X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=windows%2Fwinnps.c;h=f992a4f0cbfd98f46a7dd95f760f6da07c3c1b27;hb=d33d8d72ad936ae05ca1b5ecb55b129bf3d4b9f1;hp=200ad62b1137d54d039390d1bdc8d9613394b241;hpb=1b3edafcff9ddcd915a5725df2ac33cdc2a16b96;p=PuTTY.git

diff --git a/windows/winnps.c b/windows/winnps.c
index 200ad62b..f992a4f0 100644
--- a/windows/winnps.c
+++ b/windows/winnps.c
@@ -14,10 +14,10 @@
 
 #if !defined NO_SECURITY
 
-#include <aclapi.h>
+#include "winsecur.h"
 
-Socket make_handle_socket(HANDLE send_H, HANDLE recv_H, Plug plug,
-                          int overlapped);
+Socket make_handle_socket(HANDLE send_H, HANDLE recv_H, HANDLE stderr_H,
+                          Plug plug, int overlapped);
 
 typedef struct Socket_named_pipe_server_tag *Named_Pipe_Server_Socket;
 struct Socket_named_pipe_server_tag {
@@ -26,18 +26,17 @@ struct Socket_named_pipe_server_tag {
 
     /* Parameters for (repeated) creation of named pipe objects */
     PSECURITY_DESCRIPTOR psd;
-    PSID networksid;
     PACL acl;
     char *pipename;
 
     /* The current named pipe object + attempt to connect to it */
     HANDLE pipehandle;
     OVERLAPPED connect_ovl;
+    struct handle *callback_handle;    /* winhandl.c's reference */
 
     /* PuTTY Socket machinery */
     Plug plug;
     char *error;
-    void *privptr;
 };
 
 static Plug sk_namedpipeserver_plug(Socket s, Plug p)
@@ -53,12 +52,12 @@ static void sk_namedpipeserver_close(Socket s)
 {
     Named_Pipe_Server_Socket ps = (Named_Pipe_Server_Socket) s;
 
+    if (ps->callback_handle)
+        handle_free(ps->callback_handle);
     CloseHandle(ps->pipehandle);
     CloseHandle(ps->connect_ovl.hEvent);
     sfree(ps->error);
     sfree(ps->pipename);
-    if (ps->networksid)
-        LocalFree(ps->networksid);
     if (ps->acl)
         LocalFree(ps->acl);
     if (ps->psd)
@@ -66,22 +65,15 @@ static void sk_namedpipeserver_close(Socket s)
     sfree(ps);
 }
 
-static void sk_namedpipeserver_set_private_ptr(Socket s, void *ptr)
-{
-    Named_Pipe_Server_Socket ps = (Named_Pipe_Server_Socket) s;
-    ps->privptr = ptr;
-}
-
-static void *sk_namedpipeserver_get_private_ptr(Socket s)
+static const char *sk_namedpipeserver_socket_error(Socket s)
 {
     Named_Pipe_Server_Socket ps = (Named_Pipe_Server_Socket) s;
-    return ps->privptr;
+    return ps->error;
 }
 
-static const char *sk_namedpipeserver_socket_error(Socket s)
+static char *sk_namedpipeserver_peer_info(Socket s)
 {
-    Named_Pipe_Server_Socket ps = (Named_Pipe_Server_Socket) s;
-    return ps->error;
+    return NULL;
 }
 
 static int create_named_pipe(Named_Pipe_Server_Socket ps, int first_instance)
@@ -128,9 +120,15 @@ static Socket named_pipe_accept(accept_ctx_t ctx, Plug plug)
 {
     HANDLE conn = (HANDLE)ctx.p;
 
-    return make_handle_socket(conn, conn, plug, TRUE);
+    return make_handle_socket(conn, conn, NULL, plug, TRUE);
 }
 
+/*
+ * Dummy SockAddr type which just holds a named pipe address. Only
+ * used for calling plug_log from named_pipe_accept_loop() here.
+ */
+SockAddr sk_namedpipe_addr(const char *pipename);
+
 static void named_pipe_accept_loop(Named_Pipe_Server_Socket ps,
                                    int got_one_already)
 {
@@ -191,7 +189,7 @@ static void named_pipe_accept_loop(Named_Pipe_Server_Socket ps,
 
         errmsg = dupprintf("Error while listening to named pipe: %s",
                            win_strerror(error));
-        plug_log(ps->plug, 1, NULL /* FIXME: appropriate kind of sockaddr */, 0,
+        plug_log(ps->plug, 1, sk_namedpipe_addr(ps->pipename), 0,
                  errmsg, error);
         sfree(errmsg);
         break;
@@ -217,72 +215,27 @@ Socket new_named_pipe_listener(const char *pipename, Plug plug)
 	NULL /* write_oob */,
         NULL /* write_eof */,
         NULL /* flush */,
-	sk_namedpipeserver_set_private_ptr,
-	sk_namedpipeserver_get_private_ptr,
         NULL /* set_frozen */,
-	sk_namedpipeserver_socket_error
+	sk_namedpipeserver_socket_error,
+	sk_namedpipeserver_peer_info,
     };
 
     Named_Pipe_Server_Socket ret;
-    SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
-    EXPLICIT_ACCESS ea[2];
 
     ret = snew(struct Socket_named_pipe_server_tag);
     ret->fn = &socket_fn_table;
     ret->plug = plug;
     ret->error = NULL;
-    ret->privptr = NULL;
     ret->psd = NULL;
     ret->pipename = dupstr(pipename);
-    ret->networksid = NULL;
     ret->acl = NULL;
+    ret->callback_handle = NULL;
 
     assert(strncmp(pipename, "\\\\.\\pipe\\", 9) == 0);
     assert(strchr(pipename + 9, '\\') == NULL);
 
-    if (!AllocateAndInitializeSid(&nt_auth, 1, SECURITY_NETWORK_RID,
-                                  0, 0, 0, 0, 0, 0, 0, &ret->networksid)) {
-        ret->error = dupprintf("unable to construct SID for rejecting "
-                               "remote pipe connections: %s",
-                               win_strerror(GetLastError()));
-        goto cleanup;
-    }
-
-    memset(ea, 0, sizeof(ea));
-    ea[0].grfAccessPermissions = GENERIC_READ | GENERIC_WRITE;
-    ea[0].grfAccessMode = GRANT_ACCESS;
-    ea[0].grfInheritance = NO_INHERITANCE;
-    ea[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
-    ea[0].Trustee.ptstrName = "CURRENT_USER";
-    ea[1].grfAccessPermissions = GENERIC_READ | GENERIC_WRITE;
-    ea[1].grfAccessMode = REVOKE_ACCESS;
-    ea[1].grfInheritance = NO_INHERITANCE;
-    ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
-    ea[1].Trustee.ptstrName = (LPTSTR)ret->networksid;
-
-    if (SetEntriesInAcl(2, ea, NULL, &ret->acl) != ERROR_SUCCESS) {
-        ret->error = dupprintf("unable to construct ACL: %s",
-                               win_strerror(GetLastError()));
-        goto cleanup;
-    }
-
-    ret->psd = (PSECURITY_DESCRIPTOR)
-        LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
-    if (!ret->psd) {
-        ret->error = dupprintf("unable to allocate security descriptor: %s",
-                               win_strerror(GetLastError()));
-        goto cleanup;
-    }
-
-    if (!InitializeSecurityDescriptor(ret->psd,SECURITY_DESCRIPTOR_REVISION)) {
-        ret->error = dupprintf("unable to initialise security descriptor: %s",
-                               win_strerror(GetLastError()));
-        goto cleanup;
-    }
-
-    if (!SetSecurityDescriptorDacl(ret->psd, TRUE, ret->acl, FALSE)) {
-        ret->error = dupprintf("unable to set DACL in security descriptor: %s",
-                               win_strerror(GetLastError()));
+    if (!make_private_security_descriptor(GENERIC_READ | GENERIC_WRITE,
+                                          &ret->psd, &ret->acl, &ret->error)) {
         goto cleanup;
     }
 
@@ -294,8 +247,9 @@ Socket new_named_pipe_listener(const char *pipename, Plug plug)
 
     memset(&ret->connect_ovl, 0, sizeof(ret->connect_ovl));
     ret->connect_ovl.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
-    handle_add_foreign_event(ret->connect_ovl.hEvent,
-                             named_pipe_connect_callback, ret);
+    ret->callback_handle =
+        handle_add_foreign_event(ret->connect_ovl.hEvent,
+                                 named_pipe_connect_callback, ret);
     named_pipe_accept_loop(ret, FALSE);
 
   cleanup: