[Win32utils-devel] User sid

Park Heesob phasis at gmail.com
Fri Jun 27 10:30:54 EDT 2008


----- Original Message ----- 
From: "Berger, Daniel" <Daniel.Berger at qwest.com>
To: "Development and ideas for win32utils projects" 
<win32utils-devel at rubyforge.org>
Sent: Friday, June 27, 2008 11:04 PM
Subject: Re: [Win32utils-devel] User sid


>
>
>> -----Original Message-----
>> From: win32utils-devel-bounces at rubyforge.org
>> [mailto:win32utils-devel-bounces at rubyforge.org] On Behalf Of
>> Park Heesob
>> Sent: Friday, June 27, 2008 6:52 AM
>> To: Development and ideas for win32utils projects
>> Subject: Re: [Win32utils-devel] User sid
>>
>> Hi,
>> ----- Original Message -----
>> From: "Daniel Berger" <djberg96 at gmail.com>
>> To: "win32utils-devel" <win32utils-devel at rubyforge.org>
>> Sent: Friday, June 27, 2008 8:18 PM
>> Subject: [Win32utils-devel] User sid
>>
>>
>> > Hi all,
>> >
>> > I was playing around with the idea of implementing Process.uid and
>> > Process.uid= for MS Windows. To that end I first wanted to
>> get the user
>> > associated with the current process. Then I wanted the
>> user's SID. I can't
>> > seem to get the stringified SID, though.
>> >
>> After modifying ConvertSidToStringSid like this:
>>       API.new('ConvertSidToStringSid', 'LP', 'B', 'advapi32')
>>
>> Here is a working code:
>>
>> require 'windows/process'
>> require 'windows/error'
>> require 'windows/security'
>> require 'windows/msvcrt/string'
>>
>> include Windows::Process
>> include Windows::Error
>> include Windows::Security
>> include Windows::Security
>> include Windows::MSVCRT::String
>>
>> handle = GetCurrentProcess()
>>
>> token_handle = [0].pack('L')
>>
>> unless OpenProcessToken(handle, TOKEN_QUERY, token_handle)
>>     raise get_last_error
>> end
>>
>> token_handle  = token_handle.unpack('L')[0]
>> return_length = [0].pack('L')
>>
>> # First pass, get the buffer size needed
>> GetTokenInformation(token_handle, TokenUser, 0, 0, return_length)
>>
>> token_info = 0.chr * return_length.unpack('L')[0]
>>
>> bool = GetTokenInformation(
>>     token_handle,
>>     TokenUser,
>>     token_info,
>>     token_info.size,
>>     return_length
>> )
>>
>> unless bool
>>     raise get_last_error
>> end
>>
>> sid_addr = token_info.unpack('L')[0]
>>
>> name_buf = 0.chr * 80
>> name_cch = [name_buf.size].pack('L')
>>
>> domain_buf = 0.chr * 80
>> domain_cch = [domain_buf.size].pack('L')
>>
>> sid_name_use = 0.chr * 4
>>
>> bool = LookupAccountSid(
>>     nil,
>>     sid_addr,
>>     name_buf,
>>     name_cch,
>>     domain_buf,
>>     domain_cch,
>>     sid_name_use
>> )
>>
>> unless bool
>>     raise get_last_error
>> end
>> p name_buf.strip   # "djberge"
>>
>> sid_buf = 0.chr * 80
>> sid_ptr = 0.chr * 4
>> bool = ConvertSidToStringSid(
>>     sid_addr,
>>     sid_ptr
>> )
>>
>> unless bool
>>     raise get_last_error
>> end
>> strcpy(sid_buf,sid_ptr.unpack('L').first)
>> p sid_buf.strip
>
> <snip>
>
> That works, thanks.
>
> What do you think about the idea of having Process.uid return a SID, and
> a Process.uid= method that would take a SID? I think this is possible
> with SetSecurityInfo, but I haven't tried yet.
>
> Possible enhancement for win32-process 0.6.0?
>
I'm not sure it is possible. but it is worthwhile.

In relation to the SID,
 Finding the Owner of a File Object 
(http://msdn.microsoft.com/en-us/library/aa446629(VS.85).aspx)
and Taking Object Ownership 
(http://msdn.microsoft.com/en-us/library/aa379620(VS.85).aspx)
is also possible enhancement for win32-file, right?

Regards,

Park Heesob





More information about the win32utils-devel mailing list