| From: | Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Fix and simplify check for whether we're running as Windows serv |
| Date: | 2017-03-17 09:18:54 |
| Message-ID: | E1coo2A-0004wT-Ss@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix and simplify check for whether we're running as Windows service.
If the process token contains SECURITY_SERVICE_RID, but it has been
disabled by the SE_GROUP_USE_FOR_DENY_ONLY attribute, win32_is_service()
would incorrectly report that we're running as a service. That situation
arises, e.g. if postmaster is launched with a restricted security token,
with the "Log in as Service" privilege explicitly removed.
Replace the broken code with CheckProcessTokenMembership(), which does
this correctly. Also replace similar code in win32_is_admin(), even
though it got this right, for simplicity and consistency.
Per bug #13755, reported by Breen Hagan. Back-patch to all supported
versions. Patch by Takayuki Tsunakawa, reviewed by Michael Paquier.
Discussion: https://www.postgresql.org/message-id/20151104062315.2745.67143%40wrigleys.postgresql.org
Branch
------
REL9_5_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/96fd76dd287593b3b444ebddc1f817bd08bc812a
Modified Files
--------------
src/backend/port/win32/security.c | 173 +++++++++-----------------------------
1 file changed, 38 insertions(+), 135 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2017-03-17 09:37:03 | pgsql: Add TAP tests for password-based authentication methods. |
| Previous Message | Tom Lane | 2017-03-17 04:29:43 | Re: [COMMITTERS] pgsql: Use asynchronous connect API in libpqwalreceiver |