Remove duplicate definition of AGENT_MAX_MSGLEN.

[PuTTY.git] / windows / winsecur.c

diff --git a/windows/winsecur.c b/windows/winsecur.c
index 91ce7e92f147d1004a1920a8c64e1584ac73f7fa..d07150d05233995c2fb4b6b29dae22c251c6f9c6 100644 (file)
--- a/windows/winsecur.c
+++ b/windows/winsecur.c
@@ -44,6 +44,9 @@ PSID get_user_sid(void)
     DWORD toklen, sidlen;
     PSID sid = NULL, ret = NULL;
 
+    if (usersid)
+        return usersid;
+
     if (!got_advapi())
         goto cleanup;
 
@@ -73,7 +76,7 @@ PSID get_user_sid(void)
 
     /* Success. Move sid into the return value slot, and null it out
      * to stop the cleanup code freeing it. */
-    ret = sid;
+    ret = usersid = sid;
     sid = NULL;
 
   cleanup:
@@ -221,16 +224,16 @@ int make_private_security_descriptor(DWORD permissions,
     return ret;
 }
 
-int setprocessacl(char *error)
+static int really_restrict_process_acl(char *error)
 {
     EXPLICIT_ACCESS ea[2];
     int acl_err;
     int ret=FALSE;
     PACL acl = NULL;
 
-    static const nastyace=WRITE_DAC | WRITE_OWNER |
+    static const DWORD nastyace=WRITE_DAC | WRITE_OWNER |
        PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD |
-       PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION |
+       PROCESS_DUP_HANDLE |
        PROCESS_SET_QUOTA | PROCESS_SET_INFORMATION |
        PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE |
        PROCESS_SUSPEND_RESUME;
@@ -284,3 +287,35 @@ int setprocessacl(char *error)
     return ret;
 }  
 #endif /* !defined NO_SECURITY */
+
+/*
+ * Lock down our process's ACL, to present an obstacle to malware
+ * trying to write into its memory. This can't be a full defence,
+ * because well timed malware could attack us before this code runs -
+ * even if it was unconditionally run at the very start of main(),
+ * which we wouldn't want to do anyway because it turns out in practie
+ * that interfering with other processes in this way has significant
+ * non-infringing uses on Windows (e.g. screen reader software).
+ *
+ * If we've been requested to do this and are unsuccessful, bomb out
+ * via modalfatalbox rather than continue in a less protected mode.
+ *
+ * This function is intentionally outside the #ifndef NO_SECURITY that
+ * covers the rest of this file, because when PuTTY is compiled
+ * without the ability to restrict its ACL, we don't want it to
+ * silently pretend to honour the instruction to do so.
+ */
+void restrict_process_acl(void)
+{
+    char *error = NULL;
+    int ret;
+
+#if !defined NO_SECURITY
+    ret = really_restrict_process_acl(error);
+#else
+    ret = FALSE;
+    error = dupstr("ACL restrictions not compiled into this binary");
+#endif
+    if (!ret)
+        modalfatalbox("Could not restrict process ACL: %s", error);
+}