simon-svn: putty: simon
Commits to Tartarus CVS repository.
tartarus-commits at lists.tartarus.org
Mon Nov 25 18:35:14 GMT 2013
SVN root: svn://svn.tartarus.org/sgt
Changes by: simon
Revision: 10096
Date: 2013-11-25 18:35:14 +0000 (Mon, 25 Nov 2013)
Log message (20 lines):
Switch to using SIDs in make_private_security_descriptor().
Daniel Meidlinger reports that at least one Windows machine which is
not obviously otherwise misconfigured will respond to our
SetEntriesInAcl call with odd errors like ERROR_NONE_MAPPED or
ERROR_TRUSTED_RELATIONSHIP_FAILURE. This is apparently to do with
failure to convert the names "EVERYONE" and "CURRENT_USER" used in the
ACL specification to SIDs. (Or perhaps only one of them is the problem
- I didn't investigate in that direction.)
If we instead construct a fully SID-based ACL, using the well-known
world SID in place of EVERYONE and calling our existing get_user_sid
routine in place of CURRENT_USER, he reports that the problem goes
away, so let's do that instead.
While I'm here, I've slightly simplified the function prototype of
make_private_security_descriptor(), by turning 'networksid' into an
internal static that we can reuse in subsequent calls once we've set
it up. (Mostly because I didn't fancy adding another two pointless
parameters at every call site for the two new SIDs.)
Modified files:
U putty/windows/winnps.c
U putty/windows/winsecur.c
U putty/windows/winsecur.h
U putty/windows/winshare.c
Links:
http://svn.tartarus.org/sgt/?rev=10096&view=rev
http://svn.tartarus.org/sgt/putty/windows/winnps.c?rev=10096&r1=10095&r2=10096
http://svn.tartarus.org/sgt/putty/windows/winsecur.c?rev=10096&r1=10095&r2=10096
http://svn.tartarus.org/sgt/putty/windows/winsecur.h?rev=10096&r1=10095&r2=10096
http://svn.tartarus.org/sgt/putty/windows/winshare.c?rev=10096&r1=10095&r2=10096
More information about the tartarus-commits
mailing list