PostgreSQL Source Code  git master
win32security.c File Reference
#include "postgres.h"
Include dependency graph for win32security.c:

Go to the source code of this file.

Functions

static pg_attribute_printf (1, 2)
 
int pgwin32_is_admin (void)
 
int pgwin32_is_service (void)
 

Function Documentation

◆ pg_attribute_printf()

static pg_attribute_printf ( ,
 
)
static

Definition at line 26 of file win32security.c.

References fprintf, and write_stderr.

29 {
30  va_list ap;
31 
32  va_start(ap, fmt);
33 #ifndef FRONTEND
34  write_stderr(fmt, ap);
35 #else
36  fprintf(stderr, fmt, ap);
37 #endif
38  va_end(ap);
39 }
#define write_stderr(str)
Definition: parallel.c:186
#define fprintf
Definition: port.h:220

◆ pgwin32_is_admin()

int pgwin32_is_admin ( void  )

Definition at line 49 of file win32security.c.

References _, and log_error.

Referenced by check_root().

50 {
51  PSID AdministratorsSid;
52  PSID PowerUsersSid;
53  SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
54  BOOL IsAdministrators;
55  BOOL IsPowerUsers;
56 
57  if (!AllocateAndInitializeSid(&NtAuthority, 2,
58  SECURITY_BUILTIN_DOMAIN_RID,
59  DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0,
60  0, &AdministratorsSid))
61  {
62  log_error(_("could not get SID for Administrators group: error code %lu\n"),
63  GetLastError());
64  exit(1);
65  }
66 
67  if (!AllocateAndInitializeSid(&NtAuthority, 2,
68  SECURITY_BUILTIN_DOMAIN_RID,
69  DOMAIN_ALIAS_RID_POWER_USERS, 0, 0, 0, 0, 0,
70  0, &PowerUsersSid))
71  {
72  log_error(_("could not get SID for PowerUsers group: error code %lu\n"),
73  GetLastError());
74  exit(1);
75  }
76 
77  if (!CheckTokenMembership(NULL, AdministratorsSid, &IsAdministrators) ||
78  !CheckTokenMembership(NULL, PowerUsersSid, &IsPowerUsers))
79  {
80  log_error(_("could not check access token membership: error code %lu\n"),
81  GetLastError());
82  exit(1);
83  }
84 
85  FreeSid(AdministratorsSid);
86  FreeSid(PowerUsersSid);
87 
88  if (IsAdministrators || IsPowerUsers)
89  return 1;
90  else
91  return 0;
92 }
#define log_error(errcodefn,...)
Definition: exec.c:41
#define _(x)
Definition: elog.c:89

◆ pgwin32_is_service()

int pgwin32_is_service ( void  )

Definition at line 120 of file win32security.c.

References fprintf.

Referenced by send_message_to_server_log(), and write_stderr().

121 {
122  static int _is_service = -1;
123  BOOL IsMember;
124  PSID ServiceSid;
125  PSID LocalSystemSid;
126  SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
127  HANDLE stderr_handle;
128 
129  /* Only check the first time */
130  if (_is_service != -1)
131  return _is_service;
132 
133  /* Check if standard error is not valid */
134  stderr_handle = GetStdHandle(STD_ERROR_HANDLE);
135  if (stderr_handle != INVALID_HANDLE_VALUE && stderr_handle != NULL)
136  {
137  _is_service = 0;
138  return _is_service;
139  }
140 
141  /* Check if running as LocalSystem */
142  if (!AllocateAndInitializeSid(&NtAuthority, 1,
143  SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0,
144  &LocalSystemSid))
145  {
146  fprintf(stderr, "could not get SID for local system account\n");
147  return -1;
148  }
149 
150  if (!CheckTokenMembership(NULL, LocalSystemSid, &IsMember))
151  {
152  fprintf(stderr, "could not check access token membership: error code %lu\n",
153  GetLastError());
154  FreeSid(LocalSystemSid);
155  return -1;
156  }
157  FreeSid(LocalSystemSid);
158 
159  if (IsMember)
160  {
161  _is_service = 1;
162  return _is_service;
163  }
164 
165  /* Check for service group membership */
166  if (!AllocateAndInitializeSid(&NtAuthority, 1,
167  SECURITY_SERVICE_RID, 0, 0, 0, 0, 0, 0, 0,
168  &ServiceSid))
169  {
170  fprintf(stderr, "could not get SID for service group: error code %lu\n",
171  GetLastError());
172  return -1;
173  }
174 
175  if (!CheckTokenMembership(NULL, ServiceSid, &IsMember))
176  {
177  fprintf(stderr, "could not check access token membership: error code %lu\n",
178  GetLastError());
179  FreeSid(ServiceSid);
180  return -1;
181  }
182  FreeSid(ServiceSid);
183 
184  if (IsMember)
185  _is_service = 1;
186  else
187  _is_service = 0;
188 
189  return _is_service;
190 }
#define fprintf
Definition: port.h:220