mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 09:12:24 +00:00
bb78583ad2
The basic strategy is described at the top of the new source file sshshare.c. In very brief: an 'upstream' PuTTY opens a Unix-domain socket or Windows named pipe, and listens for connections from other PuTTYs wanting to run sessions on the same server. The protocol spoken down that socket/pipe is essentially the bare ssh-connection protocol, using a trivial binary packet protocol with no encryption, and the upstream has to do some fiddly transformations that I've been referring to as 'channel-number NAT' to avoid resource clashes between the sessions it's managing. This is quite different from OpenSSH's approach of using the Unix- domain socket as a means of passing file descriptors around; the main reason for that is that fd-passing is Unix-specific but this system has to work on Windows too. However, there are additional advantages, such as making it easy for each downstream PuTTY to run its own independent set of port and X11 forwardings (though the method for making the latter work is quite painful). Sharing is off by default, but configuration is intended to be very easy in the normal case - just tick one box in the SSH config panel and everything else happens automatically. [originally from svn r10083]
66 lines
2.2 KiB
C
66 lines
2.2 KiB
C
/*
|
|
* winsecur.h: some miscellaneous security-related helper functions,
|
|
* defined in winsecur.c, that use the advapi32 library. Also
|
|
* centralises the machinery for dynamically loading that library.
|
|
*/
|
|
|
|
#if !defined NO_SECURITY
|
|
|
|
#include <aclapi.h>
|
|
|
|
#ifndef WINSECUR_GLOBAL
|
|
#define WINSECUR_GLOBAL extern
|
|
#endif
|
|
|
|
/*
|
|
* Functions loaded from advapi32.dll.
|
|
*/
|
|
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, OpenProcessToken,
|
|
(HANDLE, DWORD, PHANDLE));
|
|
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, GetTokenInformation,
|
|
(HANDLE, TOKEN_INFORMATION_CLASS,
|
|
LPVOID, DWORD, PDWORD));
|
|
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, InitializeSecurityDescriptor,
|
|
(PSECURITY_DESCRIPTOR, DWORD));
|
|
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, SetSecurityDescriptorOwner,
|
|
(PSECURITY_DESCRIPTOR, PSID, BOOL));
|
|
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, DWORD, GetSecurityInfo,
|
|
(HANDLE, SE_OBJECT_TYPE, SECURITY_INFORMATION,
|
|
PSID *, PSID *, PACL *, PACL *,
|
|
PSECURITY_DESCRIPTOR *));
|
|
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, DWORD, SetEntriesInAclA,
|
|
(ULONG, PEXPLICIT_ACCESS, PACL, PACL *));
|
|
int got_advapi(void);
|
|
|
|
/*
|
|
* Functions loaded from crypt32.dll.
|
|
*/
|
|
DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, CryptProtectMemory,
|
|
(LPVOID, DWORD, DWORD));
|
|
int got_crypt(void);
|
|
|
|
/*
|
|
* Find the SID describing the current user. The return value (if not
|
|
* NULL for some error-related reason) is smalloced.
|
|
*/
|
|
PSID get_user_sid(void);
|
|
|
|
/*
|
|
* Construct a PSECURITY_DESCRIPTOR of the type used for named pipe
|
|
* servers, i.e. allowing access only to the current user id and also
|
|
* only local (i.e. not over SMB) connections.
|
|
*
|
|
* If this function returns TRUE, then 'psd', 'networksid' and 'acl'
|
|
* will all have been filled in with memory allocated using LocalAlloc
|
|
* (and hence must be freed later using LocalFree). If it returns
|
|
* FALSE, then instead 'error' has been filled with a dynamically
|
|
* allocated error message.
|
|
*/
|
|
int make_private_security_descriptor(DWORD permissions,
|
|
PSECURITY_DESCRIPTOR *psd,
|
|
PSID *networksid,
|
|
PACL *acl,
|
|
char **error);
|
|
|
|
#endif
|