aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--tools/plink/winsecur.h63
1 files changed, 63 insertions, 0 deletions
diff --git a/tools/plink/winsecur.h b/tools/plink/winsecur.h
new file mode 100644
index 000000000..bd6498276
--- /dev/null
+++ b/tools/plink/winsecur.h
@@ -0,0 +1,63 @@
+/*
+ * winsecur.h: some miscellaneous security-related helper functions,
+ * defined in winsecur.c, that use the advapi32 library. Also
+ * centralises the machinery for dynamically loading that library.
+ */
+
+#if !defined NO_SECURITY
+
+#include <aclapi.h>
+
+#ifndef WINSECUR_GLOBAL
+#define WINSECUR_GLOBAL extern
+#endif
+
+/*
+ * Functions loaded from advapi32.dll.
+ */
+DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, OpenProcessToken,
+ (HANDLE, DWORD, PHANDLE));
+DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, GetTokenInformation,
+ (HANDLE, TOKEN_INFORMATION_CLASS,
+ LPVOID, DWORD, PDWORD));
+DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, InitializeSecurityDescriptor,
+ (PSECURITY_DESCRIPTOR, DWORD));
+DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, SetSecurityDescriptorOwner,
+ (PSECURITY_DESCRIPTOR, PSID, BOOL));
+DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, DWORD, GetSecurityInfo,
+ (HANDLE, SE_OBJECT_TYPE, SECURITY_INFORMATION,
+ PSID *, PSID *, PACL *, PACL *,
+ PSECURITY_DESCRIPTOR *));
+DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, DWORD, SetEntriesInAclA,
+ (ULONG, PEXPLICIT_ACCESS, PACL, PACL *));
+int got_advapi(void);
+
+/*
+ * Functions loaded from crypt32.dll.
+ */
+DECL_WINDOWS_FUNCTION(WINSECUR_GLOBAL, BOOL, CryptProtectMemory,
+ (LPVOID, DWORD, DWORD));
+int got_crypt(void);
+
+/*
+ * Find the SID describing the current user. The return value (if not
+ * NULL for some error-related reason) is smalloced.
+ */
+PSID get_user_sid(void);
+
+/*
+ * Construct a PSECURITY_DESCRIPTOR of the type used for named pipe
+ * servers, i.e. allowing access only to the current user id and also
+ * only local (i.e. not over SMB) connections.
+ *
+ * If this function returns TRUE, then 'psd' and 'acl' will have been
+ * filled in with memory allocated using LocalAlloc (and hence must be
+ * freed later using LocalFree). If it returns FALSE, then instead
+ * 'error' has been filled with a dynamically allocated error message.
+ */
+int make_private_security_descriptor(DWORD permissions,
+ PSECURITY_DESCRIPTOR *psd,
+ PACL *acl,
+ char **error);
+
+#endif