diff options
| author | Adam Edwards <adamed@opscode.com> | 2015-10-11 07:54:40 -0700 |
|---|---|---|
| committer | Adam Edwards <adamed@opscode.com> | 2015-10-11 08:43:20 -0700 |
| commit | c36bce07f4fc3ae3fc322f5271a83ac620b5b691 (patch) | |
| tree | 6df8fd0f8274df6f1d11a3ede1d9b67b2bfdb188 | |
| parent | ececa3438f122d25986fa34557694fa1e86527d2 (diff) | |
| download | chef-c36bce07f4fc3ae3fc322f5271a83ac620b5b691.tar.gz | |
Windows thread impersonation support
| -rw-r--r-- | lib/chef/util/windows/logon_session.rb | 96 | ||||
| -rw-r--r-- | lib/chef/win32/api/security.rb | 3 |
2 files changed, 98 insertions, 1 deletions
diff --git a/lib/chef/util/windows/logon_session.rb b/lib/chef/util/windows/logon_session.rb new file mode 100644 index 0000000000..cae7f406ff --- /dev/null +++ b/lib/chef/util/windows/logon_session.rb @@ -0,0 +1,96 @@ +#
+# Author:: Adam Edwards (<adamed@chef.io>)
+#
+# Copyright:: Copyright (c) 2015 Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/win32/api/security'
+require 'chef/mixin/wide_string'
+
+class Chef
+ class Util
+ class Windows
+ class LogonSession
+ include Chef::Mixin::WideString
+
+ def initialize(username, password=nil)
+ @username = username
+ @password = password
+ @token = FFI::Buffer.new(:pointer)
+ @session_opened = false
+ @impersonating = false
+ end
+
+ def open
+ if @session_opened
+ raise 'Session already open'
+ end
+
+ username = wstring(@username)
+ password = wstring(@password)
+
+ status = Chef::ReservedNames::Win32::API::Security.LogonUserW(username, nil, password, Chef::ReservedNames::Win32::API::Security::LOGON32_LOGON_INTERACTIVE, Chef::ReservedNames::Win32::API::Security::LOGON32_PROVIDER_DEFAULT, @token)
+
+ if ! status
+ raise 'logon failed'
+ end
+
+ @session_opened = true
+ end
+
+ def close
+ if ! @session_opened
+ raise 'Session not open'
+ end
+
+ if @impersonating
+ restore_user_context
+ end
+
+ Chef::ReservedNames::Win32::API.CloseHandle(@token)
+ @token = nil
+ @session_opened = false
+ end
+
+ def set_user_context
+ if ! @session_opened
+ raise 'Session not open'
+ end
+ puts "Process: #{Process.pid}"
+# binding.pry
+ status = Chef::ReservedNames::Win32::API::Security.ImpersonateLoggedOnUser(@token.read_ulong)
+
+ if ! status
+ raise 'Impersonation failed'
+ end
+
+ @impersonating = true
+ end
+
+ def restore_user_context
+ if @impersonating
+ status = Chef::ReservedNames::Win32::API::Security.RevertToSelf
+
+ if ! status
+ raise 'Unable to restore user context'
+ end
+ end
+
+ @impersonating = false
+ end
+ end
+ end
+ end
+end
diff --git a/lib/chef/win32/api/security.rb b/lib/chef/win32/api/security.rb index 4c352a3554..6fd4b4536c 100644 --- a/lib/chef/win32/api/security.rb +++ b/lib/chef/win32/api/security.rb @@ -428,7 +428,8 @@ class Chef safe_attach_function :SetSecurityDescriptorSacl, [ :pointer, :BOOL, :pointer, :BOOL ], :BOOL safe_attach_function :GetTokenInformation, [ :HANDLE, :TOKEN_INFORMATION_CLASS, :pointer, :DWORD, :PDWORD ], :BOOL safe_attach_function :LogonUserW, [:LPTSTR, :LPTSTR, :LPTSTR, :DWORD, :DWORD, :PHANDLE], :BOOL - + safe_attach_function :ImpersonateLoggedOnUser, [:HANDLE], :BOOL + safe_attach_function :RevertToSelf, [], :BOOL end end end |