public inbox for cygwin-cvs@sourceware.org help / color / mirror / Atom feed
From: Corinna Vinschen <corinna@sourceware.org> To: cygwin-cvs@sourceware.org Subject: [newlib-cygwin] Cygwin: uinfo: prefer token primary group Date: Fri, 2 Dec 2022 15:52:38 +0000 (GMT) [thread overview] Message-ID: <20221202155238.459593858C50@sourceware.org> (raw) https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=dc7b67316d01c77d81ad6561869b9b89527c2ac8 commit dc7b67316d01c77d81ad6561869b9b89527c2ac8 Author: Corinna Vinschen <corinna@vinschen.de> AuthorDate: Fri Dec 2 16:37:33 2022 +0100 Commit: Corinna Vinschen <corinna@vinschen.de> CommitDate: Fri Dec 2 16:37:33 2022 +0100 Cygwin: uinfo: prefer token primary group internal_getlogin overwrites the process token primary group if it differs from the primary group as stored in the passwd DB. However, this also overwrites the primary group of the process if it has been deliberately changed by a former process (e. g., newgrp), and the current process has a non-Cygwin process as parent. Our docs claim we restrict overwriting the primary group to local, non-domain user accounts anyway, and it was actually meant this way. So check for exactly that before overwriting the primary group in the token: It's only allowed if the user is a local account and the primary group in the token is still the default group "None". Fixes: 6cc7c925ce861 ("(internal_getlogin): Give primary group from user token more weight.") Signed-off-by: Corinna Vinschen <corinna@vinschen.de> Diff: --- winsup/cygwin/uinfo.cc | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index a96c5e7fc6a0..db475d710eb2 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -163,11 +163,20 @@ internal_getlogin (cygheap_user &user) user.set_name (pwd->pw_name); myself->uid = pwd->pw_uid; - myself->gid = pwd->pw_gid; + myself->gid = pgrp ? pgrp->gr_gid : pwd->pw_gid; + /* If the primary group in the passwd DB is different from the primary - group in the user token, we have to find the SID of that group and - try to override the token primary group. */ - if (!pgrp || myself->gid != pgrp->gr_gid) + group in the user token, and if the primary group is the default + group of a local user ("None", localized), we have to find the SID + of that group and try to override the token primary group. Also + makes sure we're not on a domain controller, where account_sid () + == primary_sid (). */ + gsid = cygheap->dom.account_sid (); + gsid.append (DOMAIN_GROUP_RID_USERS); + if (!pgrp + || (myself->gid != pgrp->gr_gid + && cygheap->dom.account_sid () != cygheap->dom.primary_sid () + && RtlEqualSid (gsid, user.groups.pgsid))) { if (gsid.getfromgr (grp = internal_getgrgid (pwd->pw_gid, &cldap))) {
reply other threads:[~2022-12-02 15:52 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20221202155238.459593858C50@sourceware.org \ --to=corinna@sourceware.org \ --cc=cygwin-cvs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).