database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-02 11:44:50 +03:00
Code

Add inheritable ACE when creating a restricted token for execution on

Browse Source 
Win32.

Also refactor the code around it to be more clear.

Jesse Morris
This commit is contained in:
Magnus Hagander 2009-11-14 15:39:36 +00:00
parent ef679ff6b7
commit da8d684d39
5 changed files with 27 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/bin/initdb/initdb.c
View File

@ -42,7 +42,7 @@
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* Portions taken from FreeBSD. * Portions taken from FreeBSD.
* *
* $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.176 2009/11/12 02:46:16 tgl Exp $ * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.177 2009/11/14 15:39:36 mha Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -2354,6 +2354,10 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo)
return 0; return 0;
} }
#ifndef __CYGWIN__
AddUserToTokenDacl(restrictedToken);
#endif
if (!CreateProcessAsUser(restrictedToken, if (!CreateProcessAsUser(restrictedToken,
NULL, NULL,
cmd, cmd,
@ -2371,10 +2375,6 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo)
return 0; return 0;
} }
#ifndef __CYGWIN__
AddUserToDacl(processInfo->hProcess);
#endif
return ResumeThread(processInfo->hThread); return ResumeThread(processInfo->hThread);
} }
#endif #endif

9
src/bin/pg_ctl/pg_ctl.c
View File

@ -4,7 +4,7 @@
* *
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
* *
* $PostgreSQL: pgsql/src/bin/pg_ctl/pg_ctl.c,v 1.114 2009/09/07 11:22:12 mha Exp $ * $PostgreSQL: pgsql/src/bin/pg_ctl/pg_ctl.c,v 1.115 2009/11/14 15:39:36 mha Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -1405,6 +1405,10 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, bool as_ser
return 0; return 0;
} }
#ifndef __CYGWIN__
AddUserToTokenDacl(restrictedToken);
#endif
r = CreateProcessAsUser(restrictedToken, NULL, cmd, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, &si, processInfo); r = CreateProcessAsUser(restrictedToken, NULL, cmd, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, &si, processInfo);
Kernel32Handle = LoadLibrary("KERNEL32.DLL"); Kernel32Handle = LoadLibrary("KERNEL32.DLL");
@ -1503,9 +1507,6 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, bool as_ser
} }
} }
#ifndef __CYGWIN__
AddUserToDacl(processInfo->hProcess);
#endif
CloseHandle(restrictedToken); CloseHandle(restrictedToken);

4
src/include/port.h
View File

@ -6,7 +6,7 @@
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* *
* $PostgreSQL: pgsql/src/include/port.h,v 1.126 2009/07/16 17:43:52 tgl Exp $ * $PostgreSQL: pgsql/src/include/port.h,v 1.127 2009/11/14 15:39:36 mha Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -81,7 +81,7 @@ extern int find_other_exec(const char *argv0, const char *target,
/* Windows security token manipulation (in exec.c) */ /* Windows security token manipulation (in exec.c) */
#ifdef WIN32 #ifdef WIN32
extern BOOL AddUserToDacl(HANDLE hProcess); extern BOOL AddUserToTokenDacl(HANDLE hToken);
#endif #endif

32
src/port/exec.c
View File

@ -9,7 +9,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/port/exec.c,v 1.64 2009/07/27 08:46:10 mha Exp $ * $PostgreSQL: pgsql/src/port/exec.c,v 1.65 2009/11/14 15:39:36 mha Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -664,11 +664,10 @@ set_pglocale_pgservice(const char *argv0, const char *app)
#ifdef WIN32 #ifdef WIN32
/* /*
* AddUserToDacl(HANDLE hProcess) * AddUserToTokenDacl(HANDLE hToken)
* *
* This function adds the current user account to the default DACL * This function adds the current user account to the restricted
* which gets attached to the restricted token used when we create * token used when we create a restricted process.
* a restricted process.
* *
* This is required because of some security changes in Windows * This is required because of some security changes in Windows
* that appeared in patches to XP/2K3 and in Vista/2008. * that appeared in patches to XP/2K3 and in Vista/2008.
@ -681,13 +680,13 @@ set_pglocale_pgservice(const char *argv0, const char *app)
* and CreateProcess() calls when running as Administrator. * and CreateProcess() calls when running as Administrator.
* *
* This function fixes this problem by modifying the DACL of the * This function fixes this problem by modifying the DACL of the
* specified process and explicitly re-adding the current user account. * token the process will use, and explicitly re-adding the current
* This is still secure because the Administrator account inherits it's * user account. This is still secure because the Administrator account
* privileges from the Administrators group - it doesn't have any of * inherits its privileges from the Administrators group - it doesn't
* it's own. * have any of its own.
*/ */
BOOL BOOL
AddUserToDacl(HANDLE hProcess) AddUserToTokenDacl(HANDLE hToken)
{ {
int i; int i;
ACL_SIZE_INFORMATION asi; ACL_SIZE_INFORMATION asi;
@ -695,7 +694,6 @@ AddUserToDacl(HANDLE hProcess)
DWORD dwNewAclSize; DWORD dwNewAclSize;
DWORD dwSize = 0; DWORD dwSize = 0;
DWORD dwTokenInfoLength = 0; DWORD dwTokenInfoLength = 0;
HANDLE hToken = NULL;
PACL pacl = NULL; PACL pacl = NULL;
PTOKEN_USER pTokenUser = NULL; PTOKEN_USER pTokenUser = NULL;
TOKEN_DEFAULT_DACL tddNew; TOKEN_DEFAULT_DACL tddNew;
@ -703,13 +701,6 @@ AddUserToDacl(HANDLE hProcess)
TOKEN_INFORMATION_CLASS tic = TokenDefaultDacl; TOKEN_INFORMATION_CLASS tic = TokenDefaultDacl;
BOOL ret = FALSE; BOOL ret = FALSE;
/* Get the token for the process */
if (!OpenProcessToken(hProcess, TOKEN_QUERY | TOKEN_ADJUST_DEFAULT, &hToken))
{
log_error("could not open process token: %lu", GetLastError());
goto cleanup;
}
/* Figure out the buffer size for the DACL info */ /* Figure out the buffer size for the DACL info */
if (!GetTokenInformation(hToken, tic, (LPVOID) NULL, dwTokenInfoLength, &dwSize)) if (!GetTokenInformation(hToken, tic, (LPVOID) NULL, dwTokenInfoLength, &dwSize))
{ {
@ -789,7 +780,7 @@ AddUserToDacl(HANDLE hProcess)
} }
/* Add the new ACE for the current user */ /* Add the new ACE for the current user */
if (!AddAccessAllowedAce(pacl, ACL_REVISION, GENERIC_ALL, pTokenUser->User.Sid)) if (!AddAccessAllowedAceEx(pacl, ACL_REVISION, OBJECT_INHERIT_ACE, GENERIC_ALL, pTokenUser->User.Sid))
{ {
log_error("could not add access allowed ACE: %lu", GetLastError()); log_error("could not add access allowed ACE: %lu", GetLastError());
goto cleanup; goto cleanup;
@ -816,9 +807,6 @@ cleanup:
if (ptdd) if (ptdd)
LocalFree((HLOCAL) ptdd); LocalFree((HLOCAL) ptdd);
if (hToken)
CloseHandle(hToken);
return ret; return ret;
} }

10
src/test/regress/pg_regress.c
View File

@ -11,7 +11,7 @@
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* *
* $PostgreSQL: pgsql/src/test/regress/pg_regress.c,v 1.64 2009/08/18 10:30:41 teodor Exp $ * $PostgreSQL: pgsql/src/test/regress/pg_regress.c,v 1.65 2009/11/14 15:39:36 mha Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -1021,6 +1021,10 @@ spawn_process(const char *cmdline)
cmdline2 = malloc(strlen(cmdline) + 8); cmdline2 = malloc(strlen(cmdline) + 8);
sprintf(cmdline2, "cmd /c %s", cmdline); sprintf(cmdline2, "cmd /c %s", cmdline);
#ifndef __CYGWIN__
AddUserToTokenDacl(restrictedToken);
#endif
if (!CreateProcessAsUser(restrictedToken, if (!CreateProcessAsUser(restrictedToken,
NULL, NULL,
cmdline2, cmdline2,
@ -1038,10 +1042,6 @@ spawn_process(const char *cmdline)
exit_nicely(2); exit_nicely(2);
} }
#ifndef __CYGWIN__
AddUserToDacl(pi.hProcess);
#endif
free(cmdline2); free(cmdline2);
ResumeThread(pi.hThread); ResumeThread(pi.hThread);