On Fri, Aug 26, 2022 at 06:26:37AM -0500, Justin Pryzby wrote: > If I'm not wrong, there's some lingering comments which could be removed since > 495ed0ef2.
It seems to me that you are right. I have not thought about looking at references to NT. Good catches! > src/bin/pg_ctl/pg_ctl.c: * on NT4. That way, we don't break on NT4. > src/bin/pg_ctl/pg_ctl.c: * On NT4, or any other system not containing the > required functions, will > src/bin/pg_ctl/pg_ctl.c: * NT4 doesn't have > CreateRestrictedToken, so just call ordinary > src/port/dirmod.c: * Win32 (NT4 and newer). > src/backend/port/win32/socket.c: /* No error, zero bytes > (win2000+) or error+WSAEWOULDBLOCK (<=nt4) */ There is also a reference to Nt4 in win32.c, for a comment that is irrelevant now, so it can be IMO removed. There may be a point in enforcing CreateProcess() if CreateRestrictedToken() cannot be loaded, but that would be a security issue if Windows goes crazy as we should always expect the function, so this had better return an error. So, what do you think about the attached? -- Michael
diff --git a/src/backend/port/win32/socket.c b/src/backend/port/win32/socket.c
index 52944a0d33..130b60af22 100644
--- a/src/backend/port/win32/socket.c
+++ b/src/backend/port/win32/socket.c
@@ -495,7 +495,7 @@ pgwin32_send(SOCKET s, const void *buf, int len, int flags)
return -1;
}
- /* No error, zero bytes (win2000+) or error+WSAEWOULDBLOCK (<=nt4) */
+ /* No error, zero bytes */
if (pgwin32_waitforsinglesocket(s, FD_WRITE | FD_CLOSE, INFINITE) == 0)
return -1;
diff --git a/src/port/dirmod.c b/src/port/dirmod.c
index 2818bfd2e9..ae6301dd6c 100644
--- a/src/port/dirmod.c
+++ b/src/port/dirmod.c
@@ -7,7 +7,7 @@
* Portions Copyright (c) 1994, Regents of the University of California
*
* This includes replacement versions of functions that work on
- * Win32 (NT4 and newer).
+ * Windows.
*
* IDENTIFICATION
* src/port/dirmod.c
diff --git a/src/bin/pg_ctl/pg_ctl.c b/src/bin/pg_ctl/pg_ctl.c
index 73e20081d1..20d2a04b7f 100644
--- a/src/bin/pg_ctl/pg_ctl.c
+++ b/src/bin/pg_ctl/pg_ctl.c
@@ -1726,9 +1726,7 @@ pgwin32_doRunAsService(void)
/*
* Mingw headers are incomplete, and so are the libraries. So we have to load
- * a whole lot of API functions dynamically. Since we have to do this anyway,
- * also load the couple of functions that *do* exist in mingw headers but not
- * on NT4. That way, we don't break on NT4.
+ * a whole lot of API functions dynamically.
*/
typedef BOOL (WINAPI * __CreateRestrictedToken) (HANDLE, DWORD, DWORD, PSID_AND_ATTRIBUTES, DWORD, PLUID_AND_ATTRIBUTES, DWORD, PSID_AND_ATTRIBUTES, PHANDLE);
typedef BOOL (WINAPI * __IsProcessInJob) (HANDLE, HANDLE, PBOOL);
@@ -1768,9 +1766,6 @@ InheritStdHandles(STARTUPINFO *si)
*
* Returns 0 on success, non-zero on failure, same as CreateProcess().
*
- * On NT4, or any other system not containing the required functions, will
- * launch the process under the current token without doing any modifications.
- *
* NOTE! Job object will only work when running as a service, because it's
* automatically destroyed when pg_ctl exits.
*/
@@ -1815,14 +1810,9 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, bool as_ser
if (_CreateRestrictedToken == NULL)
{
- /*
- * NT4 doesn't have CreateRestrictedToken, so just call ordinary
- * CreateProcess
- */
- write_stderr(_("%s: WARNING: cannot create restricted tokens on this platform\n"), progname);
- if (Advapi32Handle != NULL)
- FreeLibrary(Advapi32Handle);
- return CreateProcess(NULL, cmd, NULL, NULL, FALSE, 0, NULL, NULL, &si, processInfo);
+ /* Log error if we cannot get the function */
+ write_stderr(_("%s: WARNING: could not locate object function to create restricted token\n"), progname);
+ return 0;
}
/* Open the current token to use as a base for the restricted one */
diff --git a/src/interfaces/libpq/win32.c b/src/interfaces/libpq/win32.c
index e57b602476..447f64c072 100644
--- a/src/interfaces/libpq/win32.c
+++ b/src/interfaces/libpq/win32.c
@@ -271,10 +271,6 @@ struct MessageDLL
* Returns a description of the socket error by first trying
* to find it in the lookup table, and if that fails, tries
* to load any of the winsock dlls to find that message.
- * The DLL thing works from Nt4 (spX ?) up, but some special
- * versions of winsock might have this as well (seen on Win98 SE
- * special install) / Magnus Naeslund ([email protected])
- *
*/
const char *
signature.asc
Description: PGP signature
