#if !defined NO_SECURITY
-#include <aclapi.h>
+#include "winsecur.h"
-Socket make_handle_socket(HANDLE send_H, HANDLE recv_H, Plug plug,
- int overlapped);
+Socket make_handle_socket(HANDLE send_H, HANDLE recv_H, HANDLE stderr_H,
+ Plug plug, int overlapped);
typedef struct Socket_named_pipe_server_tag *Named_Pipe_Server_Socket;
struct Socket_named_pipe_server_tag {
/* Parameters for (repeated) creation of named pipe objects */
PSECURITY_DESCRIPTOR psd;
- PSID networksid;
PACL acl;
char *pipename;
/* The current named pipe object + attempt to connect to it */
HANDLE pipehandle;
OVERLAPPED connect_ovl;
+ struct handle *callback_handle; /* winhandl.c's reference */
/* PuTTY Socket machinery */
Plug plug;
char *error;
- void *privptr;
};
static Plug sk_namedpipeserver_plug(Socket s, Plug p)
{
Named_Pipe_Server_Socket ps = (Named_Pipe_Server_Socket) s;
+ if (ps->callback_handle)
+ handle_free(ps->callback_handle);
CloseHandle(ps->pipehandle);
CloseHandle(ps->connect_ovl.hEvent);
sfree(ps->error);
sfree(ps->pipename);
- if (ps->networksid)
- LocalFree(ps->networksid);
if (ps->acl)
LocalFree(ps->acl);
if (ps->psd)
sfree(ps);
}
-static void sk_namedpipeserver_set_private_ptr(Socket s, void *ptr)
-{
- Named_Pipe_Server_Socket ps = (Named_Pipe_Server_Socket) s;
- ps->privptr = ptr;
-}
-
-static void *sk_namedpipeserver_get_private_ptr(Socket s)
+static const char *sk_namedpipeserver_socket_error(Socket s)
{
Named_Pipe_Server_Socket ps = (Named_Pipe_Server_Socket) s;
- return ps->privptr;
+ return ps->error;
}
-static const char *sk_namedpipeserver_socket_error(Socket s)
+static char *sk_namedpipeserver_peer_info(Socket s)
{
- Named_Pipe_Server_Socket ps = (Named_Pipe_Server_Socket) s;
- return ps->error;
+ return NULL;
}
static int create_named_pipe(Named_Pipe_Server_Socket ps, int first_instance)
{
HANDLE conn = (HANDLE)ctx.p;
- return make_handle_socket(conn, conn, plug, TRUE);
+ return make_handle_socket(conn, conn, NULL, plug, TRUE);
}
+/*
+ * Dummy SockAddr type which just holds a named pipe address. Only
+ * used for calling plug_log from named_pipe_accept_loop() here.
+ */
+SockAddr sk_namedpipe_addr(const char *pipename);
+
static void named_pipe_accept_loop(Named_Pipe_Server_Socket ps,
int got_one_already)
{
errmsg = dupprintf("Error while listening to named pipe: %s",
win_strerror(error));
- plug_log(ps->plug, 1, NULL /* FIXME: appropriate kind of sockaddr */, 0,
+ plug_log(ps->plug, 1, sk_namedpipe_addr(ps->pipename), 0,
errmsg, error);
sfree(errmsg);
break;
NULL /* write_oob */,
NULL /* write_eof */,
NULL /* flush */,
- sk_namedpipeserver_set_private_ptr,
- sk_namedpipeserver_get_private_ptr,
NULL /* set_frozen */,
- sk_namedpipeserver_socket_error
+ sk_namedpipeserver_socket_error,
+ sk_namedpipeserver_peer_info,
};
Named_Pipe_Server_Socket ret;
- SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
- EXPLICIT_ACCESS ea[2];
ret = snew(struct Socket_named_pipe_server_tag);
ret->fn = &socket_fn_table;
ret->plug = plug;
ret->error = NULL;
- ret->privptr = NULL;
ret->psd = NULL;
ret->pipename = dupstr(pipename);
- ret->networksid = NULL;
ret->acl = NULL;
+ ret->callback_handle = NULL;
assert(strncmp(pipename, "\\\\.\\pipe\\", 9) == 0);
assert(strchr(pipename + 9, '\\') == NULL);
- if (!AllocateAndInitializeSid(&nt_auth, 1, SECURITY_NETWORK_RID,
- 0, 0, 0, 0, 0, 0, 0, &ret->networksid)) {
- ret->error = dupprintf("unable to construct SID for rejecting "
- "remote pipe connections: %s",
- win_strerror(GetLastError()));
- goto cleanup;
- }
-
- memset(ea, 0, sizeof(ea));
- ea[0].grfAccessPermissions = GENERIC_READ | GENERIC_WRITE;
- ea[0].grfAccessMode = GRANT_ACCESS;
- ea[0].grfInheritance = NO_INHERITANCE;
- ea[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
- ea[0].Trustee.ptstrName = "CURRENT_USER";
- ea[1].grfAccessPermissions = GENERIC_READ | GENERIC_WRITE;
- ea[1].grfAccessMode = REVOKE_ACCESS;
- ea[1].grfInheritance = NO_INHERITANCE;
- ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
- ea[1].Trustee.ptstrName = (LPTSTR)ret->networksid;
-
- if (SetEntriesInAcl(2, ea, NULL, &ret->acl) != ERROR_SUCCESS) {
- ret->error = dupprintf("unable to construct ACL: %s",
- win_strerror(GetLastError()));
- goto cleanup;
- }
-
- ret->psd = (PSECURITY_DESCRIPTOR)
- LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
- if (!ret->psd) {
- ret->error = dupprintf("unable to allocate security descriptor: %s",
- win_strerror(GetLastError()));
- goto cleanup;
- }
-
- if (!InitializeSecurityDescriptor(ret->psd,SECURITY_DESCRIPTOR_REVISION)) {
- ret->error = dupprintf("unable to initialise security descriptor: %s",
- win_strerror(GetLastError()));
- goto cleanup;
- }
-
- if (!SetSecurityDescriptorDacl(ret->psd, TRUE, ret->acl, FALSE)) {
- ret->error = dupprintf("unable to set DACL in security descriptor: %s",
- win_strerror(GetLastError()));
+ if (!make_private_security_descriptor(GENERIC_READ | GENERIC_WRITE,
+ &ret->psd, &ret->acl, &ret->error)) {
goto cleanup;
}
memset(&ret->connect_ovl, 0, sizeof(ret->connect_ovl));
ret->connect_ovl.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
- handle_add_foreign_event(ret->connect_ovl.hEvent,
- named_pipe_connect_callback, ret);
+ ret->callback_handle =
+ handle_add_foreign_event(ret->connect_ovl.hEvent,
+ named_pipe_connect_callback, ret);
named_pipe_accept_loop(ret, FALSE);
cleanup:
projects / PuTTY.git / blobdiff