| /*------------------------------------------------------------------------- |
| * |
| * exec.c |
| * Functions for finding and validating executable files |
| * |
| * |
| * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group |
| * Portions Copyright (c) 1994, Regents of the University of California |
| * |
| * |
| * IDENTIFICATION |
| * $PostgreSQL: pgsql/src/port/exec.c,v 1.63 2009/06/11 14:49:15 momjian Exp $ |
| * |
| *------------------------------------------------------------------------- |
| */ |
| |
| #ifndef FRONTEND |
| #include "postgres.h" |
| #else |
| #include "postgres_fe.h" |
| #endif |
| |
| #include <grp.h> |
| #include <pwd.h> |
| #include <signal.h> |
| #include <sys/stat.h> |
| #include <sys/wait.h> |
| #include <unistd.h> |
| |
| #ifndef S_IRUSR /* XXX [TRH] should be in a header */ |
| #define S_IRUSR S_IREAD |
| #define S_IWUSR S_IWRITE |
| #define S_IXUSR S_IEXEC |
| #define S_IRGRP ((S_IRUSR)>>3) |
| #define S_IWGRP ((S_IWUSR)>>3) |
| #define S_IXGRP ((S_IXUSR)>>3) |
| #define S_IROTH ((S_IRUSR)>>6) |
| #define S_IWOTH ((S_IWUSR)>>6) |
| #define S_IXOTH ((S_IXUSR)>>6) |
| #endif |
| |
| #ifndef FRONTEND |
| /* We use only 3-parameter elog calls in this file, for simplicity */ |
| /* NOTE: caller must provide gettext call around str! */ |
| #define log_error(str, param) elog(LOG, str, param) |
| #else |
| #define log_error(str, param) (fprintf(stderr, str, param), fputc('\n', stderr)) |
| #endif |
| |
| #ifdef WIN32_ONLY_COMPILER |
| #define getcwd(cwd,len) GetCurrentDirectory(len, cwd) |
| #endif |
| |
| static int validate_exec(const char *path); |
| static int resolve_symlinks(char *path); |
| static char *pipe_read_line(char *cmd, char *line, int maxsize); |
| |
| #ifdef WIN32 |
| static BOOL GetUserSid(PSID *ppSidUser, HANDLE hToken); |
| #endif |
| |
| /* |
| * validate_exec -- validate "path" as an executable file |
| * |
| * returns 0 if the file is found and no error is encountered. |
| * -1 if the regular file "path" does not exist or cannot be executed. |
| * -2 if the file is otherwise valid but cannot be read. |
| */ |
| static int |
| validate_exec(const char *path) |
| { |
| struct stat buf; |
| |
| #ifndef WIN32 |
| uid_t euid; |
| struct group *gp; |
| struct passwd *pwp; |
| int i; |
| int in_grp = 0; |
| #else |
| char path_exe[MAXPGPATH + sizeof(".exe") - 1]; |
| #endif |
| int is_r; |
| int is_x; |
| |
| #ifdef WIN32 |
| /* Win32 requires a .exe suffix for stat() */ |
| if (strlen(path) >= strlen(".exe") && |
| pg_strcasecmp(path + strlen(path) - strlen(".exe"), ".exe") != 0) |
| { |
| strlcpy(path_exe, path, sizeof(path_exe) - 4); |
| strcat(path_exe, ".exe"); |
| path = path_exe; |
| } |
| #endif |
| |
| /* |
| * Ensure that the file exists and is a regular file. |
| * |
| * XXX if you have a broken system where stat() looks at the symlink |
| * instead of the underlying file, you lose. |
| */ |
| if (stat(path, &buf) < 0) |
| return -1; |
| |
| if (!S_ISREG(buf.st_mode)) |
| return -1; |
| |
| /* |
| * Ensure that we are using an authorized executable. |
| */ |
| |
| /* |
| * Ensure that the file is both executable and readable (required for |
| * dynamic loading). |
| */ |
| #ifdef WIN32 |
| is_r = buf.st_mode & S_IRUSR; |
| is_x = buf.st_mode & S_IXUSR; |
| return is_x ? (is_r ? 0 : -2) : -1; |
| #else |
| euid = geteuid(); |
| |
| /* If owned by us, just check owner bits */ |
| if (euid == buf.st_uid) |
| { |
| is_r = buf.st_mode & S_IRUSR; |
| is_x = buf.st_mode & S_IXUSR; |
| return is_x ? (is_r ? 0 : -2) : -1; |
| } |
| |
| /* OK, check group bits */ |
| |
| pwp = getpwuid(euid); /* not thread-safe */ |
| if (pwp) |
| { |
| if (pwp->pw_gid == buf.st_gid) /* my primary group? */ |
| ++in_grp; |
| else if (pwp->pw_name && |
| (gp = getgrgid(buf.st_gid)) != NULL && /* not thread-safe */ |
| gp->gr_mem != NULL) |
| { /* try list of member groups */ |
| for (i = 0; gp->gr_mem[i]; ++i) |
| { |
| if (!strcmp(gp->gr_mem[i], pwp->pw_name)) |
| { |
| ++in_grp; |
| break; |
| } |
| } |
| } |
| if (in_grp) |
| { |
| is_r = buf.st_mode & S_IRGRP; |
| is_x = buf.st_mode & S_IXGRP; |
| return is_x ? (is_r ? 0 : -2) : -1; |
| } |
| } |
| |
| /* Check "other" bits */ |
| is_r = buf.st_mode & S_IROTH; |
| is_x = buf.st_mode & S_IXOTH; |
| return is_x ? (is_r ? 0 : -2) : -1; |
| #endif |
| } |
| |
| |
| /* |
| * find_my_exec -- find an absolute path to a valid executable |
| * |
| * argv0 is the name passed on the command line |
| * retpath is the output area (must be of size MAXPGPATH) |
| * Returns 0 if OK, -1 if error. |
| * |
| * The reason we have to work so hard to find an absolute path is that |
| * on some platforms we can't do dynamic loading unless we know the |
| * executable's location. Also, we need a full path not a relative |
| * path because we will later change working directory. Finally, we want |
| * a true path not a symlink location, so that we can locate other files |
| * that are part of our installation relative to the executable. |
| * |
| * This function is not thread-safe because it calls validate_exec(), |
| * which calls getgrgid(). This function should be used only in |
| * non-threaded binaries, not in library routines. |
| */ |
| int |
| find_my_exec(const char *argv0, char *retpath) |
| { |
| char cwd[MAXPGPATH], |
| test_path[MAXPGPATH]; |
| char *path; |
| |
| if (!getcwd(cwd, MAXPGPATH)) |
| { |
| log_error(_("could not identify current directory: %s"), |
| strerror(errno)); |
| return -1; |
| } |
| |
| /* |
| * If argv0 contains a separator, then PATH wasn't used. |
| */ |
| if (first_dir_separator(argv0) != NULL) |
| { |
| if (is_absolute_path(argv0)) |
| StrNCpy(retpath, argv0, MAXPGPATH); |
| else |
| join_path_components(retpath, cwd, argv0); |
| canonicalize_path(retpath); |
| |
| if (validate_exec(retpath) == 0) |
| return resolve_symlinks(retpath); |
| |
| log_error(_("invalid binary \"%s\""), retpath); |
| return -1; |
| } |
| |
| #ifdef WIN32 |
| /* Win32 checks the current directory first for names without slashes */ |
| join_path_components(retpath, cwd, argv0); |
| if (validate_exec(retpath) == 0) |
| return resolve_symlinks(retpath); |
| #endif |
| |
| /* |
| * Since no explicit path was supplied, the user must have been relying on |
| * PATH. We'll search the same PATH. |
| */ |
| if ((path = getenv("PATH")) && *path) |
| { |
| char *startp = NULL, |
| *endp = NULL; |
| |
| do |
| { |
| if (!startp) |
| startp = path; |
| else |
| startp = endp + 1; |
| |
| endp = first_path_separator(startp); |
| if (!endp) |
| endp = startp + strlen(startp); /* point to end */ |
| |
| StrNCpy(test_path, startp, Min(endp - startp + 1, MAXPGPATH)); |
| |
| if (is_absolute_path(test_path)) |
| join_path_components(retpath, test_path, argv0); |
| else |
| { |
| join_path_components(retpath, cwd, test_path); |
| join_path_components(retpath, retpath, argv0); |
| } |
| canonicalize_path(retpath); |
| |
| switch (validate_exec(retpath)) |
| { |
| case 0: /* found ok */ |
| return resolve_symlinks(retpath); |
| case -1: /* wasn't even a candidate, keep looking */ |
| break; |
| case -2: /* found but disqualified */ |
| log_error(_("could not read binary \"%s\""), |
| retpath); |
| break; |
| } |
| } while (*endp); |
| } |
| |
| log_error(_("could not find a \"%s\" to execute"), argv0); |
| return -1; |
| } |
| |
| |
| /* |
| * resolve_symlinks - resolve symlinks to the underlying file |
| * |
| * Replace "path" by the absolute path to the referenced file. |
| * |
| * Returns 0 if OK, -1 if error. |
| * |
| * Note: we are not particularly tense about producing nice error messages |
| * because we are not really expecting error here; we just determined that |
| * the symlink does point to a valid executable. |
| */ |
| static int |
| resolve_symlinks(char *path) |
| { |
| #ifdef HAVE_READLINK |
| struct stat buf; |
| char orig_wd[MAXPGPATH], |
| link_buf[MAXPGPATH]; |
| char *fname; |
| |
| /* |
| * To resolve a symlink properly, we have to chdir into its directory and |
| * then chdir to where the symlink points; otherwise we may fail to |
| * resolve relative links correctly (consider cases involving mount |
| * points, for example). After following the final symlink, we use |
| * getcwd() to figure out where the heck we're at. |
| * |
| * One might think we could skip all this if path doesn't point to a |
| * symlink to start with, but that's wrong. We also want to get rid of |
| * any directory symlinks that are present in the given path. We expect |
| * getcwd() to give us an accurate, symlink-free path. |
| */ |
| if (!getcwd(orig_wd, MAXPGPATH)) |
| { |
| log_error(_("could not identify current directory: %s"), |
| strerror(errno)); |
| return -1; |
| } |
| |
| for (;;) |
| { |
| char *lsep; |
| int rllen; |
| |
| lsep = last_dir_separator(path); |
| if (lsep) |
| { |
| *lsep = '\0'; |
| if (chdir(path) == -1) |
| { |
| log_error(_("could not change directory to \"%s\""), path); |
| return -1; |
| } |
| fname = lsep + 1; |
| } |
| else |
| fname = path; |
| |
| if (lstat(fname, &buf) < 0 || |
| !S_ISLNK(buf.st_mode)) |
| break; |
| |
| rllen = readlink(fname, link_buf, sizeof(link_buf)); |
| if (rllen < 0 || rllen >= sizeof(link_buf)) |
| { |
| log_error(_("could not read symbolic link \"%s\""), fname); |
| return -1; |
| } |
| link_buf[rllen] = '\0'; |
| strcpy(path, link_buf); |
| } |
| |
| /* must copy final component out of 'path' temporarily */ |
| strlcpy(link_buf, fname, sizeof(link_buf)); |
| |
| if (!getcwd(path, MAXPGPATH)) |
| { |
| log_error(_("could not identify current directory: %s"), |
| strerror(errno)); |
| return -1; |
| } |
| join_path_components(path, path, link_buf); |
| canonicalize_path(path); |
| |
| if (chdir(orig_wd) == -1) |
| { |
| log_error(_("could not change directory to \"%s\""), orig_wd); |
| return -1; |
| } |
| #endif /* HAVE_READLINK */ |
| |
| return 0; |
| } |
| |
| |
| /* |
| * Find another program in our binary's directory, |
| * then make sure it is the proper version. |
| */ |
| int |
| find_other_exec(const char *argv0, const char *target, |
| const char *versionstr, char *retpath) |
| { |
| char cmd[MAXPGPATH]; |
| char line[100]; |
| |
| if (find_my_exec(argv0, retpath) < 0) |
| return -1; |
| |
| /* Trim off program name and keep just directory */ |
| *last_dir_separator(retpath) = '\0'; |
| canonicalize_path(retpath); |
| |
| /* Now append the other program's name */ |
| snprintf(retpath + strlen(retpath), MAXPGPATH - strlen(retpath), |
| "/%s%s", target, EXE); |
| |
| if (validate_exec(retpath) != 0) |
| return -1; |
| |
| snprintf(cmd, sizeof(cmd), "\"%s\" -V 2>%s", retpath, DEVNULL); |
| |
| if (!pipe_read_line(cmd, line, sizeof(line))) |
| return -1; |
| |
| if (strcmp(line, versionstr) != 0) |
| return -2; |
| |
| return 0; |
| } |
| |
| |
| /* |
| * The runtime library's popen() on win32 does not work when being |
| * called from a service when running on windows <= 2000, because |
| * there is no stdin/stdout/stderr. |
| * |
| * Executing a command in a pipe and reading the first line from it |
| * is all we need. |
| */ |
| static char * |
| pipe_read_line(char *cmd, char *line, int maxsize) |
| { |
| #ifndef WIN32 |
| FILE *pgver; |
| |
| /* flush output buffers in case popen does not... */ |
| fflush(stdout); |
| fflush(stderr); |
| |
| if ((pgver = popen(cmd, "r")) == NULL) |
| return NULL; |
| |
| if (fgets(line, maxsize, pgver) == NULL) |
| { |
| perror("fgets failure"); |
| return NULL; |
| } |
| |
| if (pclose_check(pgver)) |
| return NULL; |
| |
| return line; |
| #else /* WIN32 */ |
| |
| SECURITY_ATTRIBUTES sattr; |
| HANDLE childstdoutrd, |
| childstdoutwr, |
| childstdoutrddup; |
| PROCESS_INFORMATION pi; |
| STARTUPINFO si; |
| char *retval = NULL; |
| |
| sattr.nLength = sizeof(SECURITY_ATTRIBUTES); |
| sattr.bInheritHandle = TRUE; |
| sattr.lpSecurityDescriptor = NULL; |
| |
| if (!CreatePipe(&childstdoutrd, &childstdoutwr, &sattr, 0)) |
| return NULL; |
| |
| if (!DuplicateHandle(GetCurrentProcess(), |
| childstdoutrd, |
| GetCurrentProcess(), |
| &childstdoutrddup, |
| 0, |
| FALSE, |
| DUPLICATE_SAME_ACCESS)) |
| { |
| CloseHandle(childstdoutrd); |
| CloseHandle(childstdoutwr); |
| return NULL; |
| } |
| |
| CloseHandle(childstdoutrd); |
| |
| ZeroMemory(&pi, sizeof(pi)); |
| ZeroMemory(&si, sizeof(si)); |
| si.cb = sizeof(si); |
| si.dwFlags = STARTF_USESTDHANDLES; |
| si.hStdError = childstdoutwr; |
| si.hStdOutput = childstdoutwr; |
| si.hStdInput = INVALID_HANDLE_VALUE; |
| |
| if (CreateProcess(NULL, |
| cmd, |
| NULL, |
| NULL, |
| TRUE, |
| 0, |
| NULL, |
| NULL, |
| &si, |
| &pi)) |
| { |
| /* Successfully started the process */ |
| char *lineptr; |
| |
| ZeroMemory(line, maxsize); |
| |
| /* Try to read at least one line from the pipe */ |
| /* This may require more than one wait/read attempt */ |
| for (lineptr = line; lineptr < line + maxsize - 1;) |
| { |
| DWORD bytesread = 0; |
| |
| /* Let's see if we can read */ |
| if (WaitForSingleObject(childstdoutrddup, 10000) != WAIT_OBJECT_0) |
| break; /* Timeout, but perhaps we got a line already */ |
| |
| if (!ReadFile(childstdoutrddup, lineptr, maxsize - (lineptr - line), |
| &bytesread, NULL)) |
| break; /* Error, but perhaps we got a line already */ |
| |
| lineptr += strlen(lineptr); |
| |
| if (!bytesread) |
| break; /* EOF */ |
| |
| if (strchr(line, '\n')) |
| break; /* One or more lines read */ |
| } |
| |
| if (lineptr != line) |
| { |
| /* OK, we read some data */ |
| int len; |
| |
| /* If we got more than one line, cut off after the first \n */ |
| lineptr = strchr(line, '\n'); |
| if (lineptr) |
| *(lineptr + 1) = '\0'; |
| |
| len = strlen(line); |
| |
| /* |
| * If EOL is \r\n, convert to just \n. Because stdout is a |
| * text-mode stream, the \n output by the child process is |
| * received as \r\n, so we convert it to \n. The server main.c |
| * sets setvbuf(stdout, NULL, _IONBF, 0) which has the effect of |
| * disabling \n to \r\n expansion for stdout. |
| */ |
| if (len >= 2 && line[len - 2] == '\r' && line[len - 1] == '\n') |
| { |
| line[len - 2] = '\n'; |
| line[len - 1] = '\0'; |
| len--; |
| } |
| |
| /* |
| * We emulate fgets() behaviour. So if there is no newline at the |
| * end, we add one... |
| */ |
| if (len == 0 || line[len - 1] != '\n') |
| strcat(line, "\n"); |
| |
| retval = line; |
| } |
| |
| CloseHandle(pi.hProcess); |
| CloseHandle(pi.hThread); |
| } |
| |
| CloseHandle(childstdoutwr); |
| CloseHandle(childstdoutrddup); |
| |
| return retval; |
| #endif /* WIN32 */ |
| } |
| |
| |
| /* |
| * pclose() plus useful error reporting |
| * Is this necessary? bjm 2004-05-11 |
| * It is better here because pipe.c has win32 backend linkage. |
| */ |
| int |
| pclose_check(FILE *stream) |
| { |
| int exitstatus; |
| |
| exitstatus = pclose(stream); |
| |
| if (exitstatus == 0) |
| return 0; /* all is well */ |
| |
| if (exitstatus == -1) |
| { |
| /* pclose() itself failed, and hopefully set errno */ |
| perror("pclose failed"); |
| } |
| else if (WIFEXITED(exitstatus)) |
| log_error(_("child process exited with exit code %d"), |
| WEXITSTATUS(exitstatus)); |
| else if (WIFSIGNALED(exitstatus)) |
| #if defined(WIN32) |
| log_error(_("child process was terminated by exception 0x%X"), |
| WTERMSIG(exitstatus)); |
| #elif defined(HAVE_DECL_SYS_SIGLIST) && HAVE_DECL_SYS_SIGLIST |
| { |
| char str[256]; |
| |
| snprintf(str, sizeof(str), "%d: %s", WTERMSIG(exitstatus), |
| WTERMSIG(exitstatus) < NSIG ? |
| sys_siglist[WTERMSIG(exitstatus)] : "(unknown)"); |
| log_error(_("child process was terminated by signal %s"), str); |
| } |
| #else |
| log_error(_("child process was terminated by signal %d"), |
| WTERMSIG(exitstatus)); |
| #endif |
| else |
| log_error(_("child process exited with unrecognized status %d"), |
| exitstatus); |
| |
| return -1; |
| } |
| |
| |
| /* |
| * set_pglocale_pgservice |
| * |
| * Set application-specific locale and service directory |
| * |
| * This function takes the value of argv[0] rather than a full path. |
| * |
| * (You may be wondering why this is in exec.c. It requires this module's |
| * services and doesn't introduce any new dependencies, so this seems as |
| * good as anyplace.) |
| */ |
| void |
| set_pglocale_pgservice(const char *argv0, const char *app) |
| { |
| char path[MAXPGPATH]; |
| char my_exec_path[MAXPGPATH]; |
| char env_path[MAXPGPATH + sizeof("PGSYSCONFDIR=")]; /* longer than |
| * PGLOCALEDIR */ |
| |
| /* don't set LC_ALL in the backend */ |
| if (strcmp(app, PG_TEXTDOMAIN("postgres")) != 0) |
| setlocale(LC_ALL, ""); |
| |
| if (find_my_exec(argv0, my_exec_path) < 0) |
| return; |
| |
| #ifdef ENABLE_NLS |
| get_locale_path(my_exec_path, path); |
| bindtextdomain(app, path); |
| textdomain(app); |
| |
| if (getenv("PGLOCALEDIR") == NULL) |
| { |
| /* set for libpq to use */ |
| snprintf(env_path, sizeof(env_path), "PGLOCALEDIR=%s", path); |
| canonicalize_path(env_path + 12); |
| putenv(strdup(env_path)); |
| } |
| #endif |
| |
| if (getenv("PGSYSCONFDIR") == NULL) |
| { |
| get_etc_path(my_exec_path, path); |
| |
| /* set for libpq to use */ |
| snprintf(env_path, sizeof(env_path), "PGSYSCONFDIR=%s", path); |
| canonicalize_path(env_path + 13); |
| putenv(strdup(env_path)); |
| } |
| } |
| |
| #ifdef WIN32 |
| |
| /* |
| * AddUserToDacl(HANDLE hProcess) |
| * |
| * This function adds the current user account to the default DACL |
| * which gets attached to the restricted token used when we create |
| * a restricted process. |
| * |
| * This is required because of some security changes in Windows |
| * that appeared in patches to XP/2K3 and in Vista/2008. |
| * |
| * On these machines, the Administrator account is not included in |
| * the default DACL - you just get Administrators + System. For |
| * regular users you get User + System. Because we strip Administrators |
| * when we create the restricted token, we are left with only System |
| * in the DACL which leads to access denied errors for later CreatePipe() |
| * and CreateProcess() calls when running as Administrator. |
| * |
| * This function fixes this problem by modifying the DACL of the |
| * specified process and explicitly re-adding the current user account. |
| * This is still secure because the Administrator account inherits it's |
| * privileges from the Administrators group - it doesn't have any of |
| * it's own. |
| */ |
| BOOL |
| AddUserToDacl(HANDLE hProcess) |
| { |
| int i; |
| ACL_SIZE_INFORMATION asi; |
| ACCESS_ALLOWED_ACE *pace; |
| DWORD dwNewAclSize; |
| DWORD dwSize = 0; |
| DWORD dwTokenInfoLength = 0; |
| HANDLE hToken = NULL; |
| PACL pacl = NULL; |
| PSID psidUser = NULL; |
| TOKEN_DEFAULT_DACL tddNew; |
| TOKEN_DEFAULT_DACL *ptdd = NULL; |
| TOKEN_INFORMATION_CLASS tic = TokenDefaultDacl; |
| BOOL ret = FALSE; |
| |
| /* Get the token for the process */ |
| if (!OpenProcessToken(hProcess, TOKEN_QUERY | TOKEN_ADJUST_DEFAULT, &hToken)) |
| { |
| log_error("could not open process token: %lu", GetLastError()); |
| goto cleanup; |
| } |
| |
| /* Figure out the buffer size for the DACL info */ |
| if (!GetTokenInformation(hToken, tic, (LPVOID) NULL, dwTokenInfoLength, &dwSize)) |
| { |
| if (GetLastError() == ERROR_INSUFFICIENT_BUFFER) |
| { |
| ptdd = (TOKEN_DEFAULT_DACL *) LocalAlloc(LPTR, dwSize); |
| if (ptdd == NULL) |
| { |
| log_error("could not allocate %lu bytes of memory", dwSize); |
| goto cleanup; |
| } |
| |
| if (!GetTokenInformation(hToken, tic, (LPVOID) ptdd, dwSize, &dwSize)) |
| { |
| log_error("could not get token information: %lu", GetLastError()); |
| goto cleanup; |
| } |
| } |
| else |
| { |
| log_error("could not get token information buffer size: %lu", GetLastError()); |
| goto cleanup; |
| } |
| } |
| |
| /* Get the ACL info */ |
| if (!GetAclInformation(ptdd->DefaultDacl, (LPVOID) &asi, |
| (DWORD) sizeof(ACL_SIZE_INFORMATION), |
| AclSizeInformation)) |
| { |
| log_error("could not get ACL information: %lu", GetLastError()); |
| goto cleanup; |
| } |
| |
| /* Get the SID for the current user. We need to add this to the ACL. */ |
| if (!GetUserSid(&psidUser, hToken)) |
| { |
| log_error("could not get user SID: %lu", GetLastError()); |
| goto cleanup; |
| } |
| |
| /* Figure out the size of the new ACL */ |
| dwNewAclSize = asi.AclBytesInUse + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(psidUser) -sizeof(DWORD); |
| |
| /* Allocate the ACL buffer & initialize it */ |
| pacl = (PACL) LocalAlloc(LPTR, dwNewAclSize); |
| if (pacl == NULL) |
| { |
| log_error("could not allocate %lu bytes of memory", dwNewAclSize); |
| goto cleanup; |
| } |
| |
| if (!InitializeAcl(pacl, dwNewAclSize, ACL_REVISION)) |
| { |
| log_error("could not initialize ACL: %lu", GetLastError()); |
| goto cleanup; |
| } |
| |
| /* Loop through the existing ACEs, and build the new ACL */ |
| for (i = 0; i < (int) asi.AceCount; i++) |
| { |
| if (!GetAce(ptdd->DefaultDacl, i, (LPVOID *) &pace)) |
| { |
| log_error("could not get ACE: %lu", GetLastError()); |
| goto cleanup; |
| } |
| |
| if (!AddAce(pacl, ACL_REVISION, MAXDWORD, pace, ((PACE_HEADER) pace)->AceSize)) |
| { |
| log_error("could not add ACE: %lu", GetLastError()); |
| goto cleanup; |
| } |
| } |
| |
| /* Add the new ACE for the current user */ |
| if (!AddAccessAllowedAce(pacl, ACL_REVISION, GENERIC_ALL, psidUser)) |
| { |
| log_error("could not add access allowed ACE: %lu", GetLastError()); |
| goto cleanup; |
| } |
| |
| /* Set the new DACL in the token */ |
| tddNew.DefaultDacl = pacl; |
| |
| if (!SetTokenInformation(hToken, tic, (LPVOID) &tddNew, dwNewAclSize)) |
| { |
| log_error("could not set token information: %lu", GetLastError()); |
| goto cleanup; |
| } |
| |
| ret = TRUE; |
| |
| cleanup: |
| if (psidUser) |
| FreeSid(psidUser); |
| |
| if (pacl) |
| LocalFree((HLOCAL) pacl); |
| |
| if (ptdd) |
| LocalFree((HLOCAL) ptdd); |
| |
| if (hToken) |
| CloseHandle(hToken); |
| |
| return ret; |
| } |
| |
| /* |
| * GetUserSid*PSID *ppSidUser, HANDLE hToken) |
| * |
| * Get the SID for the current user |
| */ |
| static BOOL |
| GetUserSid(PSID *ppSidUser, HANDLE hToken) |
| { |
| DWORD dwLength; |
| PTOKEN_USER pTokenUser = NULL; |
| |
| |
| if (!GetTokenInformation(hToken, |
| TokenUser, |
| pTokenUser, |
| 0, |
| &dwLength)) |
| { |
| if (GetLastError() == ERROR_INSUFFICIENT_BUFFER) |
| { |
| pTokenUser = (PTOKEN_USER) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwLength); |
| |
| if (pTokenUser == NULL) |
| { |
| log_error("could not allocate %lu bytes of memory", dwLength); |
| return FALSE; |
| } |
| } |
| else |
| { |
| log_error("could not get token information buffer size: %lu", GetLastError()); |
| return FALSE; |
| } |
| } |
| |
| if (!GetTokenInformation(hToken, |
| TokenUser, |
| pTokenUser, |
| dwLength, |
| &dwLength)) |
| { |
| HeapFree(GetProcessHeap(), 0, pTokenUser); |
| pTokenUser = NULL; |
| |
| log_error("could not get token information: %lu", GetLastError()); |
| return FALSE; |
| } |
| |
| *ppSidUser = pTokenUser->User.Sid; |
| return TRUE; |
| } |
| |
| #endif |