class Chef::ReservedNames::Win32::Security::Token

Attributes

handle[R]

Public Class Methods

new(handle) click to toggle source
# File lib/chef/win32/security/token.rb, line 29
def initialize(handle)
  @handle = handle
end

Public Instance Methods

adjust_privileges(privileges_struct) click to toggle source
# File lib/chef/win32/security/token.rb, line 57
def adjust_privileges(privileges_struct)
  if privileges_struct[:PrivilegeCount] > 0
    Chef::ReservedNames::Win32::Security.adjust_token_privileges(self, privileges_struct)
  end
end
duplicate_token(security_impersonation_level) click to toggle source
# File lib/chef/win32/security/token.rb, line 63
def duplicate_token(security_impersonation_level)
  duplicate_token_handle = FFI::Buffer.new(:ulong)
  unless Chef::ReservedNames::Win32::API::Security.DuplicateToken(handle.handle, security_impersonation_level, duplicate_token_handle)
    raise Chef::ReservedNames::Win32::Error.raise!
  end

  Token.new(Handle.new(duplicate_token_handle.read_ulong))
end
enable_privileges(*privilege_names) click to toggle source
# File lib/chef/win32/security/token.rb, line 35
def enable_privileges(*privilege_names)
  # Build the list of privileges we want to set
  new_privileges = Chef::ReservedNames::Win32::API::Security::TOKEN_PRIVILEGES.new(
    FFI::MemoryPointer.new(Chef::ReservedNames::Win32::API::Security::TOKEN_PRIVILEGES.size_with_privileges(privilege_names.length))
  )
  new_privileges[:PrivilegeCount] = 0
  privilege_names.each do |privilege_name|
    luid = Chef::ReservedNames::Win32::API::Security::LUID.new
    # Ignore failure (with_privileges TRIES but does not guarantee success--
    # APIs down the line will fail if privilege escalation fails)
    if Chef::ReservedNames::Win32::API::Security.LookupPrivilegeValueW(nil, privilege_name.to_wstring, luid)
      new_privilege = new_privileges.privilege(new_privileges[:PrivilegeCount])
      new_privilege[:Luid][:LowPart] = luid[:LowPart]
      new_privilege[:Luid][:HighPart] = luid[:HighPart]
      new_privilege[:Attributes] = Chef::ReservedNames::Win32::API::Security::SE_PRIVILEGE_ENABLED
      new_privileges[:PrivilegeCount] = new_privileges[:PrivilegeCount] + 1
    end
  end

  old_privileges = Chef::ReservedNames::Win32::Security.adjust_token_privileges(self, new_privileges)
end