mtype = pq_getbyte();
if (mtype != 'p')
{
+ if (sspictx != NULL)
+ {
+ DeleteSecurityContext(sspictx);
+ free(sspictx);
+ }
+ FreeCredentialsHandle(&sspicred);
+
/* Only log error if client didn't disconnect. */
if (mtype != EOF)
ereport(ERROR,
{
/* EOF - pq_getmessage already logged error */
pfree(buf.data);
+ if (sspictx != NULL)
+ {
+ DeleteSecurityContext(sspictx);
+ free(sspictx);
+ }
+ FreeCredentialsHandle(&sspicred);
return STATUS_ERROR;
}
(errmsg("could not load function _ldap_start_tls_sA in wldap32.dll"),
errdetail("LDAP over SSL is not supported on this platform.")));
ldap_unbind(*ldap);
+ FreeLibrary(ldaphandle);
return STATUS_ERROR;
}
if (cmdLine[sizeof(cmdLine) - 2] != '\0')
{
elog(LOG, "subprocess command line too long");
+ UnmapViewOfFile(param);
+ CloseHandle(paramHandle);
return -1;
}
{
elog(LOG, "CreateProcess call failed: %m (error code %lu)",
GetLastError());
+ UnmapViewOfFile(param);
+ CloseHandle(paramHandle);
return -1;
}
GetLastError())));
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
+ UnmapViewOfFile(param);
+ CloseHandle(paramHandle);
return -1; /* log made by save_backend_variables */
}
*
* Returns restricted token on success and 0 on failure.
*
- * On NT4, or any other system not containing the required functions, will
- * NOT execute anything.
+ * On any system not containing the required functions, do nothing
+ * but still report an error.
*/
HANDLE
CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo)
HANDLE restrictedToken;
SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
SID_AND_ATTRIBUTES dropSids[2];
- __CreateRestrictedToken _CreateRestrictedToken = NULL;
+ __CreateRestrictedToken _CreateRestrictedToken;
HANDLE Advapi32Handle;
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
Advapi32Handle = LoadLibrary("ADVAPI32.DLL");
- if (Advapi32Handle != NULL)
+ if (Advapi32Handle == NULL)
{
- _CreateRestrictedToken = (__CreateRestrictedToken) GetProcAddress(Advapi32Handle, "CreateRestrictedToken");
+ pg_log_error("could not load advapi32.dll: error code %lu",
+ GetLastError());
+ return 0;
}
+ _CreateRestrictedToken = (__CreateRestrictedToken) GetProcAddress(Advapi32Handle, "CreateRestrictedToken");
+
if (_CreateRestrictedToken == NULL)
{
- pg_log_warning("cannot create restricted tokens on this platform");
- if (Advapi32Handle != NULL)
- FreeLibrary(Advapi32Handle);
+ pg_log_error("cannot create restricted tokens on this platform: error code %lu",
+ GetLastError());
+ FreeLibrary(Advapi32Handle);
return 0;
}
/* Open the current token to use as a base for the restricted one */
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &origToken))
{
- pg_log_error("could not open process token: error code %lu", GetLastError());
+ pg_log_error("could not open process token: error code %lu",
+ GetLastError());
+ FreeLibrary(Advapi32Handle);
return 0;
}
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS, 0, 0, 0, 0, 0,
0, &dropSids[1].Sid))
{
- pg_log_error("could not allocate SIDs: error code %lu", GetLastError());
+ pg_log_error("could not allocate SIDs: error code %lu",
+ GetLastError());
+ CloseHandle(origToken);
+ FreeLibrary(Advapi32Handle);
return 0;
}
else
{
/*
- * Successfully re-execed. Now wait for child process to capture
- * exitcode.
+ * Successfully re-executed. Now wait for child process to capture
+ * the exit code.
*/
DWORD x;
}
exit(x);
}
+ pg_free(cmdline);
}
#endif
}
projects / postgresql.git / commitdiff