diff options
Diffstat (limited to 'lib/chef/win32/security.rb')
-rw-r--r-- | lib/chef/win32/security.rb | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/lib/chef/win32/security.rb b/lib/chef/win32/security.rb index c7d3f55a40..63b626b1d7 100644 --- a/lib/chef/win32/security.rb +++ b/lib/chef/win32/security.rb @@ -341,6 +341,22 @@ class Chef SID.new(group_result[:PrimaryGroup], group_result_storage) end + def self.get_token_information_elevation_type(token) + token_result_size = FFI::MemoryPointer.new(:ulong) + if GetTokenInformation(token.handle.handle, :TokenElevationType, nil, 0, token_result_size) + raise "Expected ERROR_INSUFFICIENT_BUFFER from GetTokenInformation, and got no error!" + elsif FFI::LastError.error != ERROR_INSUFFICIENT_BUFFER + Chef::ReservedNames::Win32::Error.raise! + end + info_ptr = FFI::MemoryPointer.new(:pointer) + token_info_pointer = TOKEN_ELEVATION_TYPE.new info_ptr + token_info_length = 4 + unless GetTokenInformation(token.handle.handle, :TokenElevationType, token_info_pointer, token_info_length, token_result_size) + Chef::ReservedNames::Win32::Error.raise! + end + token_info_pointer[:ElevationType] + end + def self.initialize_acl(acl_size) acl = FFI::MemoryPointer.new acl_size unless InitializeAcl(acl, acl_size, ACL_REVISION) @@ -632,7 +648,19 @@ class Chef true else - process_token = open_current_process_token(TOKEN_READ) + # a regular user doesn't have privileges to call Chef::ReservedNames::Win32::Security.OpenProcessToken + # hence we return false if the open_current_process_token fails with `Access is denied.` error message. + begin + process_token = open_current_process_token(TOKEN_READ) + rescue Exception => run_error + return false if run_error.message =~ /Access is denied/ + Chef::ReservedNames::Win32::Error.raise! + end + + # display token elevation details + token_elevation_type = get_token_information_elevation_type(process_token) + Chef::Log.debug("Token Elevation Type: #{token_elevation_type}") + elevation_result = FFI::Buffer.new(:ulong) elevation_result_size = FFI::MemoryPointer.new(:uint32) success = GetTokenInformation(process_token.handle.handle, :TokenElevation, elevation_result, 4, elevation_result_size) |