win32-security 0.4.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/CHANGES +11 -0
- data/MANIFEST +3 -0
- data/lib/win32/security.rb +20 -7
- data/lib/win32/security/acl.rb +13 -13
- data/lib/win32/security/sid.rb +11 -13
- data/lib/win32/security/windows/functions.rb +2 -2
- data/test/test_security.rb +1 -1
- data/test/test_sid.rb +2 -2
- data/win32-security.gemspec +2 -1
- metadata +16 -3
- metadata.gz.sig +0 -0
- data/lib/win32/security/windows/helper.rb +0 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 17acf08fb33a5a5e6f014622ae6425fa14773c3d
|
|
4
|
+
data.tar.gz: b866473ff81aaa20bbf5ffb6ba4b60726ccdd6a0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 35d37cbe3d106ba3ff620b7302273f3ec7184cbb25fbf20a540be2cd356a619232906cb62b8977114c7ffc1724caedd652c0c1d100a4544b92ba3c3f7cf0e872
|
|
7
|
+
data.tar.gz: a5219e4dd547d6db64dc7042d214ab5c37d913014c21c1ce92af6c7c10289f8d02671b6681890f6a03d8db772380534763fbee6049c0f1b66408c9f8b87e16f9
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data.tar.gz.sig
CHANGED
|
Binary file
|
data/CHANGES
CHANGED
|
@@ -1,3 +1,14 @@
|
|
|
1
|
+
== 0.4.1 - 9-May-2016
|
|
2
|
+
* Added the ffi-win32-extensions dependency, and removed the helper file.
|
|
3
|
+
* The SID.new method is now a bit more flexible with regards to failures of
|
|
4
|
+
the OpenThreadToken function. It now just defaults to OpenProcessToken no
|
|
5
|
+
matter what, if it can.
|
|
6
|
+
* The Security.elevated_security? method is now more robust, using a double
|
|
7
|
+
pass approach.
|
|
8
|
+
* The above fixes were mainly to resolve issues on cygwin64. Thanks go to
|
|
9
|
+
Tobias Hochg�rtel and Wouter Scheele for raising the issues and providing
|
|
10
|
+
providing patches (for both this library and cygwin64 + ffi).
|
|
11
|
+
|
|
1
12
|
== 0.4.0 - 7-Mar-2016
|
|
2
13
|
* Added wide character support. Thanks go to Ethan J. Brown for finally forcing
|
|
3
14
|
me to get around to this.
|
data/MANIFEST
CHANGED
data/lib/win32/security.rb
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
# This file allows users to require all security related classes from
|
|
2
2
|
# a single file, instead of having to require individual files.
|
|
3
3
|
|
|
4
|
+
require 'ffi/win32/extensions'
|
|
4
5
|
require_relative 'security/windows/constants'
|
|
5
6
|
require_relative 'security/windows/structs'
|
|
6
7
|
require_relative 'security/windows/functions'
|
|
7
|
-
require_relative 'security/windows/helper'
|
|
8
8
|
|
|
9
9
|
# The Win32 module serves as a namespace only.
|
|
10
10
|
module Win32
|
|
@@ -21,7 +21,7 @@ module Win32
|
|
|
21
21
|
extend Windows::Security::Functions
|
|
22
22
|
|
|
23
23
|
# The version of the win32-security library
|
|
24
|
-
VERSION = '0.4.
|
|
24
|
+
VERSION = '0.4.1'
|
|
25
25
|
|
|
26
26
|
# Used by OpenProcessToken
|
|
27
27
|
TOKEN_QUERY = 8
|
|
@@ -41,14 +41,14 @@ module Win32
|
|
|
41
41
|
|
|
42
42
|
FFI::MemoryPointer.new(ptr_type) do |token|
|
|
43
43
|
unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
|
|
44
|
-
|
|
44
|
+
FFI.raise_windows_error('OpenProcessToken')
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
begin
|
|
48
48
|
token = token.read_pointer.to_i
|
|
49
49
|
|
|
50
50
|
# Since the TokenElevation struct only has 1 member, we use a pointer.
|
|
51
|
-
te = FFI::MemoryPointer.new(:
|
|
51
|
+
te = FFI::MemoryPointer.new(:pointer)
|
|
52
52
|
rl = FFI::MemoryPointer.new(:ulong)
|
|
53
53
|
|
|
54
54
|
bool = GetTokenInformation(
|
|
@@ -59,9 +59,22 @@ module Win32
|
|
|
59
59
|
rl
|
|
60
60
|
)
|
|
61
61
|
|
|
62
|
-
|
|
62
|
+
te.free
|
|
63
|
+
te = FFI::MemoryPointer.new(rl.read_ulong)
|
|
64
|
+
rl.clear
|
|
65
|
+
|
|
66
|
+
bool = GetTokenInformation(
|
|
67
|
+
token,
|
|
68
|
+
:TokenElevation,
|
|
69
|
+
te,
|
|
70
|
+
te.size,
|
|
71
|
+
rl
|
|
72
|
+
)
|
|
73
|
+
|
|
74
|
+
FFI.raise_windows_error('GetTokenInformation') unless bool
|
|
63
75
|
|
|
64
|
-
|
|
76
|
+
token_info = rl.read_ulong == 4 ? te.read_uint : te.read_ulong
|
|
77
|
+
result = token_info != 0
|
|
65
78
|
ensure
|
|
66
79
|
CloseHandle(token)
|
|
67
80
|
te.free
|
|
@@ -79,7 +92,7 @@ module Win32
|
|
|
79
92
|
ver[:dwOSVersionInfoSize] = ver.size
|
|
80
93
|
|
|
81
94
|
unless GetVersionExA(ver)
|
|
82
|
-
|
|
95
|
+
FFI.raise_windows_error('GetVersionEx')
|
|
83
96
|
end
|
|
84
97
|
|
|
85
98
|
ver[:dwMajorVersion]
|
data/lib/win32/security/acl.rb
CHANGED
|
@@ -12,7 +12,7 @@ module Win32
|
|
|
12
12
|
extend Windows::Security::Functions
|
|
13
13
|
|
|
14
14
|
# The version of the Win32::Security::ACL class.
|
|
15
|
-
VERSION = '0.2.
|
|
15
|
+
VERSION = '0.2.1'
|
|
16
16
|
|
|
17
17
|
# The underlying ACL structure.
|
|
18
18
|
attr_reader :acl
|
|
@@ -28,7 +28,7 @@ module Win32
|
|
|
28
28
|
acl = ACL_STRUCT.new
|
|
29
29
|
|
|
30
30
|
unless InitializeAcl(acl, size, revision)
|
|
31
|
-
|
|
31
|
+
FFI.raise_windows_error('InitializeAcl')
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
@acl = acl
|
|
@@ -41,7 +41,7 @@ module Win32
|
|
|
41
41
|
info = ACL_SIZE_INFORMATION.new
|
|
42
42
|
|
|
43
43
|
unless GetAclInformation(@acl, info, info.size, AclSizeInformation)
|
|
44
|
-
|
|
44
|
+
FFI.raise_windows_error('GetAclInformation')
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
info[:AceCount]
|
|
@@ -54,7 +54,7 @@ module Win32
|
|
|
54
54
|
info = ACL_SIZE_INFORMATION.new
|
|
55
55
|
|
|
56
56
|
unless GetAclInformation(@acl, info, info.size, AclSizeInformation)
|
|
57
|
-
|
|
57
|
+
FFI.raise_windows_error('GetAclInformation')
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
[info[:AclBytesInUse], info[:AclBytesFree]]
|
|
@@ -88,11 +88,11 @@ module Win32
|
|
|
88
88
|
|
|
89
89
|
if flags
|
|
90
90
|
unless AddAccessAllowedAceEx(@acl, @revision, flags, mask, sid)
|
|
91
|
-
|
|
91
|
+
FFI.raise_windows_error('AddAccessAllowedAceEx')
|
|
92
92
|
end
|
|
93
93
|
else
|
|
94
94
|
unless AddAccessAllowedAce(@acl, @revision, mask, sid)
|
|
95
|
-
|
|
95
|
+
FFI.raise_windows_error('AddAccessAllowedAce')
|
|
96
96
|
end
|
|
97
97
|
end
|
|
98
98
|
|
|
@@ -122,11 +122,11 @@ module Win32
|
|
|
122
122
|
|
|
123
123
|
if flags
|
|
124
124
|
unless AddAccessDeniedAceEx(@acl, @revision, flags, mask, sid)
|
|
125
|
-
|
|
125
|
+
FFI.raise_windows_error('AddAccessDeniedAceEx')
|
|
126
126
|
end
|
|
127
127
|
else
|
|
128
128
|
unless AddAccessDeniedAce(@acl, @revision, mask, sid)
|
|
129
|
-
|
|
129
|
+
FFI.raise_windows_error('AddAccessDeniedAce')
|
|
130
130
|
end
|
|
131
131
|
end
|
|
132
132
|
end
|
|
@@ -140,7 +140,7 @@ module Win32
|
|
|
140
140
|
#
|
|
141
141
|
def add_ace(ace, index=MAXDWORD)
|
|
142
142
|
unless AddAce(@acl, @revision, index, ace, ace.length)
|
|
143
|
-
|
|
143
|
+
FFI.raise_windows_error('AddAce')
|
|
144
144
|
end
|
|
145
145
|
|
|
146
146
|
index
|
|
@@ -153,7 +153,7 @@ module Win32
|
|
|
153
153
|
#
|
|
154
154
|
def delete_ace(index=MAXDWORD)
|
|
155
155
|
unless DeleteAce(@acl, index)
|
|
156
|
-
|
|
156
|
+
FFI.raise_windows_error('DeleteAce')
|
|
157
157
|
end
|
|
158
158
|
|
|
159
159
|
index
|
|
@@ -172,11 +172,11 @@ module Win32
|
|
|
172
172
|
FFI::MemoryPointer.new(:pointer) do |pptr|
|
|
173
173
|
if index.nil?
|
|
174
174
|
unless FindFirstFreeAce(@acl, pptr)
|
|
175
|
-
|
|
175
|
+
FFI.raise_windows_error('FindFirstFreeAce')
|
|
176
176
|
end
|
|
177
177
|
else
|
|
178
178
|
unless GetAce(@acl, index, pptr)
|
|
179
|
-
|
|
179
|
+
FFI.raise_windows_error('GetAce')
|
|
180
180
|
end
|
|
181
181
|
end
|
|
182
182
|
|
|
@@ -205,7 +205,7 @@ module Win32
|
|
|
205
205
|
buf.write_ulong(revision_level)
|
|
206
206
|
|
|
207
207
|
unless SetAclInformation(@acl, buf, buf.size, AclRevisionInformation)
|
|
208
|
-
|
|
208
|
+
FFI.raise_windows_error('SetAclInformation')
|
|
209
209
|
end
|
|
210
210
|
end
|
|
211
211
|
|
data/lib/win32/security/sid.rb
CHANGED
|
@@ -14,7 +14,7 @@ module Win32
|
|
|
14
14
|
extend Windows::Security::Functions
|
|
15
15
|
|
|
16
16
|
# The version of the Win32::Security::SID class.
|
|
17
|
-
VERSION = '0.2.
|
|
17
|
+
VERSION = '0.2.4'
|
|
18
18
|
|
|
19
19
|
# Some constant SID's for your convenience, in string format.
|
|
20
20
|
# See http://support.microsoft.com/kb/243330 for details.
|
|
@@ -79,7 +79,7 @@ module Win32
|
|
|
79
79
|
|
|
80
80
|
FFI::MemoryPointer.new(:pointer) do |string_sid|
|
|
81
81
|
unless ConvertSidToStringSid(sid, string_sid)
|
|
82
|
-
|
|
82
|
+
FFI.raise_windows_error('ConvertSidToStringSid')
|
|
83
83
|
end
|
|
84
84
|
|
|
85
85
|
result = string_sid.read_pointer.read_string
|
|
@@ -95,7 +95,7 @@ module Win32
|
|
|
95
95
|
|
|
96
96
|
FFI::MemoryPointer.new(:pointer) do |sid|
|
|
97
97
|
unless ConvertStringSidToSid(string, sid)
|
|
98
|
-
|
|
98
|
+
FFI.raise_windows_error('ConvertStringSidToSid')
|
|
99
99
|
end
|
|
100
100
|
|
|
101
101
|
ptr = sid.read_pointer
|
|
@@ -139,7 +139,7 @@ module Win32
|
|
|
139
139
|
auth[:Value][5] = authority
|
|
140
140
|
|
|
141
141
|
unless InitializeSid(sid, auth, sub_authorities.length)
|
|
142
|
-
|
|
142
|
+
FFI.raise_windows_error('InitializeSid')
|
|
143
143
|
end
|
|
144
144
|
|
|
145
145
|
sub_authorities.each_index do |i|
|
|
@@ -194,12 +194,10 @@ module Win32
|
|
|
194
194
|
# Try the thread token first, default to the process token.
|
|
195
195
|
bool = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, 1, ptoken)
|
|
196
196
|
|
|
197
|
-
|
|
198
|
-
raise SystemCallError.new("OpenThreadToken", FFI.errno)
|
|
199
|
-
else
|
|
197
|
+
unless bool
|
|
200
198
|
ptoken.clear
|
|
201
199
|
unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, ptoken)
|
|
202
|
-
|
|
200
|
+
FFI.raise_windows_error('OpenProcessToken')
|
|
203
201
|
end
|
|
204
202
|
end
|
|
205
203
|
|
|
@@ -216,7 +214,7 @@ module Win32
|
|
|
216
214
|
|
|
217
215
|
# Second pass, actual call (1 is TokenOwner)
|
|
218
216
|
unless GetTokenInformation(token, 1, pinfo, pinfo.size, plength)
|
|
219
|
-
|
|
217
|
+
FFI.raise_windows_error('GetTokenInformation')
|
|
220
218
|
end
|
|
221
219
|
|
|
222
220
|
token_info = pinfo.read_pointer
|
|
@@ -248,7 +246,7 @@ module Win32
|
|
|
248
246
|
use_ptr
|
|
249
247
|
)
|
|
250
248
|
unless bool
|
|
251
|
-
|
|
249
|
+
FFI.raise_windows_error('LookupAccountSid')
|
|
252
250
|
end
|
|
253
251
|
elsif ordinal_val < 10 # Assume it's a binary SID.
|
|
254
252
|
account_ptr = FFI::MemoryPointer.from_string(account)
|
|
@@ -264,7 +262,7 @@ module Win32
|
|
|
264
262
|
)
|
|
265
263
|
|
|
266
264
|
unless bool
|
|
267
|
-
|
|
265
|
+
FFI.raise_windows_error('LookupAccountSid')
|
|
268
266
|
end
|
|
269
267
|
|
|
270
268
|
account_ptr.free
|
|
@@ -279,7 +277,7 @@ module Win32
|
|
|
279
277
|
use_ptr
|
|
280
278
|
)
|
|
281
279
|
unless bool
|
|
282
|
-
|
|
280
|
+
FFI.raise_windows_error('LookupAccountName')
|
|
283
281
|
end
|
|
284
282
|
end
|
|
285
283
|
|
|
@@ -318,7 +316,7 @@ module Win32
|
|
|
318
316
|
|
|
319
317
|
FFI::MemoryPointer.new(:pointer) do |ptr|
|
|
320
318
|
unless ConvertSidToStringSid(@sid, ptr)
|
|
321
|
-
|
|
319
|
+
FFI.raise_windows_error('ConvertSidToStringSid')
|
|
322
320
|
end
|
|
323
321
|
|
|
324
322
|
string = ptr.read_pointer.read_string
|
|
@@ -23,7 +23,7 @@ module Windows
|
|
|
23
23
|
typedef :uintptr_t, :handle
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
-
ffi_lib
|
|
26
|
+
ffi_lib 'kernel32'
|
|
27
27
|
ffi_convention :stdcall
|
|
28
28
|
|
|
29
29
|
enum :token_info_class, [
|
|
@@ -76,7 +76,7 @@ module Windows
|
|
|
76
76
|
attach_pfunc :GetLastError, [], :dword
|
|
77
77
|
attach_pfunc :CloseHandle, [:dword], :bool
|
|
78
78
|
|
|
79
|
-
ffi_lib
|
|
79
|
+
ffi_lib 'advapi32'
|
|
80
80
|
|
|
81
81
|
attach_pfunc :AddAce, [:ptr, :dword, :dword, :ptr, :dword], :bool
|
|
82
82
|
attach_pfunc :AddAccessAllowedAce, [:ptr, :dword, :dword, :ptr], :bool
|
data/test/test_security.rb
CHANGED
|
@@ -9,7 +9,7 @@ require 'win32/security'
|
|
|
9
9
|
|
|
10
10
|
class TC_Win32_Security < Test::Unit::TestCase
|
|
11
11
|
test "version constant is set to expected value" do
|
|
12
|
-
assert_equal('0.4.
|
|
12
|
+
assert_equal('0.4.1', Win32::Security::VERSION)
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
test "elevated security basic functionality" do
|
data/test/test_sid.rb
CHANGED
|
@@ -20,7 +20,7 @@ class TC_Win32_Security_Sid < Test::Unit::TestCase
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
test "version is set to expected value" do
|
|
23
|
-
assert_equal('0.2.
|
|
23
|
+
assert_equal('0.2.4', Security::SID::VERSION)
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
test "sid method basic functionality" do
|
|
@@ -124,7 +124,7 @@ class TC_Win32_Security_Sid < Test::Unit::TestCase
|
|
|
124
124
|
end
|
|
125
125
|
|
|
126
126
|
test "constructor raises an error if an invalid account is passed" do
|
|
127
|
-
assert_raise(SystemCallError){ Security::SID.new('bogus') }
|
|
127
|
+
assert_raise(SystemCallError, Errno::ESRCH){ Security::SID.new('bogus') }
|
|
128
128
|
end
|
|
129
129
|
|
|
130
130
|
test "well known sid constants are defined" do
|
data/win32-security.gemspec
CHANGED
|
@@ -2,7 +2,7 @@ require 'rubygems'
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |spec|
|
|
4
4
|
spec.name = 'win32-security'
|
|
5
|
-
spec.version = '0.4.
|
|
5
|
+
spec.version = '0.4.1'
|
|
6
6
|
spec.authors = ['Daniel J. Berger', 'Park Heesob']
|
|
7
7
|
spec.license = 'Artistic 2.0'
|
|
8
8
|
spec.email = 'djberg96@gmail.com'
|
|
@@ -17,6 +17,7 @@ Gem::Specification.new do |spec|
|
|
|
17
17
|
spec.required_ruby_version = '>= 1.9.3'
|
|
18
18
|
|
|
19
19
|
spec.add_dependency('ffi')
|
|
20
|
+
spec.add_dependency('ffi-win32-extensions')
|
|
20
21
|
|
|
21
22
|
spec.add_development_dependency('rake')
|
|
22
23
|
spec.add_development_dependency('test-unit', '>= 2.5.0')
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: win32-security
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Daniel J. Berger
|
|
@@ -31,7 +31,7 @@ cert_chain:
|
|
|
31
31
|
EJYzxdPOrx2n6NYR3Hk+vHP0U7UBSveI6+qx+ndQYaeyCn+GRX2PKS9h66YF/Q1V
|
|
32
32
|
tGSHgAmcLlkdGgan182qsE/4kKM=
|
|
33
33
|
-----END CERTIFICATE-----
|
|
34
|
-
date: 2016-
|
|
34
|
+
date: 2016-05-10 00:00:00.000000000 Z
|
|
35
35
|
dependencies:
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: ffi
|
|
@@ -47,6 +47,20 @@ dependencies:
|
|
|
47
47
|
- - ">="
|
|
48
48
|
- !ruby/object:Gem::Version
|
|
49
49
|
version: '0'
|
|
50
|
+
- !ruby/object:Gem::Dependency
|
|
51
|
+
name: ffi-win32-extensions
|
|
52
|
+
requirement: !ruby/object:Gem::Requirement
|
|
53
|
+
requirements:
|
|
54
|
+
- - ">="
|
|
55
|
+
- !ruby/object:Gem::Version
|
|
56
|
+
version: '0'
|
|
57
|
+
type: :runtime
|
|
58
|
+
prerelease: false
|
|
59
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
60
|
+
requirements:
|
|
61
|
+
- - ">="
|
|
62
|
+
- !ruby/object:Gem::Version
|
|
63
|
+
version: '0'
|
|
50
64
|
- !ruby/object:Gem::Dependency
|
|
51
65
|
name: rake
|
|
52
66
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -114,7 +128,6 @@ files:
|
|
|
114
128
|
- lib/win32/security/windows
|
|
115
129
|
- lib/win32/security/windows/constants.rb
|
|
116
130
|
- lib/win32/security/windows/functions.rb
|
|
117
|
-
- lib/win32/security/windows/helper.rb
|
|
118
131
|
- lib/win32/security/windows/structs.rb
|
|
119
132
|
- lib/win32/security.rb
|
|
120
133
|
- lib/win32-security.rb
|
metadata.gz.sig
CHANGED
|
Binary file
|