public inbox for cygwin-cvs@sourceware.org
help / color / mirror / Atom feed
From: Corinna Vinschen <corinna@sourceware.org>
To: cygwin-cvs@sourceware.org
Subject: [newlib-cygwin] Cygwin: uinfo: prefer token primary group
Date: Fri,  2 Dec 2022 15:52:38 +0000 (GMT)	[thread overview]
Message-ID: <20221202155238.459593858C50@sourceware.org> (raw)

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=dc7b67316d01c77d81ad6561869b9b89527c2ac8

commit dc7b67316d01c77d81ad6561869b9b89527c2ac8
Author:     Corinna Vinschen <corinna@vinschen.de>
AuthorDate: Fri Dec 2 16:37:33 2022 +0100
Commit:     Corinna Vinschen <corinna@vinschen.de>
CommitDate: Fri Dec 2 16:37:33 2022 +0100

    Cygwin: uinfo: prefer token primary group
    
    internal_getlogin overwrites the process token primary group if it
    differs from the primary group as stored in the passwd DB.
    
    However, this also overwrites the primary group of the process if
    it has been deliberately changed by a former process (e. g., newgrp),
    and the current process has a non-Cygwin process as parent.
    
    Our docs claim we restrict overwriting the primary group to local,
    non-domain user accounts anyway, and it was actually meant this way.
    
    So check for exactly that before overwriting the primary group
    in the token:  It's only allowed if the user is a local account
    and the primary group in the token is still the default group
    "None".
    
    Fixes: 6cc7c925ce861 ("(internal_getlogin): Give primary group
    from user token more weight.")
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/cygwin/uinfo.cc | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc
index a96c5e7fc6a0..db475d710eb2 100644
--- a/winsup/cygwin/uinfo.cc
+++ b/winsup/cygwin/uinfo.cc
@@ -163,11 +163,20 @@ internal_getlogin (cygheap_user &user)
 
       user.set_name (pwd->pw_name);
       myself->uid = pwd->pw_uid;
-      myself->gid = pwd->pw_gid;
+      myself->gid = pgrp ? pgrp->gr_gid : pwd->pw_gid;
+
       /* If the primary group in the passwd DB is different from the primary
-	 group in the user token, we have to find the SID of that group and
-	 try to override the token primary group. */
-      if (!pgrp || myself->gid != pgrp->gr_gid)
+	 group in the user token, and if the primary group is the default
+	 group of a local user ("None", localized), we have to find the SID
+	 of that group and try to override the token primary group.  Also
+	 makes sure we're not on a domain controller, where account_sid ()
+	 == primary_sid (). */
+      gsid = cygheap->dom.account_sid ();
+      gsid.append (DOMAIN_GROUP_RID_USERS);
+      if (!pgrp
+	  || (myself->gid != pgrp->gr_gid
+	      && cygheap->dom.account_sid () != cygheap->dom.primary_sid ()
+	      && RtlEqualSid (gsid, user.groups.pgsid)))
 	{
 	  if (gsid.getfromgr (grp = internal_getgrgid (pwd->pw_gid, &cldap)))
 	    {

                 reply	other threads:[~2022-12-02 15:52 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221202155238.459593858C50@sourceware.org \
    --to=corinna@sourceware.org \
    --cc=cygwin-cvs@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).