Class: Win32::Security

Inherits:

Object

Object
Win32::Security

show all

Extended by:: Windows::Security::Functions

Includes:: Windows::Security::Constants, Windows::Security::Functions, Windows::Security::Structs

Defined in:: lib/win32/security.rb,
lib/win32/security/ace.rb,
lib/win32/security/acl.rb,
lib/win32/security/sid.rb

Overview

The Security class serves as a toplevel class namespace.

Defined Under Namespace

Classes: ACE, ACL, Error, SID

Constant Summary collapse

VERSION = The version of the win32-security library

'0.3.0'

TOKEN_QUERY = Used by OpenProcessToken

Class Method Summary collapse

.elevated_security? ⇒ Boolean

Returns whether or not the owner of the current process is running with elevated security privileges.

Class Method Details

.elevated_security? ⇒ `Boolean`

Returns whether or not the owner of the current process is running with elevated security privileges.

On Windows XP an earlier this method is actually just checking to see if the caller’s process is a member of the local Administrator’s group.

Returns:

(Boolean)

# File 'lib/win32/security.rb', line 35

def self.elevated_security?
  result = false

  FFI::MemoryPointer.new(:uintptr_t) do |token|
    unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, token)
      raise SystemCallError.new("OpenProcessToken", FFI.errno)
    end

    begin
      token = token.read_pointer.to_i

      # Since the TokenElevation struct only has 1 member, we use a pointer.
      te = FFI::MemoryPointer.new(:ulong)
      rl = FFI::MemoryPointer.new(:ulong)

      bool = GetTokenInformation(
        token,
        :TokenElevation,
        te,
        te.size,
        rl
      )

      raise SystemCallError.new("GetTokenInformation", FFI.errno) unless bool

      result = te.read_ulong != 0
    ensure
      CloseHandle(token)
      te.free
      rl.free
    end
  end

  result
end