Turn off Windows process ACL restriction by default.

[PuTTY.git] / windows / winplink.c

diff --git a/windows/winplink.c b/windows/winplink.c
index a0458b39a878b0ad8af99d9a7294e2129b3bf787..0f86b41c648dbf6b978fd97a10b119dbe0c362d2 100644 (file)
--- a/windows/winplink.c
+++ b/windows/winplink.c
@@ -223,7 +223,9 @@ static void usage(void)
 
 static void version(void)
 {
-    printf("plink: %s\n", ver);
+    char *buildinfo_text = buildinfo("\n");
+    printf("plink: %s\n%s\n", ver, buildinfo_text);
+    sfree(buildinfo_text);
     exit(1);
 }
 
@@ -312,6 +314,8 @@ int main(int argc, char **argv)
     int just_test_share_exists = FALSE;
     unsigned long now, next, then;
 
+    dll_hijacking_protection();
+
     sklist = NULL;
     skcount = sksize = 0;
     /*
@@ -498,22 +502,6 @@ int main(int argc, char **argv)
        }
     }
 
-#if !defined UNPROTECT && !defined NO_SECURITY
-    /*
-     * Protect our process.
-     */
-    {
-        char *error = NULL;
-        if (!setprocessacl(error)) {
-            char *message = dupprintf("Could not restrict process ACL: %s",
-                                      error);
-            logevent(NULL, message);
-            sfree(message);
-            sfree(error);
-        }
-    }
-#endif
-
     if (errors)
        return 1;
 
@@ -618,6 +606,17 @@ int main(int argc, char **argv)
        return 1;
     }
 
+    /*
+     * Plink doesn't provide any way to add forwardings after the
+     * connection is set up, so if there are none now, we can safely set
+     * the "simple" flag.
+     */
+    if (conf_get_int(conf, CONF_protocol) == PROT_SSH &&
+       !conf_get_int(conf, CONF_x11_forward) &&
+       !conf_get_int(conf, CONF_agentfwd) &&
+       !conf_get_str_nthstrkey(conf, CONF_portfwd, 0))
+       conf_set_int(conf, CONF_ssh_simple, TRUE);
+
     logctx = log_init(NULL, conf);
     console_provide_logctx(logctx);