diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/libpq/auth.c | 14 | ||||
| -rw-r--r-- | src/backend/postmaster/postmaster.c | 6 | ||||
| -rw-r--r-- | src/common/restricted_token.c | 34 |
3 files changed, 42 insertions, 12 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 511f8913939..bd8c7f58119 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -1387,6 +1387,13 @@ pg_SSPI_recvauth(Port *port) mtype = pq_getbyte(); if (mtype != 'p') { + if (sspictx != NULL) + { + DeleteSecurityContext(sspictx); + free(sspictx); + } + FreeCredentialsHandle(&sspicred); + /* Only log error if client didn't disconnect. */ if (mtype != EOF) ereport(ERROR, @@ -1402,6 +1409,12 @@ pg_SSPI_recvauth(Port *port) { /* EOF - pq_getmessage already logged error */ pfree(buf.data); + if (sspictx != NULL) + { + DeleteSecurityContext(sspictx); + free(sspictx); + } + FreeCredentialsHandle(&sspicred); return STATUS_ERROR; } @@ -2517,6 +2530,7 @@ InitializeLDAPConnection(Port *port, LDAP **ldap) (errmsg("could not load function _ldap_start_tls_sA in wldap32.dll"), errdetail("LDAP over SSL is not supported on this platform."))); ldap_unbind(*ldap); + FreeLibrary(ldaphandle); return STATUS_ERROR; } diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index 7a92dac5255..b3986bee75f 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -4719,6 +4719,8 @@ retry: if (cmdLine[sizeof(cmdLine) - 2] != '\0') { elog(LOG, "subprocess command line too long"); + UnmapViewOfFile(param); + CloseHandle(paramHandle); return -1; } @@ -4735,6 +4737,8 @@ retry: { elog(LOG, "CreateProcess call failed: %m (error code %lu)", GetLastError()); + UnmapViewOfFile(param); + CloseHandle(paramHandle); return -1; } @@ -4750,6 +4754,8 @@ retry: GetLastError()))); CloseHandle(pi.hProcess); CloseHandle(pi.hThread); + UnmapViewOfFile(param); + CloseHandle(paramHandle); return -1; /* log made by save_backend_variables */ } diff --git a/src/common/restricted_token.c b/src/common/restricted_token.c index 74ba7192a16..a3e0e85fefa 100644 --- a/src/common/restricted_token.c +++ b/src/common/restricted_token.c @@ -40,8 +40,8 @@ typedef BOOL (WINAPI * __CreateRestrictedToken) (HANDLE, DWORD, DWORD, PSID_AND_ * * Returns restricted token on success and 0 on failure. * - * On NT4, or any other system not containing the required functions, will - * NOT execute anything. + * On any system not containing the required functions, do nothing + * but still report an error. */ HANDLE CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo) @@ -52,30 +52,36 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo) HANDLE restrictedToken; SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY}; SID_AND_ATTRIBUTES dropSids[2]; - __CreateRestrictedToken _CreateRestrictedToken = NULL; + __CreateRestrictedToken _CreateRestrictedToken; HANDLE Advapi32Handle; ZeroMemory(&si, sizeof(si)); si.cb = sizeof(si); Advapi32Handle = LoadLibrary("ADVAPI32.DLL"); - if (Advapi32Handle != NULL) + if (Advapi32Handle == NULL) { - _CreateRestrictedToken = (__CreateRestrictedToken) GetProcAddress(Advapi32Handle, "CreateRestrictedToken"); + pg_log_error("could not load advapi32.dll: error code %lu", + GetLastError()); + return 0; } + _CreateRestrictedToken = (__CreateRestrictedToken) GetProcAddress(Advapi32Handle, "CreateRestrictedToken"); + if (_CreateRestrictedToken == NULL) { - pg_log_warning("cannot create restricted tokens on this platform"); - if (Advapi32Handle != NULL) - FreeLibrary(Advapi32Handle); + pg_log_error("cannot create restricted tokens on this platform: error code %lu", + GetLastError()); + FreeLibrary(Advapi32Handle); return 0; } /* Open the current token to use as a base for the restricted one */ if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &origToken)) { - pg_log_error("could not open process token: error code %lu", GetLastError()); + pg_log_error("could not open process token: error code %lu", + GetLastError()); + FreeLibrary(Advapi32Handle); return 0; } @@ -88,7 +94,10 @@ CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo) SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS, 0, 0, 0, 0, 0, 0, &dropSids[1].Sid)) { - pg_log_error("could not allocate SIDs: error code %lu", GetLastError()); + pg_log_error("could not allocate SIDs: error code %lu", + GetLastError()); + CloseHandle(origToken); + FreeLibrary(Advapi32Handle); return 0; } @@ -171,8 +180,8 @@ get_restricted_token(void) else { /* - * Successfully re-execed. Now wait for child process to capture - * exitcode. + * Successfully re-executed. Now wait for child process to capture + * the exit code. */ DWORD x; @@ -187,6 +196,7 @@ get_restricted_token(void) } exit(x); } + pg_free(cmdline); } #endif } |