wrapperservicepermission.java

java程序写系统的服务

package org.tanukisoftware.wrapper.security;

/*
 * Copyright (c) 1999, 2006 Tanuki Software Inc.
 * 
 * Permission is hereby granted, free of charge, to any person
 * obtaining a copy of the Java Service Wrapper and associated
 * documentation files (the "Software"), to deal in the Software
 * without  restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sub-license,
 * and/or sell copies of the Software, and to permit persons to
 * whom the Software is furnished to do so, subject to the
 * following conditions:
 * 
 * The above copyright notice and this permission notice shall be
 * included in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES 
 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 
 * NON-INFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 
 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 
 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 * OTHER DEALINGS IN THE SOFTWARE.
 */

// $Log: WrapperServicePermission.java,v $
// Revision 1.3  2006/02/24 05:45:58  mortenson
// Update the copyright.
//
// Revision 1.2  2005/12/22 06:26:53  mortenson
// Change enum to en to avoid warnings when building under Java 1.5
//
// Revision 1.1  2005/06/24 16:00:39  mortenson
// Add a security model to protect the Wrapper and many of its calls when a
// ServiceManager has been registered with the JVM.
//

import java.security.Permission;
import java.security.PermissionCollection;
import java.util.Enumeration;
import java.util.Vector;
import java.util.StringTokenizer;

/**
 * WrapperServicePermissions are used to grant the right to start, stop,
 *  pause, continue, interrogate, or send custom codes to other services
 *  running on a Windows system.
 * <p>
 * These permissions are inherently quite dangerous so great care should be
 *  taken when granting them.  When doing so, try to only grant permission to
 *  those services which really need to be controlled.
 * <p>
 * The following are examples of how to specify the permission within a policy
 *  file.
 * <pre>
 *   grant codeBase "file:../lib/-" {
 *     // Grant various permissions to a specific service.
 *     permission org.tanukisoftware.wrapper.security.WrapperServicePermission "myservice", "interrogate";
 *     permission org.tanukisoftware.wrapper.security.WrapperServicePermission "myservice", "interrogate,start,stop";
 *     permission org.tanukisoftware.wrapper.security.WrapperServicePermission "myservice", "userCode";
 *     permission org.tanukisoftware.wrapper.security.WrapperServicePermission "myservice", "*";
 *
 *     // Grant various permissions to any service starting with "my".
 *     permission org.tanukisoftware.wrapper.security.WrapperServicePermission "my*", "*";
 *
 *     // Let the calling code do anything to any service on the system
 *     permission org.tanukisoftware.wrapper.security.WrapperServicePermission "*", "*";
 *     permission org.tanukisoftware.wrapper.security.WrapperServicePermission "*";
 *   };
 * </pre>
 * <p>
 * Possible actions include the following:
 * <table border='1' cellpadding='2' cellspacing='0'>
 *   <tr>
 *     <th>Permission Action Name</th>
 *     <th>What the Permission Allows</th>
 *     <th>Risks of Allowing this Permission</th>
 *   </tr>
 *
 *   <tr>
 *     <td>start</td>
 *     <td>Start a service which is installed but has not been started.</td>
 *     <td>Malicious code could potentially start any service that is not currently running.
 *         This includes services which were previously stopped or that are configured to be
 *         started manually.  Many Windows systems have several services stopped by default
 *         because of the security hazards that they pose.  Starting such services could open
 *         the system up to attacks related to that service.</td>
 *   </tr>
 *
 *   <tr>
 *     <td>stop</td>
 *     <td>Stop a service which is currently running.</td>
 *     <td>Malicious code could potentially stop running service.  This could result in a
 *         denial of service attack if the service is a web or database server.  Or it
 *         result in more dangerous attacks if the service is a firewall or virus scanner.
 *         </td>
 *   </tr>
 *
 *   <tr>
 *     <td>pause</td>
 *     <td>Pause a service which is currently running.</td>
 *     <td>Malicious code could potentially pause running service.  This could result in a
 *         denial of service attack if the service is a web or database server.  Or it
 *         result in more dangerous attacks if the service is a firewall or virus scanner.
 *         </td>
 *   </tr>
 *
 *   <tr>
 *     <td>continue</td>
 *     <td>Continue a service which was previously paused.</td>
 *     <td>Malicious code could resume services which had been paused for a good reason.</td>
 *   </tr>
 *
 *   <tr>
 *     <td>interrogate</td>
 *     <td>Interrogate a service as to its current state.</td>
 *     <td>Malicious code learn a lot about a system and its weakness by probing which
 *         services are currently running.</td>
 *   </tr>
 *
 *   <tr>
 *     <td>userCode</td>
 *     <td>Send any custom user code to a service.</td>
 *     <td>The danger of this action depends on whether or not the service understands
 *         custom user codes, and what it does with them.  This could potentially be a
 *         very dangerous permission to grant.</td>
 *   </tr>
 * </table>
 *
 * @author Leif Mortenson <leif@tanukisoftware.com>
 * @version $Revision: 1.3 $
 */
public class WrapperServicePermission
    extends Permission
{
    public static String ACTION_START = "start";
    public static String ACTION_STOP = "stop";
    public static String ACTION_PAUSE = "pause";
    public static String ACTION_CONTINUE = "continue";
    public static String ACTION_INTERROGATE = "interrogate";
    public static String ACTION_USER_CODE = "userCode";
    
    private static int MASK_START = 1;
    private static int MASK_STOP = 2;
    private static int MASK_PAUSE = 4;
    private static int MASK_CONTINUE = 8;
    private static int MASK_INTERROGATE = 16;
    private static int MASK_USER_CODE = 32;
    private static int MASK_ALL =
        MASK_START | MASK_STOP | MASK_PAUSE | MASK_CONTINUE | MASK_INTERROGATE | MASK_USER_CODE;
    
    private int m_actionMask;
    
    /*---------------------------------------------------------------
     * Constructors
     *-------------------------------------------------------------*/
    /**
     * Creates a new WrapperServicePermission for the specified service.
     *
     * @param serviceName The name of the service whose access is being
     *                    controlled.
     * @param actions The action or actions to be performed.
     */
    public WrapperServicePermission( String serviceName, String actions )
    {
        super( serviceName );
        m_actionMask = buildActionMask( actions );
    }
    
    /**
     * Creates a new WrapperServicePermission for the specified service.
     *  This version of the constructor grants all actions.
     *
     * @param serviceName The name of the service whose access is being
     *                    controlled.
     */
    public WrapperServicePermission( String serviceName )
    {
        this( serviceName, "*" );
    }
    
    /*---------------------------------------------------------------
     * Permission Methods
     *-------------------------------------------------------------*/
    /**
     * Checks two Permission objects for equality. 
     * <p>
     * Do not use the equals method for making access control decisions; use
     *  the implies method. 
     *
     * @param obj The object we are testing for equality with this object.
     *
     * @return True if both Permission objects are equivalent.
     */
    public boolean equals( Object obj )
    {
        if ( obj == this )
        {
            return true;
        }
        
        if ( !( obj instanceof WrapperServicePermission ) )
        {
            return false;
        }
        
        WrapperServicePermission wsp = (WrapperServicePermission)obj;
        
        return ( m_actionMask == wsp.m_actionMask ) &&
            getName().equals( wsp.getName() );
    }
    
    /**
     * Return the canonical string representation of the actions.
     *  Always returns present actions in the following order: 
     *  start, stop, pause, continue, interrogate. userCode.
     *
     * @return the canonical string representation of the actions.
     */
    public String getActions()
    {
        StringBuffer sb = new StringBuffer();
        boolean first = true;
        
        if ( ( m_actionMask & MASK_START ) != 0 )
        {
            if ( first )
            {
                sb.append( ',' );
            }
            else
            {
                first = false;
            }
            sb.append( ACTION_START );
        }
        if ( ( m_actionMask & MASK_STOP ) != 0 )
        {
            if ( first )
            {
                sb.append( ',' );
            }
            else
            {
                first = false;
            }
            sb.append( ACTION_STOP );
        }
        if ( ( m_actionMask & MASK_PAUSE ) != 0 )
        {
            if ( first )
            {
                sb.append( ',' );
            }
            else
            {
                first = false;
            }
            sb.append( ACTION_CONTINUE );
        }
        if ( ( m_actionMask & MASK_CONTINUE ) != 0 )
        {
            if ( first )
            {
                sb.append( ',' );
            }
            else
            {
                first = false;
            }
            sb.append( ACTION_CONTINUE );
        }
        if ( ( m_actionMask & MASK_INTERROGATE ) != 0 )
        {
            if ( first )
            {
                sb.append( ',' );
            }
            else