From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2155) id 459593858C50; Fri, 2 Dec 2022 15:52:38 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 459593858C50 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1669996358; bh=Xqu9m72kvtRdsVIiqyo0xv/CQavaQR9K9tIKjnKv1ZQ=; h=From:To:Subject:Date:From; b=k0Xd6LdI8ZHBH0vD9W0DzTsfJCwG5BR4sIkx7gZszFAzlOrjLKIq+oKfN7AFU8k6U WmZsyRVlpV50dG3/ygNIlxPnJbvHs69GJ2I68TaZWbIA7bPqY04wFFefqhDp7ZKxIf 83a2WZWicmfTgNvwtJCsIf6zjyUt0ZPIr+4njEZI= Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Corinna Vinschen To: cygwin-cvs@sourceware.org Subject: [newlib-cygwin] Cygwin: uinfo: prefer token primary group X-Act-Checkin: newlib-cygwin X-Git-Author: Corinna Vinschen X-Git-Refname: refs/heads/master X-Git-Oldrev: 3b37a11870d5eb7880018955e88771c251c2c608 X-Git-Newrev: dc7b67316d01c77d81ad6561869b9b89527c2ac8 Message-Id: <20221202155238.459593858C50@sourceware.org> Date: Fri, 2 Dec 2022 15:52:38 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=3Dnewlib-cygwin.git;h=3Ddc7b67316d0= 1c77d81ad6561869b9b89527c2ac8 commit dc7b67316d01c77d81ad6561869b9b89527c2ac8 Author: Corinna Vinschen AuthorDate: Fri Dec 2 16:37:33 2022 +0100 Commit: Corinna Vinschen CommitDate: Fri Dec 2 16:37:33 2022 +0100 Cygwin: uinfo: prefer token primary group =20 internal_getlogin overwrites the process token primary group if it differs from the primary group as stored in the passwd DB. =20 However, this also overwrites the primary group of the process if it has been deliberately changed by a former process (e. g., newgrp), and the current process has a non-Cygwin process as parent. =20 Our docs claim we restrict overwriting the primary group to local, non-domain user accounts anyway, and it was actually meant this way. =20 So check for exactly that before overwriting the primary group in the token: It's only allowed if the user is a local account and the primary group in the token is still the default group "None". =20 Fixes: 6cc7c925ce861 ("(internal_getlogin): Give primary group from user token more weight.") Signed-off-by: Corinna Vinschen Diff: --- winsup/cygwin/uinfo.cc | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/winsup/cygwin/uinfo.cc b/winsup/cygwin/uinfo.cc index a96c5e7fc6a0..db475d710eb2 100644 --- a/winsup/cygwin/uinfo.cc +++ b/winsup/cygwin/uinfo.cc @@ -163,11 +163,20 @@ internal_getlogin (cygheap_user &user) =20 user.set_name (pwd->pw_name); myself->uid =3D pwd->pw_uid; - myself->gid =3D pwd->pw_gid; + myself->gid =3D pgrp ? pgrp->gr_gid : pwd->pw_gid; + /* If the primary group in the passwd DB is different from the prima= ry - group in the user token, we have to find the SID of that group and - try to override the token primary group. */ - if (!pgrp || myself->gid !=3D pgrp->gr_gid) + group in the user token, and if the primary group is the default + group of a local user ("None", localized), we have to find the SID + of that group and try to override the token primary group. Also + makes sure we're not on a domain controller, where account_sid () + =3D=3D primary_sid (). */ + gsid =3D cygheap->dom.account_sid (); + gsid.append (DOMAIN_GROUP_RID_USERS); + if (!pgrp + || (myself->gid !=3D pgrp->gr_gid + && cygheap->dom.account_sid () !=3D cygheap->dom.primary_sid () + && RtlEqualSid (gsid, user.groups.pgsid))) { if (gsid.getfromgr (grp =3D internal_getgrgid (pwd->pw_gid, &cldap))) {