From 891bb974f91e19c1126cb5c0b52ee429dd1e14ef Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Tue, 2 Jul 2002 09:02:53 +0000 Subject: [PATCH] * security.cc (get_logon_server): Interpret a zero length domain as the local domain. (get_group_sidlist): Add authenticated users SID to SYSTEM's group list instead of SYSTEM itself. (verify_token): Accept the primary group sid if it equals the token user sid. --- winsup/cygwin/ChangeLog | 9 +++++++++ winsup/cygwin/security.cc | 9 ++++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index aa83b1e06..0f950295b 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,3 +1,12 @@ +2002-07-01 Pierre Humblet + + * security.cc (get_logon_server): Interpret a zero length + domain as the local domain. + (get_group_sidlist): Add authenticated users SID to SYSTEM's group + list instead of SYSTEM itself. + (verify_token): Accept the primary group sid if it equals + the token user sid. + 2002-07-02 Corinna Vinschen * cygwin.din (__fpclassifyd): Add symbol. diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc index 6c239af1f..0bf37a4d2 100644 --- a/winsup/cygwin/security.cc +++ b/winsup/cygwin/security.cc @@ -255,8 +255,9 @@ get_logon_server (const char *domain, char *server, WCHAR *wserver) WCHAR * buf; DWORD size = INTERNET_MAX_HOST_NAME_LENGTH + 1; + /* Empty domain is interpreted as local system */ if ((GetComputerName (server + 2, &size)) && - strcasematch (domain, server + 2)) + (strcasematch (domain, server + 2) || !domain[0])) { server[0] = server[1] = '\\'; if (wserver) @@ -489,7 +490,7 @@ get_group_sidlist (cygsidlist &grp_list, grp_list += well_known_world_sid; if (usersid == well_known_system_sid) { - grp_list += well_known_system_sid; + grp_list += well_known_authenticated_users_sid; grp_list += well_known_admins_sid; } else @@ -699,10 +700,12 @@ verify_token (HANDLE token, cygsid &usersid, cygsid &pgrpsid, BOOL * pintern) debug_printf ("GetSecurityDescriptorGroup(): %E"); if (well_known_null_sid != gsid) return pgrpsid == gsid; } - /* See if the pgrpsid is in the token groups */ + /* See if the pgrpsid is the tok_usersid in the token groups */ PTOKEN_GROUPS my_grps = NULL; BOOL ret = FALSE; + if ( pgrpsid == tok_usersid) + return TRUE; if (!GetTokenInformation (token, TokenGroups, NULL, 0, &size) && GetLastError () != ERROR_INSUFFICIENT_BUFFER) debug_printf ("GetTokenInformation(token, TokenGroups): %E\n");