From 00ef94f3389db4568c3c9825d34febc520807c59 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Tue, 29 May 2012 12:46:01 +0000
Subject: [PATCH] * Makefile.in (LIBS): Re-add advapi32.dll. Explain
why. * make-64bit-version-with-mingw-w64.sh (LIBS): Ditto. * cyglsa.c:
Drop NTDLL function declarations. Use equivalent advapi32 functions
again, throughout. * cyglsa64.dll: Regenerate.
---
winsup/lsaauth/ChangeLog | 8 +++
winsup/lsaauth/Makefile.in | 6 ++-
winsup/lsaauth/cyglsa.c | 46 +++++++-----------
winsup/lsaauth/cyglsa64.dll | Bin 8704 -> 8704 bytes
.../make-64bit-version-with-mingw-w64.sh | 6 ++-
5 files changed, 36 insertions(+), 30 deletions(-)
diff --git a/winsup/lsaauth/ChangeLog b/winsup/lsaauth/ChangeLog
index bbb763a1e..b78696af2 100644
--- a/winsup/lsaauth/ChangeLog
+++ b/winsup/lsaauth/ChangeLog
@@ -1,3 +1,11 @@
+2012-05-29 Corinna Vinschen <corinna@vinschen.de>
+
+ * Makefile.in (LIBS): Re-add advapi32.dll. Explain why.
+ * make-64bit-version-with-mingw-w64.sh (LIBS): Ditto.
+ * cyglsa.c: Drop NTDLL function declarations. Use equivalent advapi32
+ functions again, throughout.
+ * cyglsa64.dll: Regenerate.
+
2011-05-10 Corinna Vinschen <corinna@vinschen.de>
* Makefile.in: Don't override CC.
diff --git a/winsup/lsaauth/Makefile.in b/winsup/lsaauth/Makefile.in
index 948c08b34..bb585dfda 100644
--- a/winsup/lsaauth/Makefile.in
+++ b/winsup/lsaauth/Makefile.in
@@ -41,7 +41,11 @@ ifdef MINGW_CC
override CC:=${MINGW_CC}
endif
-LIBS := -lkernel32 -lntdll
+# Never again try to remove advapi32. It does not matter if the DLL calls
+# advapi32 functions or the equivalent ntdll functions.
+# But if the LSA authentication DLL is not linked against advapi32, it's
+# not recognized by LSA.
+LIBS := -ladvapi32 -lkernel32 -lntdll
DLL := cyglsa.dll
DEF_FILE:= cyglsa.def
diff --git a/winsup/lsaauth/cyglsa.c b/winsup/lsaauth/cyglsa.c
index e64d0e11f..341fdd12c 100644
--- a/winsup/lsaauth/cyglsa.c
+++ b/winsup/lsaauth/cyglsa.c
@@ -1,6 +1,6 @@
/* cyglsa.c: LSA authentication module for Cygwin
- Copyright 2006, 2008, 2010, 2011 Red Hat, Inc.
+ Copyright 2006, 2008, 2010, 2011, 2012 Red Hat, Inc.
Written by Corinna Vinschen <corinna@vinschen.de>
@@ -41,13 +41,6 @@ DllMain (HINSTANCE inst, DWORD reason, LPVOID res)
#ifndef NT_SUCCESS
#define NT_SUCCESS(s) ((s) >= 0)
#endif
-NTSTATUS NTAPI NtAllocateLocallyUniqueId (PLUID);
-NTSTATUS NTAPI RtlCopySid (ULONG, PSID, PSID);
-NTSTATUS NTAPI RtlGetAce (PACL, ULONG, PVOID *);
-ULONG NTAPI RtlLengthSid (PSID);
-PULONG NTAPI RtlSubAuthoritySid (PSID, ULONG);
-PUCHAR NTAPI RtlSubAuthorityCountSid (PSID);
-BOOLEAN NTAPI RtlValidSid (PSID);
/* These standard POSIX functions are implemented in NTDLL and exported.
There's just no header to define them and using wchar.h from mingw
or Cygwin seems wrong somehow. */
@@ -123,7 +116,7 @@ print_sid (const char *prefix, int idx, PISID sid)
cyglsa_printf ("NULL\n");
else if (IsBadReadPtr (sid, 8))
cyglsa_printf ("INVALID POINTER\n");
- else if (!RtlValidSid ((PSID) sid))
+ else if (!IsValidSid ((PSID) sid))
cyglsa_printf ("INVALID SID\n");
else if (IsBadReadPtr (sid, 8 + sizeof (DWORD) * sid->SubAuthorityCount))
cyglsa_printf ("INVALID POINTER SPACE\n");
@@ -203,11 +196,9 @@ print_dacl (PACL dacl)
{
PVOID vace;
PACCESS_ALLOWED_ACE ace;
- NTSTATUS stat;
- stat = RtlGetAce (dacl, i, &vace);
- if (!NT_SUCCESS (stat))
- cyglsa_printf ("[%lu] RtlGetAce status 0x%08lx\n", i, stat);
+ if (!GetAce (dacl, i, &vace))
+ cyglsa_printf ("[%lu] GetAce error %lu\n", i, GetLastError ());
else
{
ace = (PACCESS_ALLOWED_ACE) vace;
@@ -503,8 +494,8 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
tokinf->ExpirationTime = authinf->inf.ExpirationTime;
/* User SID */
src_sid = (PSID) (base + authinf->inf.User.User.Sid);
- size = RtlLengthSid (src_sid);
- RtlCopySid (size, (PSID) tptr, src_sid);
+ size = GetLengthSid (src_sid);
+ CopySid (size, (PSID) tptr, src_sid);
tokinf->User.User.Sid = (PSID) tptr;
tptr += size;
tokinf->User.User.Attributes = authinf->inf.User.User.Attributes;
@@ -518,16 +509,16 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
for (i = 0; i < src_grps->GroupCount; ++i)
{
src_sid = (PSID) (base + src_grps->Groups[i].Sid);
- size = RtlLengthSid (src_sid);
- RtlCopySid (size, (PSID) tptr, src_sid);
+ size = GetLengthSid (src_sid);
+ CopySid (size, (PSID) tptr, src_sid);
tokinf->Groups->Groups[i].Sid = (PSID) tptr;
tptr += size;
tokinf->Groups->Groups[i].Attributes = src_grps->Groups[i].Attributes;
}
/* Primary Group SID */
src_sid = (PSID) (base + authinf->inf.PrimaryGroup.PrimaryGroup);
- size = RtlLengthSid (src_sid);
- RtlCopySid (size, (PSID) tptr, src_sid);
+ size = GetLengthSid (src_sid);
+ CopySid (size, (PSID) tptr, src_sid);
tokinf->PrimaryGroup.PrimaryGroup = (PSID) tptr;
tptr += size;
/* Privileges */
@@ -554,8 +545,7 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
not done in the 64 bit code above for hopefully obvious reasons... */
LUID logon_sid_id;
- if (must_create_logon_sid
- && !NT_SUCCESS (NtAllocateLocallyUniqueId (&logon_sid_id)))
+ if (must_create_logon_sid && !AllocateLocallyUniqueId (&logon_sid_id))
return STATUS_INSUFFICIENT_RESOURCES;
if (!(tokinf = funcs->AllocateLsaHeap (authinf->inf_size)))
@@ -575,13 +565,13 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
((PBYTE) tokinf + (LONG_PTR) tokinf->Groups->Groups[i].Sid);
if (must_create_logon_sid
&& tokinf->Groups->Groups[i].Attributes & SE_GROUP_LOGON_ID
- && *RtlSubAuthorityCountSid (tokinf->Groups->Groups[i].Sid) == 3
- && *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 0)
+ && *GetSidSubAuthorityCount (tokinf->Groups->Groups[i].Sid) == 3
+ && *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 0)
== SECURITY_LOGON_IDS_RID)
{
- *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 1)
+ *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 1)
= logon_sid_id.HighPart;
- *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 2)
+ *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 2)
= logon_sid_id.LowPart;
}
}
@@ -608,12 +598,12 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
(PVOID)((LONG_PTR) &authinf->inf + authinf->inf_size));
/* Create logon session. */
- stat = NtAllocateLocallyUniqueId (logon_id);
- if (!NT_SUCCESS (stat))
+ if (!AllocateLocallyUniqueId (logon_id))
{
funcs->FreeLsaHeap (*tok);
*tok = NULL;
- cyglsa_printf ("NtAllocateLocallyUniqueId status 0x%08lx\n", stat);
+ cyglsa_printf ("AllocateLocallyUniqueId failed: Win32 error %lu\n",
+ GetLastError ());
return STATUS_INSUFFICIENT_RESOURCES;
}
stat = funcs->CreateLogonSession (logon_id);
diff --git a/winsup/lsaauth/cyglsa64.dll b/winsup/lsaauth/cyglsa64.dll
index 14f1f6cff1e5eba2d2f8ab7800e35ed4edf8d547..f3324d26ade36b5aa606ec6c2e4bff8e18b4dd12 100644
GIT binary patch
delta 2447
zcmc&#drVVj6#wp>Ev2-y6ex9~Ehq|#j37Ehq6N9z?GQwy8mCTBI_ZK^Yw?vix*(40
zg$eoG!$*|)&$7%#h3OQhDX>lV$kJ_@ac*%7%O(xR*EV&EcIVvQVnee1yPLG<e82Pi
ze&>AW+=sW=Tio7~(AodVLLy%`NmgnM%Njcl6tE@NJ1*z5tt@?&tx#NY5z^9;GA=sH
z<JjT>b|>v%&NHpu%h;nVTdAXJMGbR@)+;KQHMCE$spKYbc#*U8sL&C5c~SAr3xovy
z%|1^Y-=;k~oshxfkAlI#XEHNH+98t~kn|psT4|#)Bi<F>91Hk1#LMX!Won}n-E`17
z&kchR85)mSMf<Q=+^!P(fV>bHN?<f`!wd#>C#{U`q;C#4y!ktb=VJW#hr!_I{dQjX
zjc>Y^%?qV^VCs2EAQ1_l0)cPZt|wAqr!oQR0%%ge4@rB*NN2!JiuYGWoboN?iPRgF
znz1R2;{m*gFM<6-n=y|_q(p}iwbC!6Qk6T=HPJt!CM#>vJx<N4OluyxJ;RZed@v25
zcL53nM-|e!BBGF1q<N{RnwGgb60bwN2)FN(jxbV-h=B|`pxU4;MYoGCi_Yfep!@QJ
z$O7u80^|fJFpGgsNaGfzPOM%YQ9v2eijbzGUq_ovIg!Bv3>q-_Gkp|oDLaentM^BS
z8rX})wb=(nZrCRHp;@5}`<@SFXh?y^pO6+pA8-mKPMcOhokP^2&Q;c;>!63!W0idw
z;KtB%>Lg|{y{NXZ4@~r)dQzhnDFc7Q;pEXjVK<=*8ACThCK7sOf@sxCLn}h?NO+fM
zRoMhzPY^B`vj#KS;T)2pXf?q-K6n7zhZ#hxC4w89h(Z~U$>~VmN{_`Djki(f;o}^6
z7;2+G#bl|jK8??r;umVrOlD5g*_sSyH(jHd&ScXLO=5h1l=K*8^P>G8FW~*Th@RHu
zFlu^DGn4VtRPB_fTGB!N#NA*}<h}|xm4xU{HoM>eJA4gBID~-VHz9l~l@MQmr(3kM
z^)3WU5!50Wq`lfQ{Y(UJ+yU?wg6~jsY<8mo1wZmZ0e-&iId~)o2mZna*lT%#g+A2s
zBH^1usjf@`fhH74LV=kID86aCi+IX`=;sw`763T<IS7ns?m`q~#gMEkB<qr86YvN}
zQ8#l$_X-_|&73!6mv0_mG-pc#OMDH8m|zNKmQh%yOZlMw5D$=hf6`K&X+k9m?}fyn
zf=l2%00rj}&phaKJ#ErW)#V~(5m2zZiZS$Kog>9R19)P2y2yPf^aj7>1+Ejeb&>{k
zNaqz=q%TMViK<GhQQ-E#4gWUu?2^dsu?ZKX*J-X4qx<z$%q}{tHzWVd;(zDwmSQw7
zu98_x+u|l5f8u}e?^d7|y%1N%%%Mq!Rm_icv%#Hw5r)o-91m>*fu2Qj6RoiLp00?W
zkP1$}gi4QxZz3H3#4YF$ykLAoFG2JTYK<SqYz6Y<<ii+V1!3sUkP-f*O~(+m(Sz~%
zjls0r<%G1i2h%Q(vVHQpOS15Skgmu40XhD~C_9=znitL^=`-!!<q2M<%XpVHEl;a!
zSZR6I;VE3>usGcAdbb4-HR(<o8_m-7=A<VrFIGG295wltrOx#;aw0j@Htx(A{L)fY
zvc>qTnUL`B2HfgDz*;f3dv0<clV9!%ABB(tHzD}t^+sS-fT=bRax4P#0+zR-BgNQQ
z1rfZq$##cqUzhDc*@jqz9Ff;P+4^OBMYh*v8|L4a*DA<}mqE74A=?;2;s5_BB!LjQ
zl957E2#m&5xrxlLcWqtltRWMb&<F{ch28?k`n8@~43M3SZR3*aI%kcv+K<us_3K;>
z9*4WEdYxk_ymVOHQN7W_;rQuXvn9r?Sn76q9M8bu=~?qU1A(~|7B49*x6R1Os;R3Z
bgvMHo<4d@TGHyW_A|xGXBfswHmL}#OD$!m$
delta 2455
zcmcgteN0nV6u<95ODXgNkqSYeqNpff=UilrjWVe`CK3fZHx-pgqnIKEAG6Fb*a~Cy
z1u45|44P%`E6bL-IW{mlT_r~6f{wVv7`G++ifh-o=&}jAZrwSrx7e7uKX;S%-1|Gf
z^L=mIS=L$Rd1-pO_WVl1)(ujSoxt-c{fCNqx}yJT5fActzFP5-gAix`tn~N-(dHC^
z?V$bKIj(r<Y5skl|6NPfih6E8ZBkToadcGiO!+Us5hRQ8xC%G!(}JXE-AG7iyxS`#
z3B8(=`Gok6{v8VWM;Q}HzE?Daba`8m@E#I8)TPW#PK_990e=qhHS|+uw$O;%Jn(VO
z5(FnCkbw~;YfvilsNADKu0e(x7%oeYL#1xm%;|=`k641cz65<C>VKxWap~qX+@Aj{
z6cSwRdLpOrNghDM0Qtwk`|(&g(Up2ArKUEjl!Hj?qg`>?xtS3hGwnir9he7pL1?{1
z<doh*w2Xccm#y4`+nIDCZm!af+mGpNRi3#Rx2J;9i5y)B(7OQnL-!;iY=}z4gS0N%
zr&^e&j>a8`FGur1xrC`)`cRQiuc?}qt8qI_YvWBFCAjVUGdh8t3jk^a$iIk#PRKKr
z<W8v9M<q~=wB<-s0S$}RjhK1eh*yBp!~Co3qWEUy8<2m6B?kQ3Sl!6DY&%R~RHg25
zxo@YD8@MwyZ2!w>(rfiemSBa<fdIboctYHkNmu(MX-ku=lc0<^*oO|@p$_$uM|b1a
z0lpy24Z-DAL4H$idNmhvSz7GYU=@%Q-WpxcI{Ka3$Sc!mOu`(c5glEp`3dReCAb~C
zE&J3<X1$!W6~Pe(3X)k>;r1R6!Gh~C1EXvXCjocLoQe<Nb=sF;czhO`ExD_jkE%|*
z63|khnxfn&kgK}OEky1B{VAb9_1jV$f+9dO66bPfXjx(|H%NCR=I1Vh(BNtkGb%l%
z#zunC-Z&XG3D7se4RI8No=IHHrO=7Qhq$k3zGmK{gYzMpcOn#$EMxvkC4mWbJD?tT
zv<9f@5ULM@`dBt0UjIVs(mbqpA@~%68U(+mW11?xfZ&~50NzBfi!RWbk}oL0A>0<p
zIxh4+0Z$lu+o(<3dUGC-_ab=)l2d^Ouhc=rRZzvapiuMS3fiLW_aF)`_Wyx>vpNJf
z4{V1Z5urPr?I^lkI_35>y{^scc+DEVpjc10Ngh?oAP})bm*6KLg2M3!IO1JpJV0W?
zv7F&p&Zt;hG1eQP4wq1Xo?PvPL@a?mKf44@lDQDlqz80HT{)6B02#aNi=pRqHtfGX
zi>sq6^~D*!H)HUc55Su`05(@7%Rq(uGl;(raC$_)nR|iilCm;<s{8OJp*6H7X${vz
z-%iTR@Hw$n|Ke{O@&ZX!TqZ4=wuw7M2dA}U{0gIlP72tOa(L%%%b2TujI<R&B@=Xh
za%Lf<Enoi|v!RY}ZbH%U!{ZHX2f|4cmI{|kwhvum#v;_NIE=<~BF3MiaSs>+5HLj0
zD~LAJv&lsr9=1X`*H#hY@q}_NGkKQDVJ5Y!!}?q79N}MN=LjCLJHqgYe!qN%XCg0r
zzp#dSrnhm_#F;)cOz=jsKF8i#YpfRS<u<W&i_N%GtP@*z8cog|Q=#3d9@3@7^SM=G
zsombRrB1X}!nfVtX5G=y+-j?+zn4xc(oe+VKQmR$G#XB15fb_Q2v6WBobRL#JvMWc
zn_KLN<V8rZnGpP^u8+b@ErfjS=$~ci$OA1dGm}+JZe%j7C1g80zsTeOldm%Q0h6bg
z9Aok_lixBK@yFtJ{O^GeaxjZ!O^uFL(biHGTi0k?OD|>_H)Si<wls*g<qdWlxkT<e
z6LNuvaV~3ewAD1!6S6yIYPcjN7WS349b3h1vMxmd=O^pz4fSxOx3fwfSYfHIvQ$2}
YxS-x{$3{$tk^JXpsNLw|sE1$m4`vN<>Hq)$
diff --git a/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh b/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh
index a93daf8f3..4a8c37c23 100644
--- a/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh
+++ b/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh
@@ -20,6 +20,10 @@ set -e
CC="x86_64-w64-mingw32-gcc"
CFLAGS="-fno-exceptions -O0 -Wall -Werror"
LDFLAGS="-s -nostdlib -Wl,--entry,DllMain,--major-os-version,5,--minor-os-version,2"
-LIBS="-lkernel32 -lntdll"
+# Never again try to remove advapi32. It does not matter if the DLL calls
+# advapi32 functions or the equivalent ntdll functions.
+# But if the LSA authentication DLL is not linked against advapi32, it's
+# not recognized by LSA.
+LIBS="-ladvapi32 -lkernel32 -lntdll"
$CC $CFLAGS $LDFLAGS -shared -o cyglsa64.dll cyglsa.c cyglsa64.def $LIBS