class Chef::ReservedNames::Win32::Security::SID
Constants
- BUILT_IN_GROUPS
- SERVICE_ACCOUNT_USERS
- SYSTEM_USER
Attributes
Public Class Methods
Source
# File lib/chef/win32/security/sid.rb, line 209 def self.AccountOperators SID.from_string_sid("S-1-5-32-548") end
Source
# File lib/chef/win32/security/sid.rb, line 237 def self.Administrator SID.from_account("#{::ENV["COMPUTERNAME"]}\\#{SID.admin_account_name}") end
Source
# File lib/chef/win32/security/sid.rb, line 229 def self.Administrators SID.from_string_sid("S-1-5-32-544") end
Source
# File lib/chef/win32/security/sid.rb, line 153 def self.Anonymous SID.from_string_sid("S-1-5-7") end
Source
# File lib/chef/win32/security/sid.rb, line 169 def self.AuthenticatedUsers SID.from_string_sid("S-1-5-11") end
Source
# File lib/chef/win32/security/sid.rb, line 221 def self.BackupOperators SID.from_string_sid("S-1-5-32-551") end
Source
# File lib/chef/win32/security/sid.rb, line 141 def self.Batch SID.from_string_sid("S-1-5-3") end
Source
# File lib/chef/win32/security/sid.rb, line 193 def self.BuiltinAdministrators SID.from_string_sid("S-1-5-32-544") end
Source
# File lib/chef/win32/security/sid.rb, line 197 def self.BuiltinUsers SID.from_string_sid("S-1-5-32-545") end
Source
# File lib/chef/win32/security/sid.rb, line 105 def self.Creator SID.from_string_sid("S-1-3") end
Source
# File lib/chef/win32/security/sid.rb, line 113 def self.CreatorGroup SID.from_string_sid("S-1-3-1") end
Source
# File lib/chef/win32/security/sid.rb, line 121 def self.CreatorGroupServer SID.from_string_sid("S-1-3-3") end
Source
# File lib/chef/win32/security/sid.rb, line 109 def self.CreatorOwner SID.from_string_sid("S-1-3-0") end
Source
# File lib/chef/win32/security/sid.rb, line 117 def self.CreatorOwnerServer SID.from_string_sid("S-1-3-2") end
Source
# File lib/chef/win32/security/sid.rb, line 133 def self.Dialup SID.from_string_sid("S-1-5-1") end
Source
# File lib/chef/win32/security/sid.rb, line 161 def self.EnterpriseDomainControllers SID.from_string_sid("S-1-5-9") end
Source
# File lib/chef/win32/security/sid.rb, line 97 def self.Everyone SID.from_string_sid("S-1-1-0") end
Source
# File lib/chef/win32/security/sid.rb, line 241 def self.Guest SID.from_account("#{::ENV["COMPUTERNAME"]}\\Guest") end
Source
# File lib/chef/win32/security/sid.rb, line 201 def self.Guests SID.from_string_sid("S-1-5-32-546") end
Source
# File lib/chef/win32/security/sid.rb, line 145 def self.Interactive SID.from_string_sid("S-1-5-4") end
Source
# File lib/chef/win32/security/sid.rb, line 101 def self.Local SID.from_string_sid("S-1-2") end
Source
# File lib/chef/win32/security/sid.rb, line 181 def self.LocalSystem SID.from_string_sid("S-1-5-18") end
Source
# File lib/chef/win32/security/sid.rb, line 137 def self.Network SID.from_string_sid("S-1-5-2") end
Source
# File lib/chef/win32/security/sid.rb, line 89 def self.Nobody SID.from_string_sid("S-1-0-0") end
Source
# File lib/chef/win32/security/sid.rb, line 125 def self.NonUnique SID.from_string_sid("S-1-4") end
Source
# File lib/chef/win32/security/sid.rb, line 233 def self.None SID.from_account("#{::ENV["COMPUTERNAME"]}\\None") end
Source
# File lib/chef/win32/security/sid.rb, line 129 def self.Nt SID.from_string_sid("S-1-5") end
Source
# File lib/chef/win32/security/sid.rb, line 185 def self.NtLocal SID.from_string_sid("S-1-5-19") end
Source
# File lib/chef/win32/security/sid.rb, line 189 def self.NtNetwork SID.from_string_sid("S-1-5-20") end
Source
# File lib/chef/win32/security/sid.rb, line 85 def self.Null SID.from_string_sid("S-1-0") end
Well-known SIDs
Source
# File lib/chef/win32/security/sid.rb, line 205 def self.PowerUsers SID.from_string_sid("S-1-5-32-547") end
Source
# File lib/chef/win32/security/sid.rb, line 165 def self.PrincipalSelf SID.from_string_sid("S-1-5-10") end
Source
# File lib/chef/win32/security/sid.rb, line 217 def self.PrintOperators SID.from_string_sid("S-1-5-32-550") end
Source
# File lib/chef/win32/security/sid.rb, line 157 def self.Proxy SID.from_string_sid("S-1-5-8") end
Source
# File lib/chef/win32/security/sid.rb, line 225 def self.Replicators SID.from_string_sid("S-1-5-32-552") end
Source
# File lib/chef/win32/security/sid.rb, line 173 def self.RestrictedCode SID.from_string_sid("S-1-5-12") end
Source
# File lib/chef/win32/security/sid.rb, line 213 def self.ServerOperators SID.from_string_sid("S-1-5-32-549") end
Source
# File lib/chef/win32/security/sid.rb, line 149 def self.Service SID.from_string_sid("S-1-5-6") end
Source
# File lib/chef/win32/security/sid.rb, line 177 def self.TerminalServerUsers SID.from_string_sid("S-1-5-13") end
Source
# File lib/chef/win32/security/sid.rb, line 93 def self.World SID.from_string_sid("S-1-1") end
Source
# File lib/chef/win32/security/sid.rb, line 304 def self.admin_account_name @admin_account_name ||= begin admin_account_name = nil # Call NetUserEnum to enumerate the users without hitting network # http://msdn.microsoft.com/en-us/library/windows/desktop/aa370652(v=vs.85).aspx servername = nil # We are querying the local server level = 3 # We want USER_INFO_3 structure which contains the SID filter = FILTER_NORMAL_ACCOUNT # Only query the user accounts bufptr = FFI::MemoryPointer.new(:pointer) # Buffer which will receive the data prefmaxlen = MAX_PREFERRED_LENGTH # Let the system allocate the needed amount of memory entriesread = FFI::Buffer.new(:long).write_long(0) totalentries = FFI::Buffer.new(:long).write_long(0) resume_handle = FFI::Buffer.new(:long).write_long(0) status = ERROR_MORE_DATA while status == ERROR_MORE_DATA status = NetUserEnum(servername, level, filter, bufptr, prefmaxlen, entriesread, totalentries, resume_handle) if [NERR_Success, ERROR_MORE_DATA].include?(status) Array.new(entriesread.read_long) do |i| user_info = USER_INFO_3.new(bufptr.read_pointer + i * USER_INFO_3.size) # Check if the account is the Administrator account # RID for the Administrator account is always 500 and it's privilege is set to USER_PRIV_ADMIN if user_info[:usri3_user_id] == 500 && user_info[:usri3_priv] == 2 # USER_PRIV_ADMIN (2) - Administrator admin_account_name = user_info[:usri3_name].read_wstring break end end # Free the memory allocated by the system NetApiBufferFree(bufptr.read_pointer) end end raise "Can not determine the administrator account name." if admin_account_name.nil? admin_account_name end end
Source
# File lib/chef/win32/security/sid.rb, line 245 def self.current_user SID.from_account("#{::ENV["USERDOMAIN"]}\\#{::ENV["USERNAME"]}") end
Source
# File lib/chef/win32/security/sid.rb, line 299 def self.default_security_object_group token = Chef::ReservedNames::Win32::Security.open_current_process_token Chef::ReservedNames::Win32::Security.get_token_information_primary_group(token) end
See technet.microsoft.com/en-us/library/cc961996.aspx In practice, this seems to be SID.current_user
for Microsoft Accounts, the current user’s Domain Users group for domain accounts, and SID.None
otherwise.
Source
# File lib/chef/win32/security/sid.rb, line 291 def self.default_security_object_owner token = Chef::ReservedNames::Win32::Security.open_current_process_token Chef::ReservedNames::Win32::Security.get_token_information_owner(token) end
See technet.microsoft.com/en-us/library/cc961992.aspx In practice, this is SID.Administrators
if the current_user
is an admin (even if not running elevated), and is current_user
otherwise.
Source
# File lib/chef/win32/security/sid.rb, line 43 def self.from_account(name) domain, sid, use = Chef::ReservedNames::Win32::Security.lookup_account_name(name) sid end
Source
# File lib/chef/win32/security/sid.rb, line 48 def self.from_string_sid(string_sid) Chef::ReservedNames::Win32::Security.convert_string_sid_to_sid(string_sid) end
Source
# File lib/chef/win32/security/sid.rb, line 276 def self.group_user?(user) BUILT_IN_GROUPS.include?(user.to_s.upcase) end
Check if the user is in builtin system group
@return [Boolean] True or False
Source
# File lib/chef/win32/security/sid.rb, line 37 def initialize(pointer, owner = nil) @pointer = pointer # Keep a reference to the actual owner of this memory so we don't get freed @owner = owner end
Source
# File lib/chef/win32/security/sid.rb, line 268 def self.service_account_user?(user) SERVICE_ACCOUNT_USERS.include?(user.to_s.upcase) end
Check if the user belongs to service accounts category
@return [Boolean] True or False
Source
# File lib/chef/win32/security/sid.rb, line 284 def self.system_user?(user) SYSTEM_USER.include?(user.to_s.upcase) end
Check if the user belongs to system users category
@return [Boolean] True or False
Public Instance Methods
Source
# File lib/chef/win32/security/sid.rb, line 52 def ==(other) !other.nil? && Chef::ReservedNames::Win32::Security.equal_sid(self, other) end
Source
# File lib/chef/win32/security/sid.rb, line 58 def account Chef::ReservedNames::Win32::Security.lookup_account_sid(self) end
Source
# File lib/chef/win32/security/sid.rb, line 67 def account_name domain, name, use = account (!domain.nil? && domain.length > 0) ? "#{domain}\\#{name}" : name end
Source
# File lib/chef/win32/security/sid.rb, line 62 def account_simple_name domain, name, use = account name end
Source
# File lib/chef/win32/security/sid.rb, line 72 def size Chef::ReservedNames::Win32::Security.get_length_sid(self) end
Source
# File lib/chef/win32/security/sid.rb, line 76 def to_s Chef::ReservedNames::Win32::Security.convert_sid_to_string_sid(self) end
Source
# File lib/chef/win32/security/sid.rb, line 80 def valid? Chef::ReservedNames::Win32::Security.is_valid_sid(self) end