X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=windows%2Fwinnps.c;h=2547fd71c5a3863b8114ab8ca4777a0a86e33d5e;hb=a063e522970946bf7d5dc052079d7773c0dee76d;hp=a013736726b3bba20c2004fbb352cf157f793c20;hpb=8be6fbaa09f1e0d73a533b5623970a872ec14cc6;p=PuTTY.git diff --git a/windows/winnps.c b/windows/winnps.c index a0137367..2547fd71 100644 --- a/windows/winnps.c +++ b/windows/winnps.c @@ -14,7 +14,7 @@ #if !defined NO_SECURITY -#include +#include "winsecur.h" Socket make_handle_socket(HANDLE send_H, HANDLE recv_H, Plug plug, int overlapped); @@ -26,13 +26,13 @@ struct Socket_named_pipe_server_tag { /* Parameters for (repeated) creation of named pipe objects */ PSECURITY_DESCRIPTOR psd; - PSID networksid; PACL acl; char *pipename; /* The current named pipe object + attempt to connect to it */ HANDLE pipehandle; OVERLAPPED connect_ovl; + struct handle *callback_handle; /* winhandl.c's reference */ /* PuTTY Socket machinery */ Plug plug; @@ -52,12 +52,12 @@ static void sk_namedpipeserver_close(Socket s) { Named_Pipe_Server_Socket ps = (Named_Pipe_Server_Socket) s; + if (ps->callback_handle) + handle_free(ps->callback_handle); CloseHandle(ps->pipehandle); CloseHandle(ps->connect_ovl.hEvent); sfree(ps->error); sfree(ps->pipename); - if (ps->networksid) - LocalFree(ps->networksid); if (ps->acl) LocalFree(ps->acl); if (ps->psd) @@ -71,6 +71,11 @@ static const char *sk_namedpipeserver_socket_error(Socket s) return ps->error; } +static char *sk_namedpipeserver_peer_info(Socket s) +{ + return NULL; +} + static int create_named_pipe(Named_Pipe_Server_Socket ps, int first_instance) { SECURITY_ATTRIBUTES sa; @@ -118,6 +123,12 @@ static Socket named_pipe_accept(accept_ctx_t ctx, Plug plug) return make_handle_socket(conn, conn, plug, TRUE); } +/* + * Dummy SockAddr type which just holds a named pipe address. Only + * used for calling plug_log from named_pipe_accept_loop() here. + */ +SockAddr sk_namedpipe_addr(const char *pipename); + static void named_pipe_accept_loop(Named_Pipe_Server_Socket ps, int got_one_already) { @@ -178,7 +189,7 @@ static void named_pipe_accept_loop(Named_Pipe_Server_Socket ps, errmsg = dupprintf("Error while listening to named pipe: %s", win_strerror(error)); - plug_log(ps->plug, 1, NULL /* FIXME: appropriate kind of sockaddr */, 0, + plug_log(ps->plug, 1, sk_namedpipe_addr(ps->pipename), 0, errmsg, error); sfree(errmsg); break; @@ -205,12 +216,11 @@ Socket new_named_pipe_listener(const char *pipename, Plug plug) NULL /* write_eof */, NULL /* flush */, NULL /* set_frozen */, - sk_namedpipeserver_socket_error + sk_namedpipeserver_socket_error, + sk_namedpipeserver_peer_info, }; Named_Pipe_Server_Socket ret; - SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY; - EXPLICIT_ACCESS ea[2]; ret = snew(struct Socket_named_pipe_server_tag); ret->fn = &socket_fn_table; @@ -218,55 +228,14 @@ Socket new_named_pipe_listener(const char *pipename, Plug plug) ret->error = NULL; ret->psd = NULL; ret->pipename = dupstr(pipename); - ret->networksid = NULL; ret->acl = NULL; + ret->callback_handle = NULL; assert(strncmp(pipename, "\\\\.\\pipe\\", 9) == 0); assert(strchr(pipename + 9, '\\') == NULL); - if (!AllocateAndInitializeSid(&nt_auth, 1, SECURITY_NETWORK_RID, - 0, 0, 0, 0, 0, 0, 0, &ret->networksid)) { - ret->error = dupprintf("unable to construct SID for rejecting " - "remote pipe connections: %s", - win_strerror(GetLastError())); - goto cleanup; - } - - memset(ea, 0, sizeof(ea)); - ea[0].grfAccessPermissions = GENERIC_READ | GENERIC_WRITE; - ea[0].grfAccessMode = GRANT_ACCESS; - ea[0].grfInheritance = NO_INHERITANCE; - ea[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME; - ea[0].Trustee.ptstrName = "CURRENT_USER"; - ea[1].grfAccessPermissions = GENERIC_READ | GENERIC_WRITE; - ea[1].grfAccessMode = REVOKE_ACCESS; - ea[1].grfInheritance = NO_INHERITANCE; - ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID; - ea[1].Trustee.ptstrName = (LPTSTR)ret->networksid; - - if (SetEntriesInAcl(2, ea, NULL, &ret->acl) != ERROR_SUCCESS) { - ret->error = dupprintf("unable to construct ACL: %s", - win_strerror(GetLastError())); - goto cleanup; - } - - ret->psd = (PSECURITY_DESCRIPTOR) - LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH); - if (!ret->psd) { - ret->error = dupprintf("unable to allocate security descriptor: %s", - win_strerror(GetLastError())); - goto cleanup; - } - - if (!InitializeSecurityDescriptor(ret->psd,SECURITY_DESCRIPTOR_REVISION)) { - ret->error = dupprintf("unable to initialise security descriptor: %s", - win_strerror(GetLastError())); - goto cleanup; - } - - if (!SetSecurityDescriptorDacl(ret->psd, TRUE, ret->acl, FALSE)) { - ret->error = dupprintf("unable to set DACL in security descriptor: %s", - win_strerror(GetLastError())); + if (!make_private_security_descriptor(GENERIC_READ | GENERIC_WRITE, + &ret->psd, &ret->acl, &ret->error)) { goto cleanup; } @@ -278,8 +247,9 @@ Socket new_named_pipe_listener(const char *pipename, Plug plug) memset(&ret->connect_ovl, 0, sizeof(ret->connect_ovl)); ret->connect_ovl.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL); - handle_add_foreign_event(ret->connect_ovl.hEvent, - named_pipe_connect_callback, ret); + ret->callback_handle = + handle_add_foreign_event(ret->connect_ovl.hEvent, + named_pipe_connect_callback, ret); named_pipe_accept_loop(ret, FALSE); cleanup: