JehanneOS
/
newlib
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* sec_auth.cc (verify_token): Allow builtin groups missing in a token 

and it's still valid.  Explain why.
This commit is contained in:
Corinna Vinschen 2008-07-09 15:45:08 +00:00
parent 375a780e06
commit 9035519215
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,8 @@
2008-07-09 Corinna Vinschen <corinna@vinschen.de>
* sec_auth.cc (verify_token): Allow builtin groups missing in a token
and it's still valid. Explain why.
2008-07-09 Corinna Vinschen <corinna@vinschen.de> 2008-07-09 Corinna Vinschen <corinna@vinschen.de>
* autoload.cc (DsGetDcNameW): Replace DsGetDcNameA. * autoload.cc (DsGetDcNameW): Replace DsGetDcNameA.

9
winsup/cygwin/sec_auth.cc
View File

@ -725,9 +725,14 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern)
goto done; goto done;
#endif #endif
} }
/* user.sgsids groups must be in the token */ /* user.sgsids groups must be in the token, except for builtin groups.
These can be different on domain member machines compared to
domain controllers, so these builtin groups may be validly missing
from a token created through password or lsaauth logon. */
for (int gidx = 0; gidx < groups.sgsids.count (); gidx++) for (int gidx = 0; gidx < groups.sgsids.count (); gidx++)
if (!saw[gidx] && !sid_in_token_groups (my_grps, groups.sgsids.sids[gidx])) if (!saw[gidx]
&& !groups.sgsids.sids[gidx].is_well_known_sid ()
&& !sid_in_token_groups (my_grps, groups.sgsids.sids[gidx]))
goto done; goto done;
} }
/* The primary group must be in the token */ /* The primary group must be in the token */