WindowsSecurity.java revision 6091
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * Copyright (c) 2008, 2009, Oracle and/or its affiliates. All rights reserved.
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * This code is free software; you can redistribute it and/or modify it
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * under the terms of the GNU General Public License version 2 only, as
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * published by the Free Software Foundation. Oracle designates this
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * particular file as subject to the "Classpath" exception as provided
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * by Oracle in the LICENSE file that accompanied this code.
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * This code is distributed in the hope that it will be useful, but WITHOUT
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * version 2 for more details (a copy is included in the LICENSE file that
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * accompanied this code).
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * You should have received a copy of the GNU General Public License version
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * 2 along with this work; if not, write to the Free Software Foundation,
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
c004493cdefc1f43a3956ca529e8070f8d70be56Lennart Poettering * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
d7b8eec7dc7fe307d3a08b32cf1a9ad4276ce6d5Lennart Poettering * or visit www.oracle.com if you need additional information or have any
4aa4d2ae9717d0f8656528a3197bbc0c256380b1Zbigniew Jędrzejewski-Szmekimport static sun.nio.fs.WindowsNativeDispatcher.*;
4aa4d2ae9717d0f8656528a3197bbc0c256380b1Zbigniew Jędrzejewski-Szmekimport static sun.nio.fs.WindowsConstants.*;
0a2f9085e29c855ec1aaa996ded00fc36b06210cLennart Poettering * Security related utility methods.
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering // opens process token for given access
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering private static long openProcessToken(int access) {
329c542585cd92cb905990e3bf59eda16fd88cfbLennart Poettering return OpenProcessToken(GetCurrentProcess(), access);
329c542585cd92cb905990e3bf59eda16fd88cfbLennart Poettering * Returns the access token for this process with TOKEN_DUPLICATE access
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering static final long processTokenWithDuplicateAccess =
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * Returns the access token for this process with TOKEN_QUERY access
755bde375f4db393ad06e73340bfcf4d0cf91bb2Lennart Poettering static final long processTokenWithQueryAccess =
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * Returned by enablePrivilege when code may require a given privilege.
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * The drop method should be invoked after the operation completes so as
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering * to revert the privilege.
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering static interface Privilege {
755bde375f4db393ad06e73340bfcf4d0cf91bb2Lennart Poettering * Attempts to enable the given privilege for this method.
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering static Privilege enablePrivilege(String priv) {
755bde375f4db393ad06e73340bfcf4d0cf91bb2Lennart Poettering // indicates bug in caller
755bde375f4db393ad06e73340bfcf4d0cf91bb2Lennart Poettering hToken = OpenThreadToken(GetCurrentThread(),
755bde375f4db393ad06e73340bfcf4d0cf91bb2Lennart Poettering if (hToken == 0L && processTokenWithDuplicateAccess != 0L) {
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering hToken = DuplicateTokenEx(processTokenWithDuplicateAccess,
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering (TOKEN_ADJUST_PRIVILEGES|TOKEN_IMPERSONATE));
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering AdjustTokenPrivileges(hToken, pLuid, SE_PRIVILEGE_ENABLED);
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering // nothing to do, privilege not enabled
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering final boolean stopImpersontating = impersontating;
7dbb1d08f66cd44b1296be3ee8e3629b989e19a8Zbigniew Jędrzejewski-Szmek AdjustTokenPrivileges(token, pLuid, 0);
8ea48dfcd33e8db0c01bf8c57c3bbcfdc3c86d4bLennart Poettering // should not happen
throw new AssertionError(x);
throws WindowsException
boolean hasRight = false;
return hasRight;