nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-04 04:52:47 -05:00
Code Issues Projects Releases Wiki Activity

Make Pageant use the same SID-selection logic as the Pageant client

Browse Source 
code (as introduced in r9043), so that it uses the user SID rather
than the default SID.

This does change the access-control model, in that a Pageant running
with administrator privilege will now serve keys to an unprivileged
PuTTY running as the same user who started Pageant. Owen and I think
this isn't a problem (in particular, it will still not serve keys to a
_different_ user).

More importantly, making the Pageant client and server code work the
same way means that PuTTY and Pageant can still talk to each other
when UAC is turned off, which we've had several reports of r9043
having broken.

[originally from svn r9178]
[r9043 == 05f22632eb]
This commit is contained in:
Simon Tatham
2011-06-08 20:47:07 +00:00
parent 6e40a0db57
commit af78191a9c
3 changed files with 96 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
windows/winpgnt.c
View File

@ -19,6 +19,10 @@
#ifndef NO_SECURITY
#include <aclapi.h>
#ifdef DEBUG_IPC
#define _WIN32_WINNT 0x0500 /* for ConvertSidToStringSid */
#include <sddl.h>
#endif
#endif
#define IDI_MAINICON 200
@ -113,7 +117,7 @@ static tree234 *rsakeys, *ssh2keys;
static int has_security;
#ifndef NO_SECURITY
DECL_WINDOWS_FUNCTION(static, DWORD, GetSecurityInfo,
DECL_WINDOWS_FUNCTION(extern, DWORD, GetSecurityInfo,
(HANDLE, SE_OBJECT_TYPE, SECURITY_INFORMATION,
PSID *, PSID *, PACL *, PACL *,
PSECURITY_DESCRIPTOR *));
@ -1817,8 +1821,7 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
void *p;
HANDLE filemap;
#ifndef NO_SECURITY
HANDLE proc;
PSID mapowner, procowner;
PSID mapowner, ourself;
PSECURITY_DESCRIPTOR psd1 = NULL, psd2 = NULL;
#endif
int ret = 0;
@ -1840,40 +1843,35 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
#ifndef NO_SECURITY
int rc;
if (has_security) {
if ((proc = OpenProcess(MAXIMUM_ALLOWED, FALSE,
GetCurrentProcessId())) ==
NULL) {
if ((ourself = get_user_sid()) == NULL) {
#ifdef DEBUG_IPC
debug(("couldn't get handle for process\n"));
debug(("couldn't get user SID\n"));
#endif
return 0;
}
if (p_GetSecurityInfo(proc, SE_KERNEL_OBJECT,
OWNER_SECURITY_INFORMATION,
&procowner, NULL, NULL, NULL,
&psd2) != ERROR_SUCCESS) {
#ifdef DEBUG_IPC
debug(("couldn't get owner info for process\n"));
#endif
CloseHandle(proc);
return 0; /* unable to get security info */
}
CloseHandle(proc);
}
if ((rc = p_GetSecurityInfo(filemap, SE_KERNEL_OBJECT,
OWNER_SECURITY_INFORMATION,
&mapowner, NULL, NULL, NULL,
&psd1) != ERROR_SUCCESS)) {
#ifdef DEBUG_IPC
debug(
("couldn't get owner info for filemap: %d\n",
rc));
debug(("couldn't get owner info for filemap: %d\n",
rc));
#endif
return 0;
}
#ifdef DEBUG_IPC
debug(("got security stuff\n"));
{
LPTSTR ours, theirs;
ConvertSidToStringSid(mapowner, &theirs);
ConvertSidToStringSid(ourself, &ours);
debug(("got both sids: ours=%s theirs=%s\n",
ours, theirs));
LocalFree(ours);
LocalFree(theirs);
}
#endif
if (!EqualSid(mapowner, procowner))
if (!EqualSid(mapowner, ourself))
return 0; /* security ID mismatch! */
#ifdef DEBUG_IPC
debug(("security stuff matched\n"));
@ -1892,9 +1890,9 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
{
int i;
for (i = 0; i < 5; i++)
debug(
("p[%d]=%02x\n", i,
((unsigned char *) p)[i]));}
debug(("p[%d]=%02x\n", i,
((unsigned char *) p)[i]));
}
#endif
answer_msg(p);
ret = 1;
@ -1972,9 +1970,7 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
/*
* Attempt to get the security API we need.
*/
advapi = load_system32_dll("advapi32.dll");
GET_WINDOWS_FUNCTION(advapi, GetSecurityInfo);
if (!p_GetSecurityInfo) {
if (!init_advapi()) {
MessageBox(NULL,
"Unable to access security APIs. Pageant will\n"
"not run, in case it causes a security breach.",