Module: Puppet::Util::Windows::User
- Extended by:
- Windows::Security
- Includes:
- Windows::Security
- Defined in:
- lib/vendor/puppet/util/windows/user.rb
Class Method Summary collapse
- .admin? ⇒ Boolean
- .check_token_membership ⇒ Object
- .load_profile(user, password) ⇒ Object
- .logon_user(name, password, &block) ⇒ Object
- .password_is?(name, password) ⇒ Boolean
Class Method Details
.admin? ⇒ Boolean
10 11 12 13 14 15 16 17 18 19 |
# File 'lib/vendor/puppet/util/windows/user.rb', line 10 def admin? majversion = Facter.value(:kernelmajversion) return false unless majversion # if Vista or later, check for unrestricted process token return Win32::Security.elevated_security? unless majversion.to_f < 6.0 # otherwise 2003 or less check_token_membership end |
.check_token_membership ⇒ Object
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'lib/vendor/puppet/util/windows/user.rb', line 22 def check_token_membership sid = 0.chr * 80 size = [80].pack('L') member = 0.chr * 4 unless CreateWellKnownSid(WinBuiltinAdministratorsSid, nil, sid, size) raise Puppet::Util::Windows::Error.new("Failed to create administrators SID") end unless IsValidSid(sid) raise Puppet::Util::Windows::Error.new("Invalid SID") end unless CheckTokenMembership(nil, sid, member) raise Puppet::Util::Windows::Error.new("Failed to check membership") end # Is administrators SID enabled in calling thread's access token? member.unpack('L')[0] == 1 end |
.load_profile(user, password) ⇒ Object
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
# File 'lib/vendor/puppet/util/windows/user.rb', line 72 def load_profile(user, password) logon_user(user, password) do |token| # Set up the PROFILEINFO structure that will be used to load the # new user's profile # typedef struct _PROFILEINFO { # DWORD dwSize; # DWORD dwFlags; # LPTSTR lpUserName; # LPTSTR lpProfilePath; # LPTSTR lpDefaultPath; # LPTSTR lpServerName; # LPTSTR lpPolicyPath; # HANDLE hProfile; # } PROFILEINFO, *LPPROFILEINFO; fPI_NOUI = 1 profile = 0.chr * 4 pi = [4 * 8, fPI_NOUI, user, nil, nil, nil, nil, profile].pack('LLPPPPPP') load_user_profile = Win32API.new('userenv', 'LoadUserProfile', ['L', 'P'], 'L') unload_user_profile = Win32API.new('userenv', 'UnloadUserProfile', ['L', 'P'], 'L') # Load the profile. Since it doesn't exist, it will be created if load_user_profile.call(token, pi) == 0 raise Puppet::Util::Windows::Error.new("Failed to load user profile #{user.inspect}") end Puppet.debug("Loaded profile for #{user}") if unload_user_profile.call(token, pi.unpack('LLLLLLLL').last) == 0 raise Puppet::Util::Windows::Error.new("Failed to unload user profile #{user.inspect}") end end end |
.logon_user(name, password, &block) ⇒ Object
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
# File 'lib/vendor/puppet/util/windows/user.rb', line 52 def logon_user(name, password, &block) fLOGON32_LOGON_NETWORK = 3 fLOGON32_PROVIDER_DEFAULT = 0 logon_user = Win32API.new("advapi32", "LogonUser", ['P', 'P', 'P', 'L', 'L', 'P'], 'L') close_handle = Win32API.new("kernel32", "CloseHandle", ['P'], 'V') token = 0.chr * 4 if logon_user.call(name, ".", password, fLOGON32_LOGON_NETWORK, fLOGON32_PROVIDER_DEFAULT, token) == 0 raise Puppet::Util::Windows::Error.new("Failed to logon user #{name.inspect}") end begin yield token.unpack('L')[0] if block_given? ensure close_handle.call(token.unpack('L')[0]) end end |