* grp.cc (initgroups32): Run get_server_groups under original token.

* syscalls.cc (seteuid32): Slightly reorganize code creating a token.
2006-08-31 15:57:56 +00:00 · 2006-08-31 15:57:56 +00:00 · 55283468e6
commit 55283468e6
parent c9f1f4b438
3 changed files with 18 additions and 12 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,8 @@
+2006-08-31  Corinna Vinschen  <corinna@vinschen.de>
+
+	* grp.cc (initgroups32): Run get_server_groups under original token.
+	* syscalls.cc (seteuid32): Slightly reorganize code creating a token.
+
 2006-08-27  Christopher Faylor  <cgf@timesys.com>

 	* child_info.h (child_info_spawn::~child_info_spawn): Don't close
--- a/winsup/cygwin/grp.cc
+++ b/winsup/cygwin/grp.cc
@ -471,6 +471,7 @@ initgroups32 (const char *name, __gid32_t gid)
  if (wincap.has_security ())
    {
      ret = -1;
+      cygheap->user.deimpersonate ();
      struct passwd *pw = internal_getpwnam (name);
      struct __group32 *gr = internal_getgrgid (gid);
      cygsid usersid, grpsid;
@ -492,6 +493,8 @@ initgroups32 (const char *name, __gid32_t gid)
  ret = 0;

 out:
+  if (wincap.has_security ())
+    cygheap->user.reimpersonate ();
  syscall_printf ( "%d = initgroups (%s, %u)", ret, name, gid);
  return ret;
 }
--- a/winsup/cygwin/syscalls.cc
+++ b/winsup/cygwin/syscalls.cc
@ -2205,27 +2205,25 @@ seteuid32 (__uid32_t uid)
  if (new_token == INVALID_HANDLE_VALUE)
    {
      new_token = subauth (pw_new);
-      if (new_token == INVALID_HANDLE_VALUE)
+      debug_printf ("subauth %s, try create_token.",
+		    new_token == INVALID_HANDLE_VALUE ? "failed" : "succeeded");
+      HANDLE new_token2 = create_token (usersid, groups, pw_new, new_token);
+      if (new_token2 == INVALID_HANDLE_VALUE)
 	{
-	  debug_printf ("subauthentication failed, try create token.");
-	  new_token = create_token (usersid, groups, pw_new, NULL);
 	  if (new_token == INVALID_HANDLE_VALUE)
 	    {
+	      debug_printf ("create_token failed, bail out of here");
 	      cygheap->user.reimpersonate ();
 	      return -1;
 	    }
+	  debug_printf ("create_token failed, use original subauth token");
 	}
      else
        {
-	  debug_printf ("subauthentication succeeded, try create token.");
-	  HANDLE new_token2 = create_token (usersid, groups, pw_new, new_token);
-	  if (new_token2 == INVALID_HANDLE_VALUE)
-	    debug_printf ("create token failed, use original token");
-	  else
-	    {
-	      CloseHandle (new_token);
-	      new_token = new_token2;
-	    }
+	  debug_printf ("create_token succeeded");
+	  if (new_token != INVALID_HANDLE_VALUE)
+	    CloseHandle (new_token);
+	  new_token = new_token2;
 	}
      /* Keep at most one internal token */
      if (cygheap->user.internal_token != NO_IMPERSONATION)