Examples with PSID com.sun.jna.platform.win32.WinNT.PSID used on opensource projects

Example 16 with PSID

use of com.sun.jna.platform.win32.WinNT.PSID in project jna by java-native-access.

the class Advapi32Util method setSecurityDescriptorForObject.

/**
     * Set a self relative security descriptor for the given object type.
     *
     * @param absoluteObjectPath
     *         A pointer to a null-terminated string that specifies the name of the object
     *         from which to retrieve security information. For descriptions of the string
     *         formats for the different object types, see {@link AccCtrl.SE_OBJECT_TYPE}.
     * @param objectType
     *         Object type referred to by the path. See  {@link AccCtrl.SE_OBJECT_TYPE} for valid definitions.
     * @param securityDescriptor
     *         A security descriptor to set.
     * @param setOwner
     *         Set the owner. The owner is extracted from securityDescriptor and must be valid,
     *         otherwise IllegalArgumentException is throw.
     *         See {@link Advapi32#SetNamedSecurityInfo} for process privilege requirements in getting the OWNER.
     * @param setGroup
     *         Set the group. The group is extracted from securityDescriptor and must be valid,
     *         otherwise IllegalArgumentException is throw.
     * @param setDACL
     *         Set the DACL. The DACL is extracted from securityDescriptor and must be valid,
     *         otherwise IllegalArgumentException is throw.
     * @param setSACL
     *         Set the SACL. The SACL is extracted from securityDescriptor and must be valid,
     *         otherwise IllegalArgumentException is throw.
     *          See {@link Advapi32#SetNamedSecurityInfo} for process privilege requirements in getting the SACL.
     * @param setDACLProtectedStatus
     *         Set DACL protected status as contained within securityDescriptor.control.
     * @param setSACLProtectedStatus
     *         Set SACL protected status as contained within securityDescriptor.control.
     */
public static void setSecurityDescriptorForObject(final String absoluteObjectPath, int objectType, SECURITY_DESCRIPTOR_RELATIVE securityDescriptor, boolean setOwner, boolean setGroup, boolean setDACL, boolean setSACL, boolean setDACLProtectedStatus, boolean setSACLProtectedStatus) {
    final PSID psidOwner = securityDescriptor.getOwner();
    final PSID psidGroup = securityDescriptor.getGroup();
    final ACL dacl = securityDescriptor.getDiscretionaryACL();
    final ACL sacl = securityDescriptor.getSystemACL();
    int infoType = 0;
    // Parameter validation and infoType flag setting.
    if (setOwner) {
        if (psidOwner == null)
            throw new IllegalArgumentException("SECURITY_DESCRIPTOR_RELATIVE does not contain owner");
        if (!Advapi32.INSTANCE.IsValidSid(psidOwner))
            throw new IllegalArgumentException("Owner PSID is invalid");
        infoType |= OWNER_SECURITY_INFORMATION;
    }
    if (setGroup) {
        if (psidGroup == null)
            throw new IllegalArgumentException("SECURITY_DESCRIPTOR_RELATIVE does not contain group");
        if (!Advapi32.INSTANCE.IsValidSid(psidGroup))
            throw new IllegalArgumentException("Group PSID is invalid");
        infoType |= GROUP_SECURITY_INFORMATION;
    }
    if (setDACL) {
        if (dacl == null)
            throw new IllegalArgumentException("SECURITY_DESCRIPTOR_RELATIVE does not contain DACL");
        if (!Advapi32.INSTANCE.IsValidAcl(dacl.getPointer()))
            throw new IllegalArgumentException("DACL is invalid");
        infoType |= DACL_SECURITY_INFORMATION;
    }
    if (setSACL) {
        if (sacl == null)
            throw new IllegalArgumentException("SECURITY_DESCRIPTOR_RELATIVE does not contain SACL");
        if (!Advapi32.INSTANCE.IsValidAcl(sacl.getPointer()))
            throw new IllegalArgumentException("SACL is invalid");
        infoType |= SACL_SECURITY_INFORMATION;
    }
    /*
    	 * Control bits SE_DACL_PROTECTED/SE_SACL_PROTECTED indicate the *ACL is protected. The *ACL_SECURITY_INFORMATION flags
    	 * are meta flags for SetNamedSecurityInfo and are not stored in the SD.  If either *ACLProtectedStatus is set,
    	 * get the current status from the securityDescriptor and apply as such, otherwise the ACL remains at its default.
    	*/
    if (setDACLProtectedStatus) {
        if ((securityDescriptor.Control & SE_DACL_PROTECTED) != 0) {
            infoType |= PROTECTED_DACL_SECURITY_INFORMATION;
        } else if ((securityDescriptor.Control & SE_DACL_PROTECTED) == 0) {
            infoType |= UNPROTECTED_DACL_SECURITY_INFORMATION;
        }
    }
    if (setSACLProtectedStatus) {
        if ((securityDescriptor.Control & SE_SACL_PROTECTED) != 0) {
            infoType |= PROTECTED_SACL_SECURITY_INFORMATION;
        } else if ((securityDescriptor.Control & SE_SACL_PROTECTED) == 0) {
            infoType |= UNPROTECTED_SACL_SECURITY_INFORMATION;
        }
    }
    int lastError = Advapi32.INSTANCE.SetNamedSecurityInfo(absoluteObjectPath, objectType, infoType, setOwner ? psidOwner.getPointer() : null, setGroup ? psidGroup.getPointer() : null, setDACL ? dacl.getPointer() : null, setSACL ? sacl.getPointer() : null);
    if (lastError != 0) {
        throw new Win32Exception(lastError);
    }
}

Example 17 with PSID

use of com.sun.jna.platform.win32.WinNT.PSID in project jna by java-native-access.

the class Advapi32Util method getAccountByName.

/**
	 * Retrieves a security identifier (SID) for a given account.
	 *
	 * @param systemName
	 *            Name of the system.
	 * @param accountName
	 *            Account name.
	 * @return A structure containing the account SID.
	 */
public static Account getAccountByName(String systemName, String accountName) {
    IntByReference pSid = new IntByReference(0);
    IntByReference cchDomainName = new IntByReference(0);
    PointerByReference peUse = new PointerByReference();
    if (Advapi32.INSTANCE.LookupAccountName(systemName, accountName, null, pSid, null, cchDomainName, peUse)) {
        throw new RuntimeException("LookupAccountNameW was expected to fail with ERROR_INSUFFICIENT_BUFFER");
    }
    int rc = Kernel32.INSTANCE.GetLastError();
    if (pSid.getValue() == 0 || rc != W32Errors.ERROR_INSUFFICIENT_BUFFER) {
        throw new Win32Exception(rc);
    }
    Memory sidMemory = new Memory(pSid.getValue());
    PSID result = new PSID(sidMemory);
    char[] referencedDomainName = new char[cchDomainName.getValue() + 1];
    if (!Advapi32.INSTANCE.LookupAccountName(systemName, accountName, result, pSid, referencedDomainName, cchDomainName, peUse)) {
        throw new Win32Exception(Kernel32.INSTANCE.GetLastError());
    }
    Account account = new Account();
    account.accountType = peUse.getPointer().getInt(0);
    account.name = accountName;
    String[] accountNamePartsBs = accountName.split("\\\\", 2);
    String[] accountNamePartsAt = accountName.split("@", 2);
    if (accountNamePartsBs.length == 2) {
        account.name = accountNamePartsBs[1];
    } else if (accountNamePartsAt.length == 2) {
        account.name = accountNamePartsAt[0];
    } else {
        account.name = accountName;
    }
    if (cchDomainName.getValue() > 0) {
        account.domain = Native.toString(referencedDomainName);
        account.fqn = account.domain + "\\" + account.name;
    } else {
        account.fqn = account.name;
    }
    account.sid = result.getBytes();
    account.sidString = convertSidToStringSid(new PSID(account.sid));
    return account;
}

Example 18 with PSID

use of com.sun.jna.platform.win32.WinNT.PSID in project jna by java-native-access.

the class Advapi32Test method testConvertSid.

public void testConvertSid() {
    String sidString = EVERYONE;
    PSIDByReference sid = new PSIDByReference();
    assertTrue("Failed to convert SID string", Advapi32.INSTANCE.ConvertStringSidToSid(sidString, sid));
    PSID value = sid.getValue();
    try {
        PointerByReference convertedSidStringPtr = new PointerByReference();
        assertTrue("Failed to convert SID string", Advapi32.INSTANCE.ConvertSidToStringSid(value, convertedSidStringPtr));
        Pointer conv = convertedSidStringPtr.getValue();
        try {
            String convertedSidString = conv.getWideString(0);
            assertEquals("Mismatched SID string", convertedSidString, sidString);
        } finally {
            Kernel32Util.freeLocalMemory(conv);
        }
    } finally {
        Kernel32Util.freeLocalMemory(value.getPointer());
    }
}

Example 19 with PSID

use of com.sun.jna.platform.win32.WinNT.PSID in project jna by java-native-access.

the class Advapi32Test method testAddAce.

public void testAddAce() throws IOException {
    ACL pAcl;
    int cbAcl = 0;
    PSID pSid = new PSID(WinNT.SECURITY_MAX_SID_SIZE);
    IntByReference cbSid = new IntByReference(WinNT.SECURITY_MAX_SID_SIZE);
    assertTrue("Failed to create well-known SID", Advapi32.INSTANCE.CreateWellKnownSid(WELL_KNOWN_SID_TYPE.WinBuiltinAdministratorsSid, null, pSid, cbSid));
    int sidLength = Advapi32.INSTANCE.GetLengthSid(pSid);
    cbAcl = Native.getNativeSize(ACL.class, null);
    cbAcl += Advapi32Util.getAceSize(sidLength);
    cbAcl = Advapi32Util.alignOnDWORD(cbAcl);
    pAcl = new ACL(cbAcl);
    ACCESS_ALLOWED_ACE pace = new ACCESS_ALLOWED_ACE(WinNT.STANDARD_RIGHTS_ALL, WinNT.INHERITED_ACE, pSid);
    assertTrue(Advapi32.INSTANCE.InitializeAcl(pAcl, cbAcl, WinNT.ACL_REVISION));
    assertTrue(Advapi32.INSTANCE.AddAce(pAcl, WinNT.ACL_REVISION, WinNT.MAXDWORD, pace.getPointer(), pace.size()));
    PointerByReference pAce = new PointerByReference(new Memory(16));
    assertTrue(Advapi32.INSTANCE.GetAce(pAcl, 0, pAce));
    ACCESS_ALLOWED_ACE pAceGet = new ACCESS_ALLOWED_ACE(pAce.getValue());
    assertTrue(pAceGet.Mask == WinNT.STANDARD_RIGHTS_ALL);
    assertTrue(Advapi32.INSTANCE.EqualSid(pAceGet.psid, pSid));
}

Example 20 with PSID

use of com.sun.jna.platform.win32.WinNT.PSID in project jna by java-native-access.

the class Advapi32Test method testGetSidLength.

public void testGetSidLength() {
    String sidString = EVERYONE;
    PSIDByReference sid = new PSIDByReference();
    assertTrue("SID conversion failed", Advapi32.INSTANCE.ConvertStringSidToSid(sidString, sid));
    PSID value = sid.getValue();
    try {
        assertEquals("Wrong SID length", 12, Advapi32.INSTANCE.GetLengthSid(value));
    } finally {
        Kernel32Util.freeLocalMemory(value.getPointer());
    }
}