diff options
author | Corinna Vinschen <corinna@vinschen.de> | 2019-03-04 22:30:37 +0300 |
---|---|---|
committer | Corinna Vinschen <corinna@vinschen.de> | 2019-03-04 22:36:26 +0300 |
commit | 8551226961429cc6810286b01ba4430f01c7d807 (patch) | |
tree | 38468f96696dcec0cec482598e658a0f56b6291d | |
parent | ad492320839c18936c56d776240c9a5151d5d97b (diff) |
Cygwin: seteuid: do not verify lsaprivkeyauth tokencygwin-3_0_2-release
We don't support setting groups via /etc/groups anymore. Also, the
initgroups group list is created via S4U, so we have "Interactive" vs.
"Network" token, an artificial and entirely irrelevant difference.
So, "verifying" the lsaprivkeyauth token may lead to rejecting a prefectly
valid token. Just remove the verify_token call.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
-rw-r--r-- | winsup/cygwin/syscalls.cc | 13 |
1 files changed, 1 insertions, 12 deletions
diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc index 172b7c4f6..a914ae8a9 100644 --- a/winsup/cygwin/syscalls.cc +++ b/winsup/cygwin/syscalls.cc @@ -3552,18 +3552,7 @@ seteuid32 (uid_t uid) LSA module, or, as last chance, NtCreateToken. */ if (new_token == NULL) { - new_token = lsaprivkeyauth (pw_new); - if (new_token) - { - /* We have to verify this token since settings in /etc/group - might render it unusable im terms of group membership. */ - if (!verify_token (new_token, usersid, groups)) - { - CloseHandle (new_token); - new_token = NULL; - } - } - if (!new_token) + if (!(new_token = lsaprivkeyauth (pw_new))) { NTSTATUS status; WCHAR domain[MAX_DOMAIN_NAME_LEN + 1]; |