Chef::ReservedNames::Win32::Security.has_admin_privileges? prints a debug message that contains token elevation information

Signed-off-by: nimisha <nimisha.sharad@msystechnologies.com>

3 files changed, 32 insertions, 1 deletions

diff --git a/lib/chef/mixin/user_context.rb b/lib/chef/mixin/user_context.rb
index 526d6b0f3f..b4deaab20e 100644
--- a/lib/chef/mixin/user_context.rb
+++ b/lib/chef/mixin/user_context.rb
@@ -31,7 +31,7 @@ class Chef
           raise ArgumentError, "You must supply a block to `with_user_context`"
         end
 
-        login_session = nil
+        logon_session = nil
 
         begin
           if user
diff --git a/lib/chef/win32/api/security.rb b/lib/chef/win32/api/security.rb
index a6f79f5d7d..6620f321aa 100644
--- a/lib/chef/win32/api/security.rb
+++ b/lib/chef/win32/api/security.rb
@@ -303,6 +303,17 @@ class Chef
              :SecurityDelegation,
         ]
 
+        # https://msdn.microsoft.com/en-us/library/windows/desktop/bb530718%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
+        ELEVATION_TYPE = enum :ELEVATION_TYPE, [
+            :TokenElevationTypeDefault, 1,
+            :TokenElevationTypeFull,
+            :TokenElevationTypeLimited
+        ]
+
+        class TOKEN_ELEVATION_TYPE < FFI::Struct
+          layout :ElevationType, :ELEVATION_TYPE
+        end
+
         # SECURITY_DESCRIPTOR is an opaque structure whose contents can vary.  Pass the
         # pointer around and free it with LocalFree.
         # http://msdn.microsoft.com/en-us/library/windows/desktop/aa379561(v=vs.85).aspx
diff --git a/lib/chef/win32/security.rb b/lib/chef/win32/security.rb
index c7d3f55a40..b8fdf1716f 100644
--- a/lib/chef/win32/security.rb
+++ b/lib/chef/win32/security.rb
@@ -341,6 +341,21 @@ class Chef
         SID.new(group_result[:PrimaryGroup], group_result_storage)
       end
 
+      def self.get_token_information_elevation_type(token)
+        token_result_size = FFI::MemoryPointer.new(:ulong)
+        if GetTokenInformation(token.handle.handle, :TokenElevationType, nil, 0, token_result_size)
+          raise "Expected ERROR_INSUFFICIENT_BUFFER from GetTokenInformation, and got no error!"
+        elsif FFI::LastError.error != ERROR_INSUFFICIENT_BUFFER
+          Chef::ReservedNames::Win32::Error.raise!
+        end
+        info_ptr = FFI::MemoryPointer.new(:pointer)
+        token_info_pointer = TOKEN_ELEVATION_TYPE.new info_ptr
+        unless GetTokenInformation(token.handle.handle, :TokenElevationType, token_info_pointer, 4, token_result_size)
+          Chef::ReservedNames::Win32::Error.raise!
+        end
+        token_info_pointer[:ElevationType]
+      end
+
       def self.initialize_acl(acl_size)
         acl = FFI::MemoryPointer.new acl_size
         unless InitializeAcl(acl, acl_size, ACL_REVISION)
@@ -633,6 +648,11 @@ class Chef
           true
         else
           process_token = open_current_process_token(TOKEN_READ)
+
+          # display token elevation details
+          token_elevation_type = get_token_information_elevation_type(process_token)
+          Chef::Log.debug("Token Elevation Type: #{token_elevation_type}")
+
           elevation_result = FFI::Buffer.new(:ulong)
           elevation_result_size = FFI::MemoryPointer.new(:uint32)
           success = GetTokenInformation(process_token.handle.handle, :TokenElevation, elevation_result, 4, elevation_result_size)