class Chef::ReservedNames::Win32::Security::SID

Constants

BUILT_IN_GROUPS
SERVICE_ACCOUNT_USERS
SYSTEM_USER

Attributes

pointer[R]

Public Class Methods

AccountOperators() click to toggle source
# File lib/chef/win32/security/sid.rb, line 209
def self.AccountOperators
  SID.from_string_sid("S-1-5-32-548")
end
Administrator() click to toggle source
# File lib/chef/win32/security/sid.rb, line 237
def self.Administrator
  SID.from_account("#{::ENV["COMPUTERNAME"]}\\#{SID.admin_account_name}")
end
Administrators() click to toggle source
# File lib/chef/win32/security/sid.rb, line 229
def self.Administrators
  SID.from_string_sid("S-1-5-32-544")
end
Anonymous() click to toggle source
# File lib/chef/win32/security/sid.rb, line 153
def self.Anonymous
  SID.from_string_sid("S-1-5-7")
end
AuthenticatedUsers() click to toggle source
# File lib/chef/win32/security/sid.rb, line 169
def self.AuthenticatedUsers
  SID.from_string_sid("S-1-5-11")
end
BackupOperators() click to toggle source
# File lib/chef/win32/security/sid.rb, line 221
def self.BackupOperators
  SID.from_string_sid("S-1-5-32-551")
end
Batch() click to toggle source
# File lib/chef/win32/security/sid.rb, line 141
def self.Batch
  SID.from_string_sid("S-1-5-3")
end
BuiltinAdministrators() click to toggle source
# File lib/chef/win32/security/sid.rb, line 193
def self.BuiltinAdministrators
  SID.from_string_sid("S-1-5-32-544")
end
BuiltinUsers() click to toggle source
# File lib/chef/win32/security/sid.rb, line 197
def self.BuiltinUsers
  SID.from_string_sid("S-1-5-32-545")
end
Creator() click to toggle source
# File lib/chef/win32/security/sid.rb, line 105
def self.Creator
  SID.from_string_sid("S-1-3")
end
CreatorGroup() click to toggle source
# File lib/chef/win32/security/sid.rb, line 113
def self.CreatorGroup
  SID.from_string_sid("S-1-3-1")
end
CreatorGroupServer() click to toggle source
# File lib/chef/win32/security/sid.rb, line 121
def self.CreatorGroupServer
  SID.from_string_sid("S-1-3-3")
end
CreatorOwner() click to toggle source
# File lib/chef/win32/security/sid.rb, line 109
def self.CreatorOwner
  SID.from_string_sid("S-1-3-0")
end
CreatorOwnerServer() click to toggle source
# File lib/chef/win32/security/sid.rb, line 117
def self.CreatorOwnerServer
  SID.from_string_sid("S-1-3-2")
end
Dialup() click to toggle source
# File lib/chef/win32/security/sid.rb, line 133
def self.Dialup
  SID.from_string_sid("S-1-5-1")
end
EnterpriseDomainControllers() click to toggle source
# File lib/chef/win32/security/sid.rb, line 161
def self.EnterpriseDomainControllers
  SID.from_string_sid("S-1-5-9")
end
Everyone() click to toggle source
# File lib/chef/win32/security/sid.rb, line 97
def self.Everyone
  SID.from_string_sid("S-1-1-0")
end
Guest() click to toggle source
# File lib/chef/win32/security/sid.rb, line 241
def self.Guest
  SID.from_account("#{::ENV["COMPUTERNAME"]}\\Guest")
end
Guests() click to toggle source
# File lib/chef/win32/security/sid.rb, line 201
def self.Guests
  SID.from_string_sid("S-1-5-32-546")
end
Interactive() click to toggle source
# File lib/chef/win32/security/sid.rb, line 145
def self.Interactive
  SID.from_string_sid("S-1-5-4")
end
Local() click to toggle source
# File lib/chef/win32/security/sid.rb, line 101
def self.Local
  SID.from_string_sid("S-1-2")
end
LocalSystem() click to toggle source
# File lib/chef/win32/security/sid.rb, line 181
def self.LocalSystem
  SID.from_string_sid("S-1-5-18")
end
Network() click to toggle source
# File lib/chef/win32/security/sid.rb, line 137
def self.Network
  SID.from_string_sid("S-1-5-2")
end
Nobody() click to toggle source
# File lib/chef/win32/security/sid.rb, line 89
def self.Nobody
  SID.from_string_sid("S-1-0-0")
end
NonUnique() click to toggle source
# File lib/chef/win32/security/sid.rb, line 125
def self.NonUnique
  SID.from_string_sid("S-1-4")
end
None() click to toggle source
# File lib/chef/win32/security/sid.rb, line 233
def self.None
  SID.from_account("#{::ENV["COMPUTERNAME"]}\\None")
end
Nt() click to toggle source
# File lib/chef/win32/security/sid.rb, line 129
def self.Nt
  SID.from_string_sid("S-1-5")
end
NtLocal() click to toggle source
# File lib/chef/win32/security/sid.rb, line 185
def self.NtLocal
  SID.from_string_sid("S-1-5-19")
end
NtNetwork() click to toggle source
# File lib/chef/win32/security/sid.rb, line 189
def self.NtNetwork
  SID.from_string_sid("S-1-5-20")
end
Null() click to toggle source

Well-known SIDs

# File lib/chef/win32/security/sid.rb, line 85
def self.Null
  SID.from_string_sid("S-1-0")
end
PowerUsers() click to toggle source
# File lib/chef/win32/security/sid.rb, line 205
def self.PowerUsers
  SID.from_string_sid("S-1-5-32-547")
end
PrincipalSelf() click to toggle source
# File lib/chef/win32/security/sid.rb, line 165
def self.PrincipalSelf
  SID.from_string_sid("S-1-5-10")
end
PrintOperators() click to toggle source
# File lib/chef/win32/security/sid.rb, line 217
def self.PrintOperators
  SID.from_string_sid("S-1-5-32-550")
end
Proxy() click to toggle source
# File lib/chef/win32/security/sid.rb, line 157
def self.Proxy
  SID.from_string_sid("S-1-5-8")
end
Replicators() click to toggle source
# File lib/chef/win32/security/sid.rb, line 225
def self.Replicators
  SID.from_string_sid("S-1-5-32-552")
end
RestrictedCode() click to toggle source
# File lib/chef/win32/security/sid.rb, line 173
def self.RestrictedCode
  SID.from_string_sid("S-1-5-12")
end
ServerOperators() click to toggle source
# File lib/chef/win32/security/sid.rb, line 213
def self.ServerOperators
  SID.from_string_sid("S-1-5-32-549")
end
Service() click to toggle source
# File lib/chef/win32/security/sid.rb, line 149
def self.Service
  SID.from_string_sid("S-1-5-6")
end
TerminalServerUsers() click to toggle source
# File lib/chef/win32/security/sid.rb, line 177
def self.TerminalServerUsers
  SID.from_string_sid("S-1-5-13")
end
World() click to toggle source
# File lib/chef/win32/security/sid.rb, line 93
def self.World
  SID.from_string_sid("S-1-1")
end
admin_account_name() click to toggle source
# File lib/chef/win32/security/sid.rb, line 304
def self.admin_account_name
  @admin_account_name ||= begin
    admin_account_name = nil

    # Call NetUserEnum to enumerate the users without hitting network
    # http://msdn.microsoft.com/en-us/library/windows/desktop/aa370652(v=vs.85).aspx
    servername = nil # We are querying the local server
    level = 3 # We want USER_INFO_3 structure which contains the SID
    filter = FILTER_NORMAL_ACCOUNT # Only query the user accounts
    bufptr = FFI::MemoryPointer.new(:pointer) # Buffer which will receive the data
    prefmaxlen = MAX_PREFERRED_LENGTH # Let the system allocate the needed amount of memory
    entriesread = FFI::Buffer.new(:long).write_long(0)
    totalentries = FFI::Buffer.new(:long).write_long(0)
    resume_handle = FFI::Buffer.new(:long).write_long(0)

    status = ERROR_MORE_DATA

    while status == ERROR_MORE_DATA
      status = NetUserEnum(servername, level, filter, bufptr, prefmaxlen, entriesread, totalentries, resume_handle)

      if [NERR_Success, ERROR_MORE_DATA].include?(status)
        Array.new(entriesread.read_long) do |i|
          user_info = USER_INFO_3.new(bufptr.read_pointer + i * USER_INFO_3.size)
          # Check if the account is the Administrator account
          # RID for the Administrator account is always 500 and it's privilege is set to USER_PRIV_ADMIN
          if user_info[:usri3_user_id] == 500 && user_info[:usri3_priv] == 2 # USER_PRIV_ADMIN (2) - Administrator
            admin_account_name = user_info[:usri3_name].read_wstring
            break
          end
        end

        # Free the memory allocated by the system
        NetApiBufferFree(bufptr.read_pointer)
      end
    end

    raise "Can not determine the administrator account name." if admin_account_name.nil?

    admin_account_name
  end
end
current_user() click to toggle source
# File lib/chef/win32/security/sid.rb, line 245
def self.current_user
  SID.from_account("#{::ENV["USERDOMAIN"]}\\#{::ENV["USERNAME"]}")
end
default_security_object_group() click to toggle source

See technet.microsoft.com/en-us/library/cc961996.aspx In practice, this seems to be SID.current_user for Microsoft Accounts, the current user’s Domain Users group for domain accounts, and SID.None otherwise.

# File lib/chef/win32/security/sid.rb, line 299
def self.default_security_object_group
  token = Chef::ReservedNames::Win32::Security.open_current_process_token
  Chef::ReservedNames::Win32::Security.get_token_information_primary_group(token)
end
default_security_object_owner() click to toggle source

See technet.microsoft.com/en-us/library/cc961992.aspx In practice, this is SID.Administrators if the current_user is an admin (even if not running elevated), and is current_user otherwise.

# File lib/chef/win32/security/sid.rb, line 291
def self.default_security_object_owner
  token = Chef::ReservedNames::Win32::Security.open_current_process_token
  Chef::ReservedNames::Win32::Security.get_token_information_owner(token)
end
from_account(name) click to toggle source
# File lib/chef/win32/security/sid.rb, line 43
def self.from_account(name)
  domain, sid, use = Chef::ReservedNames::Win32::Security.lookup_account_name(name)
  sid
end
from_string_sid(string_sid) click to toggle source
# File lib/chef/win32/security/sid.rb, line 48
def self.from_string_sid(string_sid)
  Chef::ReservedNames::Win32::Security.convert_string_sid_to_sid(string_sid)
end
group_user?(user) click to toggle source

Check if the user is in builtin system group

@return [Boolean] True or False

# File lib/chef/win32/security/sid.rb, line 276
def self.group_user?(user)
  BUILT_IN_GROUPS.include?(user.to_s.upcase)
end
new(pointer, owner = nil) click to toggle source
# File lib/chef/win32/security/sid.rb, line 37
def initialize(pointer, owner = nil)
  @pointer = pointer
  # Keep a reference to the actual owner of this memory so we don't get freed
  @owner = owner
end
service_account_user?(user) click to toggle source

Check if the user belongs to service accounts category

@return [Boolean] True or False

# File lib/chef/win32/security/sid.rb, line 268
def self.service_account_user?(user)
  SERVICE_ACCOUNT_USERS.include?(user.to_s.upcase)
end
system_user?(user) click to toggle source

Check if the user belongs to system users category

@return [Boolean] True or False

# File lib/chef/win32/security/sid.rb, line 284
def self.system_user?(user)
  SYSTEM_USER.include?(user.to_s.upcase)
end

Public Instance Methods

==(other) click to toggle source
# File lib/chef/win32/security/sid.rb, line 52
def ==(other)
  !other.nil? && Chef::ReservedNames::Win32::Security.equal_sid(self, other)
end
account() click to toggle source
# File lib/chef/win32/security/sid.rb, line 58
def account
  Chef::ReservedNames::Win32::Security.lookup_account_sid(self)
end
account_name() click to toggle source
# File lib/chef/win32/security/sid.rb, line 67
def account_name
  domain, name, use = account
  (!domain.nil? && domain.length > 0) ? "#{domain}\\#{name}" : name
end
account_simple_name() click to toggle source
# File lib/chef/win32/security/sid.rb, line 62
def account_simple_name
  domain, name, use = account
  name
end
size() click to toggle source
# File lib/chef/win32/security/sid.rb, line 72
def size
  Chef::ReservedNames::Win32::Security.get_length_sid(self)
end
to_s() click to toggle source
# File lib/chef/win32/security/sid.rb, line 76
def to_s
  Chef::ReservedNames::Win32::Security.convert_sid_to_string_sid(self)
end
valid?() click to toggle source
# File lib/chef/win32/security/sid.rb, line 80
def valid?
  Chef::ReservedNames::Win32::Security.is_valid_sid(self)
end