* security.cc (get_initgroups_sidlist): Drop special_pgrp parameter.

(get_setgroups_sidlist): Avoid duplicate groups in group list.
	(create_token): Remove special_pgrp local variable.  Accomodate
	change to get_initgroups_sidlist call.
This commit is contained in:
Corinna Vinschen 2005-06-21 20:38:05 +00:00
parent 4adc3db74e
commit 2a770b2a6f
2 changed files with 14 additions and 9 deletions

View File

@ -1,3 +1,10 @@
2005-06-21 Corinna Vinschen <corinna@vinschen.de>
* security.cc (get_initgroups_sidlist): Drop special_pgrp parameter.
(get_setgroups_sidlist): Avoid duplicate groups in group list.
(create_token): Remove special_pgrp local variable. Accomodate
change to get_initgroups_sidlist call.
2005-06-21 Corinna Vinschen <corinna@vinschen.de> 2005-06-21 Corinna Vinschen <corinna@vinschen.de>
* uinfo.cc (uinfo_init): Call reimpersonate to set the main thread's * uinfo.cc (uinfo_init): Call reimpersonate to set the main thread's

View File

@ -582,20 +582,19 @@ get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw)
static bool static bool
get_initgroups_sidlist (cygsidlist &grp_list, get_initgroups_sidlist (cygsidlist &grp_list,
PSID usersid, PSID pgrpsid, struct passwd *pw, PSID usersid, PSID pgrpsid, struct passwd *pw,
PTOKEN_GROUPS my_grps, LUID auth_luid, int &auth_pos, PTOKEN_GROUPS my_grps, LUID auth_luid, int &auth_pos)
bool &special_pgrp)
{ {
grp_list += well_known_world_sid; grp_list += well_known_world_sid;
grp_list += well_known_authenticated_users_sid; grp_list += well_known_authenticated_users_sid;
if (well_known_system_sid == usersid) if (well_known_system_sid == usersid)
auth_pos = -1; auth_pos = -1;
else else
get_token_group_sidlist (grp_list, my_grps, auth_luid, auth_pos); get_token_group_sidlist (grp_list, my_grps, auth_luid, auth_pos);
if (!get_server_groups (grp_list, usersid, pw)) if (!get_server_groups (grp_list, usersid, pw))
return false; return false;
/* special_pgrp true if pgrpsid is not in normal groups */ /* special_pgrp true if pgrpsid is not in normal groups */
if ((special_pgrp = !grp_list.contains (pgrpsid))) if (!grp_list.contains (pgrpsid))
grp_list += pgrpsid; grp_list += pgrpsid;
return true; return true;
} }
@ -609,7 +608,8 @@ get_setgroups_sidlist (cygsidlist &tmp_list, PTOKEN_GROUPS my_grps,
tmp_list += well_known_authenticated_users_sid; tmp_list += well_known_authenticated_users_sid;
get_token_group_sidlist (tmp_list, my_grps, auth_luid, auth_pos); get_token_group_sidlist (tmp_list, my_grps, auth_luid, auth_pos);
for (int gidx = 0; gidx < groups.sgsids.count; gidx++) for (int gidx = 0; gidx < groups.sgsids.count; gidx++)
tmp_list += groups.sgsids.sids[gidx]; if (!tmp_list.contains (groups.sgsids.sids[gidx]))
tmp_list += groups.sgsids.sids[gidx];
if (!groups.sgsids.contains (pgpsid)) if (!groups.sgsids.contains (pgpsid))
tmp_list += pgpsid; tmp_list += pgpsid;
} }
@ -851,7 +851,6 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
SECURITY_QUALITY_OF_SERVICE sqos = SECURITY_QUALITY_OF_SERVICE sqos =
{ sizeof sqos, SecurityImpersonation, SECURITY_STATIC_TRACKING, FALSE }; { sizeof sqos, SecurityImpersonation, SECURITY_STATIC_TRACKING, FALSE };
OBJECT_ATTRIBUTES oa = { sizeof oa, 0, 0, 0, 0, &sqos }; OBJECT_ATTRIBUTES oa = { sizeof oa, 0, 0, 0, 0, &sqos };
bool special_pgrp = false;
LUID auth_luid = SYSTEM_LUID; LUID auth_luid = SYSTEM_LUID;
LARGE_INTEGER exp = { QuadPart:INT64_MAX }; LARGE_INTEGER exp = { QuadPart:INT64_MAX };
@ -920,8 +919,7 @@ create_token (cygsid &usersid, user_groups &new_groups, struct passwd *pw)
get_setgroups_sidlist (tmp_gsids, my_tok_gsids, new_groups, auth_luid, get_setgroups_sidlist (tmp_gsids, my_tok_gsids, new_groups, auth_luid,
auth_pos); auth_pos);
else if (!get_initgroups_sidlist (tmp_gsids, usersid, new_groups.pgsid, pw, else if (!get_initgroups_sidlist (tmp_gsids, usersid, new_groups.pgsid, pw,
my_tok_gsids, auth_luid, auth_pos, my_tok_gsids, auth_luid, auth_pos))
special_pgrp))
goto out; goto out;
/* Primary group. */ /* Primary group. */