diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c index e3b00cec7df3549569871fae42f27d5224e15a51..32d47d8fc99eed5fe8eed746c8f738b47e78d4cc 100644 --- a/src/bin/initdb/initdb.c +++ b/src/bin/initdb/initdb.c @@ -42,7 +42,7 @@ * Portions Copyright (c) 1994, Regents of the University of California * Portions taken from FreeBSD. * - * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.152.2.5 2009/03/31 18:58:38 mha Exp $ + * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.152.2.6 2009/11/14 15:39:41 mha Exp $ * *------------------------------------------------------------------------- */ @@ -2344,6 +2344,10 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION * processInfo) return 0; } +#ifndef __CYGWIN__ + AddUserToTokenDacl(restrictedToken); +#endif + if (!CreateProcessAsUser(restrictedToken, NULL, cmd, @@ -2361,10 +2365,6 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION * processInfo) return 0; } -#ifndef __CYGWIN__ - AddUserToDacl(processInfo->hProcess); -#endif - return ResumeThread(processInfo->hThread); } #endif diff --git a/src/bin/pg_ctl/pg_ctl.c b/src/bin/pg_ctl/pg_ctl.c index f2e8aaa8a988e284027120c89881b7c0d2fd46fd..92fc1f28302d1989b8ffdd17a5c8cbecaa3da1e9 100644 --- a/src/bin/pg_ctl/pg_ctl.c +++ b/src/bin/pg_ctl/pg_ctl.c @@ -4,7 +4,7 @@ * * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group * - * $PostgreSQL: pgsql/src/bin/pg_ctl/pg_ctl.c,v 1.92.2.7 2009/09/02 02:41:07 tgl Exp $ + * $PostgreSQL: pgsql/src/bin/pg_ctl/pg_ctl.c,v 1.92.2.8 2009/11/14 15:39:41 mha Exp $ * *------------------------------------------------------------------------- */ @@ -1396,6 +1396,10 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION * processInfo, bool as_se return 0; } +#ifndef __CYGWIN__ + AddUserToTokenDacl(restrictedToken); +#endif + r = CreateProcessAsUser(restrictedToken, NULL, cmd, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, &si, processInfo); Kernel32Handle = LoadLibrary("KERNEL32.DLL"); @@ -1492,10 +1496,6 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION * processInfo, bool as_se } } -#ifndef __CYGWIN__ - AddUserToDacl(processInfo->hProcess); -#endif - CloseHandle(restrictedToken); ResumeThread(processInfo->hThread); diff --git a/src/include/port.h b/src/include/port.h index 97828a775ab44e71b7b42195798d28cf2306e1ab..094d58a442a99997855201cbe0196c1452d01e1e 100644 --- a/src/include/port.h +++ b/src/include/port.h @@ -6,7 +6,7 @@ * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/include/port.h,v 1.116.2.5 2008/04/18 17:05:53 tgl Exp $ + * $PostgreSQL: pgsql/src/include/port.h,v 1.116.2.6 2009/11/14 15:39:41 mha Exp $ * *------------------------------------------------------------------------- */ @@ -80,7 +80,7 @@ extern int find_other_exec(const char *argv0, const char *target, /* Windows security token manipulation (in exec.c) */ #ifdef WIN32 -extern BOOL AddUserToDacl(HANDLE hProcess); +extern BOOL AddUserToTokenDacl(HANDLE hToken); #endif diff --git a/src/port/exec.c b/src/port/exec.c index c37dd33d85bc470b3e8ca61861b4b880a71b1307..17f45563de902487a084ac7c2869384bc2f9e7cf 100644 --- a/src/port/exec.c +++ b/src/port/exec.c @@ -9,7 +9,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/port/exec.c,v 1.57.2.2 2008/03/31 01:32:01 tgl Exp $ + * $PostgreSQL: pgsql/src/port/exec.c,v 1.57.2.3 2009/11/14 15:39:41 mha Exp $ * *------------------------------------------------------------------------- */ @@ -664,11 +664,10 @@ set_pglocale_pgservice(const char *argv0, const char *app) #ifdef WIN32 /* - * AddUserToDacl(HANDLE hProcess) + * AddUserToTokenDacl(HANDLE hToken) * - * This function adds the current user account to the default DACL - * which gets attached to the restricted token used when we create - * a restricted process. + * This function adds the current user account to the restricted + * token used when we create a restricted process. * * This is required because of some security changes in Windows * that appeared in patches to XP/2K3 and in Vista/2008. @@ -681,13 +680,13 @@ set_pglocale_pgservice(const char *argv0, const char *app) * and CreateProcess() calls when running as Administrator. * * This function fixes this problem by modifying the DACL of the - * specified process and explicitly re-adding the current user account. - * This is still secure because the Administrator account inherits it's - * privileges from the Administrators group - it doesn't have any of - * it's own. + * token the process will use, and explicitly re-adding the current + * user account. This is still secure because the Administrator account + * inherits its privileges from the Administrators group - it doesn't + * have any of its own. */ BOOL -AddUserToDacl(HANDLE hProcess) +AddUserToTokenDacl(HANDLE hToken) { int i; ACL_SIZE_INFORMATION asi; @@ -696,7 +695,6 @@ AddUserToDacl(HANDLE hProcess) DWORD dwSize = 0; DWORD dwTokenInfoLength = 0; DWORD dwResult = 0; - HANDLE hToken = NULL; PACL pacl = NULL; PSID psidUser = NULL; TOKEN_DEFAULT_DACL tddNew; @@ -704,13 +702,6 @@ AddUserToDacl(HANDLE hProcess) TOKEN_INFORMATION_CLASS tic = TokenDefaultDacl; BOOL ret = FALSE; - /* Get the token for the process */ - if (!OpenProcessToken(hProcess, TOKEN_QUERY | TOKEN_ADJUST_DEFAULT, &hToken)) - { - log_error("could not open process token: %ui", GetLastError()); - goto cleanup; - } - /* Figure out the buffer size for the DACL info */ if (!GetTokenInformation(hToken, tic, (LPVOID) NULL, dwTokenInfoLength, &dwSize)) { @@ -786,7 +777,7 @@ AddUserToDacl(HANDLE hProcess) } /* Add the new ACE for the current user */ - if (!AddAccessAllowedAce(pacl, ACL_REVISION, GENERIC_ALL, psidUser)) + if (!AddAccessAllowedAceEx(pacl, ACL_REVISION, OBJECT_INHERIT_ACE, GENERIC_ALL, psidUser)) { log_error("could not add access allowed ACE: %ui", GetLastError()); goto cleanup; @@ -813,9 +804,6 @@ cleanup: if (ptdd) LocalFree((HLOCAL) ptdd); - if (hToken) - CloseHandle(hToken); - return ret; } diff --git a/src/test/regress/pg_regress.c b/src/test/regress/pg_regress.c index 49e44cef542da218c4db9d10a4a6926bb3eb617a..3a6e34030949b9ab1a611c50172a36b5a9e6f5be 100644 --- a/src/test/regress/pg_regress.c +++ b/src/test/regress/pg_regress.c @@ -11,7 +11,7 @@ * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/test/regress/pg_regress.c,v 1.41.2.3 2008/08/03 05:12:45 tgl Exp $ + * $PostgreSQL: pgsql/src/test/regress/pg_regress.c,v 1.41.2.4 2009/11/14 15:39:41 mha Exp $ * *------------------------------------------------------------------------- */ @@ -1009,6 +1009,10 @@ spawn_process(const char *cmdline) cmdline2 = malloc(strlen(cmdline) + 8); sprintf(cmdline2, "cmd /c %s", cmdline); +#ifndef __CYGWIN__ + AddUserToTokenDacl(restrictedToken); +#endif + if (!CreateProcessAsUser(restrictedToken, NULL, cmdline2, @@ -1026,10 +1030,6 @@ spawn_process(const char *cmdline) exit_nicely(2); } -#ifndef __CYGWIN__ - AddUserToDacl(pi.hProcess); -#endif - free(cmdline2); ResumeThread(pi.hThread);