nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-04-21 04:55:02 -05:00
Code Issues Projects Releases Wiki Activity

Readjust Pageant's SID check _again_, to make it the union of the

Browse Source 
policies before and after r9178, and hence able to talk to both
0.60-like and 0.61-like clients.

I had failed to consider that many pieces of code derived from PuTTY
would have imported the Pageant client code, so we shouldn't randomly
stop supporting things just because _we_ aren't using them any more.

[originally from svn r9264]
[r9178 == af78191a9c8a76281fe35b5e168b794d8cf328f9]
This commit is contained in:
Simon Tatham 2011-08-13 14:48:36 +00:00
parent 9fce238b00
commit 52e5dae242
1 changed files with 67 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
windows/winpgnt.c
View File

@ -1684,6 +1684,53 @@ static void update_sessions(void)
} }
} }
#ifndef NO_SECURITY
/*
* Versions of Pageant prior to 0.61 expected this SID on incoming
* communications. For backwards compatibility, and more particularly
* for compatibility with derived works of PuTTY still using the old
* Pageant client code, we accept it as an alternative to the one
* returned from get_user_sid() in winpgntc.c.
*/
PSID get_default_sid(void)
{
HANDLE proc = NULL;
DWORD sidlen;
PSECURITY_DESCRIPTOR psd = NULL;
PSID sid = NULL, copy = NULL, ret = NULL;
if ((proc = OpenProcess(MAXIMUM_ALLOWED, FALSE,
GetCurrentProcessId())) == NULL)
goto cleanup;
if (p_GetSecurityInfo(proc, SE_KERNEL_OBJECT, OWNER_SECURITY_INFORMATION,
&sid, NULL, NULL, NULL, &psd) != ERROR_SUCCESS)
goto cleanup;
sidlen = GetLengthSid(sid);
copy = (PSID)smalloc(sidlen);
if (!CopySid(sidlen, copy, sid))
goto cleanup;
/* Success. Move sid into the return value slot, and null it out
* to stop the cleanup code freeing it. */
ret = copy;
copy = NULL;
cleanup:
if (proc != NULL)
CloseHandle(proc);
if (psd != NULL)
LocalFree(psd);
if (copy != NULL)
sfree(copy);
return ret;
}
#endif
static LRESULT CALLBACK WndProc(HWND hwnd, UINT message, static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
WPARAM wParam, LPARAM lParam) WPARAM wParam, LPARAM lParam)
{ {
@ -1821,9 +1868,9 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
void *p; void *p;
HANDLE filemap; HANDLE filemap;
#ifndef NO_SECURITY #ifndef NO_SECURITY
PSID mapowner, ourself; PSID mapowner, ourself, ourself2;
PSECURITY_DESCRIPTOR psd1 = NULL, psd2 = NULL;
#endif #endif
PSECURITY_DESCRIPTOR psd = NULL;
int ret = 0; int ret = 0;
cds = (COPYDATASTRUCT *) lParam; cds = (COPYDATASTRUCT *) lParam;
@ -1850,10 +1897,17 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
return 0; return 0;
} }
if ((ourself2 = get_default_sid()) == NULL) {
#ifdef DEBUG_IPC
debug(("couldn't get default SID\n"));
#endif
return 0;
}
if ((rc = p_GetSecurityInfo(filemap, SE_KERNEL_OBJECT, if ((rc = p_GetSecurityInfo(filemap, SE_KERNEL_OBJECT,
OWNER_SECURITY_INFORMATION, OWNER_SECURITY_INFORMATION,
&mapowner, NULL, NULL, NULL, &mapowner, NULL, NULL, NULL,
&psd1) != ERROR_SUCCESS)) { &psd) != ERROR_SUCCESS)) {
#ifdef DEBUG_IPC #ifdef DEBUG_IPC
debug(("couldn't get owner info for filemap: %d\n", debug(("couldn't get owner info for filemap: %d\n",
rc)); rc));
@ -1862,22 +1916,26 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
} }
#ifdef DEBUG_IPC #ifdef DEBUG_IPC
{ {
LPTSTR ours, theirs; LPTSTR ours, ours2, theirs;
ConvertSidToStringSid(mapowner, &theirs); ConvertSidToStringSid(mapowner, &theirs);
ConvertSidToStringSid(ourself, &ours); ConvertSidToStringSid(ourself, &ours);
debug(("got both sids: ours=%s theirs=%s\n", ConvertSidToStringSid(ourself2, &ours2);
ours, theirs)); debug(("got sids:\n oursnew=%s\n oursold=%s\n"
" theirs=%s\n", ours, ours2, theirs));
LocalFree(ours); LocalFree(ours);
LocalFree(ours2);
LocalFree(theirs); LocalFree(theirs);
} }
#endif #endif
if (!EqualSid(mapowner, ourself)) if (!EqualSid(mapowner, ourself) &&
!EqualSid(mapowner, ourself2))
return 0; /* security ID mismatch! */ return 0; /* security ID mismatch! */
#ifdef DEBUG_IPC #ifdef DEBUG_IPC
debug(("security stuff matched\n")); debug(("security stuff matched\n"));
#endif #endif
LocalFree(psd1); LocalFree(psd);
LocalFree(psd2); sfree(ourself);
sfree(ourself2);
} else { } else {
#ifdef DEBUG_IPC #ifdef DEBUG_IPC
debug(("security APIs not present\n")); debug(("security APIs not present\n"));