1 /*
  2  * Copyright (c) 2008, 2018, Oracle and/or its affiliates. All rights reserved.
  3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  4  *
  5  * This code is free software; you can redistribute it and/or modify it
  6  * under the terms of the GNU General Public License version 2 only, as
  7  * published by the Free Software Foundation.  Oracle designates this
  8  * particular file as subject to the "Classpath" exception as provided
  9  * by Oracle in the LICENSE file that accompanied this code.
 10  *
 11  * This code is distributed in the hope that it will be useful, but WITHOUT
 12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 14  * version 2 for more details (a copy is included in the LICENSE file that
 15  * accompanied this code).
 16  *
 17  * You should have received a copy of the GNU General Public License version
 18  * 2 along with this work; if not, write to the Free Software Foundation,
 19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 20  *
 21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 22  * or visit www.oracle.com if you need additional information or have any
 23  * questions.
 24  */
 25 
 26 package sun.nio.fs;
 27 


 28 import static sun.nio.fs.WindowsNativeDispatcher.*;
 29 import static sun.nio.fs.WindowsConstants.*;
 30 
 31 /**
 32  * Security related utility methods.
 33  */
 34 
 35 class WindowsSecurity {
 36     private WindowsSecurity() { }
 37 
 38     // opens process token for given access
 39     private static long openProcessToken(int access) {
 40         try {
 41             return OpenProcessToken(GetCurrentProcess(), access);
 42         } catch (WindowsException x) {
 43             return 0L;
 44         }
 45     }
 46 
 47     /**
 48      * Returns the access token for this process with TOKEN_DUPLICATE access
 49      */
 50     static final long processTokenWithDuplicateAccess =
 51         openProcessToken(TOKEN_DUPLICATE);
 52 
 53     /**
 54      * Returns the access token for this process with TOKEN_QUERY access
 55      */
 56     static final long processTokenWithQueryAccess =
 57         openProcessToken(TOKEN_QUERY);
 58 
 59     /**
 60      * Returned by enablePrivilege when code may require a given privilege.
 61      * The drop method should be invoked after the operation completes so as
 62      * to revert the privilege.
 63      */
 64     static interface Privilege {
 65         void drop();
 66     }
 67 
 68     /**
 69      * Attempts to enable the given privilege for this method.
 70      */
 71     static Privilege enablePrivilege(String priv) {
 72         final long pLuid;
 73         try {
 74             pLuid = LookupPrivilegeValue(priv);
 75         } catch (WindowsException x) {
 76             // indicates bug in caller
 77             throw new AssertionError(x);
 78         }
 79 
 80         long hToken = 0L;
 81         boolean impersontating = false;
 82         boolean elevated = false;
 83         try {
 84             hToken = OpenThreadToken(GetCurrentThread(),
 85                                      TOKEN_ADJUST_PRIVILEGES, false);
 86             if (hToken == 0L && processTokenWithDuplicateAccess != 0L) {
 87                 hToken = DuplicateTokenEx(processTokenWithDuplicateAccess,
 88                     (TOKEN_ADJUST_PRIVILEGES|TOKEN_IMPERSONATE));
 89                 SetThreadToken(0L, hToken);
 90                 impersontating = true;
 91             }
 92 
 93             if (hToken != 0L) {
 94                 AdjustTokenPrivileges(hToken, pLuid, SE_PRIVILEGE_ENABLED);
 95                 elevated = true;
 96             }
 97         } catch (WindowsException x) {
 98             // nothing to do, privilege not enabled
 99         }
100 
101         final long token = hToken;
102         final boolean stopImpersontating = impersontating;
103         final boolean needToRevert = elevated;
104 



105         return () -> {
106             try {
107                 if (token != 0L) {
108                     try {
109                         if (stopImpersontating)
110                             SetThreadToken(0L, 0L);
111                         else if (needToRevert)
112                             AdjustTokenPrivileges(token, pLuid, 0);
113                     } catch (WindowsException x) {
114                         // should not happen
115                         throw new AssertionError(x);
116                     } finally {
117                         CloseHandle(token);
118                     }
119                 }
120             } finally {
121                 LocalFree(pLuid);

122             }
123         };
124     }
125 
126     /**
127      * Check the access right against the securityInfo in the current thread.
128      */
129     static boolean checkAccessMask(long securityInfo, int accessMask,
130         int genericRead, int genericWrite, int genericExecute, int genericAll)
131         throws WindowsException
132     {
133         int privileges = TOKEN_QUERY;
134         long hToken = OpenThreadToken(GetCurrentThread(), privileges, false);
135         if (hToken == 0L && processTokenWithDuplicateAccess != 0L)
136             hToken = DuplicateTokenEx(processTokenWithDuplicateAccess,
137                 privileges);
138 
139         boolean hasRight = false;
140         if (hToken != 0L) {
141             try {
142                 hasRight = AccessCheck(hToken, securityInfo, accessMask,
143                     genericRead, genericWrite, genericExecute, genericAll);
144             } finally {
145                 CloseHandle(hToken);
146             }
147         }
148         return hasRight;
149     }
150 
151 }
--- EOF ---