win32-security 0.2.5 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGES +7 -0
- data/MANIFEST +8 -8
- data/README +19 -5
- data/Rakefile +8 -2
- data/lib/win32/security.rb +13 -35
- data/lib/win32/security/ace.rb +54 -18
- data/lib/win32/security/acl.rb +114 -39
- data/lib/win32/security/sid.rb +49 -31
- data/lib/win32/security/windows/constants.rb +61 -0
- data/lib/win32/security/windows/functions.rb +14 -6
- data/lib/win32/security/windows/structs.rb +26 -1
- data/test/test_ace.rb +48 -0
- data/test/test_acl.rb +8 -3
- data/test/test_security.rb +1 -1
- data/win32-security.gemspec +3 -4
- metadata +22 -20
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a1ab1418254e685f2d1fb9ab37e728f190d55084
|
|
4
|
+
data.tar.gz: c4264cb93ef3630c6234682b47f311e7853368cb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e24cc326c44285834c0c743415e4a5b3510600a5af79a5556bdc859d88e46110e4e1cd78826883e993aa343005c86ef0c1c9ac385a82d722e9290816f0a80e70
|
|
7
|
+
data.tar.gz: a39286489abc37813946ccedb911f19d02cceb149923f938a4b522042742241b476695cf89cbdcfd020d910b14951852e4433468e487ebbe16ff19c58d3ffaf0
|
data/CHANGES
CHANGED
|
@@ -1,3 +1,10 @@
|
|
|
1
|
+
== 0.3.0 - 31-Oct-2014
|
|
2
|
+
* Implemented an ACL class that lets you create and inspect acccess
|
|
3
|
+
control lists.
|
|
4
|
+
* Implemented a basic ACE class that encapsulates an ACE object.
|
|
5
|
+
* Removed Windows XP support.
|
|
6
|
+
* Some minor updates to the Rakefile and gemspec.
|
|
7
|
+
|
|
1
8
|
== 0.2.5 - 24-Feb-2014
|
|
2
9
|
* Fixed a bug in the SID#string_to_sid method. Thanks go to Rob Reynolds
|
|
3
10
|
for the spot.
|
data/MANIFEST
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
* CHANGES
|
|
2
|
-
* MANIFEST
|
|
3
|
-
* README
|
|
4
|
-
* Rakefile
|
|
5
|
-
* win32-security.gemspec
|
|
6
|
-
* lib/win32/security.rb
|
|
7
|
-
* lib/win32/security/sid.rb
|
|
8
|
-
* test/test_security.rb
|
|
1
|
+
* CHANGES
|
|
2
|
+
* MANIFEST
|
|
3
|
+
* README
|
|
4
|
+
* Rakefile
|
|
5
|
+
* win32-security.gemspec
|
|
6
|
+
* lib/win32/security.rb
|
|
7
|
+
* lib/win32/security/sid.rb
|
|
8
|
+
* test/test_security.rb
|
|
9
9
|
* test/test_sid.rb
|
data/README
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
= Description
|
|
2
2
|
A security library for MS Windows that allows you to open existing or
|
|
3
|
-
create new security identifiers (SID's)
|
|
3
|
+
create new security identifiers (SID's), as well as create access
|
|
4
|
+
control lists (ACL's).
|
|
4
5
|
|
|
5
6
|
= Synopsis
|
|
6
7
|
require 'win32/security'
|
|
@@ -12,15 +13,28 @@
|
|
|
12
13
|
sid.to_s # => "S-1-5-21-3733855671-1102023144-2002619019-1000"
|
|
13
14
|
sid.length # => 28
|
|
14
15
|
sid.sid # => "\001\005\000\000\000\000\000\005\025\000\000\000..."
|
|
16
|
+
|
|
17
|
+
acl = Security::ACL.new
|
|
18
|
+
mask = Security::ACL::GENERIC_READ | Security::ACL::GENERIC_WRITE
|
|
19
|
+
|
|
20
|
+
acl.add_access_allowed_ace('some_user', mask)
|
|
21
|
+
acl.add_access_denied_ace('some_user', Security::ACL::GENERIC_EXECUTE)
|
|
22
|
+
|
|
23
|
+
acl.acl_count # => 2
|
|
24
|
+
acl.valid? # => true
|
|
15
25
|
|
|
16
26
|
== Future Plans
|
|
17
|
-
Create classes that encapsulate
|
|
27
|
+
Create classes that encapsulate ACE's and Tokens.
|
|
18
28
|
|
|
19
|
-
There
|
|
20
|
-
|
|
29
|
+
There is an unfinished versions of the ACE class in the repo if you're
|
|
30
|
+
interested in taking a look.
|
|
21
31
|
|
|
22
32
|
== Known Issues
|
|
23
|
-
|
|
33
|
+
There appears to be an issue with 64-bit versions of JRuby. I believe this
|
|
34
|
+
is related to this issue: https://github.com/jruby/jruby/issues/1315. There
|
|
35
|
+
is nothing I can do about it here.
|
|
36
|
+
|
|
37
|
+
Please file any other bug reports on the project page at:
|
|
24
38
|
|
|
25
39
|
https://github.com/djberg96/win32-security
|
|
26
40
|
|
data/Rakefile
CHANGED
|
@@ -9,7 +9,7 @@ namespace :gem do
|
|
|
9
9
|
desc "Create the win32-security gem"
|
|
10
10
|
task :create => [:clean] do
|
|
11
11
|
spec = eval(IO.read('win32-security.gemspec'))
|
|
12
|
-
if Gem::VERSION < "2.0
|
|
12
|
+
if Gem::VERSION < "2.0"
|
|
13
13
|
Gem::Builder.new(spec).build
|
|
14
14
|
else
|
|
15
15
|
require 'rubygems/package'
|
|
@@ -21,7 +21,7 @@ namespace :gem do
|
|
|
21
21
|
task :install => [:create] do
|
|
22
22
|
ruby 'win32-security.gemspec'
|
|
23
23
|
file = Dir["*.gem"].first
|
|
24
|
-
sh "gem install #{file}"
|
|
24
|
+
sh "gem install -l #{file}"
|
|
25
25
|
end
|
|
26
26
|
end
|
|
27
27
|
|
|
@@ -38,6 +38,12 @@ namespace :test do
|
|
|
38
38
|
t.test_files = Dir['test/test_acl.rb']
|
|
39
39
|
end
|
|
40
40
|
|
|
41
|
+
Rake::TestTask.new(:ace) do |t|
|
|
42
|
+
t.verbose = true
|
|
43
|
+
t.warning = true
|
|
44
|
+
t.test_files = Dir['test/test_ace.rb']
|
|
45
|
+
end
|
|
46
|
+
|
|
41
47
|
Rake::TestTask.new(:sid) do |t|
|
|
42
48
|
t.verbose = true
|
|
43
49
|
t.warning = true
|
data/lib/win32/security.rb
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
# This file allows users to require all security related classes from
|
|
2
2
|
# a single file, instead of having to require individual files.
|
|
3
3
|
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
4
|
+
require_relative 'security/windows/constants'
|
|
5
|
+
require_relative 'security/windows/structs'
|
|
6
|
+
require_relative 'security/windows/functions'
|
|
7
7
|
|
|
8
8
|
# The Win32 module serves as a namespace only.
|
|
9
9
|
module Win32
|
|
@@ -20,7 +20,7 @@ module Win32
|
|
|
20
20
|
extend Windows::Security::Functions
|
|
21
21
|
|
|
22
22
|
# The version of the win32-security library
|
|
23
|
-
VERSION = '0.
|
|
23
|
+
VERSION = '0.3.0'
|
|
24
24
|
|
|
25
25
|
# Used by OpenProcessToken
|
|
26
26
|
TOKEN_QUERY = 8
|
|
@@ -33,35 +33,9 @@ module Win32
|
|
|
33
33
|
# group.
|
|
34
34
|
#
|
|
35
35
|
def self.elevated_security?
|
|
36
|
-
|
|
37
|
-
sid_ptr = FFI::MemoryPointer.new(:pointer)
|
|
38
|
-
nt_auth_ptr = FFI::MemoryPointer.new(SID_IDENTIFIER_AUTHORITY,1)
|
|
39
|
-
|
|
40
|
-
nt_auth = SID_IDENTIFIER_AUTHORITY.new(nt_auth_ptr)
|
|
41
|
-
nt_auth[:Value].to_ptr.put_bytes(0, 0.chr*5 + 5.chr)
|
|
42
|
-
|
|
43
|
-
bool = AllocateAndInitializeSid(
|
|
44
|
-
nt_auth_ptr,
|
|
45
|
-
2,
|
|
46
|
-
SECURITY_BUILTIN_DOMAIN_RID,
|
|
47
|
-
DOMAIN_ALIAS_RID_ADMINS,
|
|
48
|
-
0, 0, 0, 0, 0, 0,
|
|
49
|
-
sid_ptr
|
|
50
|
-
)
|
|
51
|
-
unless bool
|
|
52
|
-
raise SystemCallError.new("AllocateAndInitializeSid", FFI.errno)
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
pbool = FFI::MemoryPointer.new(:long)
|
|
56
|
-
|
|
57
|
-
unless CheckTokenMembership(0, sid_ptr.read_pointer, pbool)
|
|
58
|
-
raise SystemCallError.new("CheckTokenMembership", FFI.errno)
|
|
59
|
-
end
|
|
60
|
-
|
|
61
|
-
pbool.read_long != 0
|
|
62
|
-
else
|
|
63
|
-
token = FFI::MemoryPointer.new(:uintptr_t)
|
|
36
|
+
result = false
|
|
64
37
|
|
|
38
|
+
FFI::MemoryPointer.new(:uintptr_t) do |token|
|
|
65
39
|
unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
|
|
66
40
|
raise SystemCallError.new("OpenProcessToken", FFI.errno)
|
|
67
41
|
end
|
|
@@ -82,12 +56,16 @@ module Win32
|
|
|
82
56
|
)
|
|
83
57
|
|
|
84
58
|
raise SystemCallError.new("GetTokenInformation", FFI.errno) unless bool
|
|
59
|
+
|
|
60
|
+
result = te.read_ulong != 0
|
|
85
61
|
ensure
|
|
86
62
|
CloseHandle(token)
|
|
63
|
+
te.free
|
|
64
|
+
rl.free
|
|
87
65
|
end
|
|
88
|
-
|
|
89
|
-
te.read_ulong != 0
|
|
90
66
|
end
|
|
67
|
+
|
|
68
|
+
result
|
|
91
69
|
end
|
|
92
70
|
|
|
93
71
|
private
|
|
@@ -107,4 +85,4 @@ end
|
|
|
107
85
|
|
|
108
86
|
require 'win32/security/sid'
|
|
109
87
|
require 'win32/security/acl'
|
|
110
|
-
|
|
88
|
+
require 'win32/security/ace'
|
data/lib/win32/security/ace.rb
CHANGED
|
@@ -1,39 +1,75 @@
|
|
|
1
1
|
# The Win32 module serves as a namespace only.
|
|
2
2
|
module Win32
|
|
3
|
-
|
|
3
|
+
|
|
4
4
|
# The Security class serves as a toplevel class namespace.
|
|
5
5
|
class Security
|
|
6
|
-
|
|
6
|
+
|
|
7
7
|
# The ACE class encapsulates an Access Control Entry, an element within
|
|
8
8
|
# an Access Control List.
|
|
9
9
|
class ACE
|
|
10
10
|
# The version of the Win32::Security::ACE class.
|
|
11
11
|
VERSION = '0.1.0'
|
|
12
12
|
|
|
13
|
-
# The ACE type, e.g. ACCESS_ALLOWED, ACCESS_DENIED, etc.
|
|
13
|
+
# The ACE type, e.g. ACCESS_ALLOWED, ACCESS_DENIED, etc. This is an integer.
|
|
14
14
|
attr_accessor :ace_type
|
|
15
15
|
|
|
16
|
-
#
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
# Standard access rights, e.g. GENERIC_READ, GENERIC_WRITE, etc
|
|
16
|
+
# Standard access rights, e.g. GENERIC_READ, GENERIC_WRITE, etc.
|
|
17
|
+
# This is an integer.
|
|
20
18
|
attr_accessor :access_mask
|
|
21
19
|
|
|
22
|
-
# Bit flags
|
|
23
|
-
#
|
|
24
|
-
# internally based on the values passed to the ACE#object_type or
|
|
25
|
-
# ACE#inherited_object_type methods, if any.
|
|
20
|
+
# Bit flags associated with the ACE, e.g. OBJECT_INHERIT_ACE, etc.
|
|
21
|
+
# This is an integer.
|
|
26
22
|
attr_reader :flags
|
|
27
23
|
|
|
28
|
-
#
|
|
29
|
-
#
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
def initialize
|
|
24
|
+
# Creates and returns an ACE object.
|
|
25
|
+
#
|
|
26
|
+
def initialize(access_mask, ace_type, flags)
|
|
27
|
+
@access_mask = access_mask
|
|
28
|
+
@ace_type = ace_type
|
|
29
|
+
@flags = flags
|
|
35
30
|
yield self if block_given?
|
|
36
31
|
end
|
|
32
|
+
|
|
33
|
+
# Returns the type of ace as a string, e.g. "ACCESS_ALLOWED_TYPE_ACE".
|
|
34
|
+
#
|
|
35
|
+
def ace_type_string
|
|
36
|
+
case @ace_type
|
|
37
|
+
when 0x0
|
|
38
|
+
'ACCESS_ALLOWED_ACE_TYPE'
|
|
39
|
+
when 0x1
|
|
40
|
+
'ACCESS_DENIED_ACE_TYPE'
|
|
41
|
+
when 0x2
|
|
42
|
+
'SYSTEM_AUDIT_ACE_TYPE'
|
|
43
|
+
when 0x3
|
|
44
|
+
'SYSTEM_ALARM_ACE_TYPE'
|
|
45
|
+
when 0x4
|
|
46
|
+
'ACCESS_ALLOWED_COMPOUND_ACE_TYPE'
|
|
47
|
+
when 0x5
|
|
48
|
+
'ACCESS_ALLOWED_OBJECT_ACE_TYPE'
|
|
49
|
+
when 0x6
|
|
50
|
+
'ACCESS_DENIED_OBJECT_ACE_TYPE'
|
|
51
|
+
when 0x7
|
|
52
|
+
'SYSTEM_AUDIT_OBJECT_ACE_TYPE'
|
|
53
|
+
when 0x8
|
|
54
|
+
'SYSTEM_ALARM_OBJECT_ACE_TYPE'
|
|
55
|
+
when 0x9
|
|
56
|
+
'ACCESS_ALLOWED_CALLBACK_ACE_TYPE'
|
|
57
|
+
when 0xA
|
|
58
|
+
'ACCESS_DENIED_CALLBACK_ACE_TYPE'
|
|
59
|
+
when 0xB
|
|
60
|
+
'ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE'
|
|
61
|
+
when 0xC
|
|
62
|
+
'ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE'
|
|
63
|
+
when 0xD
|
|
64
|
+
'SYSTEM_AUDIT_CALLBACK_ACE_TYPE'
|
|
65
|
+
when 0xE
|
|
66
|
+
'SYSTEM_ALARM_CALLBACK_ACE_TYPE'
|
|
67
|
+
when 0xF
|
|
68
|
+
'SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE'
|
|
69
|
+
when 0x10
|
|
70
|
+
'SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE'
|
|
71
|
+
end
|
|
72
|
+
end
|
|
37
73
|
end
|
|
38
74
|
end
|
|
39
75
|
end
|
data/lib/win32/security/acl.rb
CHANGED
|
@@ -1,7 +1,3 @@
|
|
|
1
|
-
require File.join(File.dirname(__FILE__), 'windows', 'constants')
|
|
2
|
-
require File.join(File.dirname(__FILE__), 'windows', 'structs')
|
|
3
|
-
require File.join(File.dirname(__FILE__), 'windows', 'functions')
|
|
4
|
-
|
|
5
1
|
# The Win32 module serves as a namespace only.
|
|
6
2
|
module Win32
|
|
7
3
|
|
|
@@ -28,10 +24,10 @@ module Win32
|
|
|
28
24
|
# encapsulates an ACL structure, including a binary representation of
|
|
29
25
|
# the ACL itself, and the revision information.
|
|
30
26
|
#
|
|
31
|
-
def initialize(revision = ACL_REVISION)
|
|
27
|
+
def initialize(size = 1024, revision = ACL_REVISION)
|
|
32
28
|
acl = ACL_STRUCT.new
|
|
33
29
|
|
|
34
|
-
unless InitializeAcl(acl,
|
|
30
|
+
unless InitializeAcl(acl, size, revision)
|
|
35
31
|
raise SystemCallError.new("InitializeAcl", FFI.errno)
|
|
36
32
|
end
|
|
37
33
|
|
|
@@ -51,21 +47,87 @@ module Win32
|
|
|
51
47
|
info[:AceCount]
|
|
52
48
|
end
|
|
53
49
|
|
|
54
|
-
#
|
|
55
|
-
#
|
|
50
|
+
# Returns a two element array that consists of the bytes in use and
|
|
51
|
+
# bytes free for the ACL.
|
|
52
|
+
#
|
|
53
|
+
def byte_info
|
|
54
|
+
info = ACL_SIZE_INFORMATION.new
|
|
55
|
+
|
|
56
|
+
unless GetAclInformation(@acl, info, info.size, AclSizeInformation)
|
|
57
|
+
raise SystemCallError.new("GetAclInformation", FFI.errno)
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
[info[:AclBytesInUse], info[:AclBytesFree]]
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
# Adds an access allowed ACE to the given +sid+, which can be a
|
|
64
|
+
# Win32::Security::SID object or a plain user or group name. If no
|
|
65
|
+
# sid is provided then the owner of the current process is used.
|
|
56
66
|
#
|
|
57
|
-
#
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
67
|
+
# The +mask+ is a bitwise OR'd value of access rights.
|
|
68
|
+
#
|
|
69
|
+
# The +flags+ argument can be anyone of the following constants.
|
|
70
|
+
#
|
|
71
|
+
# * OBJECT_INHERIT_ACE
|
|
72
|
+
# * CONTAINER_INHERIT_ACE
|
|
73
|
+
# * NO_PROPAGATE_INHERIT_ACE
|
|
74
|
+
# * INHERIT_ONLY_ACE
|
|
75
|
+
# * INHERITED_ACE
|
|
76
|
+
#
|
|
77
|
+
# Example:
|
|
78
|
+
#
|
|
79
|
+
# acl = Win32::Security::ACL.new
|
|
80
|
+
# acl.add_access_allowed_ace('some_user', GENERIC_READ | GENERIC_WRITE)
|
|
81
|
+
#
|
|
82
|
+
def add_access_allowed_ace(sid=nil, mask=0, flags=nil)
|
|
83
|
+
if sid.is_a?(Win32::Security::SID)
|
|
84
|
+
sid = sid.sid
|
|
85
|
+
else
|
|
86
|
+
sid = Win32::Security::SID.new(sid).sid
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
if flags
|
|
90
|
+
unless AddAccessAllowedAceEx(@acl, @revision, flags, mask, sid)
|
|
91
|
+
raise SystemCallError.new("AddAccessAllowedAceEx", FFI.errno)
|
|
92
|
+
end
|
|
93
|
+
else
|
|
94
|
+
unless AddAccessAllowedAce(@acl, @revision, mask, sid)
|
|
95
|
+
raise SystemCallError.new("AddAccessAllowedAce", FFI.errno)
|
|
96
|
+
end
|
|
61
97
|
end
|
|
98
|
+
|
|
99
|
+
sid
|
|
62
100
|
end
|
|
63
101
|
|
|
64
|
-
# Adds an access denied ACE to the given +sid
|
|
102
|
+
# Adds an access denied ACE to the given +sid+, which can be a
|
|
103
|
+
# Win32::Security::SID object ora plain user or group name. If
|
|
104
|
+
# no sid is provided then the owner of the current process is used.
|
|
105
|
+
#
|
|
106
|
+
# The +mask+ is the bitwise OR'd value of access rights.
|
|
107
|
+
#
|
|
108
|
+
# The +flags+ argument can be any one of the following constants:
|
|
65
109
|
#
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
110
|
+
# * OBJECT_INHERIT_ACE
|
|
111
|
+
# * CONTAINER_INHERIT_ACE
|
|
112
|
+
# * NO_PROPAGATE_INHERIT_ACE
|
|
113
|
+
# * INHERIT_ONLY_ACE
|
|
114
|
+
# * INHERITED_ACE
|
|
115
|
+
#
|
|
116
|
+
def add_access_denied_ace(sid=nil, mask=0, flags=nil)
|
|
117
|
+
if sid.is_a?(Win32::Security::SID)
|
|
118
|
+
sid = sid.sid
|
|
119
|
+
else
|
|
120
|
+
sid = Win32::Security::SID.new(sid).sid
|
|
121
|
+
end
|
|
122
|
+
|
|
123
|
+
if flags
|
|
124
|
+
unless AddAccessDeniedAceEx(@acl, @revision, flags, mask, sid)
|
|
125
|
+
raise SystemCallError.new("AddAccessDeniedAceEx", FFI.errno)
|
|
126
|
+
end
|
|
127
|
+
else
|
|
128
|
+
unless AddAccessDeniedAce(@acl, @revision, mask, sid)
|
|
129
|
+
raise SystemCallError.new("AddAccessDeniedAce", FFI.errno)
|
|
130
|
+
end
|
|
69
131
|
end
|
|
70
132
|
end
|
|
71
133
|
|
|
@@ -74,8 +136,7 @@ module Win32
|
|
|
74
136
|
#
|
|
75
137
|
# Returns the index if successful.
|
|
76
138
|
#--
|
|
77
|
-
# This
|
|
78
|
-
# Win32::Security::Ace before it can work properly.
|
|
139
|
+
# This won't work until we implement the ACE class.
|
|
79
140
|
#
|
|
80
141
|
def add_ace(ace, index=MAXDWORD)
|
|
81
142
|
unless AddAce(@acl, @revision, index, ace, ace.length)
|
|
@@ -89,36 +150,49 @@ module Win32
|
|
|
89
150
|
# the chain if no index is specified.
|
|
90
151
|
#
|
|
91
152
|
# Returns the index if successful.
|
|
92
|
-
#--
|
|
93
|
-
# This is untested and will require an actual implementation of
|
|
94
|
-
# Win32::Security::Ace before it can work properly.
|
|
95
153
|
#
|
|
96
154
|
def delete_ace(index=MAXDWORD)
|
|
97
|
-
unless DeleteAce(@
|
|
155
|
+
unless DeleteAce(@acl, index)
|
|
98
156
|
raise SystemCallError.new("DeleteAce", FFI.errno)
|
|
99
157
|
end
|
|
100
158
|
|
|
101
159
|
index
|
|
102
160
|
end
|
|
103
161
|
|
|
104
|
-
# Finds and returns
|
|
105
|
-
#
|
|
106
|
-
# first free byte of the ACL
|
|
162
|
+
# Finds and returns an ACE object for the ACL at the given
|
|
163
|
+
# +index+. If no index is provided, then it returns an ACE object
|
|
164
|
+
# that corresponds to the first free byte of the ACL.
|
|
107
165
|
#
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
166
|
+
# If +raw+ is true, it will return an ACCESS_GENERIC_ACE struct,
|
|
167
|
+
# an FFI object that you can then access directly.
|
|
168
|
+
#
|
|
169
|
+
def find_ace(index = nil, raw = false)
|
|
170
|
+
result = nil
|
|
171
|
+
|
|
172
|
+
FFI::MemoryPointer.new(:pointer) do |pptr|
|
|
173
|
+
if index.nil?
|
|
174
|
+
unless FindFirstFreeAce(@acl, pptr)
|
|
175
|
+
raise SystemCallError.new("FindFirstFreeAce", FFI.errno)
|
|
176
|
+
end
|
|
177
|
+
else
|
|
178
|
+
unless GetAce(@acl, index, pptr)
|
|
179
|
+
raise SystemCallError.new("GetAce", FFI.errno)
|
|
180
|
+
end
|
|
114
181
|
end
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
182
|
+
|
|
183
|
+
# There's no way to know what type of ACE it is at this point as far
|
|
184
|
+
# as I know, so we use a generic struct and use the AceType to figure
|
|
185
|
+
# it out later, or the users can.
|
|
186
|
+
ace = ACCESS_GENERIC_ACE.new(pptr.read_pointer)
|
|
187
|
+
|
|
188
|
+
if raw
|
|
189
|
+
result = ace
|
|
190
|
+
else
|
|
191
|
+
result = ACE.new(ace[:Mask], ace[:Header][:AceType], ace[:Header][:AceFlags])
|
|
118
192
|
end
|
|
119
193
|
end
|
|
120
194
|
|
|
121
|
-
|
|
195
|
+
result
|
|
122
196
|
end
|
|
123
197
|
|
|
124
198
|
# Sets the revision information level, where the +revision_level+
|
|
@@ -127,11 +201,12 @@ module Win32
|
|
|
127
201
|
# Returns the revision level if successful.
|
|
128
202
|
#
|
|
129
203
|
def revision=(revision_level)
|
|
130
|
-
|
|
131
|
-
|
|
204
|
+
FFI::MemoryPointer.new(:ulong) do |buf|
|
|
205
|
+
buf.write_ulong(revision_level)
|
|
132
206
|
|
|
133
|
-
|
|
134
|
-
|
|
207
|
+
unless SetAclInformation(@acl, buf, buf.size, AclRevisionInformation)
|
|
208
|
+
raise SystemCallError.new("SetAclInformation", FFI.errno)
|
|
209
|
+
end
|
|
135
210
|
end
|
|
136
211
|
|
|
137
212
|
@revision = revision_level
|
data/lib/win32/security/sid.rb
CHANGED
|
@@ -1,6 +1,3 @@
|
|
|
1
|
-
require File.join(File.dirname(__FILE__), 'windows', 'constants')
|
|
2
|
-
require File.join(File.dirname(__FILE__), 'windows', 'functions')
|
|
3
|
-
require File.join(File.dirname(__FILE__), 'windows', 'structs')
|
|
4
1
|
require 'socket'
|
|
5
2
|
|
|
6
3
|
# The Win32 module serves as a namespace only.
|
|
@@ -78,27 +75,35 @@ module Win32
|
|
|
78
75
|
# Converts a binary SID to a string in S-R-I-S-S... format.
|
|
79
76
|
#
|
|
80
77
|
def self.sid_to_string(sid)
|
|
81
|
-
|
|
78
|
+
result = nil
|
|
82
79
|
|
|
83
|
-
|
|
84
|
-
|
|
80
|
+
FFI::MemoryPointer.new(:pointer) do |string_sid|
|
|
81
|
+
unless ConvertSidToStringSid(sid, string_sid)
|
|
82
|
+
raise SystemCallError.new("ConvertSidToStringSid", FFI.errno)
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
result = string_sid.read_pointer.read_string
|
|
85
86
|
end
|
|
86
87
|
|
|
87
|
-
|
|
88
|
+
result
|
|
88
89
|
end
|
|
89
90
|
|
|
90
91
|
# Converts a string in S-R-I-S-S... format back to a binary SID.
|
|
91
92
|
#
|
|
92
93
|
def self.string_to_sid(string)
|
|
93
|
-
|
|
94
|
+
result = nil
|
|
94
95
|
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
96
|
+
FFI::MemoryPointer.new(:pointer) do |sid|
|
|
97
|
+
unless ConvertStringSidToSid(string, sid)
|
|
98
|
+
raise SystemCallError.new("ConvertStringSidToSid", FFI.errno)
|
|
99
|
+
end
|
|
98
100
|
|
|
99
|
-
|
|
101
|
+
ptr = sid.read_pointer
|
|
100
102
|
|
|
101
|
-
|
|
103
|
+
result = ptr.read_bytes(GetLengthSid(ptr))
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
result
|
|
102
107
|
end
|
|
103
108
|
|
|
104
109
|
# Creates a new SID with +authority+ and up to 8 +subauthorities+,
|
|
@@ -127,21 +132,25 @@ module Win32
|
|
|
127
132
|
end
|
|
128
133
|
|
|
129
134
|
size = GetSidLengthRequired(sub_authorities.length)
|
|
130
|
-
|
|
135
|
+
new_obj = nil
|
|
131
136
|
|
|
132
|
-
|
|
133
|
-
|
|
137
|
+
FFI::MemoryPointer.new(:uchar, size) do |sid|
|
|
138
|
+
auth = SID_IDENTIFIER_AUTHORITY.new
|
|
139
|
+
auth[:Value][5] = authority
|
|
134
140
|
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
141
|
+
unless InitializeSid(sid, auth, sub_authorities.length)
|
|
142
|
+
raise SystemCallError.new("InitializeSid", FFI.errno)
|
|
143
|
+
end
|
|
138
144
|
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
145
|
+
sub_authorities.each_index do |i|
|
|
146
|
+
ptr = GetSidSubAuthority(sid, i)
|
|
147
|
+
ptr.write_ulong(sub_authorities[i])
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
new_obj = new(sid.read_string(size)) # Pass a binary string
|
|
142
151
|
end
|
|
143
152
|
|
|
144
|
-
|
|
153
|
+
new_obj
|
|
145
154
|
end
|
|
146
155
|
|
|
147
156
|
# Creates and returns a new Win32::Security::SID object, based on
|
|
@@ -182,13 +191,14 @@ module Win32
|
|
|
182
191
|
if !bool && FFI.errno != ERROR_NO_TOKEN
|
|
183
192
|
raise SystemCallError.new("OpenThreadToken", FFI.errno)
|
|
184
193
|
else
|
|
185
|
-
ptoken
|
|
194
|
+
ptoken.clear
|
|
186
195
|
unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, ptoken)
|
|
187
196
|
raise SystemCallError.new("OpenProcessToken", FFI.errno)
|
|
188
197
|
end
|
|
189
198
|
end
|
|
190
199
|
|
|
191
200
|
token = ptoken.read_pointer.to_i
|
|
201
|
+
|
|
192
202
|
pinfo = FFI::MemoryPointer.new(:pointer)
|
|
193
203
|
plength = FFI::MemoryPointer.new(:ulong)
|
|
194
204
|
|
|
@@ -196,7 +206,7 @@ module Win32
|
|
|
196
206
|
GetTokenInformation(token, 1, pinfo, pinfo.size, plength)
|
|
197
207
|
|
|
198
208
|
pinfo = FFI::MemoryPointer.new(plength.read_ulong)
|
|
199
|
-
plength
|
|
209
|
+
plength.clear
|
|
200
210
|
|
|
201
211
|
# Second pass, actual call (1 is TokenOwner)
|
|
202
212
|
unless GetTokenInformation(token, 1, pinfo, pinfo.size, plength)
|
|
@@ -241,6 +251,7 @@ module Win32
|
|
|
241
251
|
end
|
|
242
252
|
elsif ordinal_val < 10 # Assume it's a binary SID.
|
|
243
253
|
account_ptr = FFI::MemoryPointer.from_string(account)
|
|
254
|
+
|
|
244
255
|
bool = LookupAccountSid(
|
|
245
256
|
host,
|
|
246
257
|
account_ptr,
|
|
@@ -250,9 +261,12 @@ module Win32
|
|
|
250
261
|
domain_size,
|
|
251
262
|
use_ptr
|
|
252
263
|
)
|
|
264
|
+
|
|
253
265
|
unless bool
|
|
254
266
|
raise SystemCallError.new("LookupAccountSid", FFI.errno)
|
|
255
267
|
end
|
|
268
|
+
|
|
269
|
+
account_ptr.free
|
|
256
270
|
else
|
|
257
271
|
bool = LookupAccountName(
|
|
258
272
|
host,
|
|
@@ -273,11 +287,11 @@ module Win32
|
|
|
273
287
|
@sid = token_info.read_string
|
|
274
288
|
@account = sid.read_string(sid.size).strip
|
|
275
289
|
elsif ordinal_val < 10
|
|
276
|
-
@sid
|
|
290
|
+
@sid = account
|
|
277
291
|
@account = sid.read_string(sid.size).strip
|
|
278
292
|
else
|
|
279
293
|
length = GetLengthSid(sid)
|
|
280
|
-
@sid
|
|
294
|
+
@sid = sid.read_string(length)
|
|
281
295
|
@account = account
|
|
282
296
|
end
|
|
283
297
|
|
|
@@ -297,13 +311,17 @@ module Win32
|
|
|
297
311
|
# storage or transmission.
|
|
298
312
|
#
|
|
299
313
|
def to_s
|
|
300
|
-
|
|
314
|
+
string = nil
|
|
315
|
+
|
|
316
|
+
FFI::MemoryPointer.new(:pointer) do |ptr|
|
|
317
|
+
unless ConvertSidToStringSid(@sid, ptr)
|
|
318
|
+
raise SystemCallError.new("ConvertSidToStringSid", FFI.errno)
|
|
319
|
+
end
|
|
301
320
|
|
|
302
|
-
|
|
303
|
-
raise SystemCallError.new("ConvertSidToStringSid", FFI.errno)
|
|
321
|
+
string = ptr.read_pointer.read_string
|
|
304
322
|
end
|
|
305
323
|
|
|
306
|
-
|
|
324
|
+
string
|
|
307
325
|
end
|
|
308
326
|
|
|
309
327
|
alias to_str to_s
|
|
@@ -5,6 +5,7 @@ module Windows
|
|
|
5
5
|
|
|
6
6
|
TOKEN_QUERY = 8
|
|
7
7
|
ERROR_NO_TOKEN = 1008
|
|
8
|
+
MAXDWORD = 0xFFFFFFFF
|
|
8
9
|
|
|
9
10
|
# ACL Revisions
|
|
10
11
|
|
|
@@ -118,6 +119,66 @@ module Windows
|
|
|
118
119
|
SidTypeInvalid = 7
|
|
119
120
|
SidTypeUnknown = 8
|
|
120
121
|
SidTypeComputer = 9
|
|
122
|
+
|
|
123
|
+
# SDDL version information
|
|
124
|
+
|
|
125
|
+
SDDL_REVISION_1 = 1
|
|
126
|
+
|
|
127
|
+
# ACE flags
|
|
128
|
+
|
|
129
|
+
OBJECT_INHERIT_ACE = 0x1
|
|
130
|
+
CONTAINER_INHERIT_ACE = 0x2
|
|
131
|
+
NO_PROPAGATE_INHERIT_ACE = 0x4
|
|
132
|
+
INHERIT_ONLY_ACE = 0x8
|
|
133
|
+
INHERITED_ACE = 0x10
|
|
134
|
+
|
|
135
|
+
# ACE Types
|
|
136
|
+
|
|
137
|
+
ACCESS_MIN_MS_ACE_TYPE = 0x0
|
|
138
|
+
ACCESS_ALLOWED_ACE_TYPE = 0x0
|
|
139
|
+
ACCESS_DENIED_ACE_TYPE = 0x1
|
|
140
|
+
SYSTEM_AUDIT_ACE_TYPE = 0x2
|
|
141
|
+
SYSTEM_ALARM_ACE_TYPE = 0x3
|
|
142
|
+
ACCESS_MAX_MS_V2_ACE_TYPE = 0x3
|
|
143
|
+
ACCESS_ALLOWED_COMPOUND_ACE_TYPE = 0x4
|
|
144
|
+
ACCESS_MAX_MS_V3_ACE_TYPE = 0x4
|
|
145
|
+
ACCESS_MIN_MS_OBJECT_ACE_TYPE = 0x5
|
|
146
|
+
ACCESS_ALLOWED_OBJECT_ACE_TYPE = 0x5
|
|
147
|
+
ACCESS_DENIED_OBJECT_ACE_TYPE = 0x6
|
|
148
|
+
SYSTEM_AUDIT_OBJECT_ACE_TYPE = 0x7
|
|
149
|
+
SYSTEM_ALARM_OBJECT_ACE_TYPE = 0x8
|
|
150
|
+
ACCESS_MAX_MS_OBJECT_ACE_TYPE = 0x8
|
|
151
|
+
ACCESS_MAX_MS_V4_ACE_TYPE = 0x8
|
|
152
|
+
ACCESS_MAX_MS_ACE_TYPE = 0x8
|
|
153
|
+
ACCESS_ALLOWED_CALLBACK_ACE_TYPE = 0x9
|
|
154
|
+
ACCESS_DENIED_CALLBACK_ACE_TYPE = 0xA
|
|
155
|
+
ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE = 0xB
|
|
156
|
+
ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE = 0xC
|
|
157
|
+
SYSTEM_AUDIT_CALLBACK_ACE_TYPE = 0xD
|
|
158
|
+
SYSTEM_ALARM_CALLBACK_ACE_TYPE = 0xE
|
|
159
|
+
SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE = 0xF
|
|
160
|
+
SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE = 0x10
|
|
161
|
+
ACCESS_MAX_MS_V5_ACE_TYPE = 0x10
|
|
162
|
+
|
|
163
|
+
# Standard Access Rights
|
|
164
|
+
|
|
165
|
+
DELETE = 0x00010000
|
|
166
|
+
READ_CONTROL = 0x20000
|
|
167
|
+
WRITE_DAC = 0x40000
|
|
168
|
+
WRITE_OWNER = 0x80000
|
|
169
|
+
SYNCHRONIZE = 0x100000
|
|
170
|
+
STANDARD_RIGHTS_REQUIRED = 0xf0000
|
|
171
|
+
STANDARD_RIGHTS_READ = 0x20000
|
|
172
|
+
STANDARD_RIGHTS_WRITE = 0x20000
|
|
173
|
+
STANDARD_RIGHTS_EXECUTE = 0x20000
|
|
174
|
+
STANDARD_RIGHTS_ALL = 0x1F0000
|
|
175
|
+
SPECIFIC_RIGHTS_ALL = 0xFFFF
|
|
176
|
+
ACCESS_SYSTEM_SECURITY = 0x1000000
|
|
177
|
+
MAXIMUM_ALLOWED = 0x2000000
|
|
178
|
+
GENERIC_READ = 0x80000000
|
|
179
|
+
GENERIC_WRITE = 0x40000000
|
|
180
|
+
GENERIC_EXECUTE = 0x20000000
|
|
181
|
+
GENERIC_ALL = 0x10000000
|
|
121
182
|
end
|
|
122
183
|
end
|
|
123
184
|
end
|
|
@@ -72,14 +72,19 @@ module Windows
|
|
|
72
72
|
|
|
73
73
|
ffi_lib :advapi32
|
|
74
74
|
|
|
75
|
+
attach_pfunc :AddAce, [:ptr, :dword, :dword, :ptr, :dword], :bool
|
|
75
76
|
attach_pfunc :AddAccessAllowedAce, [:ptr, :dword, :dword, :ptr], :bool
|
|
76
|
-
attach_pfunc :
|
|
77
|
-
|
|
77
|
+
attach_pfunc :AddAccessAllowedAceEx, [:ptr, :dword, :dword, :dword, :ptr], :bool
|
|
78
|
+
attach_pfunc :AddAccessDeniedAce, [:ptr, :dword, :dword, :ptr], :bool
|
|
79
|
+
attach_pfunc :AddAccessDeniedAceEx, [:ptr, :dword, :dword, :dword, :ptr], :bool
|
|
80
|
+
attach_pfunc :AllocateAndInitializeSid, [:ptr, :int, :dword, :dword, :dword, :dword, :dword, :dword, :dword, :dword, :ptr], :bool
|
|
78
81
|
attach_pfunc :CheckTokenMembership, [:handle, :ptr, :ptr], :bool
|
|
79
82
|
attach_pfunc :ConvertSidToStringSid, :ConvertSidToStringSidA, [:ptr, :ptr], :bool
|
|
80
83
|
attach_pfunc :ConvertStringSidToSid, :ConvertStringSidToSidA, [:string, :ptr], :bool
|
|
84
|
+
attach_pfunc :DeleteAce, [:ptr, :dword], :bool
|
|
81
85
|
attach_pfunc :EqualSid, [:ptr, :ptr], :bool
|
|
82
86
|
attach_pfunc :FindFirstFreeAce, [:ptr, :ptr], :bool
|
|
87
|
+
attach_pfunc :GetAce, [:ptr, :dword, :ptr], :bool
|
|
83
88
|
attach_pfunc :GetAclInformation, [:ptr, :ptr, :dword, :int], :bool
|
|
84
89
|
attach_pfunc :GetLengthSid, [:ptr], :dword
|
|
85
90
|
attach_pfunc :GetSidLengthRequired, [:uint], :dword
|
|
@@ -90,13 +95,16 @@ module Windows
|
|
|
90
95
|
attach_pfunc :IsValidAcl, [:ptr], :bool
|
|
91
96
|
attach_pfunc :IsValidSid, [:ptr], :bool
|
|
92
97
|
attach_pfunc :IsWellKnownSid, [:ptr, :int], :bool
|
|
93
|
-
attach_pfunc :LookupAccountName, :LookupAccountNameA,
|
|
94
|
-
|
|
95
|
-
attach_pfunc :LookupAccountSid, :LookupAccountSidA,
|
|
96
|
-
[:string, :ptr, :ptr, :ptr, :ptr, :ptr, :ptr], :bool
|
|
98
|
+
attach_pfunc :LookupAccountName, :LookupAccountNameA, [:string, :string, :ptr, :ptr, :ptr, :ptr, :ptr], :bool
|
|
99
|
+
attach_pfunc :LookupAccountSid, :LookupAccountSidA, [:string, :ptr, :ptr, :ptr, :ptr, :ptr, :ptr], :bool
|
|
97
100
|
attach_pfunc :OpenProcessToken, [:handle, :dword, :ptr], :bool
|
|
98
101
|
attach_pfunc :OpenThreadToken, [:handle, :dword, :bool, :ptr], :bool
|
|
99
102
|
attach_pfunc :SetAclInformation, [:ptr, :ptr, :dword, :int], :bool
|
|
103
|
+
|
|
104
|
+
attach_pfunc :ConvertSecurityDescriptorToStringSecurityDescriptor,
|
|
105
|
+
:ConvertSecurityDescriptorToStringSecurityDescriptorA, [:ptr, :dword, :dword, :ptr, :ptr], :bool
|
|
106
|
+
attach_pfunc :ConvertStringSecurityDescriptorToSecurityDescriptor,
|
|
107
|
+
:ConvertStringSecurityDescriptorToSecurityDescriptorA, [:string, :dword, :ptr, :ptr], :bool
|
|
100
108
|
end
|
|
101
109
|
end
|
|
102
110
|
end
|
|
@@ -30,6 +30,15 @@ module Windows
|
|
|
30
30
|
)
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
+
# Generic struct we made up and inspect later to determine type.
|
|
34
|
+
class ACCESS_GENERIC_ACE < FFI::Struct
|
|
35
|
+
layout(
|
|
36
|
+
:Header, ACE_HEADER,
|
|
37
|
+
:Mask, :ulong,
|
|
38
|
+
:SidStart, :ulong
|
|
39
|
+
)
|
|
40
|
+
end
|
|
41
|
+
|
|
33
42
|
class ACCESS_ALLOWED_ACE < FFI::Struct
|
|
34
43
|
layout(
|
|
35
44
|
:Header, ACE_HEADER,
|
|
@@ -38,6 +47,14 @@ module Windows
|
|
|
38
47
|
)
|
|
39
48
|
end
|
|
40
49
|
|
|
50
|
+
class ACCESS_DENIED_ACE < FFI::Struct
|
|
51
|
+
layout(
|
|
52
|
+
:Header, ACE_HEADER,
|
|
53
|
+
:Mask, :ulong,
|
|
54
|
+
:SidStart, :ulong
|
|
55
|
+
)
|
|
56
|
+
end
|
|
57
|
+
|
|
41
58
|
class ACCESS_ALLOWED_ACE2 < FFI::Struct
|
|
42
59
|
layout(
|
|
43
60
|
:Header, ACE_HEADER,
|
|
@@ -61,7 +78,15 @@ module Windows
|
|
|
61
78
|
layout(
|
|
62
79
|
:AceCount, :ulong,
|
|
63
80
|
:AclBytesInUse, :ulong,
|
|
64
|
-
:
|
|
81
|
+
:AclBytesFree, :ulong
|
|
82
|
+
)
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
class SECURITY_ATTRIBUTES < FFI::Struct
|
|
86
|
+
layout(
|
|
87
|
+
:nLength, :ulong,
|
|
88
|
+
:lpSecurityDescriptor, :ulong,
|
|
89
|
+
:bInheritHandle, :bool
|
|
65
90
|
)
|
|
66
91
|
end
|
|
67
92
|
end
|
data/test/test_ace.rb
ADDED
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
########################################################################
|
|
2
|
+
# test_ace.rb
|
|
3
|
+
#
|
|
4
|
+
# Test suite for the Win32::Security::ACE class.
|
|
5
|
+
########################################################################
|
|
6
|
+
require 'test-unit'
|
|
7
|
+
require 'win32/security'
|
|
8
|
+
require 'win32/security/sid'
|
|
9
|
+
require 'win32/security/acl'
|
|
10
|
+
require 'win32/security/ace'
|
|
11
|
+
|
|
12
|
+
class TC_Win32_Security_Ace < Test::Unit::TestCase
|
|
13
|
+
def setup
|
|
14
|
+
@ace = Win32::Security::ACE.new(1, 1, 1)
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
test "ACE version is set to the expected value" do
|
|
18
|
+
assert_equal('0.1.0', Win32::Security::ACE::VERSION)
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
test "ace_type basic functionality" do
|
|
22
|
+
assert_respond_to(@ace, :ace_type)
|
|
23
|
+
assert_equal(1, @ace.ace_type)
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
test "access_mask basic functionality" do
|
|
27
|
+
assert_respond_to(@ace, :access_mask)
|
|
28
|
+
assert_equal(1, @ace.access_mask)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
test "flags basic functionality" do
|
|
32
|
+
assert_respond_to(@ace, :flags)
|
|
33
|
+
assert_equal(1, @ace.flags)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
test "ace_type_string basic functionality" do
|
|
37
|
+
assert_respond_to(@ace, :ace_type_string)
|
|
38
|
+
assert_kind_of(String, @ace.ace_type_string)
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
test "ace_type_string returns the expected value" do
|
|
42
|
+
assert_equal('ACCESS_DENIED_ACE_TYPE', @ace.ace_type_string)
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def teardown
|
|
46
|
+
@ace = nil
|
|
47
|
+
end
|
|
48
|
+
end
|
data/test/test_acl.rb
CHANGED
|
@@ -54,11 +54,16 @@ class TC_Win32_Security_Acl < Test::Unit::TestCase
|
|
|
54
54
|
|
|
55
55
|
test "find_ace basic functionality" do
|
|
56
56
|
assert_respond_to(@acl, :find_ace)
|
|
57
|
-
assert_kind_of(Fixnum, @acl.find_ace)
|
|
58
57
|
end
|
|
59
58
|
|
|
60
|
-
test "find_ace returns
|
|
61
|
-
|
|
59
|
+
test "find_ace returns an ACE object if there is one to find" do
|
|
60
|
+
@acl.add_access_allowed_ace('Guest', Win32::Security::ACL::GENERIC_READ)
|
|
61
|
+
assert_kind_of(Win32::Security::ACE, @acl.find_ace)
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
test "find_ace accepts an integer argument" do
|
|
65
|
+
@acl.add_access_allowed_ace('Guest', Win32::Security::ACL::GENERIC_READ)
|
|
66
|
+
assert_kind_of(Win32::Security::ACE, @acl.find_ace(0))
|
|
62
67
|
end
|
|
63
68
|
|
|
64
69
|
test "revision getter basic functionality" do
|
data/test/test_security.rb
CHANGED
|
@@ -9,7 +9,7 @@ require 'win32/security'
|
|
|
9
9
|
|
|
10
10
|
class TC_Win32_Security < Test::Unit::TestCase
|
|
11
11
|
test "version constant is set to expected value" do
|
|
12
|
-
assert_equal('0.
|
|
12
|
+
assert_equal('0.3.0', Win32::Security::VERSION)
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
test "elevated security basic functionality" do
|
data/win32-security.gemspec
CHANGED
|
@@ -2,7 +2,7 @@ require 'rubygems'
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |spec|
|
|
4
4
|
spec.name = 'win32-security'
|
|
5
|
-
spec.version = '0.
|
|
5
|
+
spec.version = '0.3.0'
|
|
6
6
|
spec.authors = ['Daniel J. Berger', 'Park Heesob']
|
|
7
7
|
spec.license = 'Artistic 2.0'
|
|
8
8
|
spec.email = 'djberg96@gmail.com'
|
|
@@ -12,7 +12,6 @@ Gem::Specification.new do |spec|
|
|
|
12
12
|
spec.files = Dir['**/*'].reject{ |f| f.include?('git') }
|
|
13
13
|
|
|
14
14
|
spec.extra_rdoc_files = ['README', 'CHANGES', 'MANIFEST']
|
|
15
|
-
spec.rubyforge_project = 'win32utils'
|
|
16
15
|
|
|
17
16
|
spec.add_dependency('ffi')
|
|
18
17
|
|
|
@@ -22,7 +21,7 @@ Gem::Specification.new do |spec|
|
|
|
22
21
|
|
|
23
22
|
spec.description = <<-EOF
|
|
24
23
|
The win32-security library provides an interface for dealing with
|
|
25
|
-
security related aspects of MS Windows
|
|
26
|
-
|
|
24
|
+
security related aspects of MS Windows, such as SID's, ACL's and
|
|
25
|
+
ACE's.
|
|
27
26
|
EOF
|
|
28
27
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: win32-security
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel J. Berger
|
|
@@ -9,68 +9,68 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2014-
|
|
12
|
+
date: 2014-10-31 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: ffi
|
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
|
17
17
|
requirements:
|
|
18
|
-
- -
|
|
18
|
+
- - ">="
|
|
19
19
|
- !ruby/object:Gem::Version
|
|
20
20
|
version: '0'
|
|
21
21
|
type: :runtime
|
|
22
22
|
prerelease: false
|
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
|
24
24
|
requirements:
|
|
25
|
-
- -
|
|
25
|
+
- - ">="
|
|
26
26
|
- !ruby/object:Gem::Version
|
|
27
27
|
version: '0'
|
|
28
28
|
- !ruby/object:Gem::Dependency
|
|
29
29
|
name: rake
|
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
|
31
31
|
requirements:
|
|
32
|
-
- -
|
|
32
|
+
- - ">="
|
|
33
33
|
- !ruby/object:Gem::Version
|
|
34
34
|
version: '0'
|
|
35
35
|
type: :development
|
|
36
36
|
prerelease: false
|
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
|
38
38
|
requirements:
|
|
39
|
-
- -
|
|
39
|
+
- - ">="
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
41
|
version: '0'
|
|
42
42
|
- !ruby/object:Gem::Dependency
|
|
43
43
|
name: test-unit
|
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
|
45
45
|
requirements:
|
|
46
|
-
- -
|
|
46
|
+
- - ">="
|
|
47
47
|
- !ruby/object:Gem::Version
|
|
48
48
|
version: 2.5.0
|
|
49
49
|
type: :development
|
|
50
50
|
prerelease: false
|
|
51
51
|
version_requirements: !ruby/object:Gem::Requirement
|
|
52
52
|
requirements:
|
|
53
|
-
- -
|
|
53
|
+
- - ">="
|
|
54
54
|
- !ruby/object:Gem::Version
|
|
55
55
|
version: 2.5.0
|
|
56
56
|
- !ruby/object:Gem::Dependency
|
|
57
57
|
name: sys-admin
|
|
58
58
|
requirement: !ruby/object:Gem::Requirement
|
|
59
59
|
requirements:
|
|
60
|
-
- -
|
|
60
|
+
- - ">="
|
|
61
61
|
- !ruby/object:Gem::Version
|
|
62
62
|
version: 1.6.0
|
|
63
63
|
type: :development
|
|
64
64
|
prerelease: false
|
|
65
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
66
66
|
requirements:
|
|
67
|
-
- -
|
|
67
|
+
- - ">="
|
|
68
68
|
- !ruby/object:Gem::Version
|
|
69
69
|
version: 1.6.0
|
|
70
70
|
description: |2
|
|
71
71
|
The win32-security library provides an interface for dealing with
|
|
72
|
-
security related aspects of MS Windows
|
|
73
|
-
|
|
72
|
+
security related aspects of MS Windows, such as SID's, ACL's and
|
|
73
|
+
ACE's.
|
|
74
74
|
email: djberg96@gmail.com
|
|
75
75
|
executables: []
|
|
76
76
|
extensions: []
|
|
@@ -80,16 +80,17 @@ extra_rdoc_files:
|
|
|
80
80
|
- MANIFEST
|
|
81
81
|
files:
|
|
82
82
|
- CHANGES
|
|
83
|
+
- MANIFEST
|
|
84
|
+
- README
|
|
85
|
+
- Rakefile
|
|
86
|
+
- lib/win32/security.rb
|
|
83
87
|
- lib/win32/security/ace.rb
|
|
84
88
|
- lib/win32/security/acl.rb
|
|
85
89
|
- lib/win32/security/sid.rb
|
|
86
90
|
- lib/win32/security/windows/constants.rb
|
|
87
91
|
- lib/win32/security/windows/functions.rb
|
|
88
92
|
- lib/win32/security/windows/structs.rb
|
|
89
|
-
-
|
|
90
|
-
- MANIFEST
|
|
91
|
-
- Rakefile
|
|
92
|
-
- README
|
|
93
|
+
- test/test_ace.rb
|
|
93
94
|
- test/test_acl.rb
|
|
94
95
|
- test/test_security.rb
|
|
95
96
|
- test/test_sid.rb
|
|
@@ -104,21 +105,22 @@ require_paths:
|
|
|
104
105
|
- lib
|
|
105
106
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
106
107
|
requirements:
|
|
107
|
-
- -
|
|
108
|
+
- - ">="
|
|
108
109
|
- !ruby/object:Gem::Version
|
|
109
110
|
version: '0'
|
|
110
111
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
111
112
|
requirements:
|
|
112
|
-
- -
|
|
113
|
+
- - ">="
|
|
113
114
|
- !ruby/object:Gem::Version
|
|
114
115
|
version: '0'
|
|
115
116
|
requirements: []
|
|
116
|
-
rubyforge_project:
|
|
117
|
-
rubygems_version: 2.
|
|
117
|
+
rubyforge_project:
|
|
118
|
+
rubygems_version: 2.4.2
|
|
118
119
|
signing_key:
|
|
119
120
|
specification_version: 4
|
|
120
121
|
summary: A library for dealing with aspects of Windows security.
|
|
121
122
|
test_files:
|
|
123
|
+
- test/test_ace.rb
|
|
122
124
|
- test/test_acl.rb
|
|
123
125
|
- test/test_security.rb
|
|
124
126
|
- test/test_sid.rb
|