From ef2880263c95eeb4dc02624fd7fbc0c90edece83 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Fri, 25 Jun 2004 15:07:52 +0000
Subject: [PATCH] #ifdef out file permissions check on SSL key file when on
 Windows, as we also have done for the data directory permissions check.

Dave Page
---
 src/backend/libpq/be-secure.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c
index 639b7a0245e..3f9e0a64da2 100644
--- a/src/backend/libpq/be-secure.c
+++ b/src/backend/libpq/be-secure.c
@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.45 2003/12/18 22:49:26 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.46 2004/06/25 15:07:52 tgl Exp $
  *
  *	  Since the server static private key ($DataDir/server.key)
  *	  will normally be stored unencrypted so that the database
@@ -650,6 +650,16 @@ initialize_SSL(void)
 					(errcode_for_file_access(),
 				   errmsg("could not access private key file \"%s\": %m",
 						  fnbuf)));
+
+		/* 
+		 * Require no public access to key file.
+		 *
+		 * XXX temporarily suppress check when on Windows, because there may
+		 * not be proper support for Unix-y file permissions.  Need to think
+		 * of a reasonable check to apply on Windows.  (See also the data
+		 * directory permission check in postmaster.c)
+		 */
+#if !defined(__CYGWIN__) && !defined(WIN32)
 		if (!S_ISREG(buf.st_mode) || (buf.st_mode & (S_IRWXG | S_IRWXO)) ||
 			buf.st_uid != getuid())
 			ereport(FATAL,
@@ -657,6 +667,7 @@ initialize_SSL(void)
 				  errmsg("unsafe permissions on private key file \"%s\"",
 						 fnbuf),
 					 errdetail("File must be owned by the database user and must have no permissions for \"group\" or \"other\".")));
+#endif
 
 		if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
 			ereport(FATAL,
-- 
GitLab