diff options
Diffstat (limited to 'src/bin/initdb/initdb.c')
| -rw-r--r-- | src/bin/initdb/initdb.c | 170 |
1 files changed, 2 insertions, 168 deletions
diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c index 18614e7a678..b9d6092c2c0 100644 --- a/src/bin/initdb/initdb.c +++ b/src/bin/initdb/initdb.c @@ -61,6 +61,7 @@ #endif #include "catalog/catalog.h" +#include "common/restricted_token.h" #include "common/username.h" #include "mb/pg_wchar.h" #include "getaddrinfo.h" @@ -178,9 +179,6 @@ static char *authwarning = NULL; static const char *boot_options = "-F"; static const char *backend_options = "--single -F -O -c search_path=pg_catalog -c exit_on_error=true"; -#ifdef WIN32 -char *restrict_env; -#endif static const char *subdirs[] = { "global", "pg_xlog", @@ -260,7 +258,6 @@ static void check_locale_name(int category, const char *locale, static bool check_locale_encoding(const char *locale, int encoding); static void setlocales(void); static void usage(const char *progname); -void get_restricted_token(void); void setup_pgdata(void); void setup_bin_paths(const char *argv0); void setup_data_file_paths(void); @@ -272,12 +269,6 @@ void create_xlog_symlink(void); void warn_on_mount_point(int error); void initialize_data_directory(void); - -#ifdef WIN32 -static int CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo); -#endif - - /* * macros for running pipes to postgres */ @@ -2754,116 +2745,6 @@ setlocales(void) #endif } -#ifdef WIN32 -typedef BOOL (WINAPI * __CreateRestrictedToken) (HANDLE, DWORD, DWORD, PSID_AND_ATTRIBUTES, DWORD, PLUID_AND_ATTRIBUTES, DWORD, PSID_AND_ATTRIBUTES, PHANDLE); - -/* Windows API define missing from some versions of MingW headers */ -#ifndef DISABLE_MAX_PRIVILEGE -#define DISABLE_MAX_PRIVILEGE 0x1 -#endif - -/* - * Create a restricted token and execute the specified process with it. - * - * Returns 0 on failure, non-zero on success, same as CreateProcess(). - * - * On NT4, or any other system not containing the required functions, will - * NOT execute anything. - */ -static int -CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo) -{ - BOOL b; - STARTUPINFO si; - HANDLE origToken; - HANDLE restrictedToken; - SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY}; - SID_AND_ATTRIBUTES dropSids[2]; - __CreateRestrictedToken _CreateRestrictedToken = NULL; - HANDLE Advapi32Handle; - - ZeroMemory(&si, sizeof(si)); - si.cb = sizeof(si); - - Advapi32Handle = LoadLibrary("ADVAPI32.DLL"); - if (Advapi32Handle != NULL) - { - _CreateRestrictedToken = (__CreateRestrictedToken) GetProcAddress(Advapi32Handle, "CreateRestrictedToken"); - } - - if (_CreateRestrictedToken == NULL) - { - fprintf(stderr, _("%s: WARNING: cannot create restricted tokens on this platform\n"), progname); - if (Advapi32Handle != NULL) - FreeLibrary(Advapi32Handle); - return 0; - } - - /* Open the current token to use as a base for the restricted one */ - if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &origToken)) - { - fprintf(stderr, _("%s: could not open process token: error code %lu\n"), progname, GetLastError()); - return 0; - } - - /* Allocate list of SIDs to remove */ - ZeroMemory(&dropSids, sizeof(dropSids)); - if (!AllocateAndInitializeSid(&NtAuthority, 2, - SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, - 0, &dropSids[0].Sid) || - !AllocateAndInitializeSid(&NtAuthority, 2, - SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS, 0, 0, 0, 0, 0, - 0, &dropSids[1].Sid)) - { - fprintf(stderr, _("%s: could not allocate SIDs: error code %lu\n"), - progname, GetLastError()); - return 0; - } - - b = _CreateRestrictedToken(origToken, - DISABLE_MAX_PRIVILEGE, - sizeof(dropSids) / sizeof(dropSids[0]), - dropSids, - 0, NULL, - 0, NULL, - &restrictedToken); - - FreeSid(dropSids[1].Sid); - FreeSid(dropSids[0].Sid); - CloseHandle(origToken); - FreeLibrary(Advapi32Handle); - - if (!b) - { - fprintf(stderr, _("%s: could not create restricted token: error code %lu\n"), progname, GetLastError()); - return 0; - } - -#ifndef __CYGWIN__ - AddUserToTokenDacl(restrictedToken); -#endif - - if (!CreateProcessAsUser(restrictedToken, - NULL, - cmd, - NULL, - NULL, - TRUE, - CREATE_SUSPENDED, - NULL, - NULL, - &si, - processInfo)) - - { - fprintf(stderr, _("%s: could not start process for command \"%s\": error code %lu\n"), progname, cmd, GetLastError()); - return 0; - } - - return ResumeThread(processInfo->hThread); -} -#endif - /* * print help text */ @@ -2957,53 +2838,6 @@ check_need_password(const char *authmethodlocal, const char *authmethodhost) } } -void -get_restricted_token(void) -{ -#ifdef WIN32 - - /* - * Before we execute another program, make sure that we are running with a - * restricted token. If not, re-execute ourselves with one. - */ - - if ((restrict_env = getenv("PG_RESTRICT_EXEC")) == NULL - || strcmp(restrict_env, "1") != 0) - { - PROCESS_INFORMATION pi; - char *cmdline; - - ZeroMemory(&pi, sizeof(pi)); - - cmdline = pg_strdup(GetCommandLine()); - - putenv("PG_RESTRICT_EXEC=1"); - - if (!CreateRestrictedProcess(cmdline, &pi)) - { - fprintf(stderr, _("%s: could not re-execute with restricted token: error code %lu\n"), progname, GetLastError()); - } - else - { - /* - * Successfully re-execed. Now wait for child process to capture - * exitcode. - */ - DWORD x; - - CloseHandle(pi.hThread); - WaitForSingleObject(pi.hProcess, INFINITE); - - if (!GetExitCodeProcess(pi.hProcess, &x)) - { - fprintf(stderr, _("%s: could not get exit code from subprocess: error code %lu\n"), progname, GetLastError()); - exit(1); - } - exit(x); - } - } -#endif -} void setup_pgdata(void) @@ -3759,7 +3593,7 @@ main(int argc, char *argv[]) check_need_password(authmethodlocal, authmethodhost); - get_restricted_token(); + get_restricted_token(progname); setup_pgdata(); |