/usr/lib/ruby/vendor_ruby/ohai/util/win32/group_helper.rb is in ohai 8.4.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | # Author:: Adam Edwards (<adamed@getchef.com>)
#
# Copyright:: Copyright (c) 2013-14 Chef Software, Inc.
#
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require 'ohai/util/win32'
module Ohai
module Util
class Win32::GroupHelper
# Per http://support.microsoft.com/kb/243330 SID: S-1-5-32-544 is the
# internal name for the Administrators group, which lets us work
# properly in environments with a renamed or localized name for the
# Administrators group
BUILTIN_ADMINISTRATORS_SID = 'S-1-5-32-544'
def self.windows_root_group_name
administrators_group_name_result = nil
administrators_sid_result = FFI::MemoryPointer.new(:pointer)
convert_result = Win32.convert_string_sid_to_sid(BUILTIN_ADMINISTRATORS_SID, administrators_sid_result)
last_win32_error = Win32.get_last_error
if convert_result == 0
raise "ERROR: failed to to convert sid string '#{BUILTIN_ADMINISTRATORS_SID}' to a Windows SID structure because Win32 API function ConvertStringSidToSid returned #{last_win32_error}."
end
administrators_group_name_buffer = 0.chr * 260
administrators_group_name_length = [administrators_group_name_buffer.length].pack('L')
domain_name_length_buffer = [260].pack('L')
sid_use_result = 0.chr * 4
# Use LookupAccountSid rather than WMI's Win32_Group class because WMI will attempt
# to include (unneeded) Active Directory groups by querying AD, which is a performance
# and reliability issue since AD might not be reachable. Additionally, in domains with
# thousands of groups, the WMI query is very slow, on the order of minutes, even to
# get the first result. So we use LookupAccountSid which is a purely local lookup
# of the built-in group, with no need to access AD, and thus no failure modes related
# to network conditions or query performance.
lookup_boolean_result = Win32.lookup_account_sid(
nil,
administrators_sid_result.read_pointer,
administrators_group_name_buffer,
administrators_group_name_length,
nil,
domain_name_length_buffer,
sid_use_result)
last_win32_error = Win32.get_last_error
Win32.local_free(administrators_sid_result.read_pointer)
if lookup_boolean_result == 0
raise "ERROR: failed to find root group (i.e. builtin\\administrators) for sid #{BUILTIN_ADMINISTRATORS_SID} because Win32 API function LookupAccountSid returned #{last_win32_error}."
end
administrators_group_name_buffer.strip
end
end
end
end
|