use of com.sun.jna.platform.win32.WinNT.PSID in project jna by java-native-access.
the class Advapi32Util method setSecurityDescriptorForObject.
/**
* Set a self relative security descriptor for the given object type.
*
* @param absoluteObjectPath
* A pointer to a null-terminated string that specifies the name of the object
* from which to retrieve security information. For descriptions of the string
* formats for the different object types, see {@link AccCtrl.SE_OBJECT_TYPE}.
* @param objectType
* Object type referred to by the path. See {@link AccCtrl.SE_OBJECT_TYPE} for valid definitions.
* @param securityDescriptor
* A security descriptor to set.
* @param setOwner
* Set the owner. The owner is extracted from securityDescriptor and must be valid,
* otherwise IllegalArgumentException is throw.
* See {@link Advapi32#SetNamedSecurityInfo} for process privilege requirements in getting the OWNER.
* @param setGroup
* Set the group. The group is extracted from securityDescriptor and must be valid,
* otherwise IllegalArgumentException is throw.
* @param setDACL
* Set the DACL. The DACL is extracted from securityDescriptor and must be valid,
* otherwise IllegalArgumentException is throw.
* @param setSACL
* Set the SACL. The SACL is extracted from securityDescriptor and must be valid,
* otherwise IllegalArgumentException is throw.
* See {@link Advapi32#SetNamedSecurityInfo} for process privilege requirements in getting the SACL.
* @param setDACLProtectedStatus
* Set DACL protected status as contained within securityDescriptor.control.
* @param setSACLProtectedStatus
* Set SACL protected status as contained within securityDescriptor.control.
*/
public static void setSecurityDescriptorForObject(final String absoluteObjectPath, int objectType, SECURITY_DESCRIPTOR_RELATIVE securityDescriptor, boolean setOwner, boolean setGroup, boolean setDACL, boolean setSACL, boolean setDACLProtectedStatus, boolean setSACLProtectedStatus) {
final PSID psidOwner = securityDescriptor.getOwner();
final PSID psidGroup = securityDescriptor.getGroup();
final ACL dacl = securityDescriptor.getDiscretionaryACL();
final ACL sacl = securityDescriptor.getSystemACL();
int infoType = 0;
// Parameter validation and infoType flag setting.
if (setOwner) {
if (psidOwner == null)
throw new IllegalArgumentException("SECURITY_DESCRIPTOR_RELATIVE does not contain owner");
if (!Advapi32.INSTANCE.IsValidSid(psidOwner))
throw new IllegalArgumentException("Owner PSID is invalid");
infoType |= OWNER_SECURITY_INFORMATION;
}
if (setGroup) {
if (psidGroup == null)
throw new IllegalArgumentException("SECURITY_DESCRIPTOR_RELATIVE does not contain group");
if (!Advapi32.INSTANCE.IsValidSid(psidGroup))
throw new IllegalArgumentException("Group PSID is invalid");
infoType |= GROUP_SECURITY_INFORMATION;
}
if (setDACL) {
if (dacl == null)
throw new IllegalArgumentException("SECURITY_DESCRIPTOR_RELATIVE does not contain DACL");
if (!Advapi32.INSTANCE.IsValidAcl(dacl.getPointer()))
throw new IllegalArgumentException("DACL is invalid");
infoType |= DACL_SECURITY_INFORMATION;
}
if (setSACL) {
if (sacl == null)
throw new IllegalArgumentException("SECURITY_DESCRIPTOR_RELATIVE does not contain SACL");
if (!Advapi32.INSTANCE.IsValidAcl(sacl.getPointer()))
throw new IllegalArgumentException("SACL is invalid");
infoType |= SACL_SECURITY_INFORMATION;
}
/*
* Control bits SE_DACL_PROTECTED/SE_SACL_PROTECTED indicate the *ACL is protected. The *ACL_SECURITY_INFORMATION flags
* are meta flags for SetNamedSecurityInfo and are not stored in the SD. If either *ACLProtectedStatus is set,
* get the current status from the securityDescriptor and apply as such, otherwise the ACL remains at its default.
*/
if (setDACLProtectedStatus) {
if ((securityDescriptor.Control & SE_DACL_PROTECTED) != 0) {
infoType |= PROTECTED_DACL_SECURITY_INFORMATION;
} else if ((securityDescriptor.Control & SE_DACL_PROTECTED) == 0) {
infoType |= UNPROTECTED_DACL_SECURITY_INFORMATION;
}
}
if (setSACLProtectedStatus) {
if ((securityDescriptor.Control & SE_SACL_PROTECTED) != 0) {
infoType |= PROTECTED_SACL_SECURITY_INFORMATION;
} else if ((securityDescriptor.Control & SE_SACL_PROTECTED) == 0) {
infoType |= UNPROTECTED_SACL_SECURITY_INFORMATION;
}
}
int lastError = Advapi32.INSTANCE.SetNamedSecurityInfo(absoluteObjectPath, objectType, infoType, setOwner ? psidOwner.getPointer() : null, setGroup ? psidGroup.getPointer() : null, setDACL ? dacl.getPointer() : null, setSACL ? sacl.getPointer() : null);
if (lastError != 0) {
throw new Win32Exception(lastError);
}
}
use of com.sun.jna.platform.win32.WinNT.PSID in project jna by java-native-access.
the class Advapi32Util method getAccountByName.
/**
* Retrieves a security identifier (SID) for a given account.
*
* @param systemName
* Name of the system.
* @param accountName
* Account name.
* @return A structure containing the account SID.
*/
public static Account getAccountByName(String systemName, String accountName) {
IntByReference pSid = new IntByReference(0);
IntByReference cchDomainName = new IntByReference(0);
PointerByReference peUse = new PointerByReference();
if (Advapi32.INSTANCE.LookupAccountName(systemName, accountName, null, pSid, null, cchDomainName, peUse)) {
throw new RuntimeException("LookupAccountNameW was expected to fail with ERROR_INSUFFICIENT_BUFFER");
}
int rc = Kernel32.INSTANCE.GetLastError();
if (pSid.getValue() == 0 || rc != W32Errors.ERROR_INSUFFICIENT_BUFFER) {
throw new Win32Exception(rc);
}
Memory sidMemory = new Memory(pSid.getValue());
PSID result = new PSID(sidMemory);
char[] referencedDomainName = new char[cchDomainName.getValue() + 1];
if (!Advapi32.INSTANCE.LookupAccountName(systemName, accountName, result, pSid, referencedDomainName, cchDomainName, peUse)) {
throw new Win32Exception(Kernel32.INSTANCE.GetLastError());
}
Account account = new Account();
account.accountType = peUse.getPointer().getInt(0);
account.name = accountName;
String[] accountNamePartsBs = accountName.split("\\\\", 2);
String[] accountNamePartsAt = accountName.split("@", 2);
if (accountNamePartsBs.length == 2) {
account.name = accountNamePartsBs[1];
} else if (accountNamePartsAt.length == 2) {
account.name = accountNamePartsAt[0];
} else {
account.name = accountName;
}
if (cchDomainName.getValue() > 0) {
account.domain = Native.toString(referencedDomainName);
account.fqn = account.domain + "\\" + account.name;
} else {
account.fqn = account.name;
}
account.sid = result.getBytes();
account.sidString = convertSidToStringSid(new PSID(account.sid));
return account;
}
use of com.sun.jna.platform.win32.WinNT.PSID in project jna by java-native-access.
the class Advapi32Test method testConvertSid.
public void testConvertSid() {
String sidString = EVERYONE;
PSIDByReference sid = new PSIDByReference();
assertTrue("Failed to convert SID string", Advapi32.INSTANCE.ConvertStringSidToSid(sidString, sid));
PSID value = sid.getValue();
try {
PointerByReference convertedSidStringPtr = new PointerByReference();
assertTrue("Failed to convert SID string", Advapi32.INSTANCE.ConvertSidToStringSid(value, convertedSidStringPtr));
Pointer conv = convertedSidStringPtr.getValue();
try {
String convertedSidString = conv.getWideString(0);
assertEquals("Mismatched SID string", convertedSidString, sidString);
} finally {
Kernel32Util.freeLocalMemory(conv);
}
} finally {
Kernel32Util.freeLocalMemory(value.getPointer());
}
}
use of com.sun.jna.platform.win32.WinNT.PSID in project jna by java-native-access.
the class Advapi32Test method testAddAce.
public void testAddAce() throws IOException {
ACL pAcl;
int cbAcl = 0;
PSID pSid = new PSID(WinNT.SECURITY_MAX_SID_SIZE);
IntByReference cbSid = new IntByReference(WinNT.SECURITY_MAX_SID_SIZE);
assertTrue("Failed to create well-known SID", Advapi32.INSTANCE.CreateWellKnownSid(WELL_KNOWN_SID_TYPE.WinBuiltinAdministratorsSid, null, pSid, cbSid));
int sidLength = Advapi32.INSTANCE.GetLengthSid(pSid);
cbAcl = Native.getNativeSize(ACL.class, null);
cbAcl += Advapi32Util.getAceSize(sidLength);
cbAcl = Advapi32Util.alignOnDWORD(cbAcl);
pAcl = new ACL(cbAcl);
ACCESS_ALLOWED_ACE pace = new ACCESS_ALLOWED_ACE(WinNT.STANDARD_RIGHTS_ALL, WinNT.INHERITED_ACE, pSid);
assertTrue(Advapi32.INSTANCE.InitializeAcl(pAcl, cbAcl, WinNT.ACL_REVISION));
assertTrue(Advapi32.INSTANCE.AddAce(pAcl, WinNT.ACL_REVISION, WinNT.MAXDWORD, pace.getPointer(), pace.size()));
PointerByReference pAce = new PointerByReference(new Memory(16));
assertTrue(Advapi32.INSTANCE.GetAce(pAcl, 0, pAce));
ACCESS_ALLOWED_ACE pAceGet = new ACCESS_ALLOWED_ACE(pAce.getValue());
assertTrue(pAceGet.Mask == WinNT.STANDARD_RIGHTS_ALL);
assertTrue(Advapi32.INSTANCE.EqualSid(pAceGet.psid, pSid));
}
use of com.sun.jna.platform.win32.WinNT.PSID in project jna by java-native-access.
the class Advapi32Test method testGetSidLength.
public void testGetSidLength() {
String sidString = EVERYONE;
PSIDByReference sid = new PSIDByReference();
assertTrue("SID conversion failed", Advapi32.INSTANCE.ConvertStringSidToSid(sidString, sid));
PSID value = sid.getValue();
try {
assertEquals("Wrong SID length", 12, Advapi32.INSTANCE.GetLengthSid(value));
} finally {
Kernel32Util.freeLocalMemory(value.getPointer());
}
}
Aggregations