From 99edadedc90025c03e4ec4602a9c61c1bf37b7e7 Mon Sep 17 00:00:00 2001 From: Corinna Vinschen Date: Mon, 4 Apr 2011 09:00:02 +0000 Subject: * sec_auth.cc (get_user_groups): Mark well-known groups as well-known. (get_user_local_groups): Ditto. (verify_token): Drop useless label. * sec_helper.cc (cygsid::get_sid): Check for well-known SID if well_known isn't set. * security.h (well_known_sid_type): New inline function. --- winsup/cygwin/sec_auth.cc | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'winsup/cygwin/sec_auth.cc') diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc index 0c86546d6..775957f25 100644 --- a/winsup/cygwin/sec_auth.cc +++ b/winsup/cygwin/sec_auth.cc @@ -292,6 +292,8 @@ get_user_groups (WCHAR *logonserver, cygsidlist &grp_list, wcscpy (dgroup + len, buf[i].grui0_name); if (!LookupAccountNameW (NULL, dgroup, gsid, &glen, dom, &dlen, &use)) debug_printf ("LookupAccountName(%W), %E", dgroup); + else if (well_known_sid_type (use)) + grp_list *= gsid; else if (legal_sid_type (use)) grp_list += gsid; else @@ -339,10 +341,12 @@ get_user_local_groups (PWCHAR logonserver, PWCHAR domain, if (LookupAccountNameW (NULL, domlocal_grp, gsid, &glen, dom, &domlen, &use)) { - if (!legal_sid_type (use)) - debug_printf ("Rejecting local %W. use: %d", dg_ptr, use); - else + if (well_known_sid_type (use)) + grp_list *= gsid; + else if (legal_sid_type (use)) grp_list += gsid; + else + debug_printf ("Rejecting local %W. use: %d", dg_ptr, use); } else if (GetLastError () == ERROR_NONE_MAPPED) { @@ -762,14 +766,13 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, bool *pintern) if (!saw[gidx] && !groups.sgsids.sids[gidx].is_well_known_sid () && !sid_in_token_groups (my_grps, groups.sgsids.sids[gidx])) - goto done; + return false; } /* The primary group must be in the token */ ret = sawpg || sid_in_token_groups (my_grps, groups.pgsid) || groups.pgsid == usersid; } -done: return ret; } -- cgit v1.2.3