Module: Puppet::Util::Windows::User

Extended by:
Windows::Security
Includes:
Windows::Security
Defined in:
lib/vendor/puppet/util/windows/user.rb

Class Method Summary collapse

Class Method Details

.admin?Boolean

Returns:

  • (Boolean) 


10
11
12
13
14
15
16
17
18
19
 
# File 'lib/vendor/puppet/util/windows/user.rb', line 10

def admin?
  majversion = Facter.value(:kernelmajversion)
  return false unless majversion

  # if Vista or later, check for unrestricted process token
  return Win32::Security.elevated_security? unless majversion.to_f < 6.0

  # otherwise 2003 or less
  check_token_membership
end

.check_token_membershipObject 



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/vendor/puppet/util/windows/user.rb', line 22

def check_token_membership
  sid = 0.chr * 80
  size = [80].pack('L')
  member = 0.chr * 4

  unless CreateWellKnownSid(WinBuiltinAdministratorsSid, nil, sid, size)
    raise Puppet::Util::Windows::Error.new("Failed to create administrators SID")
  end

  unless IsValidSid(sid)
    raise Puppet::Util::Windows::Error.new("Invalid SID")
  end

  unless CheckTokenMembership(nil, sid, member)
    raise Puppet::Util::Windows::Error.new("Failed to check membership")
  end

  # Is administrators SID enabled in calling thread's access token?
  member.unpack('L')[0] == 1
end

.load_profile(user, password) ⇒ Object 



72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'lib/vendor/puppet/util/windows/user.rb', line 72

def load_profile(user, password)
  logon_user(user, password) do |token|
    # Set up the PROFILEINFO structure that will be used to load the
    # new user's profile
    # typedef struct _PROFILEINFO {
    #   DWORD  dwSize;
    #   DWORD  dwFlags;
    #   LPTSTR lpUserName;
    #   LPTSTR lpProfilePath;
    #   LPTSTR lpDefaultPath;
    #   LPTSTR lpServerName;
    #   LPTSTR lpPolicyPath;
    #   HANDLE hProfile;
    # } PROFILEINFO, *LPPROFILEINFO;
    fPI_NOUI = 1
    profile = 0.chr * 4
    pi = [4 * 8, fPI_NOUI, user, nil, nil, nil, nil, profile].pack('LLPPPPPP')

       = Win32API.new('userenv', 'LoadUserProfile', ['L', 'P'], 'L')
     = Win32API.new('userenv', 'UnloadUserProfile', ['L', 'P'], 'L')

    # Load the profile. Since it doesn't exist, it will be created
    if .call(token, pi) == 0
      raise Puppet::Util::Windows::Error.new("Failed to load user profile #{user.inspect}")
    end

    Puppet.debug("Loaded profile for #{user}")

    if .call(token, pi.unpack('LLLLLLLL').last) == 0
      raise Puppet::Util::Windows::Error.new("Failed to unload user profile #{user.inspect}")
    end
  end
end

.logon_user(name, password, &block) ⇒ Object 



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/vendor/puppet/util/windows/user.rb', line 52

def logon_user(name, password, &block)
  fLOGON32_LOGON_NETWORK = 3
  fLOGON32_PROVIDER_DEFAULT = 0

  logon_user = Win32API.new("advapi32", "LogonUser", ['P', 'P', 'P', 'L', 'L', 'P'], 'L')
  close_handle = Win32API.new("kernel32", "CloseHandle", ['P'], 'V')

  token = 0.chr * 4
  if logon_user.call(name, ".", password, fLOGON32_LOGON_NETWORK, fLOGON32_PROVIDER_DEFAULT, token) == 0
    raise Puppet::Util::Windows::Error.new("Failed to logon user #{name.inspect}")
  end

  begin
    yield token.unpack('L')[0] if block_given?
  ensure
    close_handle.call(token.unpack('L')[0])
  end
end

.password_is?(name, password) ⇒ Boolean

Returns:

  • (Boolean) 


44
45
46
47
48
49
 
# File 'lib/vendor/puppet/util/windows/user.rb', line 44

def password_is?(name, password)
  logon_user(name, password)
  true
rescue Puppet::Util::Windows::Error => e
  false
end