000D
+      SECURITY_REMOTE_LOGON_RID             = 0x0000000E
+      SECURITY_THIS_ORGANIZATION_RID        = 0x0000000F
+      SECURITY_LOCAL_SYSTEM_RID             = 0x00000012
+      SECURITY_LOCAL_SERVICE_RID            = 0x00000013
+      SECURITY_NETWORK_SERVICE_RID          = 0x00000014
+      SECURITY_NT_NON_UNIQUE                = 0x00000015
+      SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT = 3
+
+      SECURITY_BUILTIN_DOMAIN_RID     = 0x00000020
+      SECURITY_PACKAGE_BASE_RID       = 0x00000040
+      SECURITY_PACKAGE_RID_COUNT      = 2
+      SECURITY_PACKAGE_NTLM_RID       = 0x0000000A
+      SECURITY_PACKAGE_SCHANNEL_RID   = 0x0000000E
+      SECURITY_PACKAGE_DIGEST_RID     = 0x00000015
+      SECURITY_MAX_ALWAYS_FILTERED    = 0x000003E7
+      SECURITY_MIN_NEVER_FILTERED     = 0x000003E8
+
+      SECURITY_OTHER_ORGANIZATION_RID     = 0x000003E8
+      FOREST_USER_RID_MAX                 = 0x000001F3
+      DOMAIN_USER_RID_ADMIN               = 0x000001F4
+      DOMAIN_USER_RID_GUEST               = 0x000001F5
+      DOMAIN_USER_RID_KRBTGT              = 0x000001F6
+      DOMAIN_USER_RID_MAX                 = 0x000003E7
+      DOMAIN_GROUP_RID_ADMINS             = 0x00000200
+      DOMAIN_GROUP_RID_USERS              = 0x00000201
+      DOMAIN_GROUP_RID_GUESTS             = 0x00000202
+      DOMAIN_GROUP_RID_COMPUTERS          = 0x00000203
+      DOMAIN_GROUP_RID_CONTROLLERS        = 0x00000204
+      DOMAIN_GROUP_RID_CERT_ADMINS        = 0x00000205
+      DOMAIN_GROUP_RID_SCHEMA_ADMINS      = 0x00000206
+      DOMAIN_GROUP_RID_ENTERPRISE_ADMINS  = 0x00000207
+      DOMAIN_GROUP_RID_POLICY_ADMINS      = 0x00000208
+      DOMAIN_ALIAS_RID_ADMINS             = 0x00000220
+      DOMAIN_ALIAS_RID_USERS              = 0x00000221
+      DOMAIN_ALIAS_RID_GUESTS             = 0x00000222
+      DOMAIN_ALIAS_RID_POWER_USERS        = 0x00000223
+      DOMAIN_ALIAS_RID_ACCOUNT_OPS        = 0x00000224
+      DOMAIN_ALIAS_RID_SYSTEM_OPS         = 0x00000225
+      DOMAIN_ALIAS_RID_PRINT_OPS          = 0x00000226
+      DOMAIN_ALIAS_RID_BACKUP_OPS         = 0x00000227
+      DOMAIN_ALIAS_RID_REPLICATOR         = 0x00000228
+      DOMAIN_ALIAS_RID_RAS_SERVERS        = 0x00000229
+
+      DOMAIN_ALIAS_RID_PREW2KCOMPACCESS               = 0x0000022A
+      DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS           = 0x0000022B
+      DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS      = 0x0000022C
+      DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS = 0x0000022D
+      DOMAIN_ALIAS_RID_MONITORING_USERS               = 0x0000022E
+      DOMAIN_ALIAS_RID_LOGGING_USERS                  = 0x0000022F
+      DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS            = 0x00000230
+      DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS             = 0x00000231
+      DOMAIN_ALIAS_RID_DCOM_USERS                     = 0x00000232
+
+      # SID types
+
+      SidTypeUser           = 1
+      SidTypeGroup          = 2
+      SidTypeDomain         = 3
+      SidTypeAlias          = 4
+      SidTypeWellKnownGroup = 5
+      SidTypeDeletedAccount = 6
+      SidTypeInvalid        = 7
+      SidTypeUnknown        = 8
+      SidTypeComputer       = 9
+    end
+  end
+end

data/lib/win32/security/windows/functions.rb

@@ -0,0 +1,97 @@
+require 'ffi'
+
+module Windows
+  module Security
+    module Functions
+      extend FFI::Library
+
+      module FFI::Library
+        # Wrapper method for attach_function + private
+        def attach_pfunc(*args)
+          attach_function(*args)
+          private args[0]
+        end
+      end
+
+      ffi_lib :kernel32
+
+      enum :token_info_class, [
+        :TokenUser, 1,
+        :TokenGroups,
+        :TokenPrivileges,
+        :TokenOwner,
+        :TokenPrimaryGroup,
+        :TokenDefaultDacl,
+        :TokenSource,
+        :TokenType,
+        :TokenImpersonationLevel,
+        :TokenStatistics,
+        :TokenRestrictedSids,
+        :TokenSessionId,
+        :TokenGroupsAndPrivileges,
+        :TokenSessionReference,
+        :TokenSandBoxInert,
+        :TokenAuditPolicy,
+        :TokenOrigin,
+        :TokenElevationType,
+        :TokenLinkedToken,
+        :TokenElevation,
+        :TokenHasRestrictions,
+        :TokenAccessInformation,
+        :TokenVirtualizationAllowed,
+        :TokenVirtualizationEnabled,
+        :TokenIntegrityLevel,
+        :TokenUIAccess,
+        :TokenMandatoryPolicy,
+        :TokenLogonSid,
+        :TokenIsAppContainer,
+        :TokenCapabilities,
+        :TokenAppContainerSid,
+        :TokenAppContainerNumber,
+        :TokenUserClaimAttributes,
+        :TokenDeviceClaimAttributes,
+        :TokenRestrictedUserClaimAttributes,
+        :TokenRestrictedDeviceClaimAttributes,
+        :TokenDeviceGroups,
+        :TokenRestrictedDeviceGroups,
+        :TokenSecurityAttributes,
+        :TokenIsRestricted,
+        :MaxTokenInfoClass
+      ]
+
+      attach_pfunc :GetCurrentProcess, [], :ulong
+      attach_pfunc :GetCurrentThread, [], :ulong
+      attach_pfunc :GetVersionExA, [:pointer], :bool
+      attach_pfunc :GetLastError, [], :ulong
+      attach_pfunc :CloseHandle, [:ulong], :bool
+
+      ffi_lib :advapi32
+
+      attach_pfunc :AddAccessAllowedAce, [:pointer, :ulong, :ulong, :pointer], :bool
+      attach_pfunc :AllocateAndInitializeSid,
+        [:pointer, :int, :ulong, :ulong, :ulong, :ulong, :ulong, :ulong, :ulong, :ulong, :pointer], :bool
+      attach_pfunc :CheckTokenMembership, [:ulong, :pointer, :pointer], :bool
+      attach_pfunc :ConvertSidToStringSid, :ConvertSidToStringSidA, [:pointer, :pointer], :bool
+      attach_pfunc :ConvertStringSidToSid, :ConvertStringSidToSidA, [:string, :pointer], :bool
+      attach_pfunc :EqualSid, [:pointer, :pointer], :bool
+      attach_pfunc :FindFirstFreeAce, [:pointer, :pointer], :bool
+      attach_pfunc :GetAclInformation, [:pointer, :pointer, :ulong, :int], :bool
+      attach_pfunc :GetLengthSid, [:pointer], :ulong
+      attach_pfunc :GetSidLengthRequired, [:uint], :ulong
+      attach_pfunc :GetSidSubAuthority, [:pointer, :ulong], :pointer
+      attach_pfunc :GetTokenInformation, [:ulong, :token_info_class, :pointer, :ulong, :pointer], :bool
+      attach_pfunc :InitializeAcl, [:pointer, :ulong, :ulong], :bool
+      attach_pfunc :InitializeSid, [:pointer, :pointer, :uint], :bool
+      attach_pfunc :IsValidAcl, [:pointer], :bool
+      attach_pfunc :IsValidSid, [:pointer], :bool
+      attach_pfunc :IsWellKnownSid, [:pointer, :int], :bool
+      attach_pfunc :LookupAccountName, :LookupAccountNameA,
+        [:string, :string, :pointer, :pointer, :pointer, :pointer, :pointer], :bool
+      attach_pfunc :LookupAccountSid, :LookupAccountSidA,
+        [:string, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :bool
+      attach_pfunc :OpenProcessToken, [:ulong, :ulong, :pointer], :bool
+      attach_pfunc :OpenThreadToken, [:ulong, :ulong, :bool, :pointer], :bool
+      attach_pfunc :SetAclInformation, [:pointer, :pointer, :ulong, :int], :bool
+    end
+  end
+end

data/lib/win32/security/windows/structs.rb

@@ -0,0 +1,67 @@
+require 'ffi'
+
+module Windows
+  module Security
+    module Structs
+      extend FFI::Library
+
+      class SID_IDENTIFIER_AUTHORITY < FFI::Struct
+        layout(:Value, [:char, 6])
+      end
+
+      class OSVERSIONINFO < FFI::Struct
+        layout(
+          :dwOSVersionInfoSize, :ulong,
+          :dwMajorVersion, :ulong,
+          :dwMinorVersion, :ulong,
+          :dwBuildNumber, :ulong,
+          :dwPlatformId, :ulong,
+          :szCSDVersion, [:char, 128]
+        )
+      end
+
+      class ACE_HEADER < FFI::Struct
+        layout(
+          :AceType, :uchar,
+          :AceFlags, :uchar,
+          :AceSize, :ushort
+        )
+      end
+
+      class ACCESS_ALLOWED_ACE < FFI::Struct
+        layout(
+          :Header, ACE_HEADER,
+          :Mask, :ulong,
+          :SidStart, :ulong
+        )
+      end
+
+      class ACCESS_ALLOWED_ACE2 < FFI::Struct
+        layout(
+          :Header, ACE_HEADER,
+          :Mask, :ulong,
+          :SidStart, :ulong,
+          :dummy, [:uchar, 40]
+        )
+      end
+
+      class ACL_STRUCT < FFI::Struct
+        layout(
+          :AclRevision, :uchar,
+          :Sbz1, :uchar,
+          :AclSize, :ushort,
+          :AceCount, :ushort,
+          :Sbz2, :ushort
+        )
+      end
+
+      class ACL_SIZE_INFORMATION < FFI::Struct
+        layout(
+          :AceCount, :ulong,
+          :AclBytesInUse, :ulong,
+          :AceBytesFree, :ulong
+        )
+      end
+    end
+  end
+end

data/test/test_acl.rb

@@ -4,64 +4,89 @@
 # Test suite for the Win32::Security::ACL class. You should run these
 # tests via the 'rake test' task.
 ########################################################################
-require 'rubygems'
-gem 'test-unit'
-
+require 'test-unit'
 require 'win32/security'
-require 'test/unit'
+require 'win32/security/sid'
+require 'win32/security/acl'
 
 class TC_Win32_Security_Acl < Test::Unit::TestCase
-   def setup
-      @acl = Security::ACL.new
-   end
-
-   def test_version
-      assert_equal('0.1.0', Security::ACL::VERSION)
-   end
-
-   def test_ace_count
-      assert_respond_to(@acl, :ace_count)
-      assert_kind_of(Fixnum, @acl.ace_count)
-      assert_equal(0, @acl.ace_count)
-   end
-
-   def test_acl
-      assert_respond_to(@acl, :acl)
-      assert_kind_of(String, @acl.acl)
-   end
-
-   def test_add_access_allowed_ace
-      assert_respond_to(@acl, :add_access_allowed_ace)
-   end
-
-   def test_add_access_denied_ace
-      assert_respond_to(@acl, :add_access_denied_ace)
-   end
-
-   def test_add_ace
-      assert_respond_to(@acl, :add_ace)
-   end
-
-   def test_delete_ace
-      assert_respond_to(@acl, :delete_ace)
-   end
-
-   def test_find_ace
-      assert_respond_to(@acl, :find_ace)
-      assert_kind_of(Fixnum, @acl.find_ace)
-   end
-
-   def test_revision
-      assert_respond_to(@acl, :revision)
-      assert_kind_of(Fixnum, @acl.revision)
-   end
-
-   def test_is_valid
-      assert_respond_to(@acl, :valid?)
-      assert_equal(true, @acl.valid?)
-   end
-
-   def teardown
-      @acl = nil
-   end
+  def setup
+    @acl = Win32::Security::ACL.new
+  end
+
+  test "ACL version is set to the expected value" do
+    assert_equal('0.2.0', Win32::Security::ACL::VERSION)
+  end
+
+  test "ace_count basic functionality" do
+    assert_respond_to(@acl, :ace_count)
+    assert_kind_of(Fixnum, @acl.ace_count)
+  end
+
+  test "ace_count returns the expected value" do
+    assert_equal(0, @acl.ace_count)
+  end
+
+  test "ace_count does not accept any arguments" do
+    assert_raise(ArgumentError){ @acl.ace_count(0) }
+  end
+
+  test "acl method basic functionality" do
+    assert_respond_to(@acl, :acl)
+    assert_nothing_raised{ @acl.acl }
+  end
+
+  test "add_access_allowed_ace basic functionality" do
+    assert_respond_to(@acl, :add_access_allowed_ace)
+  end
+
+  test "add_access_denied_ace basic functionality" do
+    assert_respond_to(@acl, :add_access_denied_ace)
+  end
+
+  test "add_ace basic functionality" do
+    assert_respond_to(@acl, :add_ace)
+  end
+
+  test "delete_ace basic functionality" do
+    assert_respond_to(@acl, :delete_ace)
+  end
+
+  test "find_ace basic functionality" do
+    assert_respond_to(@acl, :find_ace)
+    assert_kind_of(Fixnum, @acl.find_ace)
+  end
+
+  test "find_ace returns a sane value" do
+    assert_true(@acl.find_ace > 1000)
+  end
+
+  test "revision getter basic functionality" do
+    assert_respond_to(@acl, :revision)
+    assert_kind_of(Fixnum, @acl.revision)
+  end
+
+  test "revision setter basic functionality" do
+    assert_respond_to(@acl, :revision=)
+    assert_nothing_raised{ @acl.revision = 3 }
+    assert_kind_of(Fixnum, @acl.revision = 3)
+  end
+
+  test "revision setter sets and returns the new value" do
+    assert_equal(3, @acl.revision = 3)
+    assert_equal(3, @acl.revision)
+  end
+
+  test "valid? basic functionality" do
+    assert_respond_to(@acl, :valid?)
+    assert_boolean(@acl.valid?)
+  end
+
+  test "valid? returns the expected value" do
+    assert_true(@acl.valid?)
+  end
+
+  def teardown
+    @acl = nil
+  end
 end

data/test/test_security.rb

@@ -2,33 +2,18 @@
 # test_security.rb
 #
 # Test suite for the Win32::Security base class. You should run these
-# tests via the 'rake test' task.
+# tests via the rake test tasks.
 ########################################################################
-require 'rubygems'
-gem 'test-unit'
-
-require 'test/unit'
+require 'test-unit'
 require 'win32/security'
-require 'windows/system_info'
 
 class TC_Win32_Security < Test::Unit::TestCase
-   extend Windows::SystemInfo
-
-   def self.startup
-      @@version = windows_version
-   end
-
-   def test_version
-      assert_equal('0.1.4', Win32::Security::VERSION)
-   end
-
-   def test_elevated_security
-      omit_if(@@version < 6.0, 'Skipped on Windows 2000 and Windows XP')
-      assert_respond_to(Win32::Security, :elevated_security?)
-      assert_boolean(Win32::Security.elevated_security?)
-   end
+  test "version constant is set to expected value" do
+    assert_equal('0.2.0', Win32::Security::VERSION)
+  end
 
-   def self.shutdown
-      @@version= nil
-   end
+  test "elevated security basic functionality" do
+    assert_respond_to(Win32::Security, :elevated_security?)
+    assert_boolean(Win32::Security.elevated_security?)
+  end
 end