diff options
Diffstat (limited to 'winsup/lsaauth')
| -rw-r--r-- | winsup/lsaauth/ChangeLog | 8 | ||||
| -rw-r--r-- | winsup/lsaauth/Makefile.in | 6 | ||||
| -rw-r--r-- | winsup/lsaauth/cyglsa.c | 46 | ||||
| -rw-r--r-- | winsup/lsaauth/cyglsa64.dll | bin | 8704 -> 8704 bytes | |||
| -rw-r--r-- | winsup/lsaauth/make-64bit-version-with-mingw-w64.sh | 6 |
5 files changed, 30 insertions, 36 deletions
diff --git a/winsup/lsaauth/ChangeLog b/winsup/lsaauth/ChangeLog index b78696af2..bbb763a1e 100644 --- a/winsup/lsaauth/ChangeLog +++ b/winsup/lsaauth/ChangeLog @@ -1,11 +1,3 @@ -2012-05-29 Corinna Vinschen <corinna@vinschen.de> - - * Makefile.in (LIBS): Re-add advapi32.dll. Explain why. - * make-64bit-version-with-mingw-w64.sh (LIBS): Ditto. - * cyglsa.c: Drop NTDLL function declarations. Use equivalent advapi32 - functions again, throughout. - * cyglsa64.dll: Regenerate. - 2011-05-10 Corinna Vinschen <corinna@vinschen.de> * Makefile.in: Don't override CC. diff --git a/winsup/lsaauth/Makefile.in b/winsup/lsaauth/Makefile.in index bb585dfda..948c08b34 100644 --- a/winsup/lsaauth/Makefile.in +++ b/winsup/lsaauth/Makefile.in @@ -41,11 +41,7 @@ ifdef MINGW_CC override CC:=${MINGW_CC} endif -# Never again try to remove advapi32. It does not matter if the DLL calls -# advapi32 functions or the equivalent ntdll functions. -# But if the LSA authentication DLL is not linked against advapi32, it's -# not recognized by LSA. -LIBS := -ladvapi32 -lkernel32 -lntdll +LIBS := -lkernel32 -lntdll DLL := cyglsa.dll DEF_FILE:= cyglsa.def diff --git a/winsup/lsaauth/cyglsa.c b/winsup/lsaauth/cyglsa.c index 341fdd12c..e64d0e11f 100644 --- a/winsup/lsaauth/cyglsa.c +++ b/winsup/lsaauth/cyglsa.c @@ -1,6 +1,6 @@ /* cyglsa.c: LSA authentication module for Cygwin - Copyright 2006, 2008, 2010, 2011, 2012 Red Hat, Inc. + Copyright 2006, 2008, 2010, 2011 Red Hat, Inc. Written by Corinna Vinschen <corinna@vinschen.de> @@ -41,6 +41,13 @@ DllMain (HINSTANCE inst, DWORD reason, LPVOID res) #ifndef NT_SUCCESS #define NT_SUCCESS(s) ((s) >= 0) #endif +NTSTATUS NTAPI NtAllocateLocallyUniqueId (PLUID); +NTSTATUS NTAPI RtlCopySid (ULONG, PSID, PSID); +NTSTATUS NTAPI RtlGetAce (PACL, ULONG, PVOID *); +ULONG NTAPI RtlLengthSid (PSID); +PULONG NTAPI RtlSubAuthoritySid (PSID, ULONG); +PUCHAR NTAPI RtlSubAuthorityCountSid (PSID); +BOOLEAN NTAPI RtlValidSid (PSID); /* These standard POSIX functions are implemented in NTDLL and exported. There's just no header to define them and using wchar.h from mingw or Cygwin seems wrong somehow. */ @@ -116,7 +123,7 @@ print_sid (const char *prefix, int idx, PISID sid) cyglsa_printf ("NULL\n"); else if (IsBadReadPtr (sid, 8)) cyglsa_printf ("INVALID POINTER\n"); - else if (!IsValidSid ((PSID) sid)) + else if (!RtlValidSid ((PSID) sid)) cyglsa_printf ("INVALID SID\n"); else if (IsBadReadPtr (sid, 8 + sizeof (DWORD) * sid->SubAuthorityCount)) cyglsa_printf ("INVALID POINTER SPACE\n"); @@ -196,9 +203,11 @@ print_dacl (PACL dacl) { PVOID vace; PACCESS_ALLOWED_ACE ace; + NTSTATUS stat; - if (!GetAce (dacl, i, &vace)) - cyglsa_printf ("[%lu] GetAce error %lu\n", i, GetLastError ()); + stat = RtlGetAce (dacl, i, &vace); + if (!NT_SUCCESS (stat)) + cyglsa_printf ("[%lu] RtlGetAce status 0x%08lx\n", i, stat); else { ace = (PACCESS_ALLOWED_ACE) vace; @@ -494,8 +503,8 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type, tokinf->ExpirationTime = authinf->inf.ExpirationTime; /* User SID */ src_sid = (PSID) (base + authinf->inf.User.User.Sid); - size = GetLengthSid (src_sid); - CopySid (size, (PSID) tptr, src_sid); + size = RtlLengthSid (src_sid); + RtlCopySid (size, (PSID) tptr, src_sid); tokinf->User.User.Sid = (PSID) tptr; tptr += size; tokinf->User.User.Attributes = authinf->inf.User.User.Attributes; @@ -509,16 +518,16 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type, for (i = 0; i < src_grps->GroupCount; ++i) { src_sid = (PSID) (base + src_grps->Groups[i].Sid); - size = GetLengthSid (src_sid); - CopySid (size, (PSID) tptr, src_sid); + size = RtlLengthSid (src_sid); + RtlCopySid (size, (PSID) tptr, src_sid); tokinf->Groups->Groups[i].Sid = (PSID) tptr; tptr += size; tokinf->Groups->Groups[i].Attributes = src_grps->Groups[i].Attributes; } /* Primary Group SID */ src_sid = (PSID) (base + authinf->inf.PrimaryGroup.PrimaryGroup); - size = GetLengthSid (src_sid); - CopySid (size, (PSID) tptr, src_sid); + size = RtlLengthSid (src_sid); + RtlCopySid (size, (PSID) tptr, src_sid); tokinf->PrimaryGroup.PrimaryGroup = (PSID) tptr; tptr += size; /* Privileges */ @@ -545,7 +554,8 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type, not done in the 64 bit code above for hopefully obvious reasons... */ LUID logon_sid_id; - if (must_create_logon_sid && !AllocateLocallyUniqueId (&logon_sid_id)) + if (must_create_logon_sid + && !NT_SUCCESS (NtAllocateLocallyUniqueId (&logon_sid_id))) return STATUS_INSUFFICIENT_RESOURCES; if (!(tokinf = funcs->AllocateLsaHeap (authinf->inf_size))) @@ -565,13 +575,13 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type, ((PBYTE) tokinf + (LONG_PTR) tokinf->Groups->Groups[i].Sid); if (must_create_logon_sid && tokinf->Groups->Groups[i].Attributes & SE_GROUP_LOGON_ID - && *GetSidSubAuthorityCount (tokinf->Groups->Groups[i].Sid) == 3 - && *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 0) + && *RtlSubAuthorityCountSid (tokinf->Groups->Groups[i].Sid) == 3 + && *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 0) == SECURITY_LOGON_IDS_RID) { - *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 1) + *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 1) = logon_sid_id.HighPart; - *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 2) + *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 2) = logon_sid_id.LowPart; } } @@ -598,12 +608,12 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type, (PVOID)((LONG_PTR) &authinf->inf + authinf->inf_size)); /* Create logon session. */ - if (!AllocateLocallyUniqueId (logon_id)) + stat = NtAllocateLocallyUniqueId (logon_id); + if (!NT_SUCCESS (stat)) { funcs->FreeLsaHeap (*tok); *tok = NULL; - cyglsa_printf ("AllocateLocallyUniqueId failed: Win32 error %lu\n", - GetLastError ()); + cyglsa_printf ("NtAllocateLocallyUniqueId status 0x%08lx\n", stat); return STATUS_INSUFFICIENT_RESOURCES; } stat = funcs->CreateLogonSession (logon_id); diff --git a/winsup/lsaauth/cyglsa64.dll b/winsup/lsaauth/cyglsa64.dll Binary files differindex f3324d26a..14f1f6cff 100644 --- a/winsup/lsaauth/cyglsa64.dll +++ b/winsup/lsaauth/cyglsa64.dll diff --git a/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh b/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh index 4a8c37c23..a93daf8f3 100644 --- a/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh +++ b/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh @@ -20,10 +20,6 @@ set -e CC="x86_64-w64-mingw32-gcc" CFLAGS="-fno-exceptions -O0 -Wall -Werror" LDFLAGS="-s -nostdlib -Wl,--entry,DllMain,--major-os-version,5,--minor-os-version,2" -# Never again try to remove advapi32. It does not matter if the DLL calls -# advapi32 functions or the equivalent ntdll functions. -# But if the LSA authentication DLL is not linked against advapi32, it's -# not recognized by LSA. -LIBS="-ladvapi32 -lkernel32 -lntdll" +LIBS="-lkernel32 -lntdll" $CC $CFLAGS $LDFLAGS -shared -o cyglsa64.dll cyglsa.c cyglsa64.def $LIBS |