[Win32utils-devel] Some more win32-security: SID.create

Park Heesob phasis at gmail.com
Fri Jul 11 11:19:47 EDT 2008


Hi,
----- Original Message ----- 
From: "Berger, Daniel" <Daniel.Berger at qwest.com>
To: "Development and ideas for win32utils projects" 
<win32utils-devel at rubyforge.org>
Sent: Friday, July 11, 2008 10:35 PM
Subject: Re: [Win32utils-devel] Some more win32-security: SID.create


>
>
>> -----Original Message-----
>> From: win32utils-devel-bounces at rubyforge.org
>> [mailto:win32utils-devel-bounces at rubyforge.org] On Behalf Of
>> Heesob Park
>> Sent: Thursday, July 10, 2008 10:27 PM
>> To: Development and ideas for win32utils projects
>> Subject: Re: [Win32utils-devel] Some more win32-security: SID.create
>>
>> Hi,
>>
>> 2008/7/11 Daniel Berger <djberg96 at gmail.com>:
>> > Hi,
>> >
>> > <snip>
>> >
>> >> That is just ruby version of the following code:
>> >>
>> >>       long j;
>> >>        for( j = 2; j <= lcAuths+1; j++)
>> >>        {
>> >>            DWORD dwValue = (DWORD)atol(pAuths[j]);
>> >>            PDWORD pdwSubAuth = GetSidSubAuthority(
>> pLocalSid, (j-2));
>> >>            *pdwSubAuth = dwValue;
>> >>        }
>> >>
>> >> Why do you think that did nothing?
>> >
>> > I guess I misread it. Nevermind. :)
>> >
>> > I did remove the [0,1,2,3,5] loop, though.
>> >
>> > I do need some help with testing please. I've added some
>> more tests in
>> > CVS, but I wasn't sure what a good way was to test SID.create with
>> > subauthorities. Any suggestions?
>> >
>> I guess SID.create test with Well-known SIDs is possible.
>> Refer to http://msdn.microsoft.com/en-us/library/aa379649(VS.85).aspx
>
> After adding some RID constants to Windows::Security (now in CVS) I
> tried this:
>
> include Win32
>
> s = Security::SID.create(
>   Security::SID::SECURITY_WORLD_SID_AUTHORITY,
>   Security::SID::SECURITY_WORLD_RID
> )
>
> p s
>
> But I get:
>
> C:\Documents and
> Settings\djberge\workspace\win32-security\lib\win32\security>ruby sid.rb
> sid.rb:151:in `initialize': No mapping between account names and
> security IDs was done. (Win32::Security::SID:
> :Error)
>        from sid.rb:89:in `new'
>        from sid.rb:89:in `create'
>        from sid.rb:231
>
I found the bug.
The self.create method should be like this  :

         def self.create(authority, *sub_authorities)
            if sub_authorities.length > 8
               raise ArgumentError, "maximum of 8 subauthorities allowed"
            end

            sid = 0.chr * GetSidLengthRequired(sub_authorities.length)

            auth = 0.chr * 5 + authority.chr

            unless InitializeSid(sid, auth, sub_authorities.length)
               raise Error, get_last_error
            end

            sub_authorities.each_index do |i|
               value = [sub_authorities[i]].pack('L')
               auth_ptr = GetSidSubAuthority(sid, i)
               memcpy(auth_ptr, value, 4)
            end

            self.new(sid)
         end

And here is a test code:

sid = 0.chr * 12
sid_size = [12].pack('L')
bool = CreateWellKnownSid(WinWorldSid,nil,sid,sid_size)
unless bool
  puts get_last_error
end
s1 = Security::SID.new(sid)

s2 = Security::SID.create(
   Security::SID::SECURITY_WORLD_SID_AUTHORITY,
   SECURITY_WORLD_RID
)
p s1==s2

> I suspect I don't understand the Windows security model as well as I
> should. Perhaps I should order this book:
>
> "Programming Windows Security"
>
> http://www.bookpool.com/sm/0201604426
>
> It's a bit dated, but probably has everything I need. Does anyone have
> any opinion on this book?
>
No comment :)

Regards,

Park Heesob




More information about the win32utils-devel mailing list