RubyGems - winevt_c - Versions diffs - 0.11.0 → 0.11.1 - Mend

winevt_c 0.11.0 → 0.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 53a1d55d20095680cdb54820e8b0b9293fe40e2a16ae74a897ea3f5b0a1cf05d
-  data.tar.gz: '080132cb71100664e30b9ef7e9c1f2c49542b7f92f5c78b25d3b893fc459bb5b'
+  metadata.gz: 236cd5f44b0a13dd198baa83329a340742ae4e9ff618d01671cb48326e4da0c9
+  data.tar.gz: 26cfad4e5eede9d60710672dabe47a61db41cc2d21861704fb94f00ea2c6c51f
 SHA512:
-  metadata.gz: dbd64322ff92fb89c723a2d963fb1b706a169d40a620985adf8ea9cb4eb5654a5df206d07346834c68334e157224c6d71fc9e38762c010eca73df34f1dd68662
-  data.tar.gz: a514c1c356b1d62c44c19887ce24790cc5efa966a9184470df1fc2317f88d436b24caa61600b62cf5d4d8bddbcf07cccaacd2d2b48fa9b14e0c2adf772db9d11
+  metadata.gz: '081e7c41f48447bbb401c5a8483094b3258a521a97a7b301b44ac89d216d888cece8ab1f89406b8fafc694436574c2660f600cec9c053f098cb81e3d05d311d4'
+  data.tar.gz: 4e5eb1006bd0e05d59bdfb361edf02025b1ab86a6f7fc66d9489b27b29cdf530f47a404ae8b8c17f32d167b44cddaa28d5bd89e58cef4a93cec65dfe486c6eb1

data/ext/winevt/winevt_utils.cpp CHANGED Viewed

@@ -885,14 +885,21 @@ render_system_event(EVT_HANDLE hEvent, BOOL preserve_qualifiers, BOOL preserveSI
       if (preserveSID_p) {
         rbstr = rb_utf8_str_new_cstr(pwsSid);
         rb_hash_aset(hash, rb_str_new2("UserID"), rbstr);
-        LocalFree(pwsSid);
       }
-      if (ExpandSIDWString(pRenderedValues[EvtSystemUserID].SidVal,
-                       &expandSID) == 0) {
-        rbstr = rb_utf8_str_new_cstr(expandSID);
-        free(expandSID);
-        rb_hash_aset(hash, rb_str_new2("User"), rbstr);
+      /* S-1-15-3- is used for capability SIDs. So, we need to skip
+       * SID translation.
+       * ref: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers
+       * See also: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/sids-not-resolve-into-friendly-names
+       */
+      if (strnicmp(pwsSid, "S-1-15-3-", 9) != 0) {
+        if (ExpandSIDWString(pRenderedValues[EvtSystemUserID].SidVal,
+                             &expandSID) == 0) {
+          rbstr = rb_utf8_str_new_cstr(expandSID);
+          free(expandSID);
+          rb_hash_aset(hash, rb_str_new2("User"), rbstr);
+        }
       }
+      LocalFree(pwsSid);
     }
   }

data/lib/winevt/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Winevt
-  VERSION = "0.11.0"
+  VERSION = "0.11.1"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: winevt_c
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.11.1
 platform: ruby
 authors:
 - Hiroshi Hatake
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-08-01 00:00:00.000000000 Z
+date: 2024-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler