Class: Chef::Util::Windows::LogonSession

Inherits:
Object
  • Object
show all
Includes:
Mixin::WideString
Defined in:
lib/chef/util/windows/logon_session.rb

Instance Method Summary collapse

Methods included from Mixin::WideString

#utf8_to_wide, #wide_to_utf8, #wstring

Constructor Details

#initialize(username, password, domain = nil, authentication = :remote) ⇒ LogonSession

Returns a new instance of LogonSession.



28
29
30
31
32
33
34
35
36
37
38
39
40
# File 'lib/chef/util/windows/logon_session.rb', line 28

def initialize(username, password, domain = nil, authentication = :remote)
  if username.nil? || password.nil?
    raise ArgumentError, "The logon session must be initialize with non-nil user name and password parameters"
  end

  @original_username = username
  @original_password = password
  @original_domain = domain
  @authentication = authentication
  @token = FFI::Buffer.new(:pointer)
  @session_opened = false
  @impersonating = false
end

Instance Method Details

#closeObject



62
63
64
65
66
67
68
69
70
71
72
# File 'lib/chef/util/windows/logon_session.rb', line 62

def close
  validate_session_open!

  if impersonating
    restore_user_context
  end

  Chef::ReservedNames::Win32::API::System.CloseHandle(token.read_ulong)
  @token = nil
  @session_opened = false
end

#openObject



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/chef/util/windows/logon_session.rb', line 42

def open
  if session_opened
    raise "Attempted to open a logon session that was already open."
  end

  username = wstring(original_username)
  password = wstring(original_password)
  domain = wstring(original_domain)

  logon_type = (authentication == :local) ? (Chef::ReservedNames::Win32::API::Security::LOGON32_LOGON_NETWORK) : (Chef::ReservedNames::Win32::API::Security::LOGON32_LOGON_NEW_CREDENTIALS)
  status = Chef::ReservedNames::Win32::API::Security.LogonUserW(username, domain, password, logon_type, Chef::ReservedNames::Win32::API::Security::LOGON32_PROVIDER_DEFAULT, token)

  unless status
    last_error = FFI::LastError.error
    raise Chef::Exceptions::Win32APIError, "Logon for user `#{original_username}` failed with Win32 status #{last_error}."
  end

  @session_opened = true
end

#restore_user_contextObject



95
96
97
98
99
100
101
102
103
104
105
106
107
108
# File 'lib/chef/util/windows/logon_session.rb', line 95

def restore_user_context
  validate_session_open!

  if impersonating
    status = Chef::ReservedNames::Win32::API::Security.RevertToSelf

    unless status
      last_error = FFI::LastError.error
      raise Chef::Exceptions::Win32APIError, "Unable to restore user context with Win32 status #{last_error}."
    end
  end

  @impersonating = false
end

#set_user_contextObject



74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# File 'lib/chef/util/windows/logon_session.rb', line 74

def set_user_context
  validate_session_open!

  unless session_opened
    raise "Attempted to set the user context before opening a session."
  end

  if impersonating
    raise "Attempt to set the user context when the user context is already set."
  end

  status = Chef::ReservedNames::Win32::API::Security.ImpersonateLoggedOnUser(token.read_ulong)

  unless status
    last_error = FFI::LastError.error
    raise Chef::Exceptions::Win32APIError, "Attempt to impersonate user `#{original_username}` failed with Win32 status #{last_error}."
  end

  @impersonating = true
end