Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added additional security functions #667

Merged
merged 3 commits into from
Aug 8, 2016
Merged

Added additional security functions #667

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5b90721
Added additional security functions
amarcionek Jun 1, 2016
c722e46
Rebasing from master
amarcionek Aug 2, 2016
8a7cc1b
Fixed pointer and size issues
amarcionek Aug 8, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGES.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ Features
* [#654](https://github.com/java-native-access/jna/pull/654): Support named arguments for `com.sun.jna.platform.win32.COM.util.CallbackProxy` based callbacks - [@matthiasblaesing](https://github.com/matthiasblaesing).
* [#659](https://github.com/java-native-access/jna/issues/659): Enable LCID (locale) override for `com.sun.jna.platform.win32.COM.util.ProxyObject`-based COM calls - [@matthiasblaesing](https://github.com/matthiasblaesing).
* [#665](https://github.com/java-native-access/jna/pull/665): Added `XSetWMProtocols` and `XGetWMProtocols` to `com.sun.jna.platform.unix.X11` - [@zainab-ali](https://github.com/zainab-ali).
* [#667](https://github.com/java-native-access/jna/pull/667): Added SetFileSecurity, GetSecurityInfo and SetSecurityInfo to `com.sun.jna.platform.win32.Advapi32` - [@amarcionek](https://github.com/amarcionek).
* [#667](https://github.com/java-native-access/jna/pull/667): Added NtSetSecurityObject and NtQuerySecurityObject to `com.sun.jna.platform.win32.NtDll` - [@amarcionek](https://github.com/amarcionek).
* [#680](https://github.com/java-native-access/jna/pull/680): Added `SetCurrentProcessExplicitAppUserModelID` and `GetCurrentProcessExplicitAppUserModelID` to `com.sun.jna.platform.win32.Shell32` for setting the [System.AppUserModel.ID](https://msdn.microsoft.com/en-us/library/windows/desktop/dd391569.aspx) of the host process - [@rednoah](https://github.com/rednoah).

Bug Fixes
Expand Down
138 changes: 138 additions & 0 deletions contrib/platform/src/com/sun/jna/platform/win32/Advapi32.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1634,6 +1634,144 @@ boolean GetFileSecurity(String lpFileName,
int RequestedInformation, Pointer pointer, int nLength,
IntByReference lpnLengthNeeded);

/**
* The SetFileSecurity function sets the security of a file or directory object.
* This function is obsolete. Use the SetNamedSecurityInfo function instead.
*
* @param lpFileName
* A pointer to a null-terminated string that specifies the file or directory for which security is set.
* Note that security applied to a directory is not inherited by its children.
* @param SecurityInformation
* Specifies a SECURITY_INFORMATION structure that identifies the contents of the security descriptor
* pointed to by the pSecurityDescriptor parameter.
* @param pSecurityDescriptor
* A pointer to a SECURITY_DESCRIPTOR structure.
* @return
* If the function succeeds, the function returns nonzero. If the function fails, it returns zero. To get
* extended error information, call GetLastError.
*/
boolean SetFileSecurity(String lpFileName, int SecurityInformation, Pointer pSecurityDescriptor);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check if pSecurityDescriptor could be declared to take a WinNT.SECURITY_DESCRIPTOR. I'm not sure how sensible this is, as SECURITY_DESCRIPTOR is basicly an opaque strucure, but it would be typed that way (maybe that structure needs a constructor added that takes an allocation size).


/**
* The GetSecurityInfo function retrieves a copy of the security descriptor for an object specified by a handle.
*
* @param handle [in]
* A handle to the object from which to retrieve security information.
* @param ObjectType [in]
* SE_OBJECT_TYPE enumeration value that indicates the type of object.
* @param SecurityInfo [in]
* A set of bit flags that indicate the type of security information to retrieve. See WinNT *_SECURITY_INFORMATION
* @param ppsidOwner [out, optional]
* A pointer to a variable that receives a pointer to the owner SID in the security descriptor returned
* in ppSecurityDescriptor. The returned pointer is valid only if you set the OWNER_SECURITY_INFORMATION flag.
* This parameter can be NULL if you do not need the owner SID.
* @param ppsidGroup [in, optional]
* A pointer to a variable that receives a pointer to the primary group SID in the returned security descriptor.
* The returned pointer is valid only if you set the GROUP_SECURITY_INFORMATION flag. This parameter can be NULL
* if you do not need the group SID.
* @param ppDacl [in, optional]
* A pointer to a variable that receives a pointer to the DACL in the returned security descriptor. The returned
* pointer is valid only if you set the DACL_SECURITY_INFORMATION flag. This parameter can be NULL if you do not
* need the DACL.
* @param ppSacl [in, optional]
* A pointer to a variable that receives a pointer to the SACL in the returned security descriptor. The returned
* pointer is valid only if you set the SACL_SECURITY_INFORMATION flag. This parameter can be NULL if you do not
* need the SACL.
* @param ppSecurityDescriptor
* A pointer to a variable that receives a pointer to the security descriptor of the object. When you have finished
* using the pointer, free the returned buffer by calling the LocalFree function.
* This parameter is required if any one of the ppsidOwner, ppsidGroup, ppDacl, or ppSacl parameters is not NULL.
* @return whether the call succeeded. A nonzero return is a failure.
*
* <p><b>NOTES:</b></p>
* <p>1. If the ppsidOwner, ppsidGroup, ppDacl, and ppSacl parameters are non-NULL, and the SecurityInfo parameter specifies
* that they be retrieved from the object, those parameters will point to the corresponding parameters in the security descriptor
* returned in ppSecurityDescriptor.</p>
* <p>2. To read the owner, group, or DACL from the object's security descriptor, the calling process must have been granted
* READ_CONTROL access when the handle was opened. To get READ_CONTROL access, the caller must be the owner of the object or
* the object's DACL must grant the access.</p>
* <p>3. To read the SACL from the security descriptor, the calling process must have been granted ACCESS_SYSTEM_SECURITY access
* when the handle was opened. The proper way to get this access is to enable the SE_SECURITY_NAME privilege in the caller's
* current token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege.</p>
* <p>4. If the supplied handle was opened with an ACCESS_MASK value of MAXIMUM_ALLOWED,
* then the SetSecurityInfo function will not propagate ACEs to children.</p>
*/
int GetSecurityInfo(HANDLE handle,
int ObjectType,
int SecurityInfo,
PointerByReference ppsidOwner,
PointerByReference ppsidGroup,
Copy link
Member

@matthiasblaesing matthiasblaesing Aug 2, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could ppsidOwner and ppsidGroup replaced with WinNT.PSID?

PointerByReference ppDacl,
PointerByReference ppSacl,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could ppDacl and ppSacl replaced with WinNT.ACL?

PointerByReference ppSecurityDescriptor);

/**
* The SetSecurityInfo function sets specified security information in
* the security descriptor of a specified object. The caller identifies the
* object by a handle.
*
* @param handle [in]
* A handle to the object for which to set security information.
* @param ObjectType [in]
* A value of the SE_OBJECT_TYPE enumeration that indicates the type
* of object named by the pObjectName parameter.
* @param SecurityInfo [in]
* A set of bit flags that indicate the type of security
* information to set. See WinNT *_SECURITY_INFORMATION
* @param ppsidOwner [in, optional]
* A pointer to a SID structure that identifies the owner of the object.
* If the caller does not have the SeRestorePrivilege constant
* (see Privilege Constants), this SID must be contained in the
* caller's token, and must have the SE_GROUP_OWNER permission enabled.
* The SecurityInfo parameter must include the OWNER_SECURITY_INFORMATION
* flag. To set the owner, the caller must have WRITE_OWNER access to
* the object or have the SE_TAKE_OWNERSHIP_NAME privilege enabled.
* If you are not setting the owner SID, this parameter can be NULL.
* @param ppsidGroup [in, optional]
* A pointer to a SID that identifies the primary group of the object.
* The SecurityInfo parameter must include the GROUP_SECURITY_INFORMATION
* flag. If you are not setting the primary group SID, this parameter
* can be NULL.
* @param ppDacl [in, optional]
* A pointer to the new DACL for the object. The SecurityInfo parameter
* must include the DACL_SECURITY_INFORMATION flag. The caller must have
* WRITE_DAC access to the object or be the owner of the object. If you
* are not setting the DACL, this parameter can be NULL.
* @param ppSacl [in, optional]
* A pointer to the new SACL for the object. The SecurityInfo parameter
* must include any of the following flags: SACL_SECURITY_INFORMATION,
* LABEL_SECURITY_INFORMATION, ATTRIBUTE_SECURITY_INFORMATION,
* SCOPE_SECURITY_INFORMATION, or BACKUP_SECURITY_INFORMATION.
* If setting SACL_SECURITY_INFORMATION or SCOPE_SECURITY_INFORMATION,
* the caller must have the SE_SECURITY_NAME privilege enabled. If
* you are not setting the SACL, this parameter can be NULL.
* @return whether the call succeeded. A nonzero return is a failure.
*
* <p><b>NOTES:</b></p>
* <p>1. If you are setting the discretionary access control list (DACL) or any elements
* in the system access control list (SACL) of an object, the system automatically
* propagates any inheritable access control entries (ACEs) to existing child objects,
* according to the ACE inheritance rules.</p>
* <p>2. The SetSecurityInfo function does not reorder access-allowed or access-denied
* ACEs based on the preferred order. When propagating inheritable ACEs to existing
* child objects, SetSecurityInfo puts inherited ACEs in order after all of the
* noninherited ACEs in the DACLs of the child objects.</p>
* <p>3. If share access to the children of the object is not available, this function
* will not propagate unprotected ACEs to the children. For example, if a directory
* is opened with exclusive access, the operating system will not propagate unprotected
* ACEs to the subdirectories or files of that directory when the security on the
* directory is changed.</p>
* <p>4. If the supplied handle was opened with an ACCESS_MASK value of MAXIMUM_ALLOWED,
* then the SetSecurityInfo function will not propagate ACEs to children.</p>
*/
int SetSecurityInfo(HANDLE handle,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see comments for GetSecurityInfo.

int ObjectType,
int SecurityInfo,
Pointer ppsidOwner,
Pointer ppsidGroup,
Pointer ppDacl,
Pointer ppSacl);

/**
* The GetNamedSecurityInfo function retrieves a copy of the security
* descriptor for an object specified by name
Expand Down
53 changes: 53 additions & 0 deletions contrib/platform/src/com/sun/jna/platform/win32/NtDll.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
package com.sun.jna.platform.win32;

import com.sun.jna.Native;
import com.sun.jna.Pointer;
import com.sun.jna.Structure;
import com.sun.jna.platform.win32.WinNT.HANDLE;
import com.sun.jna.ptr.IntByReference;
Expand Down Expand Up @@ -51,4 +52,56 @@ public interface NtDll extends StdCallLibrary {
*/
public int ZwQueryKey(HANDLE KeyHandle, int KeyInformationClass,
Structure KeyInformation, int Length, IntByReference ResultLength);

/**
* The NtSetSecurityObject routine sets an object's security state.
* @param handle [in]
* Handle for the object whose security state is to be set. This handle must have the access
* specified in the Meaning column of the table shown in the description of the
* SecurityInformation parameter.
* @param SecurityInformation [in]
* SECURITY_INFORMATION value specifying the information to be set. Can be a combination of
* one or more of the following:
* DACL_SECURITY_INFORMATION
* Indicates the discretionary access control list (DACL) of the object is to be set. Requires WRITE_DAC access.
* GROUP_SECURITY_INFORMATION
* Indicates the primary group identifier of the object is to be set. Requires WRITE_OWNER access.
* OWNER_SECURITY_INFORMATION
* Indicates the owner identifier of the object is to be set. Requires WRITE_OWNER access.
* SACL_SECURITY_INFORMATION
* Indicates the system ACL (SACL) of the object is to be set. Requires ACCESS_SYSTEM_SECURITY access.
* @param pSecurityDescriptor [in]
* Pointer to the security descriptor to be set for the object.
* @return
* NtSetSecurityObject returns STATUS_SUCCESS or an appropriate error status.
*/
public int NtSetSecurityObject(HANDLE handle, int SecurityInformation, Pointer pSecurityDescriptor);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see discussion above about SECURITY_DESCRIPTOR.


/**
* The NtQuerySecurityObject routine retrieves a copy of an object's security descriptor.
*
* @param handle [in]
* Handle for the object whose security descriptor is to be queried. This handle must have the access specified
* in the Meaning column of the table shown in the description of the SecurityInformation parameter.
* @param SecurityInformation [in]
* Pointer to a SECURITY_INFORMATION value specifying the information to be queried. Can be a combination of
* one or more of the following:
* DACL_SECURITY_INFORMATION
* Indicates the discretionary access control list (DACL) of the object is to be set. Requires WRITE_DAC access.
* GROUP_SECURITY_INFORMATION
* Indicates the primary group identifier of the object is to be set. Requires WRITE_OWNER access.
* OWNER_SECURITY_INFORMATION
* Indicates the owner identifier of the object is to be set. Requires WRITE_OWNER access.
* SACL_SECURITY_INFORMATION
* Indicates the system ACL (SACL) of the object is to be set. Requires ACCESS_SYSTEM_SECURITY access.
* @param SecurityDescriptor [out]
* Pointer to the security descriptor to be set for the object.
* @param Length [in]
* Size, in bytes, of the buffer pointed to by SecurityDescriptor.
* @param LengthNeeded [in]
* Pointer to a caller-allocated variable that receives the number of bytes required to store the copied security descriptor.
* @return
* NtQuerySecurityObject returns STATUS_SUCCESS or an appropriate error status.
*/
public int NtQuerySecurityObject(HANDLE handle, int SecurityInformation, Pointer SecurityDescriptor, int Length, IntByReference LengthNeeded);
}
Loading