* Makefile.in (LIBS): Re-add advapi32.dll. Explain why.
* make-64bit-version-with-mingw-w64.sh (LIBS): Ditto. * cyglsa.c: Drop NTDLL function declarations. Use equivalent advapi32 functions again, throughout. * cyglsa64.dll: Regenerate.
This commit is contained in:
Corinna Vinschen
parent
d610936513
commit
00ef94f338
|
|
@ -1,3 +1,11 @@
|
|||
2012-05-29 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* Makefile.in (LIBS): Re-add advapi32.dll. Explain why.
|
||||
* make-64bit-version-with-mingw-w64.sh (LIBS): Ditto.
|
||||
* cyglsa.c: Drop NTDLL function declarations. Use equivalent advapi32
|
||||
functions again, throughout.
|
||||
* cyglsa64.dll: Regenerate.
|
||||
|
||||
2011-05-10 Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
* Makefile.in: Don't override CC.
|
||||
|
|
|
|||
|
|
@ -41,7 +41,11 @@ ifdef MINGW_CC
|
|||
override CC:=${MINGW_CC}
|
||||
endif
|
||||
|
||||
LIBS := -lkernel32 -lntdll
|
||||
# Never again try to remove advapi32. It does not matter if the DLL calls
|
||||
# advapi32 functions or the equivalent ntdll functions.
|
||||
# But if the LSA authentication DLL is not linked against advapi32, it's
|
||||
# not recognized by LSA.
|
||||
LIBS := -ladvapi32 -lkernel32 -lntdll
|
||||
|
||||
DLL := cyglsa.dll
|
||||
DEF_FILE:= cyglsa.def
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
/* cyglsa.c: LSA authentication module for Cygwin
|
||||
|
||||
Copyright 2006, 2008, 2010, 2011 Red Hat, Inc.
|
||||
Copyright 2006, 2008, 2010, 2011, 2012 Red Hat, Inc.
|
||||
|
||||
Written by Corinna Vinschen <corinna@vinschen.de>
|
||||
|
||||
|
|
@ -41,13 +41,6 @@ DllMain (HINSTANCE inst, DWORD reason, LPVOID res)
|
|||
#ifndef NT_SUCCESS
|
||||
#define NT_SUCCESS(s) ((s) >= 0)
|
||||
#endif
|
||||
NTSTATUS NTAPI NtAllocateLocallyUniqueId (PLUID);
|
||||
NTSTATUS NTAPI RtlCopySid (ULONG, PSID, PSID);
|
||||
NTSTATUS NTAPI RtlGetAce (PACL, ULONG, PVOID *);
|
||||
ULONG NTAPI RtlLengthSid (PSID);
|
||||
PULONG NTAPI RtlSubAuthoritySid (PSID, ULONG);
|
||||
PUCHAR NTAPI RtlSubAuthorityCountSid (PSID);
|
||||
BOOLEAN NTAPI RtlValidSid (PSID);
|
||||
/* These standard POSIX functions are implemented in NTDLL and exported.
|
||||
There's just no header to define them and using wchar.h from mingw
|
||||
or Cygwin seems wrong somehow. */
|
||||
|
|
@ -123,7 +116,7 @@ print_sid (const char *prefix, int idx, PISID sid)
|
|||
cyglsa_printf ("NULL\n");
|
||||
else if (IsBadReadPtr (sid, 8))
|
||||
cyglsa_printf ("INVALID POINTER\n");
|
||||
else if (!RtlValidSid ((PSID) sid))
|
||||
else if (!IsValidSid ((PSID) sid))
|
||||
cyglsa_printf ("INVALID SID\n");
|
||||
else if (IsBadReadPtr (sid, 8 + sizeof (DWORD) * sid->SubAuthorityCount))
|
||||
cyglsa_printf ("INVALID POINTER SPACE\n");
|
||||
|
|
@ -203,11 +196,9 @@ print_dacl (PACL dacl)
|
|||
{
|
||||
PVOID vace;
|
||||
PACCESS_ALLOWED_ACE ace;
|
||||
NTSTATUS stat;
|
||||
|
||||
stat = RtlGetAce (dacl, i, &vace);
|
||||
if (!NT_SUCCESS (stat))
|
||||
cyglsa_printf ("[%lu] RtlGetAce status 0x%08lx\n", i, stat);
|
||||
if (!GetAce (dacl, i, &vace))
|
||||
cyglsa_printf ("[%lu] GetAce error %lu\n", i, GetLastError ());
|
||||
else
|
||||
{
|
||||
ace = (PACCESS_ALLOWED_ACE) vace;
|
||||
|
|
@ -503,8 +494,8 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
|
|||
tokinf->ExpirationTime = authinf->inf.ExpirationTime;
|
||||
/* User SID */
|
||||
src_sid = (PSID) (base + authinf->inf.User.User.Sid);
|
||||
size = RtlLengthSid (src_sid);
|
||||
RtlCopySid (size, (PSID) tptr, src_sid);
|
||||
size = GetLengthSid (src_sid);
|
||||
CopySid (size, (PSID) tptr, src_sid);
|
||||
tokinf->User.User.Sid = (PSID) tptr;
|
||||
tptr += size;
|
||||
tokinf->User.User.Attributes = authinf->inf.User.User.Attributes;
|
||||
|
|
@ -518,16 +509,16 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
|
|||
for (i = 0; i < src_grps->GroupCount; ++i)
|
||||
{
|
||||
src_sid = (PSID) (base + src_grps->Groups[i].Sid);
|
||||
size = RtlLengthSid (src_sid);
|
||||
RtlCopySid (size, (PSID) tptr, src_sid);
|
||||
size = GetLengthSid (src_sid);
|
||||
CopySid (size, (PSID) tptr, src_sid);
|
||||
tokinf->Groups->Groups[i].Sid = (PSID) tptr;
|
||||
tptr += size;
|
||||
tokinf->Groups->Groups[i].Attributes = src_grps->Groups[i].Attributes;
|
||||
}
|
||||
/* Primary Group SID */
|
||||
src_sid = (PSID) (base + authinf->inf.PrimaryGroup.PrimaryGroup);
|
||||
size = RtlLengthSid (src_sid);
|
||||
RtlCopySid (size, (PSID) tptr, src_sid);
|
||||
size = GetLengthSid (src_sid);
|
||||
CopySid (size, (PSID) tptr, src_sid);
|
||||
tokinf->PrimaryGroup.PrimaryGroup = (PSID) tptr;
|
||||
tptr += size;
|
||||
/* Privileges */
|
||||
|
|
@ -554,8 +545,7 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
|
|||
not done in the 64 bit code above for hopefully obvious reasons... */
|
||||
LUID logon_sid_id;
|
||||
|
||||
if (must_create_logon_sid
|
||||
&& !NT_SUCCESS (NtAllocateLocallyUniqueId (&logon_sid_id)))
|
||||
if (must_create_logon_sid && !AllocateLocallyUniqueId (&logon_sid_id))
|
||||
return STATUS_INSUFFICIENT_RESOURCES;
|
||||
|
||||
if (!(tokinf = funcs->AllocateLsaHeap (authinf->inf_size)))
|
||||
|
|
@ -575,13 +565,13 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
|
|||
((PBYTE) tokinf + (LONG_PTR) tokinf->Groups->Groups[i].Sid);
|
||||
if (must_create_logon_sid
|
||||
&& tokinf->Groups->Groups[i].Attributes & SE_GROUP_LOGON_ID
|
||||
&& *RtlSubAuthorityCountSid (tokinf->Groups->Groups[i].Sid) == 3
|
||||
&& *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 0)
|
||||
&& *GetSidSubAuthorityCount (tokinf->Groups->Groups[i].Sid) == 3
|
||||
&& *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 0)
|
||||
== SECURITY_LOGON_IDS_RID)
|
||||
{
|
||||
*RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 1)
|
||||
*GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 1)
|
||||
= logon_sid_id.HighPart;
|
||||
*RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 2)
|
||||
*GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 2)
|
||||
= logon_sid_id.LowPart;
|
||||
}
|
||||
}
|
||||
|
|
@ -608,12 +598,12 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
|
|||
(PVOID)((LONG_PTR) &authinf->inf + authinf->inf_size));
|
||||
|
||||
/* Create logon session. */
|
||||
stat = NtAllocateLocallyUniqueId (logon_id);
|
||||
if (!NT_SUCCESS (stat))
|
||||
if (!AllocateLocallyUniqueId (logon_id))
|
||||
{
|
||||
funcs->FreeLsaHeap (*tok);
|
||||
*tok = NULL;
|
||||
cyglsa_printf ("NtAllocateLocallyUniqueId status 0x%08lx\n", stat);
|
||||
cyglsa_printf ("AllocateLocallyUniqueId failed: Win32 error %lu\n",
|
||||
GetLastError ());
|
||||
return STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
stat = funcs->CreateLogonSession (logon_id);
|
||||
|
|
|
|||
Binary file not shown.
|
|
@ -20,6 +20,10 @@ set -e
|
|||
CC="x86_64-w64-mingw32-gcc"
|
||||
CFLAGS="-fno-exceptions -O0 -Wall -Werror"
|
||||
LDFLAGS="-s -nostdlib -Wl,--entry,DllMain,--major-os-version,5,--minor-os-version,2"
|
||||
LIBS="-lkernel32 -lntdll"
|
||||
# Never again try to remove advapi32. It does not matter if the DLL calls
|
||||
# advapi32 functions or the equivalent ntdll functions.
|
||||
# But if the LSA authentication DLL is not linked against advapi32, it's
|
||||
# not recognized by LSA.
|
||||
LIBS="-ladvapi32 -lkernel32 -lntdll"
|
||||
|
||||
$CC $CFLAGS $LDFLAGS -shared -o cyglsa64.dll cyglsa.c cyglsa64.def $LIBS
|
||||
|
|
|
|||
Loading…
Reference in New Issue