X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=windows%2Fwinsecur.c;h=76dcae915d86e9398f1e06a7840b9604522869c3;hb=510f49e405e71ba5c97875e7a019364e1ef5fac9;hp=d07150d05233995c2fb4b6b29dae22c251c6f9c6;hpb=e22120fea8d39e6a2ef6b2f4ab3ee5502f56169a;p=PuTTY.git diff --git a/windows/winsecur.c b/windows/winsecur.c index d07150d0..76dcae91 100644 --- a/windows/winsecur.c +++ b/windows/winsecur.c @@ -92,17 +92,25 @@ PSID get_user_sid(void) return ret; } -int getsids(char *error) +int getsids(char **error) { +#ifdef __clang__ +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wmissing-braces" +#endif SID_IDENTIFIER_AUTHORITY world_auth = SECURITY_WORLD_SID_AUTHORITY; SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY; - int ret; +#ifdef __clang__ +#pragma clang diagnostic pop +#endif - error=NULL; + int ret = FALSE; + + *error = NULL; if (!usersid) { if ((usersid = get_user_sid()) == NULL) { - error = dupprintf("unable to construct SID for current user: %s", + *error = dupprintf("unable to construct SID for current user: %s", win_strerror(GetLastError())); goto cleanup; } @@ -111,7 +119,7 @@ int getsids(char *error) if (!worldsid) { if (!AllocateAndInitializeSid(&world_auth, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &worldsid)) { - error = dupprintf("unable to construct SID for world: %s", + *error = dupprintf("unable to construct SID for world: %s", win_strerror(GetLastError())); goto cleanup; } @@ -120,20 +128,16 @@ int getsids(char *error) if (!networksid) { if (!AllocateAndInitializeSid(&nt_auth, 1, SECURITY_NETWORK_RID, 0, 0, 0, 0, 0, 0, 0, &networksid)) { - error = dupprintf("unable to construct SID for " + *error = dupprintf("unable to construct SID for " "local same-user access only: %s", win_strerror(GetLastError())); goto cleanup; } } - ret=TRUE; + ret = TRUE; cleanup: - if (ret) { - sfree(error); - error = NULL; - } return ret; } @@ -152,7 +156,7 @@ int make_private_security_descriptor(DWORD permissions, *acl = NULL; *error = NULL; - if (!getsids(*error)) + if (!getsids(error)) goto cleanup; memset(ea, 0, sizeof(ea)); @@ -224,7 +228,7 @@ int make_private_security_descriptor(DWORD permissions, return ret; } -static int really_restrict_process_acl(char *error) +static int really_restrict_process_acl(char **error) { EXPLICIT_ACCESS ea[2]; int acl_err; @@ -260,8 +264,8 @@ static int really_restrict_process_acl(char *error) acl_err = p_SetEntriesInAclA(2, ea, NULL, &acl); if (acl_err != ERROR_SUCCESS || acl == NULL) { - error = dupprintf("unable to construct ACL: %s", - win_strerror(acl_err)); + *error = dupprintf("unable to construct ACL: %s", + win_strerror(acl_err)); goto cleanup; } @@ -269,8 +273,8 @@ static int really_restrict_process_acl(char *error) (GetCurrentProcess(), SE_KERNEL_OBJECT, OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, usersid, NULL, acl, NULL)) { - error=dupprintf("Unable to set process ACL: %s", - win_strerror(GetLastError())); + *error = dupprintf("Unable to set process ACL: %s", + win_strerror(GetLastError())); goto cleanup; } @@ -285,7 +289,7 @@ static int really_restrict_process_acl(char *error) } } return ret; -} +} #endif /* !defined NO_SECURITY */ /* @@ -311,7 +315,7 @@ void restrict_process_acl(void) int ret; #if !defined NO_SECURITY - ret = really_restrict_process_acl(error); + ret = really_restrict_process_acl(&error); #else ret = FALSE; error = dupstr("ACL restrictions not compiled into this binary");