* security.cc (verify_token): Do not reject a token just because

the supplementary group list is missing Everyone or a groupsid equal to usersid, or because the primary group is not in the token, as long as it is equal to the usersid. * syscalls.cc (seteuid32): Use common code for all successful returns. * grp.cc (getgroups32): Never includes Everyone in the output.
2002-08-02 11:00:18 +00:00 · 2002-08-02 11:00:18 +00:00 · 23d93d8db7
commit 23d93d8db7
parent 04875a95c8
4 changed files with 19 additions and 6 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,12 @@
+2002-08-01 Pierre Humblet <Pierre.Humblet@ieee.org>
+
+	* security.cc (verify_token): Do not reject a token just because
+	the supplementary group list is missing Everyone or a groupsid
+	equal to usersid, or because the primary group is not in the token,
+	as long as it is equal to the usersid.
+	* syscalls.cc (seteuid32): Use common code for all successful returns.
+	* grp.cc (getgroups32): Never includes Everyone in the output.
+
 2002-08-01  Christopher Faylor  <cgf@redhat.com>

 	* cygthread.cc (cygthread::exit_thread): Define new method.
--- a/winsup/cygwin/grp.cc
+++ b/winsup/cygwin/grp.cc
@ -365,7 +365,8 @@ getgroups32 (int gidsetsize, __gid32_t *grouplist, __gid32_t gid,
 	      for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx)
 		if (sid.getfromgr (gr))
 		  for (DWORD pg = 0; pg < groups->GroupCount; ++pg)
-		    if (sid == groups->Groups[pg].Sid)
+		    if (sid == groups->Groups[pg].Sid && 
+			sid != well_known_world_sid)
 		      {
 			if (cnt < gidsetsize)
 			  grouplist[cnt] = gr->gr_gid;
@ -516,5 +517,4 @@ setgroups (int ngroups, const __gid16_t *grouplist)
        grouplist32[i] = grouplist[i];
    }
  return setgroups32 (ngroups, grouplist32);
-
 }
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@ -779,13 +779,16 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, BOOL *pintern)
 	      saw[pos] = TRUE;
 	    else if (groups.pgsid == gsid)
 	      sawpg = TRUE;
-	    else
+           else if (gsid != well_known_world_sid &&
+		    gsid != usersid)
 	      goto done;
 	  }
      for (int gidx = 0; gidx < groups.sgsids.count; gidx++)
 	if (!saw[gidx])
 	  goto done;
-      if (sawpg || groups.sgsids.contains (groups.pgsid))
+      if (sawpg || 
+	  groups.sgsids.contains (groups.pgsid) ||
+	  groups.pgsid == usersid)
 	ret = TRUE;
    }
 done:
--- a/winsup/cygwin/syscalls.cc
+++ b/winsup/cygwin/syscalls.cc
@ -2004,7 +2004,7 @@ seteuid32 (__uid32_t uid)
      else
 	{
 	  CloseHandle (ptok);
-	  return 0; /* No change */
+	  goto success; /* No change */
 	}
    }

@ -2025,7 +2025,7 @@ seteuid32 (__uid32_t uid)
 	      CloseHandle (ptok);
 	      if (!ImpersonateLoggedOnUser (cygheap->user.token))
 		system_printf ("Impersonating in seteuid failed: %E");
-	      return 0; /* No change */
+	      goto success; /* No change */
 	    }
 	}
    }
@ -2097,6 +2097,7 @@ seteuid32 (__uid32_t uid)
      CloseHandle (sav_token);
  cygheap->user.set_name (pw_new->pw_name);
  cygheap->user.set_sid (usersid);
+success:
  myself->uid = uid;
  groups.ischanged = FALSE;
  return 0;