return ret;
}
-int getsids(char *error)
+int getsids(char **error)
{
SID_IDENTIFIER_AUTHORITY world_auth = SECURITY_WORLD_SID_AUTHORITY;
SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
int ret;
- error=NULL;
+ *error = NULL;
if (!usersid) {
if ((usersid = get_user_sid()) == NULL) {
- error = dupprintf("unable to construct SID for current user: %s",
+ *error = dupprintf("unable to construct SID for current user: %s",
win_strerror(GetLastError()));
goto cleanup;
}
if (!worldsid) {
if (!AllocateAndInitializeSid(&world_auth, 1, SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0, &worldsid)) {
- error = dupprintf("unable to construct SID for world: %s",
+ *error = dupprintf("unable to construct SID for world: %s",
win_strerror(GetLastError()));
goto cleanup;
}
if (!networksid) {
if (!AllocateAndInitializeSid(&nt_auth, 1, SECURITY_NETWORK_RID,
0, 0, 0, 0, 0, 0, 0, &networksid)) {
- error = dupprintf("unable to construct SID for "
+ *error = dupprintf("unable to construct SID for "
"local same-user access only: %s",
win_strerror(GetLastError()));
goto cleanup;
}
}
- ret=TRUE;
+ ret = TRUE;
cleanup:
- if (ret) {
- sfree(error);
- error = NULL;
- }
return ret;
}
*acl = NULL;
*error = NULL;
- if (!getsids(*error))
+ if (!getsids(error))
goto cleanup;
memset(ea, 0, sizeof(ea));
return ret;
}
-static int really_restrict_process_acl(char *error)
+static int really_restrict_process_acl(char **error)
{
EXPLICIT_ACCESS ea[2];
int acl_err;
acl_err = p_SetEntriesInAclA(2, ea, NULL, &acl);
if (acl_err != ERROR_SUCCESS || acl == NULL) {
- error = dupprintf("unable to construct ACL: %s",
- win_strerror(acl_err));
+ *error = dupprintf("unable to construct ACL: %s",
+ win_strerror(acl_err));
goto cleanup;
}
(GetCurrentProcess(), SE_KERNEL_OBJECT,
OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
usersid, NULL, acl, NULL)) {
- error=dupprintf("Unable to set process ACL: %s",
- win_strerror(GetLastError()));
+ *error = dupprintf("Unable to set process ACL: %s",
+ win_strerror(GetLastError()));
goto cleanup;
}
}
}
return ret;
-}
+}
#endif /* !defined NO_SECURITY */
/*
int ret;
#if !defined NO_SECURITY
- ret = really_restrict_process_acl(error);
+ ret = really_restrict_process_acl(&error);
#else
ret = FALSE;
error = dupstr("ACL restrictions not compiled into this binary");