diff options
author | nimisha <nimisha.sharad@msystechnologies.com> | 2017-12-18 14:43:58 +0530 |
---|---|---|
committer | nimisha <nimisha.sharad@msystechnologies.com> | 2018-01-24 15:00:35 +0530 |
commit | c855223ee54322e007d5f78087cf639e9685f1d5 (patch) | |
tree | 13c94c7b91f67c9eeb58d4b84d88c7b5cde98039 | |
parent | d77f8a3e115cd93f8dfcf7cc6d4090f792dadc15 (diff) | |
download | chef-c855223ee54322e007d5f78087cf639e9685f1d5.tar.gz |
Chef::ReservedNames::Win32::Security.has_admin_privileges? prints a debug message that contains token elevation information
Signed-off-by: nimisha <nimisha.sharad@msystechnologies.com>
-rw-r--r-- | lib/chef/mixin/user_context.rb | 2 | ||||
-rw-r--r-- | lib/chef/win32/api/security.rb | 11 | ||||
-rw-r--r-- | lib/chef/win32/security.rb | 20 |
3 files changed, 32 insertions, 1 deletions
diff --git a/lib/chef/mixin/user_context.rb b/lib/chef/mixin/user_context.rb index 526d6b0f3f..b4deaab20e 100644 --- a/lib/chef/mixin/user_context.rb +++ b/lib/chef/mixin/user_context.rb @@ -31,7 +31,7 @@ class Chef raise ArgumentError, "You must supply a block to `with_user_context`" end - login_session = nil + logon_session = nil begin if user diff --git a/lib/chef/win32/api/security.rb b/lib/chef/win32/api/security.rb index a6f79f5d7d..6620f321aa 100644 --- a/lib/chef/win32/api/security.rb +++ b/lib/chef/win32/api/security.rb @@ -303,6 +303,17 @@ class Chef :SecurityDelegation, ] + # https://msdn.microsoft.com/en-us/library/windows/desktop/bb530718%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 + ELEVATION_TYPE = enum :ELEVATION_TYPE, [ + :TokenElevationTypeDefault, 1, + :TokenElevationTypeFull, + :TokenElevationTypeLimited + ] + + class TOKEN_ELEVATION_TYPE < FFI::Struct + layout :ElevationType, :ELEVATION_TYPE + end + # SECURITY_DESCRIPTOR is an opaque structure whose contents can vary. Pass the # pointer around and free it with LocalFree. # http://msdn.microsoft.com/en-us/library/windows/desktop/aa379561(v=vs.85).aspx diff --git a/lib/chef/win32/security.rb b/lib/chef/win32/security.rb index c7d3f55a40..b8fdf1716f 100644 --- a/lib/chef/win32/security.rb +++ b/lib/chef/win32/security.rb @@ -341,6 +341,21 @@ class Chef SID.new(group_result[:PrimaryGroup], group_result_storage) end + def self.get_token_information_elevation_type(token) + token_result_size = FFI::MemoryPointer.new(:ulong) + if GetTokenInformation(token.handle.handle, :TokenElevationType, nil, 0, token_result_size) + raise "Expected ERROR_INSUFFICIENT_BUFFER from GetTokenInformation, and got no error!" + elsif FFI::LastError.error != ERROR_INSUFFICIENT_BUFFER + Chef::ReservedNames::Win32::Error.raise! + end + info_ptr = FFI::MemoryPointer.new(:pointer) + token_info_pointer = TOKEN_ELEVATION_TYPE.new info_ptr + unless GetTokenInformation(token.handle.handle, :TokenElevationType, token_info_pointer, 4, token_result_size) + Chef::ReservedNames::Win32::Error.raise! + end + token_info_pointer[:ElevationType] + end + def self.initialize_acl(acl_size) acl = FFI::MemoryPointer.new acl_size unless InitializeAcl(acl, acl_size, ACL_REVISION) @@ -633,6 +648,11 @@ class Chef true else process_token = open_current_process_token(TOKEN_READ) + + # display token elevation details + token_elevation_type = get_token_information_elevation_type(process_token) + Chef::Log.debug("Token Elevation Type: #{token_elevation_type}") + elevation_result = FFI::Buffer.new(:ulong) elevation_result_size = FFI::MemoryPointer.new(:uint32) success = GetTokenInformation(process_token.handle.handle, :TokenElevation, elevation_result, 4, elevation_result_size) |