/*
 * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package sun.nio.fs;

import static sun.nio.fs.WindowsNativeDispatcher.*;
import static sun.nio.fs.WindowsConstants.*;

Security related utility methods.
/** * Security related utility methods. */
class WindowsSecurity { private WindowsSecurity() { } // opens process token for given access private static long openProcessToken(int access) { try { return OpenProcessToken(GetCurrentProcess(), access); } catch (WindowsException x) { return 0L; } }
Returns the access token for this process with TOKEN_DUPLICATE access
/** * Returns the access token for this process with TOKEN_DUPLICATE access */
static final long processTokenWithDuplicateAccess = openProcessToken(TOKEN_DUPLICATE);
Returns the access token for this process with TOKEN_QUERY access
/** * Returns the access token for this process with TOKEN_QUERY access */
static final long processTokenWithQueryAccess = openProcessToken(TOKEN_QUERY);
Returned by enablePrivilege when code may require a given privilege. The drop method should be invoked after the operation completes so as to revert the privilege.
/** * Returned by enablePrivilege when code may require a given privilege. * The drop method should be invoked after the operation completes so as * to revert the privilege. */
static interface Privilege { void drop(); }
Attempts to enable the given privilege for this method.
/** * Attempts to enable the given privilege for this method. */
static Privilege enablePrivilege(String priv) { final long pLuid; try { pLuid = LookupPrivilegeValue(priv); } catch (WindowsException x) { // indicates bug in caller throw new AssertionError(x); } long hToken = 0L; boolean impersontating = false; boolean elevated = false; try { hToken = OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES, false); if (hToken == 0L && processTokenWithDuplicateAccess != 0L) { hToken = DuplicateTokenEx(processTokenWithDuplicateAccess, (TOKEN_ADJUST_PRIVILEGES|TOKEN_IMPERSONATE)); SetThreadToken(0L, hToken); impersontating = true; } if (hToken != 0L) { AdjustTokenPrivileges(hToken, pLuid, SE_PRIVILEGE_ENABLED); elevated = true; } } catch (WindowsException x) { // nothing to do, privilege not enabled } final long token = hToken; final boolean stopImpersontating = impersontating; final boolean needToRevert = elevated; return new Privilege() { @Override public void drop() { if (token != 0L) { try { if (stopImpersontating) SetThreadToken(0L, 0L); else if (needToRevert) AdjustTokenPrivileges(token, pLuid, 0); } catch (WindowsException x) { // should not happen throw new AssertionError(x); } finally { CloseHandle(token); } } } }; }
Check the access right against the securityInfo in the current thread.
/** * Check the access right against the securityInfo in the current thread. */
static boolean checkAccessMask(long securityInfo, int accessMask, int genericRead, int genericWrite, int genericExecute, int genericAll) throws WindowsException { int privileges = TOKEN_QUERY; long hToken = OpenThreadToken(GetCurrentThread(), privileges, false); if (hToken == 0L && processTokenWithDuplicateAccess != 0L) hToken = DuplicateTokenEx(processTokenWithDuplicateAccess, privileges); boolean hasRight = false; if (hToken != 0L) { try { hasRight = AccessCheck(hToken, securityInfo, accessMask, genericRead, genericWrite, genericExecute, genericAll); } finally { CloseHandle(hToken); } } return hasRight; } }