< prev index next >

src/java.base/windows/classes/sun/nio/fs/WindowsSecurity.java

Print this page

  8  * particular file as subject to the "Classpath" exception as provided
  9  * by Oracle in the LICENSE file that accompanied this code.
 10  *
 11  * This code is distributed in the hope that it will be useful, but WITHOUT
 12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 14  * version 2 for more details (a copy is included in the LICENSE file that
 15  * accompanied this code).
 16  *
 17  * You should have received a copy of the GNU General Public License version
 18  * 2 along with this work; if not, write to the Free Software Foundation,
 19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 20  *
 21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 22  * or visit www.oracle.com if you need additional information or have any
 23  * questions.
 24  */
 25 
 26 package sun.nio.fs;
 27 


 28 import static sun.nio.fs.WindowsNativeDispatcher.*;
 29 import static sun.nio.fs.WindowsConstants.*;
 30 
 31 /**
 32  * Security related utility methods.
 33  */
 34 
 35 class WindowsSecurity {
 36     private WindowsSecurity() { }
 37 
 38     // opens process token for given access
 39     private static long openProcessToken(int access) {
 40         try {
 41             return OpenProcessToken(GetCurrentProcess(), access);
 42         } catch (WindowsException x) {
 43             return 0L;
 44         }
 45     }
 46 
 47     /**

 85                                      TOKEN_ADJUST_PRIVILEGES, false);
 86             if (hToken == 0L && processTokenWithDuplicateAccess != 0L) {
 87                 hToken = DuplicateTokenEx(processTokenWithDuplicateAccess,
 88                     (TOKEN_ADJUST_PRIVILEGES|TOKEN_IMPERSONATE));
 89                 SetThreadToken(0L, hToken);
 90                 impersontating = true;
 91             }
 92 
 93             if (hToken != 0L) {
 94                 AdjustTokenPrivileges(hToken, pLuid, SE_PRIVILEGE_ENABLED);
 95                 elevated = true;
 96             }
 97         } catch (WindowsException x) {
 98             // nothing to do, privilege not enabled
 99         }
100 
101         final long token = hToken;
102         final boolean stopImpersontating = impersontating;
103         final boolean needToRevert = elevated;
104 



105         return () -> {
106             try {
107                 if (token != 0L) {
108                     try {
109                         if (stopImpersontating)
110                             SetThreadToken(0L, 0L);
111                         else if (needToRevert)
112                             AdjustTokenPrivileges(token, pLuid, 0);
113                     } catch (WindowsException x) {
114                         // should not happen
115                         throw new AssertionError(x);
116                     } finally {
117                         CloseHandle(token);
118                     }
119                 }
120             } finally {
121                 LocalFree(pLuid);

122             }
123         };
124     }
125 
126     /**
127      * Check the access right against the securityInfo in the current thread.
128      */
129     static boolean checkAccessMask(long securityInfo, int accessMask,
130         int genericRead, int genericWrite, int genericExecute, int genericAll)
131         throws WindowsException
132     {
133         int privileges = TOKEN_QUERY;
134         long hToken = OpenThreadToken(GetCurrentThread(), privileges, false);
135         if (hToken == 0L && processTokenWithDuplicateAccess != 0L)
136             hToken = DuplicateTokenEx(processTokenWithDuplicateAccess,
137                 privileges);
138 
139         boolean hasRight = false;
140         if (hToken != 0L) {
141             try {

  8  * particular file as subject to the "Classpath" exception as provided
  9  * by Oracle in the LICENSE file that accompanied this code.
 10  *
 11  * This code is distributed in the hope that it will be useful, but WITHOUT
 12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 14  * version 2 for more details (a copy is included in the LICENSE file that
 15  * accompanied this code).
 16  *
 17  * You should have received a copy of the GNU General Public License version
 18  * 2 along with this work; if not, write to the Free Software Foundation,
 19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 20  *
 21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 22  * or visit www.oracle.com if you need additional information or have any
 23  * questions.
 24  */
 25 
 26 package sun.nio.fs;
 27 
 28 import jdk.internal.vm.Continuation;
 29 
 30 import static sun.nio.fs.WindowsNativeDispatcher.*;
 31 import static sun.nio.fs.WindowsConstants.*;
 32 
 33 /**
 34  * Security related utility methods.
 35  */
 36 
 37 class WindowsSecurity {
 38     private WindowsSecurity() { }
 39 
 40     // opens process token for given access
 41     private static long openProcessToken(int access) {
 42         try {
 43             return OpenProcessToken(GetCurrentProcess(), access);
 44         } catch (WindowsException x) {
 45             return 0L;
 46         }
 47     }
 48 
 49     /**

 87                                      TOKEN_ADJUST_PRIVILEGES, false);
 88             if (hToken == 0L && processTokenWithDuplicateAccess != 0L) {
 89                 hToken = DuplicateTokenEx(processTokenWithDuplicateAccess,
 90                     (TOKEN_ADJUST_PRIVILEGES|TOKEN_IMPERSONATE));
 91                 SetThreadToken(0L, hToken);
 92                 impersontating = true;
 93             }
 94 
 95             if (hToken != 0L) {
 96                 AdjustTokenPrivileges(hToken, pLuid, SE_PRIVILEGE_ENABLED);
 97                 elevated = true;
 98             }
 99         } catch (WindowsException x) {
100             // nothing to do, privilege not enabled
101         }
102 
103         final long token = hToken;
104         final boolean stopImpersontating = impersontating;
105         final boolean needToRevert = elevated;
106 
107         // prevent yielding with privileges
108         Continuation.pin();
109 
110         return () -> {
111             try {
112                 if (token != 0L) {
113                     try {
114                         if (stopImpersontating)
115                             SetThreadToken(0L, 0L);
116                         else if (needToRevert)
117                             AdjustTokenPrivileges(token, pLuid, 0);
118                     } catch (WindowsException x) {
119                         // should not happen
120                         throw new AssertionError(x);
121                     } finally {
122                         CloseHandle(token);
123                     }
124                 }
125             } finally {
126                 LocalFree(pLuid);
127                 Continuation.unpin();
128             }
129         };
130     }
131 
132     /**
133      * Check the access right against the securityInfo in the current thread.
134      */
135     static boolean checkAccessMask(long securityInfo, int accessMask,
136         int genericRead, int genericWrite, int genericExecute, int genericAll)
137         throws WindowsException
138     {
139         int privileges = TOKEN_QUERY;
140         long hToken = OpenThreadToken(GetCurrentThread(), privileges, false);
141         if (hToken == 0L && processTokenWithDuplicateAccess != 0L)
142             hToken = DuplicateTokenEx(processTokenWithDuplicateAccess,
143                 privileges);
144 
145         boolean hasRight = false;
146         if (hToken != 0L) {
147             try {
< prev index next >