nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-03-22 14:39:24 -05:00
Code Issues Projects Releases Wiki Activity

Move the restricted_acl flag into winsecur.c.

Browse Source 
It's silly to set it at each call site of restrict_process_acl() if
that function returns success! More sensible to have it be a flag in
the same source file as restrict_process_acl(), set as an automatic
_side effect_ of success.

I've renamed the variable itself, and the global name 'restricted_acl'
is now a query function that asks winsecur.c whether that operation
has been (successfully) performed.
This commit is contained in:
Simon Tatham 2020-02-02 10:00:42 +00:00
parent 6f0adb243a
commit 3cb86d9fa8
6 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmdline.c
View File

@ -845,7 +845,6 @@ int cmdline_process_param(const char *p, char *value,
!strcmp(p, "-restrictacl")) { !strcmp(p, "-restrictacl")) {
RETURN(1); RETURN(1);
restrict_process_acl(); restrict_process_acl();
restricted_acl = true;
} }
#endif #endif

5
windows/window.c
View File

@ -561,7 +561,6 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
(!p[2] || p[2] == '@' || p[2] == '&')) { (!p[2] || p[2] == '@' || p[2] == '&')) {
/* &R restrict-acl prefix */ /* &R restrict-acl prefix */
restrict_process_acl(); restrict_process_acl();
restricted_acl = true;
p += 2; p += 2;
} }
@ -866,7 +865,7 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
} }
} }
if (restricted_acl) { if (restricted_acl()) {
lp_eventlog(win_gui_logpolicy, "Running with restricted process ACL"); lp_eventlog(win_gui_logpolicy, "Running with restricted process ACL");
} }
@ -2224,7 +2223,7 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
PROCESS_INFORMATION pi; PROCESS_INFORMATION pi;
HANDLE filemap = NULL; HANDLE filemap = NULL;
if (restricted_acl) if (restricted_acl())
argprefix = "&R"; argprefix = "&R";
else else
argprefix = ""; argprefix = "";

2
windows/winplink.c
View File

@ -404,7 +404,7 @@ int main(int argc, char **argv)
return 1; return 1;
} }
if (restricted_acl) { if (restricted_acl()) {
lp_eventlog(console_cli_logpolicy, lp_eventlog(console_cli_logpolicy,
"Running with restricted process ACL"); "Running with restricted process ACL");
} }

5
windows/winsecur.c
View File

@ -228,6 +228,9 @@ bool make_private_security_descriptor(DWORD permissions,
return ret; return ret;
} }
static bool acl_restricted = false;
bool restricted_acl(void) { return acl_restricted; }
static bool really_restrict_process_acl(char **error) static bool really_restrict_process_acl(char **error)
{ {
EXPLICIT_ACCESS ea[2]; EXPLICIT_ACCESS ea[2];
@ -278,7 +281,7 @@ static bool really_restrict_process_acl(char **error)
goto cleanup; goto cleanup;
} }
acl_restricted = true;
ret=true; ret=true;
cleanup: cleanup:

2
windows/winsftp.c
View File

@ -714,7 +714,7 @@ char *ssh_sftp_get_cmdline(const char *prompt, bool no_fds_ok)
void platform_psftp_pre_conn_setup(LogPolicy *lp) void platform_psftp_pre_conn_setup(LogPolicy *lp)
{ {
if (restricted_acl) { if (restricted_acl()) {
lp_eventlog(lp, "Running with restricted process ACL"); lp_eventlog(lp, "Running with restricted process ACL");
} }
} }

2
windows/winstuff.h
View File

@ -587,7 +587,7 @@ void dll_hijacking_protection(void);
HMODULE load_system32_dll(const char *libname); HMODULE load_system32_dll(const char *libname);
const char *win_strerror(int error); const char *win_strerror(int error);
void restrict_process_acl(void); void restrict_process_acl(void);
GLOBAL bool restricted_acl; bool restricted_acl(void);
void escape_registry_key(const char *in, strbuf *out); void escape_registry_key(const char *in, strbuf *out);
void unescape_registry_key(const char *in, strbuf *out); void unescape_registry_key(const char *in, strbuf *out);