X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=windows%2Fwinsecur.c;h=8b3c7f161893d8b0cc5fb904cd12b4e7b71b3c28;hb=1de7240eb88fa24a8532ded116b4ec72dd213008;hp=9cdac26c3ba36bf11a09c5d40d6ecf6257714e88;hpb=db910f712c8355da553167ea5ad9cd267366a287;p=PuTTY.git

diff --git a/windows/winsecur.c b/windows/winsecur.c
index 9cdac26c..8b3c7f16 100644
--- a/windows/winsecur.c
+++ b/windows/winsecur.c
@@ -27,6 +27,7 @@ int got_advapi(void)
         advapi = load_system32_dll("advapi32.dll");
         successful = advapi &&
             GET_WINDOWS_FUNCTION(advapi, GetSecurityInfo) &&
+            GET_WINDOWS_FUNCTION(advapi, SetSecurityInfo) &&
             GET_WINDOWS_FUNCTION(advapi, OpenProcessToken) &&
             GET_WINDOWS_FUNCTION(advapi, GetTokenInformation) &&
             GET_WINDOWS_FUNCTION(advapi, InitializeSecurityDescriptor) &&
@@ -43,6 +44,9 @@ PSID get_user_sid(void)
     DWORD toklen, sidlen;
     PSID sid = NULL, ret = NULL;
 
+    if (usersid)
+        return usersid;
+
     if (!got_advapi())
         goto cleanup;
 
@@ -72,7 +76,7 @@ PSID get_user_sid(void)
 
     /* Success. Move sid into the return value slot, and null it out
      * to stop the cleanup code freeing it. */
-    ret = sid;
+    ret = usersid = sid;
     sid = NULL;
 
   cleanup:
@@ -139,8 +143,6 @@ int make_private_security_descriptor(DWORD permissions,
                                      PACL *acl,
                                      char **error)
 {
-    SID_IDENTIFIER_AUTHORITY world_auth = SECURITY_WORLD_SID_AUTHORITY;
-    SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
     EXPLICIT_ACCESS ea[3];
     int acl_err;
     int ret = FALSE;
@@ -224,16 +226,14 @@ int make_private_security_descriptor(DWORD permissions,
 
 int setprocessacl(char *error)
 {
-    SID_IDENTIFIER_AUTHORITY world_auth = SECURITY_WORLD_SID_AUTHORITY;
-    SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
     EXPLICIT_ACCESS ea[2];
     int acl_err;
     int ret=FALSE;
     PACL acl = NULL;
 
-    static const nastyace=WRITE_DAC | WRITE_OWNER |
+    static const DWORD nastyace=WRITE_DAC | WRITE_OWNER |
 	PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD |
-	PROCESS_DUP_HANDLE | PROCESS_QUERY_INFORMATION |
+	PROCESS_DUP_HANDLE |
 	PROCESS_SET_QUOTA | PROCESS_SET_INFORMATION |
 	PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE |
 	PROCESS_SUSPEND_RESUME;
@@ -265,16 +265,10 @@ int setprocessacl(char *error)
         goto cleanup;
     }
 
-    if (ERROR_SUCCESS !=
-	SetSecurityInfo(
-			GetCurrentProcess(),
-			SE_KERNEL_OBJECT,
-			OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
-			usersid,
-			NULL,
-			acl,
-			NULL
-			)) {
+    if (ERROR_SUCCESS != p_SetSecurityInfo
+        (GetCurrentProcess(), SE_KERNEL_OBJECT,
+         OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
+         usersid, NULL, acl, NULL)) {
 	error=dupprintf("Unable to set process ACL: %s",
 			win_strerror(GetLastError()));
 	goto cleanup;