win32-security 0.1.0 → 0.1.1

data/CHANGES

@@ -1,2 +1,8 @@
+= 0.1.1 - 14-Jul-2009
+* Added some well known SID's as constants to the Win32::Security::SID class
+  for convenience, e.g. SID::World, SID::Everyone.
+* Fixes for the gemspec.
+* Changed license to Artistic 2.0.
+
 = 0.1.0 - 17-Dec-2008
-* Initial release
+* Initial release

data/lib/win32/security.rb

@@ -25,7 +25,7 @@ module Win32
       extend Windows::Error
       
       # The version of the win32-security library
-      VERSION = '0.1.0'
+      VERSION = '0.1.1'
       
       # Returns whether or not the owner of the current process is running
       # with elevated security privileges.

data/lib/win32/security/sid.rb

@@ -0,0 +1,311 @@
+require 'windows/security'
+require 'windows/error'
+require 'windows/msvcrt/string'
+require 'windows/msvcrt/buffer'
+require 'socket'
+
+# The Win32 module serves as a namespace only.
+module Win32
+   
+   # The Security class serves as a toplevel class namespace.
+   class Security
+      
+      # The SID class encapsulates a Security Identifier.
+      class SID
+         include Windows::Security
+         include Windows::Error
+         include Windows::MSVCRT::String
+
+         extend Windows::Security
+         extend Windows::Error
+         extend Windows::MSVCRT::String
+         extend Windows::MSVCRT::Buffer
+
+         # Error class typically raised if any of the SID methods fail
+         class Error < StandardError; end
+         
+         # The version of the Win32::Security::SID class.
+         VERSION = '0.1.1'
+
+         # Some constant SID's for your convenience, in string format.
+         # See http://support.microsoft.com/kb/243330 for details.
+
+         Null                        = 'S-1-0'
+         Nobody                      = 'S-1-0-0'
+         World                       = 'S-1-1'
+         Everyone                    = 'S-1-1-0'
+         Local                       = 'S-1-2'
+         Creator                     = 'S-1-3'
+         CreatorOwner                = 'S-1-3-0'
+         CreatorGroup                = 'S-1-3-1'
+         CreatorOwnerServer          = 'S-1-3-2'
+         CreatorGroupServer          = 'S-1-3-3'
+         NonUnique                   = 'S-1-4'
+         Nt                          = 'S-1-5'
+         Dialup                      = 'S-1-5-1'
+         Network                     = 'S-1-5-2'
+         Batch                       = 'S-1-5-3'
+         Interactive                 = 'S-1-5-4'
+         Service                     = 'S-1-5-6'
+         Anonymous                   = 'S-1-5-7'
+         Proxy                       = 'S-1-5-8'
+         EnterpriseDomainControllers = 'S-1-5-9'
+         PrincipalSelf               = 'S-1-5-10'
+         AuthenticatedUsers          = 'S-1-5-11'
+         RestrictedCode              = 'S-1-5-12'
+         TerminalServerUsers         = 'S-1-5-13'
+         LocalSystem                 = 'S-1-5-18'
+         NtLocal                     = 'S-1-5-19'
+         NtNetwork                   = 'S-1-5-20'
+         BuiltinAdministrators       = 'S-1-5-32-544'
+         BuiltinUsers                = 'S-1-5-32-545'
+         Guests                      = 'S-1-5-32-546'
+         PowerUsers                  = 'S-1-5-32-547'
+         AccountOperators            = 'S-1-5-32-548'
+         ServerOperators             = 'S-1-5-32-549'
+         PrintOperators              = 'S-1-5-32-550'
+         BackupOperators             = 'S-1-5-32-551'
+         Replicators                 = 'S-1-5-32-552'
+
+         # The binary SID object itself.
+         attr_reader :sid
+
+         # The account name passed to the constructor.
+         attr_reader :account
+
+         # The SID account type, e.g. 'user, 'group', etc.
+         attr_reader :account_type
+
+         # The domain the SID is on.
+         attr_reader :domain
+
+         # The host passed to the constructor, or the localhost if none
+         # was specified.
+         attr_reader :host
+
+         # Converts a binary SID to a string in S-R-I-S-S... format.
+         #
+         def self.sid_to_string(sid)
+            sid_addr = [sid].pack('p*').unpack('L')[0]
+            sid_buf  = 0.chr * 80
+            sid_ptr  = 0.chr * 4
+
+            unless ConvertSidToStringSid(sid_addr, sid_ptr)
+               raise Error, get_last_error
+            end
+
+            strcpy(sid_buf, sid_ptr.unpack('L')[0])
+            sid_buf.strip
+         end
+
+         # Converts a string in S-R-I-S-S... format back to a binary SID.
+         #
+         def self.string_to_sid(string)
+            sid_buf = 0.chr * 80
+            string_addr = [string].pack('p*').unpack('L')[0]
+
+            unless ConvertStringSidToSid(string_addr, sid_buf)
+               raise Error, get_last_error
+            end
+
+            sid_buf.strip
+         end
+         
+         # Creates a new SID with +authority+ and up to 8 +subauthorities+,
+         # and returns new Win32::Security::SID object.
+         #
+         # Example:
+         #
+         #    sec = Security::SID.create(
+         #       Security::SID::SECURITY_WORLD_SID_AUTHORITY,
+         #       Security::SID::SECURITY_WORLD_RID
+         #    )
+         #
+         #    p sec
+         #
+         #    #<Win32::Security::SID:0x2c5a95c
+         #       @host="your_host",
+         #       @account="Everyone",
+         #       @account_type="well known group",
+         #       @sid="\001\001\000\000\000\000\000\001\000\000\000\000",
+         #       @domain=""
+         #    >
+         #
+         def self.create(authority, *sub_authorities)        
+            if sub_authorities.length > 8
+               raise ArgumentError, "maximum of 8 subauthorities allowed"
+            end
+            
+            sid = 0.chr * GetSidLengthRequired(sub_authorities.length)
+            
+            auth = 0.chr * 5 + authority.chr
+                 
+            unless InitializeSid(sid, auth, sub_authorities.length)
+               raise Error, get_last_error
+            end
+                 
+            sub_authorities.each_index do |i|
+               value = [sub_authorities[i]].pack('L')
+               auth_ptr = GetSidSubAuthority(sid, i)
+               memcpy(auth_ptr, value, 4)
+            end
+
+            new(sid)
+         end
+
+         # Creates and returns a new Win32::Security::SID object, based on
+         # the account name, which may also be a binary SID. If a host is
+         # provided, then the information is retrieved from that host.
+         # Otherwise, the local host is used.
+         #
+         # Note that this does NOT create a new SID, but merely retrieves
+         # information for an existing SID. To create a new SID, use the
+         # SID.create method.
+         #
+         # Examples:
+         #
+         #    # User 'john' on the localhost
+         #    Win32::Security::SID.new('john')
+         #
+         #    # User 'jane' on a remote machine
+         #    Win32::Security::SID.new('jane', 'some_host')
+         #
+         #    # Binary SID
+         #    Win32::Security::SID.new("\001\000\000\000\000\000\001\000\000\000\000")
+         #
+         def initialize(account, host=Socket.gethostname)
+            bool   = false
+            sid    = 0.chr * 28
+            sid_cb = [sid.size].pack('L')
+
+            domain_buf = 0.chr * 80
+            domain_cch = [domain_buf.size].pack('L')
+
+            sid_name_use = 0.chr * 4
+            
+            # If characters in the 0-10 range, assume it's a binary SID.
+            if account[0] < 10
+               bool = LookupAccountSid(
+                  host,
+                  [account].pack('p*').unpack('L')[0],
+                  sid,
+                  sid_cb,
+                  domain_buf,
+                  domain_cch,
+                  sid_name_use
+               )
+            else
+               bool = LookupAccountName(
+                  host,
+                  account,
+                  sid,
+                  sid_cb,
+                  domain_buf,
+                  domain_cch,
+                  sid_name_use
+               )
+            end
+
+            unless bool
+               raise Error, get_last_error
+            end
+
+            # The arguments are flipped if the account argument is binary
+            if account[0] < 10
+               @sid     = account
+               @account = sid.strip
+            else
+               @sid     = sid.strip
+               @account = account               
+            end
+
+            @host   = host
+            @domain = domain_buf.strip
+
+            @account_type = get_account_type(sid_name_use.unpack('L')[0])
+         end
+
+         # Synonym for SID.new.
+         #
+         def self.open(account, host=Socket.gethostname)
+            new(account, host)
+         end
+
+         # Returns the binary SID in string format suitable for display,
+         # storage or transmission.
+         #
+         def to_s
+            sid_addr = [@sid].pack('p*').unpack('L').first
+            sid_buf  = 0.chr * 80
+            sid_ptr  = 0.chr * 4
+
+            unless ConvertSidToStringSid(sid_addr, sid_ptr)
+               raise Error, get_last_error
+            end
+
+            strcpy(sid_buf, sid_ptr.unpack('L').first)
+            sid_buf.strip
+         end
+
+         alias to_str to_s
+
+         # Returns whether or not the SID object is equal to +other+.
+         #
+         def ==(other)
+            EqualSid(@sid, other.sid)
+         end
+
+         # Returns whether or not the SID is a valid sid.
+         #
+         def valid?
+            IsValidSid(@sid)
+         end
+
+         # Returns whether or not the SID is a well known SID.
+         #
+         # Requires Windows XP or later. Earlier versions will raise a
+         # NoMethodError.
+         #
+         def well_known?
+            if defined? IsWellKnownSid
+               IsWellKnownSid(@sid)
+            else
+               raise NoMethodError, 'requires Windows XP or later'
+            end
+         end
+
+         # Returns the length of the SID object, in bytes.
+         #
+         def length
+            GetLengthSid(@sid)
+         end
+
+         private
+
+         # Converts a numeric account type into a human readable string.
+         #
+         def get_account_type(value)
+            case value
+               when SidTypeUser
+                  'user'
+               when SidTypeGroup
+                  'group'
+               when SidTypeDomain
+                  'domain'
+               when SidTypeAlias
+                  'alias'
+               when SidTypeWellKnownGroup
+                  'well known group'
+               when SidTypeDeletedAccount
+                  'deleted account'
+               when SidTypeInvalid
+                  'invalid'
+               when SidTypeUnknown
+                  'unknown'
+               when SidComputer
+                  'computer'
+            end
+         end
+      end
+   end
+end

data/test/test_acl.rb

@@ -0,0 +1,67 @@
+########################################################################
+# test_acl.rb
+#
+# Test suite for the Win32::Security::ACL class. You should run these
+# tests via the 'rake test' task.
+########################################################################
+require 'rubygems'
+gem 'test-unit'
+
+require 'win32/security'
+require 'test/unit'
+
+class TC_Win32_Security_Acl < Test::Unit::TestCase
+   def setup
+      @acl = Security::ACL.new
+   end
+
+   def test_version
+      assert_equal('0.1.0', Security::ACL::VERSION)
+   end
+
+   def test_ace_count
+      assert_respond_to(@acl, :ace_count)
+      assert_kind_of(Fixnum, @acl.ace_count)
+      assert_equal(0, @acl.ace_count)
+   end
+
+   def test_acl
+      assert_respond_to(@acl, :acl)
+      assert_kind_of(String, @acl.acl)
+   end
+
+   def test_add_access_allowed_ace
+      assert_respond_to(@acl, :add_access_allowed_ace)
+   end
+
+   def test_add_access_denied_ace
+      assert_respond_to(@acl, :add_access_denied_ace)
+   end
+
+   def test_add_ace
+      assert_respond_to(@acl, :add_ace)
+   end
+
+   def test_delete_ace
+      assert_respond_to(@acl, :delete_ace)
+   end
+
+   def test_find_ace
+      assert_respond_to(@acl, :find_ace)
+      assert_kind_of(Fixnum, @acl.find_ace)
+   end
+
+   def test_revision
+      assert_respond_to(@acl, :revision)
+      assert_kind_of(Fixnum, @acl.revision)
+   end
+
+   def test_is_valid
+      assert_respond_to(@acl, :valid?)
+      assert_equal(true, @acl.valid?)
+   end
+
+   def teardown
+      @acl = nil
+   end
+end

data/test/test_security.rb

@@ -12,7 +12,7 @@ require 'win32/security'
 
 class TC_Win32_Security < Test::Unit::TestCase
    def test_version
-      assert_equal('0.1.0', Win32::Security::VERSION)
+      assert_equal('0.1.1', Win32::Security::VERSION)
    end
 
    def test_elevated_security

data/test/test_sid.rb

@@ -23,7 +23,7 @@ class TC_Win32_Security_Sid < Test::Unit::TestCase
    end
 
    def test_version
-      assert_equal('0.1.0', Security::SID::VERSION)
+      assert_equal('0.1.1', Security::SID::VERSION)
    end
 
    def test_sid
@@ -108,6 +108,16 @@ class TC_Win32_Security_Sid < Test::Unit::TestCase
       assert_raise(Security::SID::Error){ Security::SID.new('bogus') }
    end
 
+   def test_well_known_sid_constants
+      assert_equal('S-1-0', Security::SID::Null)
+      assert_equal('S-1-0-0', Security::SID::Nobody)
+      assert_equal('S-1-1', Security::SID::World)
+      assert_equal('S-1-1-0', Security::SID::Everyone)
+      assert_equal('S-1-5-32-544', Security::SID::BuiltinAdministrators)
+      assert_equal('S-1-5-32-545', Security::SID::BuiltinUsers)
+      assert_equal('S-1-5-32-546', Security::SID::Guests)
+   end
+
    def teardown
       @sid = nil
    end

data/win32-security.gemspec

@@ -1,32 +1,31 @@
-require "rubygems"
+require 'rubygems'
 
 spec = Gem::Specification.new do |gem|
-   gem.name        = "win32-security"
-   gem.version     = "0.1.0"
-   gem.authors     = ["Daniel J. Berger", "Park Heesob"]
-   gem.email       = "djberg96@gmail.com"
-   gem.homepage    = "http://www.rubyforge.org/projects/win32utils"
-   gem.platform    = Gem::Platform::RUBY
-   gem.summary     = "A library for dealing with aspects of Windows security."
-   gem.test_files  = Dir["test/*.rb"]
-   gem.has_rdoc    = true
-   gem.files       = Dir["lib/win32/*.rb"] + Dir["test/*"] + Dir["[A-Z]*"]
-   gem.files.reject! { |fn| fn.include? "CVS" }
-   gem.extra_rdoc_files = ["README", "CHANGES", "MANIFEST"]
-   gem.rubyforge_project = 'Win32Utils'
-   
-   gem.add_dependency("windows-pr", ">= 0.9.8")
-   gem.add_dependency("test-unit", ">= 2.0.1")
-   gem.add_dependency("sys-admin", ">= 1.4.4")
+   gem.name       = 'win32-security'
+   gem.version    = '0.1.1'
+   gem.authors    = ['Daniel J. Berger', 'Park Heesob']
+   gem.email      = 'djberg96@gmail.com'
+   gem.homepage   = 'http://www.rubyforge.org/projects/win32utils'
+   gem.platform   = Gem::Platform::RUBY
+   gem.summary    = 'A library for dealing with aspects of Windows security.'
+   gem.test_files = Dir['test/*.rb']
+   gem.has_rdoc   = true
+   gem.files      = Dir['**/*'].reject{ |f| f.include?('CVS') }
+   gem.license    = 'Artistic 2.0'
+
+   gem.extra_rdoc_files  = ['README', 'CHANGES', 'MANIFEST']
+   gem.rubyforge_project = 'win32utils'
    
-   description = "The win32-security library provides an interface for dealing"
-   description << " with security aspects of MS Windows. It includes classes"
-   description << " for SID's, ACL's and ACE's."
+   gem.add_dependency('windows-pr', '>= 0.9.8')
+   gem.add_dependency('test-unit', '>= 2.0.1')
+   gem.add_dependency('sys-admin', '>= 1.4.4')
    
-   gem.description = description
+   gem.description = <<-EOF
+      The win32-security library provides an interface for dealing with
+      security related aspects of MS Windows. At the moment it provides an
+      interface for inspecting or creating SID's.
+   EOF
 end
 
-if $0 == __FILE__
-   Gem.manage_gems if Gem::RubyGemsVersion.to_f < 1.0
-   Gem::Builder.new(spec).build
-end
+Gem.manage_gems if Gem::RubyGemsVersion.to_f < 1.0
+Gem::Builder.new(spec).build

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: win32-security
 version: !ruby/object:Gem::Version 
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors: 
 - Daniel J. Berger
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2008-12-17 00:00:00 -07:00
+date: 2009-07-14 00:00:00 -06:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -43,7 +43,7 @@ dependencies:
       - !ruby/object:Gem::Version 
         version: 1.4.4
     version: 
-description: The win32-security library provides an interface for dealing with security aspects of MS Windows. It includes classes for SID's, ACL's and ACE's.
+description: "      The win32-security library provides an interface for dealing with\n      security related aspects of MS Windows. At the moment it provides an\n      interface for inspecting or creating SID's.\n"
 email: djberg96@gmail.com
 executables: []
 
@@ -54,18 +54,20 @@ extra_rdoc_files:
 - CHANGES
 - MANIFEST
 files: 
-- lib/win32/security.rb
-- test/test_security.rb
-- test/test_sid.rb
 - CHANGES
-- lib
+- lib/win32/security/sid.rb
+- lib/win32/security.rb
 - MANIFEST
 - Rakefile
 - README
-- test
+- test/test_acl.rb
+- test/test_security.rb
+- test/test_sid.rb
 - win32-security.gemspec
 has_rdoc: true
 homepage: http://www.rubyforge.org/projects/win32utils
+licenses: 
+- Artistic 2.0
 post_install_message: 
 rdoc_options: []
 
@@ -85,11 +87,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   version: 
 requirements: []
 
-rubyforge_project: Win32Utils
-rubygems_version: 1.3.1
+rubyforge_project: win32utils
+rubygems_version: 1.3.4
 signing_key: 
-specification_version: 2
+specification_version: 3
 summary: A library for dealing with aspects of Windows security.
 test_files: 
+- test/test_acl.rb
 - test/test_security.rb
 - test/test_sid.rb