mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
Move the restricted_acl flag into winsecur.c.
It's silly to set it at each call site of restrict_process_acl() if that function returns success! More sensible to have it be a flag in the same source file as restrict_process_acl(), set as an automatic _side effect_ of success. I've renamed the variable itself, and the global name 'restricted_acl' is now a query function that asks winsecur.c whether that operation has been (successfully) performed.
This commit is contained in:
parent
6f0adb243a
commit
3cb86d9fa8
@ -845,7 +845,6 @@ int cmdline_process_param(const char *p, char *value,
|
||||
!strcmp(p, "-restrictacl")) {
|
||||
RETURN(1);
|
||||
restrict_process_acl();
|
||||
restricted_acl = true;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -561,7 +561,6 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
|
||||
(!p[2] || p[2] == '@' || p[2] == '&')) {
|
||||
/* &R restrict-acl prefix */
|
||||
restrict_process_acl();
|
||||
restricted_acl = true;
|
||||
p += 2;
|
||||
}
|
||||
|
||||
@ -866,7 +865,7 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
|
||||
}
|
||||
}
|
||||
|
||||
if (restricted_acl) {
|
||||
if (restricted_acl()) {
|
||||
lp_eventlog(win_gui_logpolicy, "Running with restricted process ACL");
|
||||
}
|
||||
|
||||
@ -2224,7 +2223,7 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
|
||||
PROCESS_INFORMATION pi;
|
||||
HANDLE filemap = NULL;
|
||||
|
||||
if (restricted_acl)
|
||||
if (restricted_acl())
|
||||
argprefix = "&R";
|
||||
else
|
||||
argprefix = "";
|
||||
|
@ -404,7 +404,7 @@ int main(int argc, char **argv)
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (restricted_acl) {
|
||||
if (restricted_acl()) {
|
||||
lp_eventlog(console_cli_logpolicy,
|
||||
"Running with restricted process ACL");
|
||||
}
|
||||
|
@ -228,6 +228,9 @@ bool make_private_security_descriptor(DWORD permissions,
|
||||
return ret;
|
||||
}
|
||||
|
||||
static bool acl_restricted = false;
|
||||
bool restricted_acl(void) { return acl_restricted; }
|
||||
|
||||
static bool really_restrict_process_acl(char **error)
|
||||
{
|
||||
EXPLICIT_ACCESS ea[2];
|
||||
@ -278,7 +281,7 @@ static bool really_restrict_process_acl(char **error)
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
|
||||
acl_restricted = true;
|
||||
ret=true;
|
||||
|
||||
cleanup:
|
||||
|
@ -714,7 +714,7 @@ char *ssh_sftp_get_cmdline(const char *prompt, bool no_fds_ok)
|
||||
|
||||
void platform_psftp_pre_conn_setup(LogPolicy *lp)
|
||||
{
|
||||
if (restricted_acl) {
|
||||
if (restricted_acl()) {
|
||||
lp_eventlog(lp, "Running with restricted process ACL");
|
||||
}
|
||||
}
|
||||
|
@ -587,7 +587,7 @@ void dll_hijacking_protection(void);
|
||||
HMODULE load_system32_dll(const char *libname);
|
||||
const char *win_strerror(int error);
|
||||
void restrict_process_acl(void);
|
||||
GLOBAL bool restricted_acl;
|
||||
bool restricted_acl(void);
|
||||
void escape_registry_key(const char *in, strbuf *out);
|
||||
void unescape_registry_key(const char *in, strbuf *out);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user