* security.cc (verify_token): Do not reject a token just because

the supplementary group list is missing Everyone or a groupsid
	equal to usersid, or because the primary group is not in the token,
	as long as it is equal to the usersid.
	* syscalls.cc (seteuid32): Use common code for all successful returns.
	* grp.cc (getgroups32): Never includes Everyone in the output.
This commit is contained in:
Corinna Vinschen
2002-08-02 11:00:18 +00:00
parent 04875a95c8
commit 23d93d8db7
4 changed files with 19 additions and 6 deletions

View File

@@ -779,13 +779,16 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, BOOL *pintern)
saw[pos] = TRUE;
else if (groups.pgsid == gsid)
sawpg = TRUE;
else
else if (gsid != well_known_world_sid &&
gsid != usersid)
goto done;
}
for (int gidx = 0; gidx < groups.sgsids.count; gidx++)
if (!saw[gidx])
goto done;
if (sawpg || groups.sgsids.contains (groups.pgsid))
if (sawpg ||
groups.sgsids.contains (groups.pgsid) ||
groups.pgsid == usersid)
ret = TRUE;
}
done: