aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--winsup/cygwin/ChangeLog9
-rw-r--r--winsup/cygwin/grp.cc4
-rw-r--r--winsup/cygwin/security.cc7
-rw-r--r--winsup/cygwin/syscalls.cc5
4 files changed, 19 insertions, 6 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 53ecc8c..db3e3cb 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,12 @@
+2002-08-01 Pierre Humblet <Pierre.Humblet@ieee.org>
+
+ * security.cc (verify_token): Do not reject a token just because
+ the supplementary group list is missing Everyone or a groupsid
+ equal to usersid, or because the primary group is not in the token,
+ as long as it is equal to the usersid.
+ * syscalls.cc (seteuid32): Use common code for all successful returns.
+ * grp.cc (getgroups32): Never includes Everyone in the output.
+
2002-08-01 Christopher Faylor <cgf@redhat.com>
* cygthread.cc (cygthread::exit_thread): Define new method.
diff --git a/winsup/cygwin/grp.cc b/winsup/cygwin/grp.cc
index c26a6b1..5bfb50e 100644
--- a/winsup/cygwin/grp.cc
+++ b/winsup/cygwin/grp.cc
@@ -365,7 +365,8 @@ getgroups32 (int gidsetsize, __gid32_t *grouplist, __gid32_t gid,
for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx)
if (sid.getfromgr (gr))
for (DWORD pg = 0; pg < groups->GroupCount; ++pg)
- if (sid == groups->Groups[pg].Sid)
+ if (sid == groups->Groups[pg].Sid &&
+ sid != well_known_world_sid)
{
if (cnt < gidsetsize)
grouplist[cnt] = gr->gr_gid;
@@ -516,5 +517,4 @@ setgroups (int ngroups, const __gid16_t *grouplist)
grouplist32[i] = grouplist[i];
}
return setgroups32 (ngroups, grouplist32);
-
}
diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index d12e333..f22c7dc 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -779,13 +779,16 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, BOOL *pintern)
saw[pos] = TRUE;
else if (groups.pgsid == gsid)
sawpg = TRUE;
- else
+ else if (gsid != well_known_world_sid &&
+ gsid != usersid)
goto done;
}
for (int gidx = 0; gidx < groups.sgsids.count; gidx++)
if (!saw[gidx])
goto done;
- if (sawpg || groups.sgsids.contains (groups.pgsid))
+ if (sawpg ||
+ groups.sgsids.contains (groups.pgsid) ||
+ groups.pgsid == usersid)
ret = TRUE;
}
done:
diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc
index 4792744..31eed42 100644
--- a/winsup/cygwin/syscalls.cc
+++ b/winsup/cygwin/syscalls.cc
@@ -2004,7 +2004,7 @@ seteuid32 (__uid32_t uid)
else
{
CloseHandle (ptok);
- return 0; /* No change */
+ goto success; /* No change */
}
}
@@ -2025,7 +2025,7 @@ seteuid32 (__uid32_t uid)
CloseHandle (ptok);
if (!ImpersonateLoggedOnUser (cygheap->user.token))
system_printf ("Impersonating in seteuid failed: %E");
- return 0; /* No change */
+ goto success; /* No change */
}
}
}
@@ -2097,6 +2097,7 @@ seteuid32 (__uid32_t uid)
CloseHandle (sav_token);
cygheap->user.set_name (pw_new->pw_name);
cygheap->user.set_sid (usersid);
+success:
myself->uid = uid;
groups.ischanged = FALSE;
return 0;
generated by cgit v1.1 at 2024-12-28 01:45:45 +0000