94 lines
2.6 KiB
Ruby
94 lines
2.6 KiB
Ruby
#
|
|
# Author:: Doug MacEachern <dougm@vmware.com>
|
|
# Author:: Paul Morton (<pmorton@biaprotect.com>)
|
|
# Cookbook Name:: windows
|
|
# Library:: windows_privileged
|
|
#
|
|
# Copyright:: 2010, VMware, Inc.
|
|
# Copyright:: 2011, Business Intelligence Associates, Inc
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
if RUBY_PLATFORM =~ /mswin|mingw32|windows/
|
|
require 'windows/error'
|
|
require 'windows/registry'
|
|
require 'windows/process'
|
|
require 'windows/security'
|
|
end
|
|
|
|
#helpers for Windows API calls that require privilege adjustments
|
|
class Chef
|
|
class WindowsPrivileged
|
|
if RUBY_PLATFORM =~ /mswin|mingw32|windows/
|
|
include Windows::Error
|
|
include Windows::Registry
|
|
include Windows::Process
|
|
include Windows::Security
|
|
end
|
|
#File -> Load Hive... in regedit.exe
|
|
def reg_load_key(name, file)
|
|
run(SE_BACKUP_NAME, SE_RESTORE_NAME) do
|
|
rc = RegLoadKey(HKEY_USERS, "#{name}", file)
|
|
if rc == ERROR_SUCCESS
|
|
return true
|
|
elsif rc == ERROR_SHARING_VIOLATION
|
|
return false
|
|
else
|
|
raise get_last_error(rc)
|
|
end
|
|
end
|
|
end
|
|
|
|
#File -> Unload Hive... in regedit.exe
|
|
def reg_unload_key(name)
|
|
run(SE_BACKUP_NAME, SE_RESTORE_NAME) do
|
|
rc = RegUnLoadKey(HKEY_USERS, "#{name}")
|
|
if rc != ERROR_SUCCESS
|
|
raise get_last_error(rc)
|
|
end
|
|
end
|
|
end
|
|
|
|
def run(*privileges)
|
|
token = [0].pack('L')
|
|
|
|
unless OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, token)
|
|
raise get_last_error
|
|
end
|
|
token = token.unpack('L')[0]
|
|
|
|
privileges.each do |name|
|
|
unless adjust_privilege(token, name, SE_PRIVILEGE_ENABLED)
|
|
raise get_last_error
|
|
end
|
|
end
|
|
|
|
begin
|
|
yield
|
|
ensure #disable privs
|
|
privileges.each do |name|
|
|
adjust_privilege(token, name, 0)
|
|
end
|
|
end
|
|
end
|
|
|
|
def adjust_privilege(token, priv, attr=0)
|
|
luid = [0,0].pack('Ll')
|
|
if LookupPrivilegeValue(nil, priv, luid)
|
|
new_state = [1, luid.unpack('Ll'), attr].flatten.pack('LLlL')
|
|
AdjustTokenPrivileges(token, 0, new_state, new_state.size, 0, 0)
|
|
end
|
|
end
|
|
end
|
|
end |