Class: Win32::Security

Inherits:
Object
  • Object
show all
Extended by:
Windows::Security::Functions
Includes:
Windows::Security::Constants, Windows::Security::Functions, Windows::Security::Structs
Defined in:
lib/win32/security.rb,
lib/win32/security/ace.rb,
lib/win32/security/acl.rb,
lib/win32/security/sid.rb

Overview

The Security class serves as a toplevel class namespace.

Defined Under Namespace

Classes: ACE, ACL, Error, SID

Constant Summary collapse

VERSION =

The version of the win32-security library

'0.3.0'
TOKEN_QUERY =

Used by OpenProcessToken

8

Class Method Summary collapse

Class Method Details

.elevated_security?Boolean

Returns whether or not the owner of the current process is running with elevated security privileges.

On Windows XP an earlier this method is actually just checking to see if the caller’s process is a member of the local Administrator’s group.

Returns:

  • (Boolean)


35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# File 'lib/win32/security.rb', line 35

def self.elevated_security?
  result = false

  FFI::MemoryPointer.new(:uintptr_t) do |token|
    unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
      raise SystemCallError.new("OpenProcessToken", FFI.errno)
    end

    begin
      token = token.read_pointer.to_i

      # Since the TokenElevation struct only has 1 member, we use a pointer.
      te = FFI::MemoryPointer.new(:ulong)
      rl = FFI::MemoryPointer.new(:ulong)

      bool = GetTokenInformation(
        token,
        :TokenElevation,
        te,
        te.size,
        rl
      )

      raise SystemCallError.new("GetTokenInformation", FFI.errno) unless bool

      result = te.read_ulong != 0
    ensure
      CloseHandle(token)
      te.free
      rl.free
    end
  end

  result
end