* security.cc (is_group_member): Fix comment.

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index bc70bae6ebd2a318bedb036c99ae333672e876b2..7d75b8a0bf4dc5c998e382154958fb418b2374a8 100644 (file)
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,7 @@
+2006-02-02  Corinna Vinschen  <corinna@vinschen.de>
+
+       * security.cc (is_group_member): Fix comment.
+
 2006-02-02  Corinna Vinschen  <corinna@vinschen.de>
 
        * security.cc (is_group_member): Use local group info type 1.  Test

diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index 5bb067f5649f83897f0c86e0024e9069afe7598e..f0deda11b97f0d43ccaa27efd35f5c0ae0e78eb9 100644 (file)
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -388,11 +388,12 @@ is_group_member (WCHAR *wgroup, PSID pusersid, cygsidlist &grp_list)
           Administrators or Users) can be members of local groups, even
           though MSDN states otherwise.  The GUI refuses to put aliases into
           local groups, but the CLI interface allows it.  However, a normal
-          logon token does not contain those 2nd order aliases, so we also
-          should not put them into the token group list.
-          Note: Allowing those 2nd order aliases in our group list renders
-          external tokens invalid, so that it becomes impossible to logon
-          with password and valid logon token. */
+          logon token does not contain groups, in which the user is only
+          indirectly a member by being a member of an alias in this group.
+          So we also should not put them into the token group list.
+          Note: Allowing those groups in our group list renders external
+          tokens invalid, so that it becomes impossible to logon with
+          password and valid logon token. */
        for (int glidx = 0; glidx < grp_list.count; ++glidx)
          if ((buf[bidx].lgrmi1_sidusage == SidTypeGroup
               || buf[bidx].lgrmi1_sidusage == SidTypeWellKnownGroup)