1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00

Move the restricted_acl flag into winsecur.c.

It's silly to set it at each call site of restrict_process_acl() if
that function returns success! More sensible to have it be a flag in
the same source file as restrict_process_acl(), set as an automatic
_side effect_ of success.

I've renamed the variable itself, and the global name 'restricted_acl'
is now a query function that asks winsecur.c whether that operation
has been (successfully) performed.
This commit is contained in:
Simon Tatham 2020-02-02 10:00:42 +00:00
parent 6f0adb243a
commit 3cb86d9fa8
6 changed files with 9 additions and 8 deletions

View File

@ -845,7 +845,6 @@ int cmdline_process_param(const char *p, char *value,
!strcmp(p, "-restrictacl")) {
RETURN(1);
restrict_process_acl();
restricted_acl = true;
}
#endif

View File

@ -561,7 +561,6 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
(!p[2] || p[2] == '@' || p[2] == '&')) {
/* &R restrict-acl prefix */
restrict_process_acl();
restricted_acl = true;
p += 2;
}
@ -866,7 +865,7 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
}
}
if (restricted_acl) {
if (restricted_acl()) {
lp_eventlog(win_gui_logpolicy, "Running with restricted process ACL");
}
@ -2224,7 +2223,7 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
PROCESS_INFORMATION pi;
HANDLE filemap = NULL;
if (restricted_acl)
if (restricted_acl())
argprefix = "&R";
else
argprefix = "";

View File

@ -404,7 +404,7 @@ int main(int argc, char **argv)
return 1;
}
if (restricted_acl) {
if (restricted_acl()) {
lp_eventlog(console_cli_logpolicy,
"Running with restricted process ACL");
}

View File

@ -228,6 +228,9 @@ bool make_private_security_descriptor(DWORD permissions,
return ret;
}
static bool acl_restricted = false;
bool restricted_acl(void) { return acl_restricted; }
static bool really_restrict_process_acl(char **error)
{
EXPLICIT_ACCESS ea[2];
@ -278,7 +281,7 @@ static bool really_restrict_process_acl(char **error)
goto cleanup;
}
acl_restricted = true;
ret=true;
cleanup:

View File

@ -714,7 +714,7 @@ char *ssh_sftp_get_cmdline(const char *prompt, bool no_fds_ok)
void platform_psftp_pre_conn_setup(LogPolicy *lp)
{
if (restricted_acl) {
if (restricted_acl()) {
lp_eventlog(lp, "Running with restricted process ACL");
}
}

View File

@ -587,7 +587,7 @@ void dll_hijacking_protection(void);
HMODULE load_system32_dll(const char *libname);
const char *win_strerror(int error);
void restrict_process_acl(void);
GLOBAL bool restricted_acl;
bool restricted_acl(void);
void escape_registry_key(const char *in, strbuf *out);
void unescape_registry_key(const char *in, strbuf *out);