From 22452fa96f6c748f72da039f5b24787f1f3f1484 Mon Sep 17 00:00:00 2001 From: Magnus Hagander Date: Fri, 20 Nov 2009 01:28:18 +0000 Subject: [PATCH] Revert backpatch of inheritable-ACE patch for Win32, since it broke compatibility with pre-Windows 2000 versions. --- src/bin/initdb/initdb.c | 10 +++++----- src/bin/pg_ctl/pg_ctl.c | 10 +++++----- src/include/port.h | 4 ++-- src/port/exec.c | 32 ++++++++++++++++++++++---------- 4 files changed, 34 insertions(+), 22 deletions(-) diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c index 1b00dd3b44a..01999de6c38 100644 --- a/src/bin/initdb/initdb.c +++ b/src/bin/initdb/initdb.c @@ -42,7 +42,7 @@ * Portions Copyright (c) 1994, Regents of the University of California * Portions taken from FreeBSD. * - * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.125.2.4 2009/11/15 09:08:45 mha Exp $ + * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.125.2.5 2009/11/20 01:28:18 mha Exp $ * *------------------------------------------------------------------------- */ @@ -2336,10 +2336,6 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION * processInfo) return 0; } -#ifndef __CYGWIN__ - AddUserToTokenDacl(restrictedToken); -#endif - if (!CreateProcessAsUser(restrictedToken, NULL, cmd, @@ -2357,6 +2353,10 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION * processInfo) return 0; } +#ifndef __CYGWIN__ + AddUserToDacl(processInfo->hProcess); +#endif + return ResumeThread(processInfo->hThread); } #endif diff --git a/src/bin/pg_ctl/pg_ctl.c b/src/bin/pg_ctl/pg_ctl.c index 1f5c4d62a7b..6436d494411 100644 --- a/src/bin/pg_ctl/pg_ctl.c +++ b/src/bin/pg_ctl/pg_ctl.c @@ -4,7 +4,7 @@ * * Portions Copyright (c) 1996-2006, PostgreSQL Global Development Group * - * $PostgreSQL: pgsql/src/bin/pg_ctl/pg_ctl.c,v 1.74.2.8 2009/11/15 09:08:46 mha Exp $ + * $PostgreSQL: pgsql/src/bin/pg_ctl/pg_ctl.c,v 1.74.2.9 2009/11/20 01:28:18 mha Exp $ * *------------------------------------------------------------------------- */ @@ -1349,10 +1349,6 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION * processInfo) return 0; } -#ifndef __CYGWIN__ - AddUserToTokenDacl(restrictedToken); -#endif - r = CreateProcessAsUser(restrictedToken, NULL, cmd, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, &si, processInfo); Kernel32Handle = LoadLibrary("KERNEL32.DLL"); @@ -1433,6 +1429,10 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION * processInfo) } } +#ifndef __CYGWIN__ + AddUserToDacl(processInfo->hProcess); +#endif + CloseHandle(restrictedToken); ResumeThread(processInfo->hThread); diff --git a/src/include/port.h b/src/include/port.h index 404bd80535e..57fd0ee8231 100644 --- a/src/include/port.h +++ b/src/include/port.h @@ -6,7 +6,7 @@ * Portions Copyright (c) 1996-2006, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/include/port.h,v 1.106.2.7 2009/11/15 09:08:46 mha Exp $ + * $PostgreSQL: pgsql/src/include/port.h,v 1.106.2.8 2009/11/20 01:28:17 mha Exp $ * *------------------------------------------------------------------------- */ @@ -76,7 +76,7 @@ extern int find_other_exec(const char *argv0, const char *target, /* Windows security token manipulation (in exec.c) */ #ifdef WIN32 -extern BOOL AddUserToTokenDacl(HANDLE hToken); +extern BOOL AddUserToDacl(HANDLE hProcess); #endif diff --git a/src/port/exec.c b/src/port/exec.c index 65a7c491e8c..561b34e9e08 100644 --- a/src/port/exec.c +++ b/src/port/exec.c @@ -9,7 +9,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/port/exec.c,v 1.43.2.3 2009/11/15 09:08:46 mha Exp $ + * $PostgreSQL: pgsql/src/port/exec.c,v 1.43.2.4 2009/11/20 01:28:18 mha Exp $ * *------------------------------------------------------------------------- */ @@ -649,10 +649,11 @@ set_pglocale_pgservice(const char *argv0, const char *app) #ifdef WIN32 /* - * AddUserToTokenDacl(HANDLE hToken) + * AddUserToDacl(HANDLE hProcess) * - * This function adds the current user account to the restricted - * token used when we create a restricted process. + * This function adds the current user account to the default DACL + * which gets attached to the restricted token used when we create + * a restricted process. * * This is required because of some security changes in Windows * that appeared in patches to XP/2K3 and in Vista/2008. @@ -665,13 +666,13 @@ set_pglocale_pgservice(const char *argv0, const char *app) * and CreateProcess() calls when running as Administrator. * * This function fixes this problem by modifying the DACL of the - * token the process will use, and explicitly re-adding the current - * user account. This is still secure because the Administrator account - * inherits its privileges from the Administrators group - it doesn't - * have any of its own. + * specified process and explicitly re-adding the current user account. + * This is still secure because the Administrator account inherits it's + * privileges from the Administrators group - it doesn't have any of + * it's own. */ BOOL -AddUserToTokenDacl(HANDLE hToken) +AddUserToDacl(HANDLE hProcess) { int i; ACL_SIZE_INFORMATION asi; @@ -680,6 +681,7 @@ AddUserToTokenDacl(HANDLE hToken) DWORD dwSize = 0; DWORD dwTokenInfoLength = 0; DWORD dwResult = 0; + HANDLE hToken = NULL; PACL pacl = NULL; PSID psidUser = NULL; TOKEN_DEFAULT_DACL tddNew; @@ -687,6 +689,13 @@ AddUserToTokenDacl(HANDLE hToken) TOKEN_INFORMATION_CLASS tic = TokenDefaultDacl; BOOL ret = FALSE; + /* Get the token for the process */ + if (!OpenProcessToken(hProcess, TOKEN_QUERY | TOKEN_ADJUST_DEFAULT, &hToken)) + { + log_error("could not open process token: %ui", GetLastError()); + goto cleanup; + } + /* Figure out the buffer size for the DACL info */ if (!GetTokenInformation(hToken, tic, (LPVOID) NULL, dwTokenInfoLength, &dwSize)) { @@ -762,7 +771,7 @@ AddUserToTokenDacl(HANDLE hToken) } /* Add the new ACE for the current user */ - if (!AddAccessAllowedAceEx(pacl, ACL_REVISION, OBJECT_INHERIT_ACE, GENERIC_ALL, psidUser)) + if (!AddAccessAllowedAce(pacl, ACL_REVISION, GENERIC_ALL, psidUser)) { log_error("could not add access allowed ACE: %ui", GetLastError()); goto cleanup; @@ -789,6 +798,9 @@ cleanup: if (ptdd) LocalFree((HLOCAL) ptdd); + if (hToken) + CloseHandle(hToken); + return ret; }