drew
/
acadia-newlib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* security.cc (verify_token): Do not reject a token just because 

the supplementary group list is missing Everyone or a groupsid
	equal to usersid, or because the primary group is not in the token,
	as long as it is equal to the usersid.
	* syscalls.cc (seteuid32): Use common code for all successful returns.
	* grp.cc (getgroups32): Never includes Everyone in the output.
This commit is contained in:
Corinna Vinschen 2002-08-02 11:00:18 +00:00
parent 04875a95c8
commit 23d93d8db7
4 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
winsup/cygwin/ChangeLog
View File

@ -1,3 +1,12 @@
2002-08-01 Pierre Humblet <Pierre.Humblet@ieee.org>
* security.cc (verify_token): Do not reject a token just because
the supplementary group list is missing Everyone or a groupsid
equal to usersid, or because the primary group is not in the token,
as long as it is equal to the usersid.
* syscalls.cc (seteuid32): Use common code for all successful returns.
* grp.cc (getgroups32): Never includes Everyone in the output.
2002-08-01 Christopher Faylor <cgf@redhat.com> 2002-08-01 Christopher Faylor <cgf@redhat.com>
* cygthread.cc (cygthread::exit_thread): Define new method. * cygthread.cc (cygthread::exit_thread): Define new method.

4
winsup/cygwin/grp.cc
View File

@ -365,7 +365,8 @@ getgroups32 (int gidsetsize, __gid32_t *grouplist, __gid32_t gid,
for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx) for (int gidx = 0; (gr = internal_getgrent (gidx)); ++gidx)
if (sid.getfromgr (gr)) if (sid.getfromgr (gr))
for (DWORD pg = 0; pg < groups->GroupCount; ++pg) for (DWORD pg = 0; pg < groups->GroupCount; ++pg)
if (sid == groups->Groups[pg].Sid) if (sid == groups->Groups[pg].Sid &&
sid != well_known_world_sid)
{ {
if (cnt < gidsetsize) if (cnt < gidsetsize)
grouplist[cnt] = gr->gr_gid; grouplist[cnt] = gr->gr_gid;
@ -516,5 +517,4 @@ setgroups (int ngroups, const __gid16_t *grouplist)
grouplist32[i] = grouplist[i]; grouplist32[i] = grouplist[i];
} }
return setgroups32 (ngroups, grouplist32); return setgroups32 (ngroups, grouplist32);
} }

7
winsup/cygwin/security.cc
View File

@ -779,13 +779,16 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, BOOL *pintern)
saw[pos] = TRUE; saw[pos] = TRUE;
else if (groups.pgsid == gsid) else if (groups.pgsid == gsid)
sawpg = TRUE; sawpg = TRUE;
else else if (gsid != well_known_world_sid &&
gsid != usersid)
goto done; goto done;
} }
for (int gidx = 0; gidx < groups.sgsids.count; gidx++) for (int gidx = 0; gidx < groups.sgsids.count; gidx++)
if (!saw[gidx]) if (!saw[gidx])
goto done; goto done;
if (sawpg || groups.sgsids.contains (groups.pgsid)) if (sawpg ||
groups.sgsids.contains (groups.pgsid) ||
groups.pgsid == usersid)
ret = TRUE; ret = TRUE;
} }
done: done:

5
winsup/cygwin/syscalls.cc
View File

@ -2004,7 +2004,7 @@ seteuid32 (__uid32_t uid)
else else
{ {
CloseHandle (ptok); CloseHandle (ptok);
return 0; /* No change */ goto success; /* No change */
} }
} }
@ -2025,7 +2025,7 @@ seteuid32 (__uid32_t uid)
CloseHandle (ptok); CloseHandle (ptok);
if (!ImpersonateLoggedOnUser (cygheap->user.token)) if (!ImpersonateLoggedOnUser (cygheap->user.token))
system_printf ("Impersonating in seteuid failed: %E"); system_printf ("Impersonating in seteuid failed: %E");
return 0; /* No change */ goto success; /* No change */
} }
} }
} }
@ -2097,6 +2097,7 @@ seteuid32 (__uid32_t uid)
CloseHandle (sav_token); CloseHandle (sav_token);
cygheap->user.set_name (pw_new->pw_name); cygheap->user.set_name (pw_new->pw_name);
cygheap->user.set_sid (usersid); cygheap->user.set_sid (usersid);
success:
myself->uid = uid; myself->uid = uid;
groups.ischanged = FALSE; groups.ischanged = FALSE;
return 0; return 0;