win32-security 0.4.0 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/CHANGES +11 -0
- data/MANIFEST +3 -0
- data/lib/win32/security.rb +20 -7
- data/lib/win32/security/acl.rb +13 -13
- data/lib/win32/security/sid.rb +11 -13
- data/lib/win32/security/windows/functions.rb +2 -2
- data/test/test_security.rb +1 -1
- data/test/test_sid.rb +2 -2
- data/win32-security.gemspec +2 -1
- metadata +16 -3
- metadata.gz.sig +0 -0
- data/lib/win32/security/windows/helper.rb +0 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 17acf08fb33a5a5e6f014622ae6425fa14773c3d
|
|
4
|
+
data.tar.gz: b866473ff81aaa20bbf5ffb6ba4b60726ccdd6a0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 35d37cbe3d106ba3ff620b7302273f3ec7184cbb25fbf20a540be2cd356a619232906cb62b8977114c7ffc1724caedd652c0c1d100a4544b92ba3c3f7cf0e872
|
|
7
|
+
data.tar.gz: a5219e4dd547d6db64dc7042d214ab5c37d913014c21c1ce92af6c7c10289f8d02671b6681890f6a03d8db772380534763fbee6049c0f1b66408c9f8b87e16f9
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data.tar.gz.sig
CHANGED
|
Binary file
|
data/CHANGES
CHANGED
|
@@ -1,3 +1,14 @@
|
|
|
1
|
+
== 0.4.1 - 9-May-2016
|
|
2
|
+
* Added the ffi-win32-extensions dependency, and removed the helper file.
|
|
3
|
+
* The SID.new method is now a bit more flexible with regards to failures of
|
|
4
|
+
the OpenThreadToken function. It now just defaults to OpenProcessToken no
|
|
5
|
+
matter what, if it can.
|
|
6
|
+
* The Security.elevated_security? method is now more robust, using a double
|
|
7
|
+
pass approach.
|
|
8
|
+
* The above fixes were mainly to resolve issues on cygwin64. Thanks go to
|
|
9
|
+
Tobias Hochg�rtel and Wouter Scheele for raising the issues and providing
|
|
10
|
+
providing patches (for both this library and cygwin64 + ffi).
|
|
11
|
+
|
|
1
12
|
== 0.4.0 - 7-Mar-2016
|
|
2
13
|
* Added wide character support. Thanks go to Ethan J. Brown for finally forcing
|
|
3
14
|
me to get around to this.
|
data/MANIFEST
CHANGED
data/lib/win32/security.rb
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
# This file allows users to require all security related classes from
|
|
2
2
|
# a single file, instead of having to require individual files.
|
|
3
3
|
|
|
4
|
+
require 'ffi/win32/extensions'
|
|
4
5
|
require_relative 'security/windows/constants'
|
|
5
6
|
require_relative 'security/windows/structs'
|
|
6
7
|
require_relative 'security/windows/functions'
|
|
7
|
-
require_relative 'security/windows/helper'
|
|
8
8
|
|
|
9
9
|
# The Win32 module serves as a namespace only.
|
|
10
10
|
module Win32
|
|
@@ -21,7 +21,7 @@ module Win32
|
|
|
21
21
|
extend Windows::Security::Functions
|
|
22
22
|
|
|
23
23
|
# The version of the win32-security library
|
|
24
|
-
VERSION = '0.4.
|
|
24
|
+
VERSION = '0.4.1'
|
|
25
25
|
|
|
26
26
|
# Used by OpenProcessToken
|
|
27
27
|
TOKEN_QUERY = 8
|
|
@@ -41,14 +41,14 @@ module Win32
|
|
|
41
41
|
|
|
42
42
|
FFI::MemoryPointer.new(ptr_type) do |token|
|
|
43
43
|
unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
|
|
44
|
-
|
|
44
|
+
FFI.raise_windows_error('OpenProcessToken')
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
begin
|
|
48
48
|
token = token.read_pointer.to_i
|
|
49
49
|
|
|
50
50
|
# Since the TokenElevation struct only has 1 member, we use a pointer.
|
|
51
|
-
te = FFI::MemoryPointer.new(:
|
|
51
|
+
te = FFI::MemoryPointer.new(:pointer)
|
|
52
52
|
rl = FFI::MemoryPointer.new(:ulong)
|
|
53
53
|
|
|
54
54
|
bool = GetTokenInformation(
|
|
@@ -59,9 +59,22 @@ module Win32
|
|
|
59
59
|
rl
|
|
60
60
|
)
|
|
61
61
|
|
|
62
|
-
|
|
62
|
+
te.free
|
|
63
|
+
te = FFI::MemoryPointer.new(rl.read_ulong)
|
|
64
|
+
rl.clear
|
|
65
|
+
|
|
66
|
+
bool = GetTokenInformation(
|
|
67
|
+
token,
|
|
68
|
+
:TokenElevation,
|
|
69
|
+
te,
|
|
70
|
+
te.size,
|
|
71
|
+
rl
|
|
72
|
+
)
|
|
73
|
+
|
|
74
|
+
FFI.raise_windows_error('GetTokenInformation') unless bool
|
|
63
75
|
|
|
64
|
-
|
|
76
|
+
token_info = rl.read_ulong == 4 ? te.read_uint : te.read_ulong
|
|
77
|
+
result = token_info != 0
|
|
65
78
|
ensure
|
|
66
79
|
CloseHandle(token)
|
|
67
80
|
te.free
|
|
@@ -79,7 +92,7 @@ module Win32
|
|
|
79
92
|
ver[:dwOSVersionInfoSize] = ver.size
|
|
80
93
|
|
|
81
94
|
unless GetVersionExA(ver)
|
|
82
|
-
|
|
95
|
+
FFI.raise_windows_error('GetVersionEx')
|
|
83
96
|
end
|
|
84
97
|
|
|
85
98
|
ver[:dwMajorVersion]
|
data/lib/win32/security/acl.rb
CHANGED
|
@@ -12,7 +12,7 @@ module Win32
|
|
|
12
12
|
extend Windows::Security::Functions
|
|
13
13
|
|
|
14
14
|
# The version of the Win32::Security::ACL class.
|
|
15
|
-
VERSION = '0.2.
|
|
15
|
+
VERSION = '0.2.1'
|
|
16
16
|
|
|
17
17
|
# The underlying ACL structure.
|
|
18
18
|
attr_reader :acl
|
|
@@ -28,7 +28,7 @@ module Win32
|
|
|
28
28
|
acl = ACL_STRUCT.new
|
|
29
29
|
|
|
30
30
|
unless InitializeAcl(acl, size, revision)
|
|
31
|
-
|
|
31
|
+
FFI.raise_windows_error('InitializeAcl')
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
@acl = acl
|
|
@@ -41,7 +41,7 @@ module Win32
|
|
|
41
41
|
info = ACL_SIZE_INFORMATION.new
|
|
42
42
|
|
|
43
43
|
unless GetAclInformation(@acl, info, info.size, AclSizeInformation)
|
|
44
|
-
|
|
44
|
+
FFI.raise_windows_error('GetAclInformation')
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
info[:AceCount]
|
|
@@ -54,7 +54,7 @@ module Win32
|
|
|
54
54
|
info = ACL_SIZE_INFORMATION.new
|
|
55
55
|
|
|
56
56
|
unless GetAclInformation(@acl, info, info.size, AclSizeInformation)
|
|
57
|
-
|
|
57
|
+
FFI.raise_windows_error('GetAclInformation')
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
[info[:AclBytesInUse], info[:AclBytesFree]]
|
|
@@ -88,11 +88,11 @@ module Win32
|
|
|
88
88
|
|
|
89
89
|
if flags
|
|
90
90
|
unless AddAccessAllowedAceEx(@acl, @revision, flags, mask, sid)
|
|
91
|
-
|
|
91
|
+
FFI.raise_windows_error('AddAccessAllowedAceEx')
|
|
92
92
|
end
|
|
93
93
|
else
|
|
94
94
|
unless AddAccessAllowedAce(@acl, @revision, mask, sid)
|
|
95
|
-
|
|
95
|
+
FFI.raise_windows_error('AddAccessAllowedAce')
|
|
96
96
|
end
|
|
97
97
|
end
|
|
98
98
|
|
|
@@ -122,11 +122,11 @@ module Win32
|
|
|
122
122
|
|
|
123
123
|
if flags
|
|
124
124
|
unless AddAccessDeniedAceEx(@acl, @revision, flags, mask, sid)
|
|
125
|
-
|
|
125
|
+
FFI.raise_windows_error('AddAccessDeniedAceEx')
|
|
126
126
|
end
|
|
127
127
|
else
|
|
128
128
|
unless AddAccessDeniedAce(@acl, @revision, mask, sid)
|
|
129
|
-
|
|
129
|
+
FFI.raise_windows_error('AddAccessDeniedAce')
|
|
130
130
|
end
|
|
131
131
|
end
|
|
132
132
|
end
|
|
@@ -140,7 +140,7 @@ module Win32
|
|
|
140
140
|
#
|
|
141
141
|
def add_ace(ace, index=MAXDWORD)
|
|
142
142
|
unless AddAce(@acl, @revision, index, ace, ace.length)
|
|
143
|
-
|
|
143
|
+
FFI.raise_windows_error('AddAce')
|
|
144
144
|
end
|
|
145
145
|
|
|
146
146
|
index
|
|
@@ -153,7 +153,7 @@ module Win32
|
|
|
153
153
|
#
|
|
154
154
|
def delete_ace(index=MAXDWORD)
|
|
155
155
|
unless DeleteAce(@acl, index)
|
|
156
|
-
|
|
156
|
+
FFI.raise_windows_error('DeleteAce')
|
|
157
157
|
end
|
|
158
158
|
|
|
159
159
|
index
|
|
@@ -172,11 +172,11 @@ module Win32
|
|
|
172
172
|
FFI::MemoryPointer.new(:pointer) do |pptr|
|
|
173
173
|
if index.nil?
|
|
174
174
|
unless FindFirstFreeAce(@acl, pptr)
|
|
175
|
-
|
|
175
|
+
FFI.raise_windows_error('FindFirstFreeAce')
|
|
176
176
|
end
|
|
177
177
|
else
|
|
178
178
|
unless GetAce(@acl, index, pptr)
|
|
179
|
-
|
|
179
|
+
FFI.raise_windows_error('GetAce')
|
|
180
180
|
end
|
|
181
181
|
end
|
|
182
182
|
|
|
@@ -205,7 +205,7 @@ module Win32
|
|
|
205
205
|
buf.write_ulong(revision_level)
|
|
206
206
|
|
|
207
207
|
unless SetAclInformation(@acl, buf, buf.size, AclRevisionInformation)
|
|
208
|
-
|
|
208
|
+
FFI.raise_windows_error('SetAclInformation')
|
|
209
209
|
end
|
|
210
210
|
end
|
|
211
211
|
|
data/lib/win32/security/sid.rb
CHANGED
|
@@ -14,7 +14,7 @@ module Win32
|
|
|
14
14
|
extend Windows::Security::Functions
|
|
15
15
|
|
|
16
16
|
# The version of the Win32::Security::SID class.
|
|
17
|
-
VERSION = '0.2.
|
|
17
|
+
VERSION = '0.2.4'
|
|
18
18
|
|
|
19
19
|
# Some constant SID's for your convenience, in string format.
|
|
20
20
|
# See http://support.microsoft.com/kb/243330 for details.
|
|
@@ -79,7 +79,7 @@ module Win32
|
|
|
79
79
|
|
|
80
80
|
FFI::MemoryPointer.new(:pointer) do |string_sid|
|
|
81
81
|
unless ConvertSidToStringSid(sid, string_sid)
|
|
82
|
-
|
|
82
|
+
FFI.raise_windows_error('ConvertSidToStringSid')
|
|
83
83
|
end
|
|
84
84
|
|
|
85
85
|
result = string_sid.read_pointer.read_string
|
|
@@ -95,7 +95,7 @@ module Win32
|
|
|
95
95
|
|
|
96
96
|
FFI::MemoryPointer.new(:pointer) do |sid|
|
|
97
97
|
unless ConvertStringSidToSid(string, sid)
|
|
98
|
-
|
|
98
|
+
FFI.raise_windows_error('ConvertStringSidToSid')
|
|
99
99
|
end
|
|
100
100
|
|
|
101
101
|
ptr = sid.read_pointer
|
|
@@ -139,7 +139,7 @@ module Win32
|
|
|
139
139
|
auth[:Value][5] = authority
|
|
140
140
|
|
|
141
141
|
unless InitializeSid(sid, auth, sub_authorities.length)
|
|
142
|
-
|
|
142
|
+
FFI.raise_windows_error('InitializeSid')
|
|
143
143
|
end
|
|
144
144
|
|
|
145
145
|
sub_authorities.each_index do |i|
|
|
@@ -194,12 +194,10 @@ module Win32
|
|
|
194
194
|
# Try the thread token first, default to the process token.
|
|
195
195
|
bool = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, 1, ptoken)
|
|
196
196
|
|
|
197
|
-
|
|
198
|
-
raise SystemCallError.new("OpenThreadToken", FFI.errno)
|
|
199
|
-
else
|
|
197
|
+
unless bool
|
|
200
198
|
ptoken.clear
|
|
201
199
|
unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, ptoken)
|
|
202
|
-
|
|
200
|
+
FFI.raise_windows_error('OpenProcessToken')
|
|
203
201
|
end
|
|
204
202
|
end
|
|
205
203
|
|
|
@@ -216,7 +214,7 @@ module Win32
|
|
|
216
214
|
|
|
217
215
|
# Second pass, actual call (1 is TokenOwner)
|
|
218
216
|
unless GetTokenInformation(token, 1, pinfo, pinfo.size, plength)
|
|
219
|
-
|
|
217
|
+
FFI.raise_windows_error('GetTokenInformation')
|
|
220
218
|
end
|
|
221
219
|
|
|
222
220
|
token_info = pinfo.read_pointer
|
|
@@ -248,7 +246,7 @@ module Win32
|
|
|
248
246
|
use_ptr
|
|
249
247
|
)
|
|
250
248
|
unless bool
|
|
251
|
-
|
|
249
|
+
FFI.raise_windows_error('LookupAccountSid')
|
|
252
250
|
end
|
|
253
251
|
elsif ordinal_val < 10 # Assume it's a binary SID.
|
|
254
252
|
account_ptr = FFI::MemoryPointer.from_string(account)
|
|
@@ -264,7 +262,7 @@ module Win32
|
|
|
264
262
|
)
|
|
265
263
|
|
|
266
264
|
unless bool
|
|
267
|
-
|
|
265
|
+
FFI.raise_windows_error('LookupAccountSid')
|
|
268
266
|
end
|
|
269
267
|
|
|
270
268
|
account_ptr.free
|
|
@@ -279,7 +277,7 @@ module Win32
|
|
|
279
277
|
use_ptr
|
|
280
278
|
)
|
|
281
279
|
unless bool
|
|
282
|
-
|
|
280
|
+
FFI.raise_windows_error('LookupAccountName')
|
|
283
281
|
end
|
|
284
282
|
end
|
|
285
283
|
|
|
@@ -318,7 +316,7 @@ module Win32
|
|
|
318
316
|
|
|
319
317
|
FFI::MemoryPointer.new(:pointer) do |ptr|
|
|
320
318
|
unless ConvertSidToStringSid(@sid, ptr)
|
|
321
|
-
|
|
319
|
+
FFI.raise_windows_error('ConvertSidToStringSid')
|
|
322
320
|
end
|
|
323
321
|
|
|
324
322
|
string = ptr.read_pointer.read_string
|
|
@@ -23,7 +23,7 @@ module Windows
|
|
|
23
23
|
typedef :uintptr_t, :handle
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
-
ffi_lib
|
|
26
|
+
ffi_lib 'kernel32'
|
|
27
27
|
ffi_convention :stdcall
|
|
28
28
|
|
|
29
29
|
enum :token_info_class, [
|
|
@@ -76,7 +76,7 @@ module Windows
|
|
|
76
76
|
attach_pfunc :GetLastError, [], :dword
|
|
77
77
|
attach_pfunc :CloseHandle, [:dword], :bool
|
|
78
78
|
|
|
79
|
-
ffi_lib
|
|
79
|
+
ffi_lib 'advapi32'
|
|
80
80
|
|
|
81
81
|
attach_pfunc :AddAce, [:ptr, :dword, :dword, :ptr, :dword], :bool
|
|
82
82
|
attach_pfunc :AddAccessAllowedAce, [:ptr, :dword, :dword, :ptr], :bool
|
data/test/test_security.rb
CHANGED
|
@@ -9,7 +9,7 @@ require 'win32/security'
|
|
|
9
9
|
|
|
10
10
|
class TC_Win32_Security < Test::Unit::TestCase
|
|
11
11
|
test "version constant is set to expected value" do
|
|
12
|
-
assert_equal('0.4.
|
|
12
|
+
assert_equal('0.4.1', Win32::Security::VERSION)
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
test "elevated security basic functionality" do
|
data/test/test_sid.rb
CHANGED
|
@@ -20,7 +20,7 @@ class TC_Win32_Security_Sid < Test::Unit::TestCase
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
test "version is set to expected value" do
|
|
23
|
-
assert_equal('0.2.
|
|
23
|
+
assert_equal('0.2.4', Security::SID::VERSION)
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
test "sid method basic functionality" do
|
|
@@ -124,7 +124,7 @@ class TC_Win32_Security_Sid < Test::Unit::TestCase
|
|
|
124
124
|
end
|
|
125
125
|
|
|
126
126
|
test "constructor raises an error if an invalid account is passed" do
|
|
127
|
-
assert_raise(SystemCallError){ Security::SID.new('bogus') }
|
|
127
|
+
assert_raise(SystemCallError, Errno::ESRCH){ Security::SID.new('bogus') }
|
|
128
128
|
end
|
|
129
129
|
|
|
130
130
|
test "well known sid constants are defined" do
|
data/win32-security.gemspec
CHANGED
|
@@ -2,7 +2,7 @@ require 'rubygems'
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |spec|
|
|
4
4
|
spec.name = 'win32-security'
|
|
5
|
-
spec.version = '0.4.
|
|
5
|
+
spec.version = '0.4.1'
|
|
6
6
|
spec.authors = ['Daniel J. Berger', 'Park Heesob']
|
|
7
7
|
spec.license = 'Artistic 2.0'
|
|
8
8
|
spec.email = 'djberg96@gmail.com'
|
|
@@ -17,6 +17,7 @@ Gem::Specification.new do |spec|
|
|
|
17
17
|
spec.required_ruby_version = '>= 1.9.3'
|
|
18
18
|
|
|
19
19
|
spec.add_dependency('ffi')
|
|
20
|
+
spec.add_dependency('ffi-win32-extensions')
|
|
20
21
|
|
|
21
22
|
spec.add_development_dependency('rake')
|
|
22
23
|
spec.add_development_dependency('test-unit', '>= 2.5.0')
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: win32-security
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel J. Berger
|
|
@@ -31,7 +31,7 @@ cert_chain:
|
|
|
31
31
|
EJYzxdPOrx2n6NYR3Hk+vHP0U7UBSveI6+qx+ndQYaeyCn+GRX2PKS9h66YF/Q1V
|
|
32
32
|
tGSHgAmcLlkdGgan182qsE/4kKM=
|
|
33
33
|
-----END CERTIFICATE-----
|
|
34
|
-
date: 2016-
|
|
34
|
+
date: 2016-05-10 00:00:00.000000000 Z
|
|
35
35
|
dependencies:
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: ffi
|
|
@@ -47,6 +47,20 @@ dependencies:
|
|
|
47
47
|
- - ">="
|
|
48
48
|
- !ruby/object:Gem::Version
|
|
49
49
|
version: '0'
|
|
50
|
+
- !ruby/object:Gem::Dependency
|
|
51
|
+
name: ffi-win32-extensions
|
|
52
|
+
requirement: !ruby/object:Gem::Requirement
|
|
53
|
+
requirements:
|
|
54
|
+
- - ">="
|
|
55
|
+
- !ruby/object:Gem::Version
|
|
56
|
+
version: '0'
|
|
57
|
+
type: :runtime
|
|
58
|
+
prerelease: false
|
|
59
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
60
|
+
requirements:
|
|
61
|
+
- - ">="
|
|
62
|
+
- !ruby/object:Gem::Version
|
|
63
|
+
version: '0'
|
|
50
64
|
- !ruby/object:Gem::Dependency
|
|
51
65
|
name: rake
|
|
52
66
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,7 +128,6 @@ files:
|
|
|
114
128
|
- lib/win32/security/windows
|
|
115
129
|
- lib/win32/security/windows/constants.rb
|
|
116
130
|
- lib/win32/security/windows/functions.rb
|
|
117
|
-
- lib/win32/security/windows/helper.rb
|
|
118
131
|
- lib/win32/security/windows/structs.rb
|
|
119
132
|
- lib/win32/security.rb
|
|
120
133
|
- lib/win32-security.rb
|
metadata.gz.sig
CHANGED
|
Binary file
|