[newlib-cygwin] Cygwin: seteuid: do not verify lsaprivkeyauth token
Corinna Vinschen
corinna@sourceware.org
Mon Mar 4 19:38:00 GMT 2019
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=8551226961429cc6810286b01ba4430f01c7d807
commit 8551226961429cc6810286b01ba4430f01c7d807
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Mon Mar 4 20:30:37 2019 +0100
Cygwin: seteuid: do not verify lsaprivkeyauth token
We don't support setting groups via /etc/groups anymore. Also, the
initgroups group list is created via S4U, so we have "Interactive" vs.
"Network" token, an artificial and entirely irrelevant difference.
So, "verifying" the lsaprivkeyauth token may lead to rejecting a prefectly
valid token. Just remove the verify_token call.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/syscalls.cc | 13 +------------
1 file changed, 1 insertion(+), 12 deletions(-)
diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc
index 172b7c4..a914ae8 100644
--- a/winsup/cygwin/syscalls.cc
+++ b/winsup/cygwin/syscalls.cc
@@ -3552,18 +3552,7 @@ seteuid32 (uid_t uid)
LSA module, or, as last chance, NtCreateToken. */
if (new_token == NULL)
{
- new_token = lsaprivkeyauth (pw_new);
- if (new_token)
- {
- /* We have to verify this token since settings in /etc/group
- might render it unusable im terms of group membership. */
- if (!verify_token (new_token, usersid, groups))
- {
- CloseHandle (new_token);
- new_token = NULL;
- }
- }
- if (!new_token)
+ if (!(new_token = lsaprivkeyauth (pw_new)))
{
NTSTATUS status;
WCHAR domain[MAX_DOMAIN_NAME_LEN + 1];
More information about the Cygwin-cvs
mailing list