X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=windows%2Fwinnps.c;h=a172628f86c3366bec2c7d514897a81b142cf6ed;hb=56a42d09d43e91603f3fbf01f5781bcbbc54a6bd;hp=200ad62b1137d54d039390d1bdc8d9613394b241;hpb=1b3edafcff9ddcd915a5725df2ac33cdc2a16b96;p=PuTTY.git

diff --git a/windows/winnps.c b/windows/winnps.c
index 200ad62b..a172628f 100644
--- a/windows/winnps.c
+++ b/windows/winnps.c
@@ -14,7 +14,7 @@
 
 #if !defined NO_SECURITY
 
-#include <aclapi.h>
+#include "winsecur.h"
 
 Socket make_handle_socket(HANDLE send_H, HANDLE recv_H, Plug plug,
                           int overlapped);
@@ -26,7 +26,6 @@ struct Socket_named_pipe_server_tag {
 
     /* Parameters for (repeated) creation of named pipe objects */
     PSECURITY_DESCRIPTOR psd;
-    PSID networksid;
     PACL acl;
     char *pipename;
 
@@ -37,7 +36,6 @@ struct Socket_named_pipe_server_tag {
     /* PuTTY Socket machinery */
     Plug plug;
     char *error;
-    void *privptr;
 };
 
 static Plug sk_namedpipeserver_plug(Socket s, Plug p)
@@ -57,8 +55,6 @@ static void sk_namedpipeserver_close(Socket s)
     CloseHandle(ps->connect_ovl.hEvent);
     sfree(ps->error);
     sfree(ps->pipename);
-    if (ps->networksid)
-        LocalFree(ps->networksid);
     if (ps->acl)
         LocalFree(ps->acl);
     if (ps->psd)
@@ -66,18 +62,6 @@ static void sk_namedpipeserver_close(Socket s)
     sfree(ps);
 }
 
-static void sk_namedpipeserver_set_private_ptr(Socket s, void *ptr)
-{
-    Named_Pipe_Server_Socket ps = (Named_Pipe_Server_Socket) s;
-    ps->privptr = ptr;
-}
-
-static void *sk_namedpipeserver_get_private_ptr(Socket s)
-{
-    Named_Pipe_Server_Socket ps = (Named_Pipe_Server_Socket) s;
-    return ps->privptr;
-}
-
 static const char *sk_namedpipeserver_socket_error(Socket s)
 {
     Named_Pipe_Server_Socket ps = (Named_Pipe_Server_Socket) s;
@@ -131,6 +115,12 @@ static Socket named_pipe_accept(accept_ctx_t ctx, Plug plug)
     return make_handle_socket(conn, conn, plug, TRUE);
 }
 
+/*
+ * Dummy SockAddr type which just holds a named pipe address. Only
+ * used for calling plug_log from named_pipe_accept_loop() here.
+ */
+SockAddr sk_namedpipe_addr(const char *pipename);
+
 static void named_pipe_accept_loop(Named_Pipe_Server_Socket ps,
                                    int got_one_already)
 {
@@ -191,7 +181,7 @@ static void named_pipe_accept_loop(Named_Pipe_Server_Socket ps,
 
         errmsg = dupprintf("Error while listening to named pipe: %s",
                            win_strerror(error));
-        plug_log(ps->plug, 1, NULL /* FIXME: appropriate kind of sockaddr */, 0,
+        plug_log(ps->plug, 1, sk_namedpipe_addr(ps->pipename), 0,
                  errmsg, error);
         sfree(errmsg);
         break;
@@ -217,72 +207,25 @@ Socket new_named_pipe_listener(const char *pipename, Plug plug)
 	NULL /* write_oob */,
         NULL /* write_eof */,
         NULL /* flush */,
-	sk_namedpipeserver_set_private_ptr,
-	sk_namedpipeserver_get_private_ptr,
         NULL /* set_frozen */,
 	sk_namedpipeserver_socket_error
     };
 
     Named_Pipe_Server_Socket ret;
-    SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
-    EXPLICIT_ACCESS ea[2];
 
     ret = snew(struct Socket_named_pipe_server_tag);
     ret->fn = &socket_fn_table;
     ret->plug = plug;
     ret->error = NULL;
-    ret->privptr = NULL;
     ret->psd = NULL;
     ret->pipename = dupstr(pipename);
-    ret->networksid = NULL;
     ret->acl = NULL;
 
     assert(strncmp(pipename, "\\\\.\\pipe\\", 9) == 0);
     assert(strchr(pipename + 9, '\\') == NULL);
 
-    if (!AllocateAndInitializeSid(&nt_auth, 1, SECURITY_NETWORK_RID,
-                                  0, 0, 0, 0, 0, 0, 0, &ret->networksid)) {
-        ret->error = dupprintf("unable to construct SID for rejecting "
-                               "remote pipe connections: %s",
-                               win_strerror(GetLastError()));
-        goto cleanup;
-    }
-
-    memset(ea, 0, sizeof(ea));
-    ea[0].grfAccessPermissions = GENERIC_READ | GENERIC_WRITE;
-    ea[0].grfAccessMode = GRANT_ACCESS;
-    ea[0].grfInheritance = NO_INHERITANCE;
-    ea[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
-    ea[0].Trustee.ptstrName = "CURRENT_USER";
-    ea[1].grfAccessPermissions = GENERIC_READ | GENERIC_WRITE;
-    ea[1].grfAccessMode = REVOKE_ACCESS;
-    ea[1].grfInheritance = NO_INHERITANCE;
-    ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
-    ea[1].Trustee.ptstrName = (LPTSTR)ret->networksid;
-
-    if (SetEntriesInAcl(2, ea, NULL, &ret->acl) != ERROR_SUCCESS) {
-        ret->error = dupprintf("unable to construct ACL: %s",
-                               win_strerror(GetLastError()));
-        goto cleanup;
-    }
-
-    ret->psd = (PSECURITY_DESCRIPTOR)
-        LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
-    if (!ret->psd) {
-        ret->error = dupprintf("unable to allocate security descriptor: %s",
-                               win_strerror(GetLastError()));
-        goto cleanup;
-    }
-
-    if (!InitializeSecurityDescriptor(ret->psd,SECURITY_DESCRIPTOR_REVISION)) {
-        ret->error = dupprintf("unable to initialise security descriptor: %s",
-                               win_strerror(GetLastError()));
-        goto cleanup;
-    }
-
-    if (!SetSecurityDescriptorDacl(ret->psd, TRUE, ret->acl, FALSE)) {
-        ret->error = dupprintf("unable to set DACL in security descriptor: %s",
-                               win_strerror(GetLastError()));
+    if (!make_private_security_descriptor(GENERIC_READ | GENERIC_WRITE,
+                                          &ret->psd, &ret->acl, &ret->error)) {
         goto cleanup;
     }