Fix check for whether postmaster is running as a Windows service.HEAD master

If postmaster is launched with a restricted security token, with the "Log in as Service" privilege explicitly removed, the token will contain SECURITY_SERVICE_RID with the SE_GROUP_USE_FOR_DENY_ONLY flag, and without the SE_GROUP_ENABLED flag. pgwin32_is_service() was fooled by that, and thought that it's running as a service. Fix to check for the SE_GROUP_ENABLED flag, like we do in pgwin32_is_admin(). Patch by Michael Paquier, per Breen Hagan's report and analysis. Backpatch to all supported versions. Bug: #13755 Discussion: <[email protected]>
author: Heikki Linnakangas 2016-09-26 06:19:20 +0000
committer: Heikki Linnakangas 2016-09-26 06:19:20 +0000
commit: 7b175d6673563e7749c566bc72134302eae89215 (patch)
tree: a1a833cc9314650338ec88787f093b2fbe95c9b5
parent: da6c4f6ca88df346573bdada2aa2544510bf167e (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/port/win32security.c b/src/port/win32security.c
index 2c9ca15a6d..d5a7346aca 100644
--- a/src/port/win32security.c
+++ b/src/port/win32security.c
@@ -218,7 +218,8 @@ pgwin32_is_service(void)
 	_is_service = 0;
 	for (x = 0; x < Groups->GroupCount; x++)
 	{
-		if (EqualSid(ServiceSid, Groups->Groups[x].Sid))
+		if (EqualSid(ServiceSid, Groups->Groups[x].Sid) &&
+			(Groups->Groups[x].Attributes & SE_GROUP_ENABLED))
 		{
 			_is_service = 1;
 			break;
author	Heikki Linnakangas	2016-09-26 06:19:20 +0000
committer	Heikki Linnakangas	2016-09-26 06:19:20 +0000
commit	7b175d6673563e7749c566bc72134302eae89215 (patch)
tree	a1a833cc9314650338ec88787f093b2fbe95c9b5
parent	da6c4f6ca88df346573bdada2aa2544510bf167e (diff)