[Win32utils-devel] Some more win32-security: SID.create

Berger, Daniel Daniel.Berger at qwest.com
Fri Jul 11 13:32:42 EDT 2008


 

> -----Original Message-----
> From: win32utils-devel-bounces at rubyforge.org 
> [mailto:win32utils-devel-bounces at rubyforge.org] On Behalf Of 
> Park Heesob
> Sent: Friday, July 11, 2008 9:20 AM
> To: Development and ideas for win32utils projects
> Subject: Re: [Win32utils-devel] Some more win32-security: SID.create
> 
> Hi,
> ----- Original Message -----
> From: "Berger, Daniel" <Daniel.Berger at qwest.com>
> To: "Development and ideas for win32utils projects" 
> <win32utils-devel at rubyforge.org>
> Sent: Friday, July 11, 2008 10:35 PM
> Subject: Re: [Win32utils-devel] Some more win32-security: SID.create
> 
> 
> >
> >
> >> -----Original Message-----
> >> From: win32utils-devel-bounces at rubyforge.org
> >> [mailto:win32utils-devel-bounces at rubyforge.org] On Behalf Of
> >> Heesob Park
> >> Sent: Thursday, July 10, 2008 10:27 PM
> >> To: Development and ideas for win32utils projects
> >> Subject: Re: [Win32utils-devel] Some more win32-security: 
> SID.create
> >>
> >> Hi,
> >>
> >> 2008/7/11 Daniel Berger <djberg96 at gmail.com>:
> >> > Hi,
> >> >
> >> > <snip>
> >> >
> >> >> That is just ruby version of the following code:
> >> >>
> >> >>       long j;
> >> >>        for( j = 2; j <= lcAuths+1; j++)
> >> >>        {
> >> >>            DWORD dwValue = (DWORD)atol(pAuths[j]);
> >> >>            PDWORD pdwSubAuth = GetSidSubAuthority(
> >> pLocalSid, (j-2));
> >> >>            *pdwSubAuth = dwValue;
> >> >>        }
> >> >>
> >> >> Why do you think that did nothing?
> >> >
> >> > I guess I misread it. Nevermind. :)
> >> >
> >> > I did remove the [0,1,2,3,5] loop, though.
> >> >
> >> > I do need some help with testing please. I've added some
> >> more tests in
> >> > CVS, but I wasn't sure what a good way was to test 
> SID.create with
> >> > subauthorities. Any suggestions?
> >> >
> >> I guess SID.create test with Well-known SIDs is possible.
> >> Refer to 
> http://msdn.microsoft.com/en-us/library/aa379649(VS.85).aspx
> >
> > After adding some RID constants to Windows::Security (now in CVS) I
> > tried this:
> >
> > include Win32
> >
> > s = Security::SID.create(
> >   Security::SID::SECURITY_WORLD_SID_AUTHORITY,
> >   Security::SID::SECURITY_WORLD_RID
> > )
> >
> > p s
> >
> > But I get:
> >
> > C:\Documents and
> > 
> Settings\djberge\workspace\win32-security\lib\win32\security>r
> uby sid.rb
> > sid.rb:151:in `initialize': No mapping between account names and
> > security IDs was done. (Win32::Security::SID:
> > :Error)
> >        from sid.rb:89:in `new'
> >        from sid.rb:89:in `create'
> >        from sid.rb:231
> >
> I found the bug.
> The self.create method should be like this  :
> 
>          def self.create(authority, *sub_authorities)
>             if sub_authorities.length > 8
>                raise ArgumentError, "maximum of 8 
> subauthorities allowed"
>             end
> 
>             sid = 0.chr * GetSidLengthRequired(sub_authorities.length)
> 
>             auth = 0.chr * 5 + authority.chr
> 
>             unless InitializeSid(sid, auth, sub_authorities.length)
>                raise Error, get_last_error
>             end
> 
>             sub_authorities.each_index do |i|
>                value = [sub_authorities[i]].pack('L')
>                auth_ptr = GetSidSubAuthority(sid, i)
>                memcpy(auth_ptr, value, 4)
>             end
> 
>             self.new(sid)
>          end
> 
> And here is a test code:
> 
> sid = 0.chr * 12
> sid_size = [12].pack('L')
> bool = CreateWellKnownSid(WinWorldSid,nil,sid,sid_size)
> unless bool
>   puts get_last_error
> end
> s1 = Security::SID.new(sid)
> 
> s2 = Security::SID.create(
>    Security::SID::SECURITY_WORLD_SID_AUTHORITY,
>    SECURITY_WORLD_RID
> )
> p s1==s2

Excellent, thanks! Fixed in CVS.

> 
> > I suspect I don't understand the Windows security model as well as I
> > should. Perhaps I should order this book:
> >
> > "Programming Windows Security"
> >
> > http://www.bookpool.com/sm/0201604426
> >
> > It's a bit dated, but probably has everything I need. Does 
> anyone have
> > any opinion on this book?
> >
> No comment :)

I can get a used copy on Amazon for $5, so what the heck. :)

Thanks,

Dan


This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.


More information about the win32utils-devel mailing list