1 /*
2 * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
85 TOKEN_ADJUST_PRIVILEGES, false);
86 if (hToken == 0L && processTokenWithDuplicateAccess != 0L) {
87 hToken = DuplicateTokenEx(processTokenWithDuplicateAccess,
88 (TOKEN_ADJUST_PRIVILEGES|TOKEN_IMPERSONATE));
89 SetThreadToken(0L, hToken);
90 impersontating = true;
91 }
92
93 if (hToken != 0L) {
94 AdjustTokenPrivileges(hToken, pLuid, SE_PRIVILEGE_ENABLED);
95 elevated = true;
96 }
97 } catch (WindowsException x) {
98 // nothing to do, privilege not enabled
99 }
100
101 final long token = hToken;
102 final boolean stopImpersontating = impersontating;
103 final boolean needToRevert = elevated;
104
105 return new Privilege() {
106 @Override
107 public void drop() {
108 if (token != 0L) {
109 try {
110 if (stopImpersontating)
111 SetThreadToken(0L, 0L);
112 else if (needToRevert)
113 AdjustTokenPrivileges(token, pLuid, 0);
114 } catch (WindowsException x) {
115 // should not happen
116 throw new AssertionError(x);
117 } finally {
118 CloseHandle(token);
119 }
120 }
121 }
122 };
123 }
124
125 /**
126 * Check the access right against the securityInfo in the current thread.
127 */
128 static boolean checkAccessMask(long securityInfo, int accessMask,
129 int genericRead, int genericWrite, int genericExecute, int genericAll)
130 throws WindowsException
131 {
132 int privileges = TOKEN_QUERY;
133 long hToken = OpenThreadToken(GetCurrentThread(), privileges, false);
134 if (hToken == 0L && processTokenWithDuplicateAccess != 0L)
135 hToken = DuplicateTokenEx(processTokenWithDuplicateAccess,
136 privileges);
137
138 boolean hasRight = false;
139 if (hToken != 0L) {
140 try {
|
1 /*
2 * Copyright (c) 2008, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
85 TOKEN_ADJUST_PRIVILEGES, false);
86 if (hToken == 0L && processTokenWithDuplicateAccess != 0L) {
87 hToken = DuplicateTokenEx(processTokenWithDuplicateAccess,
88 (TOKEN_ADJUST_PRIVILEGES|TOKEN_IMPERSONATE));
89 SetThreadToken(0L, hToken);
90 impersontating = true;
91 }
92
93 if (hToken != 0L) {
94 AdjustTokenPrivileges(hToken, pLuid, SE_PRIVILEGE_ENABLED);
95 elevated = true;
96 }
97 } catch (WindowsException x) {
98 // nothing to do, privilege not enabled
99 }
100
101 final long token = hToken;
102 final boolean stopImpersontating = impersontating;
103 final boolean needToRevert = elevated;
104
105 return () -> {
106 try {
107 if (token != 0L) {
108 try {
109 if (stopImpersontating)
110 SetThreadToken(0L, 0L);
111 else if (needToRevert)
112 AdjustTokenPrivileges(token, pLuid, 0);
113 } catch (WindowsException x) {
114 // should not happen
115 throw new AssertionError(x);
116 } finally {
117 CloseHandle(token);
118 }
119 }
120 } finally {
121 LocalFree(pLuid);
122 }
123 };
124 }
125
126 /**
127 * Check the access right against the securityInfo in the current thread.
128 */
129 static boolean checkAccessMask(long securityInfo, int accessMask,
130 int genericRead, int genericWrite, int genericExecute, int genericAll)
131 throws WindowsException
132 {
133 int privileges = TOKEN_QUERY;
134 long hToken = OpenThreadToken(GetCurrentThread(), privileges, false);
135 if (hToken == 0L && processTokenWithDuplicateAccess != 0L)
136 hToken = DuplicateTokenEx(processTokenWithDuplicateAccess,
137 privileges);
138
139 boolean hasRight = false;
140 if (hToken != 0L) {
141 try {
|