mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
e22120fea8
As documented in bug 'win-process-acl-finesse', we've had enough assorted complaints about it breaking various non-malicious pieces of Windows process interaction (ranging from git->plink integration to screen readers for the vision-impaired) that I think it's more sensible to set the process back to its default level of protection. This precaution was never a fully effective protection anyway, due to the race condition at process startup; the only properly effective defence would have been to prevent malware running under the same user ID as PuTTY in the first place, so in that sense, nothing has changed. But people who want the arguable defence-in-depth advantage of the ACL restriction can now turn it on with the '-restrict-acl' command-line option, and it's up to them whether they can live with the assorted inconveniences that come with it. In the course of this change, I've centralised a bit more of the restriction code into winsecur.c, to avoid repeating the error handling in multiple places.
60 lines
2.1 KiB
C
60 lines
2.1 KiB
C
/*
|
|
* winsecur.h: some miscellaneous security-related helper functions,
|
|
* defined in winsecur.c, that use the advapi32 library. Also
|
|
* centralises the machinery for dynamically loading that library.
|
|
*/
|
|
|
|
#if !defined NO_SECURITY
|
|
|
|
#include <aclapi.h>
|
|
|
|
#ifndef WINSECUR_GLOBAL
|
|
#define WINSECUR_GLOBAL extern
|
|
#endif
|
|
|
|
/*
|
|
* Functions loaded from advapi32.dll.
|
|
*/
|
|
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, OpenProcessToken,
|
|
(HANDLE, DWORD, PHANDLE));
|
|
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, GetTokenInformation,
|
|
(HANDLE, TOKEN_INFORMATION_CLASS,
|
|
LPVOID, DWORD, PDWORD));
|
|
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, InitializeSecurityDescriptor,
|
|
(PSECURITY_DESCRIPTOR, DWORD));
|
|
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, SetSecurityDescriptorOwner,
|
|
(PSECURITY_DESCRIPTOR, PSID, BOOL));
|
|
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, DWORD, GetSecurityInfo,
|
|
(HANDLE, SE_OBJECT_TYPE, SECURITY_INFORMATION,
|
|
PSID *, PSID *, PACL *, PACL *,
|
|
PSECURITY_DESCRIPTOR *));
|
|
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, DWORD, SetSecurityInfo,
|
|
(HANDLE, SE_OBJECT_TYPE, SECURITY_INFORMATION,
|
|
PSID, PSID, PACL, PACL));
|
|
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, DWORD, SetEntriesInAclA,
|
|
(ULONG, PEXPLICIT_ACCESS, PACL, PACL *));
|
|
int got_advapi(void);
|
|
|
|
/*
|
|
* Find the SID describing the current user. The return value (if not
|
|
* NULL for some error-related reason) is smalloced.
|
|
*/
|
|
PSID get_user_sid(void);
|
|
|
|
/*
|
|
* Construct a PSECURITY_DESCRIPTOR of the type used for named pipe
|
|
* servers, i.e. allowing access only to the current user id and also
|
|
* only local (i.e. not over SMB) connections.
|
|
*
|
|
* If this function returns TRUE, then 'psd' and 'acl' will have been
|
|
* filled in with memory allocated using LocalAlloc (and hence must be
|
|
* freed later using LocalFree). If it returns FALSE, then instead
|
|
* 'error' has been filled with a dynamically allocated error message.
|
|
*/
|
|
int make_private_security_descriptor(DWORD permissions,
|
|
PSECURITY_DESCRIPTOR *psd,
|
|
PACL *acl,
|
|
char **error);
|
|
|
|
#endif
|