From djberg96 at gmail.com Fri Jan 4 17:12:28 2013 From: djberg96 at gmail.com (Daniel Berger) Date: Fri, 4 Jan 2013 10:12:28 -0700 Subject: [Win32utils-devel] Checking for elevated privileges on Windows XP Message-ID: Hi, I was trying to come up with an implementation of the elevated_security? method for Windows XP. I saw a version posted on the doc page for the CheckTokenMembership function. http://msdn.microsoft.com/en-us/library/aa376389%28VS.85%29.aspx However, I can't get it to work. One line in particular confuses me: SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY; That doesn't look like legal struct assignment to me, so I'm not sure what it does. Anyway, I've pasted what I tried below. Suggestions appreciated. Regards, Dan # admin_test.rb require 'ffi' class Windows extend FFI::Library ffi_lib :advapi32 SECURITY_NT_AUTHORITY = 5 SECURITY_BUILTIN_DOMAIN_RID = 32 DOMAIN_ALIAS_RID_ADMINS = 544 class SID_IDENTIFIER_AUTHORITY < FFI::Struct layout(:Value, [:char, 6]) end attach_function :CheckTokenMembership, [:ulong, :pointer, :pointer], :bool attach_function :AllocateAndInitializeSid, [SID_IDENTIFIER_AUTHORITY, :int, :ulong, :ulong, :ulong, :ulong, :ulong, :ulong, :ulong, :ulong, :pointer], :bool def self.admin? sid = FFI::MemoryPointer.new(:uchar, 1024) nt_auth = SID_IDENTIFIER_AUTHORITY.new nt_auth[:Value][0] = SECURITY_NT_AUTHORITY bool = AllocateAndInitializeSid( nt_auth, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, sid ) unless bool raise SystemCallError.new("AllocateAndInitializeSid", FFI.errno) end pbool = FFI::MemoryPointer.new(:bool) unless CheckTokenMembership(0, sid, pbool) raise SystemCallError.new("CheckTokenMembership", FFI.errno) end pbool.read_int != 0 end end p Windows.admin? From phasis at gmail.com Fri Jan 4 22:48:37 2013 From: phasis at gmail.com (Heesob Park) Date: Sat, 5 Jan 2013 07:48:37 +0900 Subject: [Win32utils-devel] Checking for elevated privileges on Windows XP In-Reply-To: References: Message-ID: Hi, 2013/1/5 Daniel Berger : > Hi, > > I was trying to come up with an implementation of the > elevated_security? method for Windows XP. I saw a version posted on > the doc page for the CheckTokenMembership function. > > http://msdn.microsoft.com/en-us/library/aa376389%28VS.85%29.aspx > > However, I can't get it to work. One line in particular confuses me: > > SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY; > > That doesn't look like legal struct assignment to me, so I'm not sure > what it does. Anyway, I've pasted what I tried below. Suggestions > appreciated. > It looks legal struct assignment to me. http://en.wikipedia.org/wiki/Struct_(C_programming_language)#Assignment Here is a working code: require 'ffi' class Windows extend FFI::Library ffi_lib :advapi32 SECURITY_NT_AUTHORITY = 5 SECURITY_BUILTIN_DOMAIN_RID = 32 DOMAIN_ALIAS_RID_ADMINS = 544 class SID_IDENTIFIER_AUTHORITY < FFI::Struct layout(:Value, [:char, 6]) end attach_function :CheckTokenMembership, [:ulong, :pointer, :pointer], :bool attach_function :AllocateAndInitializeSid, [:pointer, :int, :ulong, :ulong, :ulong, :ulong, :ulong, :ulong, :ulong, :ulong, :pointer], :bool def self.admin? sid_ptr = FFI::MemoryPointer.new(:pointer) nt_auth_ptr = FFI::MemoryPointer.new(SID_IDENTIFIER_AUTHORITY,1) nt_auth = SID_IDENTIFIER_AUTHORITY.new(nt_auth_ptr) nt_auth[:Value].to_ptr.put_bytes(0,0.chr*5+5.chr) bool = AllocateAndInitializeSid( nt_auth_ptr, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, sid_ptr ) unless bool raise SystemCallError.new("AllocateAndInitializeSid", FFI.errno) end pbool = FFI::MemoryPointer.new(:long) unless CheckTokenMembership(0, sid_ptr.read_pointer, pbool) raise SystemCallError.new("CheckTokenMembership", FFI.errno) end pbool.read_long != 0 end end p Windows.admin? Regards, Park Heesob From djberg96 at gmail.com Tue Jan 15 15:56:03 2013 From: djberg96 at gmail.com (Daniel Berger) Date: Tue, 15 Jan 2013 08:56:03 -0700 Subject: [Win32utils-devel] EqualSid and JRuby Message-ID: Hi, JRuby 1.7.2, Windows 7, Java 1.7 I noticed that the win32-security library does fail one test when using JRuby - the SID#== test. Internally I'm using the EqualSid function. Anyone know enough about JRuby to know why this might fail? Something about the way it handles pointers maybe? Regards, Dan