Module org.elasticsearch.nativeaccess

Package org.elasticsearch.nativeaccess

Class WindowsNativeAccess

java.lang.Object

org.elasticsearch.nativeaccess.WindowsNativeAccess

All Implemented Interfaces:

NativeAccess

public class WindowsNativeAccess
extends Object

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	WindowsNativeAccess.ConsoleCtrlHandler	Windows callback for console events

Nested classes/interfaces inherited from interface org.elasticsearch.nativeaccess.NativeAccess

NativeAccess.ExecSandboxState

Field Summary

Fields

Modifier and Type	Field	Description
protected NativeAccess.ExecSandboxState	execSandboxState
protected boolean	isMemoryLocked
protected static final Logger	logger

Method Summary

Modifier and Type	Method	Description
boolean	addConsoleCtrlHandler(WindowsNativeAccess.ConsoleCtrlHandler handler)	Adds a Console Ctrl Handler for Windows.
OptionalLong	allocatedSizeInBytes(Path path)	Retrieves the actual number of bytes of disk storage used to store a specified file.
boolean	definitelyRunningAsRoot()	Determine whether this JVM is running as the root user.
NativeAccess.ExecSandboxState	getExecSandboxState()	Return whether installing the exec system call filters was successful, and to what degree.
ProcessLimits	getProcessLimits()	Return limits for the current process.
String	getShortPathName(String path)	Retrieves the short path form of the specified path.
Optional<VectorSimilarityFunctions>	getVectorSimilarityFunctions()
Zstd	getZstd()	Returns an accessor to zstd compression functions.
boolean	isMemoryLocked()	Return whether locking memory was successful, or false otherwise.
CloseableByteBuffer	newConfinedBuffer(int len)	Creates a new CloseableByteBuffer using a confined arena.
CloseableByteBuffer	newSharedBuffer(int len)	Creates a new CloseableByteBuffer using a shared arena.
Systemd	systemd()
void	tryInstallExecSandbox()	Install exec system call filtering on Windows.
void	tryLockMemory()	Attempt to lock this process's virtual memory address space into physical RAM.
void	tryPreallocate(Path file, long size)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

logger

protected static final Logger logger

isMemoryLocked

protected boolean isMemoryLocked

execSandboxState

protected NativeAccess.ExecSandboxState execSandboxState

Method Details

getShortPathName

public String getShortPathName(String path)

Retrieves the short path form of the specified path.

Parameters:

path - the path

Returns:

the short path name, or the original path name if unsupported or unavailable

addConsoleCtrlHandler

public boolean addConsoleCtrlHandler(WindowsNativeAccess.ConsoleCtrlHandler handler)

Adds a Console Ctrl Handler for Windows. On non-windows this is a noop.

Returns:

true if the handler is correctly set

definitelyRunningAsRoot

public boolean definitelyRunningAsRoot()

Description copied from interface: NativeAccess

Determine whether this JVM is running as the root user.

Returns:

true if running as root, or false if unsure

tryLockMemory

public void tryLockMemory()

Description copied from interface: NativeAccess

Attempt to lock this process's virtual memory address space into physical RAM.

tryInstallExecSandbox

public void tryInstallExecSandbox()

Install exec system call filtering on Windows.

Process creation is restricted with SetInformationJobObject/ActiveProcessLimit.

Note: This is not intended as a real sandbox. It is another level of security, mostly intended to annoy security researchers and make their lives more difficult in achieving "remote execution" exploits.

allocatedSizeInBytes

public OptionalLong allocatedSizeInBytes(Path path)

Description copied from interface: NativeAccess

Retrieves the actual number of bytes of disk storage used to store a specified file.

Parameters:

path - the path to the file

Returns:

an OptionalLong that contains the number of allocated bytes on disk for the file, or empty if the size is invalid

tryPreallocate

public void tryPreallocate(Path file,
 long size)

getProcessLimits

public ProcessLimits getProcessLimits()

Description copied from interface: NativeAccess

Return limits for the current process.

getVectorSimilarityFunctions

public Optional<VectorSimilarityFunctions> getVectorSimilarityFunctions()

systemd

public Systemd systemd()

Specified by:

systemd in interface NativeAccess

getZstd

public Zstd getZstd()

Description copied from interface: NativeAccess

Returns an accessor to zstd compression functions.

Specified by:

getZstd in interface NativeAccess

Returns:

an object used to compress and decompress bytes using zstd

newSharedBuffer

public CloseableByteBuffer newSharedBuffer(int len)

Description copied from interface: NativeAccess

Creates a new CloseableByteBuffer using a shared arena. The buffer can be used across multiple threads.

Specified by:

newSharedBuffer in interface NativeAccess

Parameters:

len - the number of bytes the buffer should allocate

Returns:

the buffer

newConfinedBuffer

public CloseableByteBuffer newConfinedBuffer(int len)

Description copied from interface: NativeAccess

Creates a new CloseableByteBuffer using a confined arena. The buffer must be used within the same thread that it is created.

Specified by:

newConfinedBuffer in interface NativeAccess

Parameters:

len - the number of bytes the buffer should allocate

Returns:

the buffer

isMemoryLocked

public boolean isMemoryLocked()

Description copied from interface: NativeAccess

Return whether locking memory was successful, or false otherwise.

Specified by:

isMemoryLocked in interface NativeAccess

getExecSandboxState

public NativeAccess.ExecSandboxState getExecSandboxState()

Description copied from interface: NativeAccess

Return whether installing the exec system call filters was successful, and to what degree.

Specified by:

getExecSandboxState in interface NativeAccess