Class: Win32::Security

Inherits:
Object
  • Object
show all
Extended by:
Windows::Security::Functions
Includes:
Windows::Security::Constants, Windows::Security::Functions, Windows::Security::Structs
Defined in:
lib/win32/security.rb,
lib/win32/security/ace.rb,
lib/win32/security/acl.rb,
lib/win32/security/sid.rb

Overview

The Security class serves as a toplevel class namespace.

Defined Under Namespace

Classes: ACE, ACL, Error, SID

Constant Summary collapse

VERSION =

The version of the win32-security library

'0.2.3'
TOKEN_QUERY =

Used by OpenProcessToken

8

Constants included from Windows::Security::Constants

Windows::Security::Constants::ACL_REVISION, Windows::Security::Constants::ACL_REVISION1, Windows::Security::Constants::ACL_REVISION2, Windows::Security::Constants::ACL_REVISION3, Windows::Security::Constants::ACL_REVISION4, Windows::Security::Constants::AclRevisionInformation, Windows::Security::Constants::AclSizeInformation, Windows::Security::Constants::DOMAIN_ALIAS_RID_ACCOUNT_OPS, Windows::Security::Constants::DOMAIN_ALIAS_RID_ADMINS, Windows::Security::Constants::DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS, Windows::Security::Constants::DOMAIN_ALIAS_RID_BACKUP_OPS, Windows::Security::Constants::DOMAIN_ALIAS_RID_DCOM_USERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_GUESTS, Windows::Security::Constants::DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_LOGGING_USERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_MONITORING_USERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS, Windows::Security::Constants::DOMAIN_ALIAS_RID_POWER_USERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_PREW2KCOMPACCESS, Windows::Security::Constants::DOMAIN_ALIAS_RID_PRINT_OPS, Windows::Security::Constants::DOMAIN_ALIAS_RID_RAS_SERVERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_REPLICATOR, Windows::Security::Constants::DOMAIN_ALIAS_RID_SYSTEM_OPS, Windows::Security::Constants::DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_USERS, Windows::Security::Constants::DOMAIN_GROUP_RID_ADMINS, Windows::Security::Constants::DOMAIN_GROUP_RID_CERT_ADMINS, Windows::Security::Constants::DOMAIN_GROUP_RID_COMPUTERS, Windows::Security::Constants::DOMAIN_GROUP_RID_CONTROLLERS, Windows::Security::Constants::DOMAIN_GROUP_RID_ENTERPRISE_ADMINS, Windows::Security::Constants::DOMAIN_GROUP_RID_GUESTS, Windows::Security::Constants::DOMAIN_GROUP_RID_POLICY_ADMINS, Windows::Security::Constants::DOMAIN_GROUP_RID_SCHEMA_ADMINS, Windows::Security::Constants::DOMAIN_GROUP_RID_USERS, Windows::Security::Constants::DOMAIN_USER_RID_ADMIN, Windows::Security::Constants::DOMAIN_USER_RID_GUEST, Windows::Security::Constants::DOMAIN_USER_RID_KRBTGT, Windows::Security::Constants::DOMAIN_USER_RID_MAX, Windows::Security::Constants::ERROR_NO_TOKEN, Windows::Security::Constants::FOREST_USER_RID_MAX, Windows::Security::Constants::SECURITY_ANONYMOUS_LOGON_RID, Windows::Security::Constants::SECURITY_AUTHENTICATED_USER_RID, Windows::Security::Constants::SECURITY_BATCH_RID, Windows::Security::Constants::SECURITY_BUILTIN_DOMAIN_RID, Windows::Security::Constants::SECURITY_CREATOR_GROUP_RID, Windows::Security::Constants::SECURITY_CREATOR_GROUP_SERVER_RID, Windows::Security::Constants::SECURITY_CREATOR_OWNER_RID, Windows::Security::Constants::SECURITY_CREATOR_OWNER_SERVER_RID, Windows::Security::Constants::SECURITY_CREATOR_SID_AUTHORITY, Windows::Security::Constants::SECURITY_DIALUP_RID, Windows::Security::Constants::SECURITY_ENTERPRISE_CONTROLLERS_RID, Windows::Security::Constants::SECURITY_INTERACTIVE_RID, Windows::Security::Constants::SECURITY_LOCAL_RID, Windows::Security::Constants::SECURITY_LOCAL_SERVICE_RID, Windows::Security::Constants::SECURITY_LOCAL_SID_AUTHORITY, Windows::Security::Constants::SECURITY_LOCAL_SYSTEM_RID, Windows::Security::Constants::SECURITY_LOGON_IDS_RID, Windows::Security::Constants::SECURITY_LOGON_IDS_RID_COUNT, Windows::Security::Constants::SECURITY_MAX_ALWAYS_FILTERED, Windows::Security::Constants::SECURITY_MIN_NEVER_FILTERED, Windows::Security::Constants::SECURITY_NETWORK_RID, Windows::Security::Constants::SECURITY_NETWORK_SERVICE_RID, Windows::Security::Constants::SECURITY_NON_UNIQUE_AUTHORITY, Windows::Security::Constants::SECURITY_NT_AUTHORITY, Windows::Security::Constants::SECURITY_NT_NON_UNIQUE, Windows::Security::Constants::SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT, Windows::Security::Constants::SECURITY_NULL_RID, Windows::Security::Constants::SECURITY_NULL_SID_AUTHORITY, Windows::Security::Constants::SECURITY_OTHER_ORGANIZATION_RID, Windows::Security::Constants::SECURITY_PACKAGE_BASE_RID, Windows::Security::Constants::SECURITY_PACKAGE_DIGEST_RID, Windows::Security::Constants::SECURITY_PACKAGE_NTLM_RID, Windows::Security::Constants::SECURITY_PACKAGE_RID_COUNT, Windows::Security::Constants::SECURITY_PACKAGE_SCHANNEL_RID, Windows::Security::Constants::SECURITY_PRINCIPAL_SELF_RID, Windows::Security::Constants::SECURITY_PROXY_RID, Windows::Security::Constants::SECURITY_REMOTE_LOGON_RID, Windows::Security::Constants::SECURITY_RESOURCE_MANAGER_AUTHORITY, Windows::Security::Constants::SECURITY_RESTRICTED_CODE_RID, Windows::Security::Constants::SECURITY_SERVER_LOGON_RID, Windows::Security::Constants::SECURITY_SERVICE_RID, Windows::Security::Constants::SECURITY_TERMINAL_SERVER_RID, Windows::Security::Constants::SECURITY_THIS_ORGANIZATION_RID, Windows::Security::Constants::SECURITY_WORLD_RID, Windows::Security::Constants::SECURITY_WORLD_SID_AUTHORITY, Windows::Security::Constants::SidTypeAlias, Windows::Security::Constants::SidTypeComputer, Windows::Security::Constants::SidTypeDeletedAccount, Windows::Security::Constants::SidTypeDomain, Windows::Security::Constants::SidTypeGroup, Windows::Security::Constants::SidTypeInvalid, Windows::Security::Constants::SidTypeUnknown, Windows::Security::Constants::SidTypeUser, Windows::Security::Constants::SidTypeWellKnownGroup

Class Method Summary collapse

Class Method Details

.elevated_security?Boolean

Returns whether or not the owner of the current process is running with elevated security privileges.

On Windows XP an earlier this method is actually just checking to see if the caller’s process is a member of the local Administrator’s group.

Returns:

  • (Boolean) 


35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
 
# File 'lib/win32/security.rb', line 35

def self.elevated_security?
  if windows_version < 6
    sid_ptr     = FFI::MemoryPointer.new(:pointer)
    nt_auth_ptr = FFI::MemoryPointer.new(SID_IDENTIFIER_AUTHORITY,1)

    nt_auth = SID_IDENTIFIER_AUTHORITY.new(nt_auth_ptr)
    nt_auth[:Value].to_ptr.put_bytes(0, 0.chr*5 + 5.chr)

    bool = AllocateAndInitializeSid(
      nt_auth_ptr,
      2,
      SECURITY_BUILTIN_DOMAIN_RID,
      DOMAIN_ALIAS_RID_ADMINS,
      0, 0, 0, 0, 0, 0,
      sid_ptr
    )
    unless bool
      raise SystemCallError.new("AllocateAndInitializeSid", FFI.errno)
    end

    pbool = FFI::MemoryPointer.new(:long)

    unless CheckTokenMembership(0, sid_ptr.read_pointer, pbool)
      raise SystemCallError.new("CheckTokenMembership", FFI.errno)
    end

    pbool.read_long != 0
  else
    token = FFI::MemoryPointer.new(:ulong)

    unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
      raise SystemCallError.new("OpenProcessToken", FFI.errno)
    end

    begin
      token = token.read_ulong

      # Since the TokenElevation struct only has 1 member, we use a pointer.
      te = FFI::MemoryPointer.new(:ulong)
      rl = FFI::MemoryPointer.new(:ulong)

      bool = GetTokenInformation(
        token,
        :TokenElevation,
        te,
        te.size,
        rl
      )

      raise SystemCallError.new("GetTokenInformation", FFI.errno) unless bool
    ensure
      CloseHandle(token)
    end

    te.read_ulong != 0
  end
end