* sec_auth.cc (get_token_group_sidlist): Add BUILTIN\Users account

to all created tokens. * sec_helper.cc (well_known_users_sid): Define as BUILTIN\Users. * security.h (well_known_users_sid): Declare.
2010-01-08 15:55:27 +00:00 · 2010-01-08 15:55:27 +00:00 · 9f00d74664
parent ca888f9cba
commit 9f00d74664
4 changed files with 18 additions and 4 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,10 @@
+2010-01-08  Corinna Vinschen  <corinna@vinschen.de>
+
+	* sec_auth.cc (get_token_group_sidlist): Add BUILTIN\Users account
+	to all created tokens.
+	* sec_helper.cc (well_known_users_sid): Define as BUILTIN\Users.
+	* security.h (well_known_users_sid): Declare.
+
 2010-01-01  Christopher Faylor  <me+cygwin@cgf.cx>

 	* dcrt0.cc: Bump copyright.
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@ -1,7 +1,7 @@
 /* sec_auth.cc: NT authentication functions

   Copyright 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
-   2006, 2007, 2008, 2009 Red Hat, Inc.
+   2006, 2007, 2008, 2009, 2010 Red Hat, Inc.

 This file is part of Cygwin.

@ -365,11 +365,13 @@ get_token_group_sidlist (cygsidlist &grp_list, PTOKEN_GROUPS my_grps,
 	grp_list *= well_known_service_sid;
      if (sid_in_token_groups (my_grps, well_known_this_org_sid))
 	grp_list *= well_known_this_org_sid;
+      grp_list *= well_known_users_sid;
    }
  else
    {
      grp_list += well_known_local_sid;
      grp_list *= well_known_interactive_sid;
+      grp_list *= well_known_users_sid;
    }
  if (get_ll (auth_luid) != 999LL) /* != SYSTEM_LUID */
    {
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@ -1,6 +1,7 @@
 /* sec_helper.cc: NT security helper functions

-   Copyright 2000, 2001, 2002, 2003, 2004, 2006, 2007, 2008 Red Hat, Inc.
+   Copyright 2000, 2001, 2002, 2003, 2004, 2006, 2007, 2008, 2009,
+   2010 Red Hat, Inc.

   Written by Corinna Vinschen <corinna@vinschen.de>

@ -59,6 +60,9 @@ MKSID (well_known_system_sid, "S-1-5-18",
 MKSID (well_known_admins_sid, "S-1-5-32-544",
       SECURITY_NT_AUTHORITY, 2, SECURITY_BUILTIN_DOMAIN_RID,
 				 DOMAIN_ALIAS_RID_ADMINS);
+MKSID (well_known_users_sid, "S-1-5-32-545",
+       SECURITY_NT_AUTHORITY, 2, SECURITY_BUILTIN_DOMAIN_RID,
+				 DOMAIN_ALIAS_RID_USERS);
 MKSID (fake_logon_sid, "S-1-5-5-0-0",
       SECURITY_NT_AUTHORITY, 3, SECURITY_LOGON_IDS_RID, 0, 0);
 MKSID (mandatory_medium_integrity_sid, "S-1-16-8192",
--- a/winsup/cygwin/security.h
+++ b/winsup/cygwin/security.h
@ -1,7 +1,7 @@
 /* security.h: security declarations

-   Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
-   Red Hat, Inc.
+   Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
+   2010 Red Hat, Inc.

 This file is part of Cygwin.

@ -328,6 +328,7 @@ extern cygpsid well_known_authenticated_users_sid;
 extern cygpsid well_known_this_org_sid;
 extern cygpsid well_known_system_sid;
 extern cygpsid well_known_admins_sid;
+extern cygpsid well_known_users_sid;
 extern cygpsid fake_logon_sid;
 extern cygpsid mandatory_medium_integrity_sid;
 extern cygpsid mandatory_high_integrity_sid;