Example 6 with ACL
use of com.sun.jna.platform.win32.WinNT.ACL in project jna by java-native-access.
the class Advapi32Test method testInitializeAcl.
public void testInitializeAcl() throws IOException {
ACL pAcl;
int cbAcl = 0;
PSID pSid = new PSID(WinNT.SECURITY_MAX_SID_SIZE);
IntByReference cbSid = new IntByReference(WinNT.SECURITY_MAX_SID_SIZE);
assertTrue("Failed to create well-known SID", Advapi32.INSTANCE.CreateWellKnownSid(WELL_KNOWN_SID_TYPE.WinBuiltinAdministratorsSid, null, pSid, cbSid));
int sidLength = Advapi32.INSTANCE.GetLengthSid(pSid);
cbAcl = Native.getNativeSize(ACL.class, null);
cbAcl += Native.getNativeSize(ACCESS_ALLOWED_ACE.class, null);
cbAcl += (sidLength - DWORD.SIZE);
cbAcl = Advapi32Util.alignOnDWORD(cbAcl);
pAcl = new ACL(cbAcl);
assertTrue(Advapi32.INSTANCE.InitializeAcl(pAcl, cbAcl, WinNT.ACL_REVISION));
}
Also used :
IntByReference(com.sun.jna.ptr.IntByReference)
ACCESS_ALLOWED_ACE(com.sun.jna.platform.win32.WinNT.ACCESS_ALLOWED_ACE)
ACL(com.sun.jna.platform.win32.WinNT.ACL)
PSID(com.sun.jna.platform.win32.WinNT.PSID)
Example 7 with ACL
use of com.sun.jna.platform.win32.WinNT.ACL in project jna by java-native-access.
the class Advapi32Util method setSecurityDescriptorForObject.
/**
* Set a self relative security descriptor for the given object type.
*
* @param absoluteObjectPath
* A pointer to a null-terminated string that specifies the name of the object
* from which to retrieve security information. For descriptions of the string
* formats for the different object types, see {@link AccCtrl.SE_OBJECT_TYPE}.
* @param objectType
* Object type referred to by the path. See {@link AccCtrl.SE_OBJECT_TYPE} for valid definitions.
* @param securityDescriptor
* A security descriptor to set.
* @param setOwner
* Set the owner. The owner is extracted from securityDescriptor and must be valid,
* otherwise IllegalArgumentException is throw.
* See {@link Advapi32#SetNamedSecurityInfo} for process privilege requirements in getting the OWNER.
* @param setGroup
* Set the group. The group is extracted from securityDescriptor and must be valid,
* otherwise IllegalArgumentException is throw.
* @param setDACL
* Set the DACL. The DACL is extracted from securityDescriptor and must be valid,
* otherwise IllegalArgumentException is throw.
* @param setSACL
* Set the SACL. The SACL is extracted from securityDescriptor and must be valid,
* otherwise IllegalArgumentException is throw.
* See {@link Advapi32#SetNamedSecurityInfo} for process privilege requirements in getting the SACL.
* @param setDACLProtectedStatus
* Set DACL protected status as contained within securityDescriptor.control.
* @param setSACLProtectedStatus
* Set SACL protected status as contained within securityDescriptor.control.
*/
public static void setSecurityDescriptorForObject(final String absoluteObjectPath, int objectType, SECURITY_DESCRIPTOR_RELATIVE securityDescriptor, boolean setOwner, boolean setGroup, boolean setDACL, boolean setSACL, boolean setDACLProtectedStatus, boolean setSACLProtectedStatus) {
final PSID psidOwner = securityDescriptor.getOwner();
final PSID psidGroup = securityDescriptor.getGroup();
final ACL dacl = securityDescriptor.getDiscretionaryACL();
final ACL sacl = securityDescriptor.getSystemACL();
int infoType = 0;
// Parameter validation and infoType flag setting.
if (setOwner) {
if (psidOwner == null)
throw new IllegalArgumentException("SECURITY_DESCRIPTOR_RELATIVE does not contain owner");
if (!Advapi32.INSTANCE.IsValidSid(psidOwner))
throw new IllegalArgumentException("Owner PSID is invalid");
infoType |= OWNER_SECURITY_INFORMATION;
}
if (setGroup) {
if (psidGroup == null)
throw new IllegalArgumentException("SECURITY_DESCRIPTOR_RELATIVE does not contain group");
if (!Advapi32.INSTANCE.IsValidSid(psidGroup))
throw new IllegalArgumentException("Group PSID is invalid");
infoType |= GROUP_SECURITY_INFORMATION;
}
if (setDACL) {
if (dacl == null)
throw new IllegalArgumentException("SECURITY_DESCRIPTOR_RELATIVE does not contain DACL");
if (!Advapi32.INSTANCE.IsValidAcl(dacl.getPointer()))
throw new IllegalArgumentException("DACL is invalid");
infoType |= DACL_SECURITY_INFORMATION;
}
if (setSACL) {
if (sacl == null)
throw new IllegalArgumentException("SECURITY_DESCRIPTOR_RELATIVE does not contain SACL");
if (!Advapi32.INSTANCE.IsValidAcl(sacl.getPointer()))
throw new IllegalArgumentException("SACL is invalid");
infoType |= SACL_SECURITY_INFORMATION;
}
/*
* Control bits SE_DACL_PROTECTED/SE_SACL_PROTECTED indicate the *ACL is protected. The *ACL_SECURITY_INFORMATION flags
* are meta flags for SetNamedSecurityInfo and are not stored in the SD. If either *ACLProtectedStatus is set,
* get the current status from the securityDescriptor and apply as such, otherwise the ACL remains at its default.
*/
if (setDACLProtectedStatus) {
if ((securityDescriptor.Control & SE_DACL_PROTECTED) != 0) {
infoType |= PROTECTED_DACL_SECURITY_INFORMATION;
} else if ((securityDescriptor.Control & SE_DACL_PROTECTED) == 0) {
infoType |= UNPROTECTED_DACL_SECURITY_INFORMATION;
}
}
if (setSACLProtectedStatus) {
if ((securityDescriptor.Control & SE_SACL_PROTECTED) != 0) {
infoType |= PROTECTED_SACL_SECURITY_INFORMATION;
} else if ((securityDescriptor.Control & SE_SACL_PROTECTED) == 0) {
infoType |= UNPROTECTED_SACL_SECURITY_INFORMATION;
}
}
int lastError = Advapi32.INSTANCE.SetNamedSecurityInfo(absoluteObjectPath, objectType, infoType, setOwner ? psidOwner.getPointer() : null, setGroup ? psidGroup.getPointer() : null, setDACL ? dacl.getPointer() : null, setSACL ? sacl.getPointer() : null);
if (lastError != 0) {
throw new Win32Exception(lastError);
}
}Example 8 with ACL
use of com.sun.jna.platform.win32.WinNT.ACL in project jna by java-native-access.
the class Advapi32Test method testAddAce.
public void testAddAce() throws IOException {
ACL pAcl;
int cbAcl = 0;
PSID pSid = new PSID(WinNT.SECURITY_MAX_SID_SIZE);
IntByReference cbSid = new IntByReference(WinNT.SECURITY_MAX_SID_SIZE);
assertTrue("Failed to create well-known SID", Advapi32.INSTANCE.CreateWellKnownSid(WELL_KNOWN_SID_TYPE.WinBuiltinAdministratorsSid, null, pSid, cbSid));
int sidLength = Advapi32.INSTANCE.GetLengthSid(pSid);
cbAcl = Native.getNativeSize(ACL.class, null);
cbAcl += Advapi32Util.getAceSize(sidLength);
cbAcl = Advapi32Util.alignOnDWORD(cbAcl);
pAcl = new ACL(cbAcl);
ACCESS_ALLOWED_ACE pace = new ACCESS_ALLOWED_ACE(WinNT.STANDARD_RIGHTS_ALL, WinNT.INHERITED_ACE, pSid);
assertTrue(Advapi32.INSTANCE.InitializeAcl(pAcl, cbAcl, WinNT.ACL_REVISION));
assertTrue(Advapi32.INSTANCE.AddAce(pAcl, WinNT.ACL_REVISION, WinNT.MAXDWORD, pace.getPointer(), pace.size()));
PointerByReference pAce = new PointerByReference(new Memory(16));
assertTrue(Advapi32.INSTANCE.GetAce(pAcl, 0, pAce));
ACCESS_ALLOWED_ACE pAceGet = new ACCESS_ALLOWED_ACE(pAce.getValue());
assertTrue(pAceGet.Mask == WinNT.STANDARD_RIGHTS_ALL);
assertTrue(Advapi32.INSTANCE.EqualSid(pAceGet.psid, pSid));
}
Also used :
IntByReference(com.sun.jna.ptr.IntByReference)
ACCESS_ALLOWED_ACE(com.sun.jna.platform.win32.WinNT.ACCESS_ALLOWED_ACE)
Memory(com.sun.jna.Memory)
PointerByReference(com.sun.jna.ptr.PointerByReference)
ACL(com.sun.jna.platform.win32.WinNT.ACL)
PSID(com.sun.jna.platform.win32.WinNT.PSID)
Example 9 with ACL
use of com.sun.jna.platform.win32.WinNT.ACL in project jna by java-native-access.
the class Advapi32Test method testAddAccessAllowedAceEx.
public void testAddAccessAllowedAceEx() throws IOException {
ACL pAcl;
int cbAcl = 0;
PSID pSid = new PSID(WinNT.SECURITY_MAX_SID_SIZE);
IntByReference cbSid = new IntByReference(WinNT.SECURITY_MAX_SID_SIZE);
assertTrue("Failed to create well-known SID", Advapi32.INSTANCE.CreateWellKnownSid(WELL_KNOWN_SID_TYPE.WinBuiltinAdministratorsSid, null, pSid, cbSid));
int sidLength = Advapi32.INSTANCE.GetLengthSid(pSid);
cbAcl = Native.getNativeSize(ACL.class, null);
cbAcl += Advapi32Util.getAceSize(sidLength);
cbAcl = Advapi32Util.alignOnDWORD(cbAcl);
pAcl = new ACL(cbAcl);
assertTrue(Advapi32.INSTANCE.InitializeAcl(pAcl, cbAcl, WinNT.ACL_REVISION));
assertTrue(Advapi32.INSTANCE.AddAccessAllowedAceEx(pAcl, WinNT.ACL_REVISION, WinNT.INHERIT_ONLY_ACE, WinNT.STANDARD_RIGHTS_ALL, pSid));
PointerByReference pAce = new PointerByReference(new Memory(16));
assertTrue(Advapi32.INSTANCE.GetAce(pAcl, 0, pAce));
ACCESS_ALLOWED_ACE pAceGet = new ACCESS_ALLOWED_ACE(pAce.getValue());
assertTrue(pAceGet.Mask == WinNT.STANDARD_RIGHTS_ALL);
assertTrue(Advapi32.INSTANCE.EqualSid(pAceGet.psid, pSid));
}
Also used :
IntByReference(com.sun.jna.ptr.IntByReference)
ACCESS_ALLOWED_ACE(com.sun.jna.platform.win32.WinNT.ACCESS_ALLOWED_ACE)
Memory(com.sun.jna.Memory)
PointerByReference(com.sun.jna.ptr.PointerByReference)
ACL(com.sun.jna.platform.win32.WinNT.ACL)
PSID(com.sun.jna.platform.win32.WinNT.PSID)
Aggregations
ACL (com.sun.jna.platform.win32.WinNT.ACL)9
PSID (com.sun.jna.platform.win32.WinNT.PSID)8
IntByReference (com.sun.jna.ptr.IntByReference)8
ACCESS_ALLOWED_ACE (com.sun.jna.platform.win32.WinNT.ACCESS_ALLOWED_ACE)6
Memory (com.sun.jna.Memory)5
PointerByReference (com.sun.jna.ptr.PointerByReference)5
SECURITY_DESCRIPTOR (com.sun.jna.platform.win32.WinNT.SECURITY_DESCRIPTOR)2
SECURITY_DESCRIPTOR_RELATIVE (com.sun.jna.platform.win32.WinNT.SECURITY_DESCRIPTOR_RELATIVE)2
BOOL (com.sun.jna.platform.win32.WinDef.BOOL)1
BOOLByReference (com.sun.jna.platform.win32.WinDef.BOOLByReference)1
ACCESS_ACEStructure (com.sun.jna.platform.win32.WinNT.ACCESS_ACEStructure)1
PACLByReference (com.sun.jna.platform.win32.WinNT.PACLByReference)1
File (java.io.File)1
HashMap (java.util.HashMap)1
