diff options
| author | Anton Kvashenkin <ak@gfoil.ru> | 2018-09-12 21:31:17 +0300 |
|---|---|---|
| committer | Anton Kvashenkin <ak@gfoil.ru> | 2018-09-12 21:31:17 +0300 |
| commit | ca906b51acef0f35b5204c3191fed14dd3fc8a43 (patch) | |
| tree | 639a533ea081e915ac5607f1f627c8d6afd6abd5 | |
| parent | 5c79118e4a2aea3d009301171b64a8829f84ee28 (diff) | |
| download | ohai-ca906b51acef0f35b5204c3191fed14dd3fc8a43.tar.gz | |
Deprecate windows_root_group_name helper
Signed-off-by: Anton Kvashenkin <anton.jugatsu@gmail.com>
| -rw-r--r-- | lib/ohai/util/win32/group_helper.rb | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/lib/ohai/util/win32/group_helper.rb b/lib/ohai/util/win32/group_helper.rb new file mode 100644 index 00000000..ecf4a489 --- /dev/null +++ b/lib/ohai/util/win32/group_helper.rb @@ -0,0 +1,76 @@ +# Author:: Adam Edwards (<adamed@chef.io>) +# +# Copyright:: Copyright (c) 2013-14 Chef Software, Inc. +# +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require "ohai/util/win32" + +module Ohai + module Util + class Win32::GroupHelper + # @deprecated + + # Per http://support.microsoft.com/kb/243330 SID: S-1-5-32-544 is the + # internal name for the Administrators group, which lets us work + # properly in environments with a renamed or localized name for the + # Administrators group + BUILTIN_ADMINISTRATORS_SID = "S-1-5-32-544".freeze + + def self.windows_root_group_name + warn "The 'windows_root_group_name' helper is deprecated and will be removed in Ohai 15. Please update your plugins to remove this helper method." + + administrators_sid_result = FFI::MemoryPointer.new(:pointer) + convert_result = Win32.convert_string_sid_to_sid(BUILTIN_ADMINISTRATORS_SID, administrators_sid_result) + last_win32_error = Win32.get_last_error + + if convert_result == 0 + raise "ERROR: failed to to convert sid string '#{BUILTIN_ADMINISTRATORS_SID}' to a Windows SID structure because Win32 API function ConvertStringSidToSid returned #{last_win32_error}." + end + + administrators_group_name_buffer = 0.chr * 260 + administrators_group_name_length = [administrators_group_name_buffer.length].pack("L") + domain_name_length_buffer = [260].pack("L") + sid_use_result = 0.chr * 4 + + # Use LookupAccountSid rather than WMI's Win32_Group class because WMI will attempt + # to include (unneeded) Active Directory groups by querying AD, which is a performance + # and reliability issue since AD might not be reachable. Additionally, in domains with + # thousands of groups, the WMI query is very slow, on the order of minutes, even to + # get the first result. So we use LookupAccountSid which is a purely local lookup + # of the built-in group, with no need to access AD, and thus no failure modes related + # to network conditions or query performance. + lookup_boolean_result = Win32.lookup_account_sid( + nil, + administrators_sid_result.read_pointer, + administrators_group_name_buffer, + administrators_group_name_length, + nil, + domain_name_length_buffer, + sid_use_result) + + last_win32_error = Win32.get_last_error + + Win32.local_free(administrators_sid_result.read_pointer) + + if lookup_boolean_result == 0 + raise "ERROR: failed to find root group (i.e. builtin\\administrators) for sid #{BUILTIN_ADMINISTRATORS_SID} because Win32 API function LookupAccountSid returned #{last_win32_error}." + end + + administrators_group_name_buffer.strip + end + end + end +end |