restricted_token.c File Reference

#include "postgres_fe.h"
#include "common/logging.h"
#include "common/restricted_token.h"

Include dependency graph for restricted_token.c:

Go to the source code of this file.

Functions
void	get_restricted_token (void)

Function Documentation

get_restricted_token()

void get_restricted_token

(

void

)

Definition at line 129 of file restricted_token.c.

{
#ifdef WIN32
    HANDLE      restrictedToken;
 
    /*
     * Before we execute another program, make sure that we are running with a
     * restricted token. If not, re-execute ourselves with one.
     */
 
    if ((restrict_env = getenv("PG_RESTRICT_EXEC")) == NULL
        || strcmp(restrict_env, "1") != 0)
    {
        PROCESS_INFORMATION pi;
        char       *cmdline;
 
        ZeroMemory(&pi, sizeof(pi));
 
        cmdline = pg_strdup(GetCommandLine());
 
        setenv("PG_RESTRICT_EXEC", "1", 1);
 
        if ((restrictedToken = CreateRestrictedProcess(cmdline, &pi)) == 0)
        {
            pg_log_error("could not re-execute with restricted token: error code %lu", GetLastError());
        }
        else
        {
            /*
             * Successfully re-executed. Now wait for child process to capture
             * the exit code.
             */
            DWORD       x;
 
            CloseHandle(restrictedToken);
            CloseHandle(pi.hThread);
            WaitForSingleObject(pi.hProcess, INFINITE);
 
            if (!GetExitCodeProcess(pi.hProcess, &x))
                pg_fatal("could not get exit code from subprocess: error code %lu", GetLastError());
            exit(x);
        }
        pg_free(cmdline);
    }
#endif
}

References exit(), pg_fatal, pg_free(), pg_log_error, pg_strdup(), setenv, and x.

Referenced by main(), and regression_main().