* security.cc (verify_token): Do not reject a token just because
the supplementary group list is missing Everyone or a groupsid equal to usersid, or because the primary group is not in the token, as long as it is equal to the usersid. * syscalls.cc (seteuid32): Use common code for all successful returns. * grp.cc (getgroups32): Never includes Everyone in the output.
This commit is contained in:
@@ -779,13 +779,16 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, BOOL *pintern)
|
||||
saw[pos] = TRUE;
|
||||
else if (groups.pgsid == gsid)
|
||||
sawpg = TRUE;
|
||||
else
|
||||
else if (gsid != well_known_world_sid &&
|
||||
gsid != usersid)
|
||||
goto done;
|
||||
}
|
||||
for (int gidx = 0; gidx < groups.sgsids.count; gidx++)
|
||||
if (!saw[gidx])
|
||||
goto done;
|
||||
if (sawpg || groups.sgsids.contains (groups.pgsid))
|
||||
if (sawpg ||
|
||||
groups.sgsids.contains (groups.pgsid) ||
|
||||
groups.pgsid == usersid)
|
||||
ret = TRUE;
|
||||
}
|
||||
done:
|
||||
|
Reference in New Issue
Block a user