Cygwin: seteuid: do not verify lsaprivkeyauth token

We don't support setting groups via /etc/groups anymore.  Also, the
initgroups group list is created via S4U, so we have "Interactive" vs.
"Network" token, an artificial and entirely irrelevant difference.

So,  "verifying" the lsaprivkeyauth token may lead to rejecting a prefectly
valid token.  Just remove the verify_token call.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2019-03-04 20:30:37 +01:00
parent ad49232083
commit 8551226961
1 changed files with 1 additions and 12 deletions

View File

@ -3552,18 +3552,7 @@ seteuid32 (uid_t uid)
LSA module, or, as last chance, NtCreateToken. */ LSA module, or, as last chance, NtCreateToken. */
if (new_token == NULL) if (new_token == NULL)
{ {
new_token = lsaprivkeyauth (pw_new); if (!(new_token = lsaprivkeyauth (pw_new)))
if (new_token)
{
/* We have to verify this token since settings in /etc/group
might render it unusable im terms of group membership. */
if (!verify_token (new_token, usersid, groups))
{
CloseHandle (new_token);
new_token = NULL;
}
}
if (!new_token)
{ {
NTSTATUS status; NTSTATUS status;
WCHAR domain[MAX_DOMAIN_NAME_LEN + 1]; WCHAR domain[MAX_DOMAIN_NAME_LEN + 1];