* security.cc (verify_token): Do not reject a token just because

	the supplementary group list is missing Everyone or a groupsid
	equal to usersid, or because the primary group is not in the token,
	as long as it is equal to the usersid.
	* syscalls.cc (seteuid32): Use common code for all successful returns.
	* grp.cc (getgroups32): Never includes Everyone in the output.

1 files changed, 5 insertions, 2 deletions

diff --git a/winsup/cygwin/security.cc b/winsup/cygwin/security.cc
index d12e33359..f22c7dc8f 100644
--- a/winsup/cygwin/security.cc
+++ b/winsup/cygwin/security.cc
@@ -779,13 +779,16 @@ verify_token (HANDLE token, cygsid &usersid, user_groups &groups, BOOL *pintern)
 	      saw[pos] = TRUE;
 	    else if (groups.pgsid == gsid)
 	      sawpg = TRUE;
-	    else
+           else if (gsid != well_known_world_sid &&
+		    gsid != usersid)
 	      goto done;
 	  }
       for (int gidx = 0; gidx < groups.sgsids.count; gidx++)
 	if (!saw[gidx])
 	  goto done;
-      if (sawpg || groups.sgsids.contains (groups.pgsid))
+      if (sawpg || 
+	  groups.sgsids.contains (groups.pgsid) ||
+	  groups.pgsid == usersid)
 	ret = TRUE;
     }
 done: