winevt_c 0.11.0 → 0.11.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/ext/winevt/winevt_utils.cpp +13 -6
  3. data/lib/winevt/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 53a1d55d20095680cdb54820e8b0b9293fe40e2a16ae74a897ea3f5b0a1cf05d
4
- data.tar.gz: '080132cb71100664e30b9ef7e9c1f2c49542b7f92f5c78b25d3b893fc459bb5b'
3
+ metadata.gz: 236cd5f44b0a13dd198baa83329a340742ae4e9ff618d01671cb48326e4da0c9
4
+ data.tar.gz: 26cfad4e5eede9d60710672dabe47a61db41cc2d21861704fb94f00ea2c6c51f
5
5
  SHA512:
6
- metadata.gz: dbd64322ff92fb89c723a2d963fb1b706a169d40a620985adf8ea9cb4eb5654a5df206d07346834c68334e157224c6d71fc9e38762c010eca73df34f1dd68662
7
- data.tar.gz: a514c1c356b1d62c44c19887ce24790cc5efa966a9184470df1fc2317f88d436b24caa61600b62cf5d4d8bddbcf07cccaacd2d2b48fa9b14e0c2adf772db9d11
6
+ metadata.gz: '081e7c41f48447bbb401c5a8483094b3258a521a97a7b301b44ac89d216d888cece8ab1f89406b8fafc694436574c2660f600cec9c053f098cb81e3d05d311d4'
7
+ data.tar.gz: 4e5eb1006bd0e05d59bdfb361edf02025b1ab86a6f7fc66d9489b27b29cdf530f47a404ae8b8c17f32d167b44cddaa28d5bd89e58cef4a93cec65dfe486c6eb1
data/ext/winevt/winevt_utils.cpp CHANGED
@@ -885,14 +885,21 @@ render_system_event(EVT_HANDLE hEvent, BOOL preserve_qualifiers, BOOL preserveSI
885
885
  if (preserveSID_p) {
886
886
  rbstr = rb_utf8_str_new_cstr(pwsSid);
887
887
  rb_hash_aset(hash, rb_str_new2("UserID"), rbstr);
888
- LocalFree(pwsSid);
889
888
  }
890
- if (ExpandSIDWString(pRenderedValues[EvtSystemUserID].SidVal,
891
- &expandSID) == 0) {
892
- rbstr = rb_utf8_str_new_cstr(expandSID);
893
- free(expandSID);
894
- rb_hash_aset(hash, rb_str_new2("User"), rbstr);
889
+ /* S-1-15-3- is used for capability SIDs. So, we need to skip
890
+ * SID translation.
891
+ * ref: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers
892
+ * See also: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/sids-not-resolve-into-friendly-names
893
+ */
894
+ if (strnicmp(pwsSid, "S-1-15-3-", 9) != 0) {
895
+ if (ExpandSIDWString(pRenderedValues[EvtSystemUserID].SidVal,
896
+ &expandSID) == 0) {
897
+ rbstr = rb_utf8_str_new_cstr(expandSID);
898
+ free(expandSID);
899
+ rb_hash_aset(hash, rb_str_new2("User"), rbstr);
900
+ }
895
901
  }
902
+ LocalFree(pwsSid);
896
903
  }
897
904
  }
898
905
 
data/lib/winevt/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Winevt
2
- VERSION = "0.11.0"
2
+ VERSION = "0.11.1"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: winevt_c
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.11.0
4
+ version: 0.11.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Hiroshi Hatake
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-08-01 00:00:00.000000000 Z
11
+ date: 2024-08-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler