class Chef::Util::Windows::LogonSession

Attributes

authentication[R]
impersonating[R]
original_domain[R]
original_password[R]
original_username[R]
session_opened[R]
token[R]

Public Class Methods

new(username, password, domain = nil, authentication = :remote) click to toggle source
# File lib/chef/util/windows/logon_session.rb, line 28
def initialize(username, password, domain = nil, authentication = :remote)
  if username.nil? || password.nil?
    raise ArgumentError, "The logon session must be initialize with non-nil user name and password parameters"
  end

  @original_username = username
  @original_password = password
  @original_domain = domain
  @authentication = authentication
  @token = FFI::Buffer.new(:pointer)
  @session_opened = false
  @impersonating = false
end

Public Instance Methods

close() click to toggle source
# File lib/chef/util/windows/logon_session.rb, line 62
def close
  validate_session_open!

  if impersonating
    restore_user_context
  end

  Chef::ReservedNames::Win32::API::System.CloseHandle(token.read_ulong)
  @token = nil
  @session_opened = false
end
open() click to toggle source
# File lib/chef/util/windows/logon_session.rb, line 42
def open
  if session_opened
    raise "Attempted to open a logon session that was already open."
  end

  username = wstring(original_username)
  password = wstring(original_password)
  domain = wstring(original_domain)

  logon_type = (authentication == :local) ? (Chef::ReservedNames::Win32::API::Security::LOGON32_LOGON_NETWORK) : (Chef::ReservedNames::Win32::API::Security::LOGON32_LOGON_NEW_CREDENTIALS)
  status = Chef::ReservedNames::Win32::API::Security.LogonUserW(username, domain, password, logon_type, Chef::ReservedNames::Win32::API::Security::LOGON32_PROVIDER_DEFAULT, token)

  unless status
    last_error = FFI::LastError.error
    raise Chef::Exceptions::Win32APIError, "Logon for user `#{original_username}` failed with Win32 status #{last_error}."
  end

  @session_opened = true
end
restore_user_context() click to toggle source
# File lib/chef/util/windows/logon_session.rb, line 95
def restore_user_context
  validate_session_open!

  if impersonating
    status = Chef::ReservedNames::Win32::API::Security.RevertToSelf

    unless status
      last_error = FFI::LastError.error
      raise Chef::Exceptions::Win32APIError, "Unable to restore user context with Win32 status #{last_error}."
    end
  end

  @impersonating = false
end
set_user_context() click to toggle source
# File lib/chef/util/windows/logon_session.rb, line 74
def set_user_context
  validate_session_open!

  unless session_opened
    raise "Attempted to set the user context before opening a session."
  end

  if impersonating
    raise "Attempt to set the user context when the user context is already set."
  end

  status = Chef::ReservedNames::Win32::API::Security.ImpersonateLoggedOnUser(token.read_ulong)

  unless status
    last_error = FFI::LastError.error
    raise Chef::Exceptions::Win32APIError, "Attempt to impersonate user `#{original_username}` failed with Win32 status #{last_error}."
  end

  @impersonating = true
end

Protected Instance Methods

validate_session_open!() click to toggle source
# File lib/chef/util/windows/logon_session.rb, line 121
def validate_session_open!
  unless session_opened
    raise "Attempted to set the user context before opening a session."
  end
end