From 30df964607b8b305ecef43a387c8a9c1dc3f0eca Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Thu, 28 Jul 2022 15:56:33 +0900 Subject: [PATCH] Simplify the access control. PIPE_REJECT_REMOTE_CLIENTS would be enough. Signed-off-by: NIIBE Yutaka --- agent/gpg-agent.c | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index a462d3e52..6ceb0b0ad 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -2765,8 +2765,6 @@ putty_message_thread (void *arg) /* FIXME: it would be good to be specified by an option. */ #define AGENT_PIPE_NAME "\\\\.\\pipe\\openssh-ssh-agent" -/* FIXME: Don't know exact semantics, but copied from Win32-Openssh */ -#define SDDL_STR "D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;0x12019b;;;AU)" #define BUFSIZE 5 * 1024 /* The thread handling Win32-OpenSSH requests through NamedPipe. */ @@ -2774,24 +2772,12 @@ static void * win32_openssh_thread (void *arg) { HANDLE pipe; - SECURITY_ATTRIBUTES sa; (void)arg; if (opt.verbose) log_info ("Win32-OpenSSH thread started\n"); - memset(&sa, 0, sizeof (SECURITY_ATTRIBUTES)); - sa.nLength = sizeof (sa); - if (!ConvertStringSecurityDescriptorToSecurityDescriptorA - (SDDL_STR, SDDL_REVISION_1, &sa.lpSecurityDescriptor, &sa.nLength)) - { - log_error ("cannot convert sddl: %ld\n", GetLastError ()); - return NULL; - } - - sa.bInheritHandle = FALSE; - while (1) { ctrl_t ctrl = NULL; @@ -2799,11 +2785,11 @@ win32_openssh_thread (void *arg) es_syshd_t syshd; npth_unprotect (); - pipe = CreateNamedPipeA (AGENT_PIPE_NAME, - PIPE_ACCESS_DUPLEX, // | FILE_FLAG_OVERLAPPED - PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT, + pipe = CreateNamedPipeA (AGENT_PIPE_NAME, PIPE_ACCESS_DUPLEX, + (PIPE_TYPE_BYTE | PIPE_READMODE_BYTE + | PIPE_WAIT | PIPE_REJECT_REMOTE_CLIENTS), PIPE_UNLIMITED_INSTANCES, - BUFSIZE, BUFSIZE, 0, &sa); + BUFSIZE, BUFSIZE, 0, NULL); if (pipe == INVALID_HANDLE_VALUE) {