diff --git a/winsup/lsaauth/ChangeLog b/winsup/lsaauth/ChangeLog index bbb763a1e..b78696af2 100644 --- a/winsup/lsaauth/ChangeLog +++ b/winsup/lsaauth/ChangeLog @@ -1,3 +1,11 @@ +2012-05-29 Corinna Vinschen + + * Makefile.in (LIBS): Re-add advapi32.dll. Explain why. + * make-64bit-version-with-mingw-w64.sh (LIBS): Ditto. + * cyglsa.c: Drop NTDLL function declarations. Use equivalent advapi32 + functions again, throughout. + * cyglsa64.dll: Regenerate. + 2011-05-10 Corinna Vinschen * Makefile.in: Don't override CC. diff --git a/winsup/lsaauth/Makefile.in b/winsup/lsaauth/Makefile.in index 948c08b34..bb585dfda 100644 --- a/winsup/lsaauth/Makefile.in +++ b/winsup/lsaauth/Makefile.in @@ -41,7 +41,11 @@ ifdef MINGW_CC override CC:=${MINGW_CC} endif -LIBS := -lkernel32 -lntdll +# Never again try to remove advapi32. It does not matter if the DLL calls +# advapi32 functions or the equivalent ntdll functions. +# But if the LSA authentication DLL is not linked against advapi32, it's +# not recognized by LSA. +LIBS := -ladvapi32 -lkernel32 -lntdll DLL := cyglsa.dll DEF_FILE:= cyglsa.def diff --git a/winsup/lsaauth/cyglsa.c b/winsup/lsaauth/cyglsa.c index e64d0e11f..341fdd12c 100644 --- a/winsup/lsaauth/cyglsa.c +++ b/winsup/lsaauth/cyglsa.c @@ -1,6 +1,6 @@ /* cyglsa.c: LSA authentication module for Cygwin - Copyright 2006, 2008, 2010, 2011 Red Hat, Inc. + Copyright 2006, 2008, 2010, 2011, 2012 Red Hat, Inc. Written by Corinna Vinschen @@ -41,13 +41,6 @@ DllMain (HINSTANCE inst, DWORD reason, LPVOID res) #ifndef NT_SUCCESS #define NT_SUCCESS(s) ((s) >= 0) #endif -NTSTATUS NTAPI NtAllocateLocallyUniqueId (PLUID); -NTSTATUS NTAPI RtlCopySid (ULONG, PSID, PSID); -NTSTATUS NTAPI RtlGetAce (PACL, ULONG, PVOID *); -ULONG NTAPI RtlLengthSid (PSID); -PULONG NTAPI RtlSubAuthoritySid (PSID, ULONG); -PUCHAR NTAPI RtlSubAuthorityCountSid (PSID); -BOOLEAN NTAPI RtlValidSid (PSID); /* These standard POSIX functions are implemented in NTDLL and exported. There's just no header to define them and using wchar.h from mingw or Cygwin seems wrong somehow. */ @@ -123,7 +116,7 @@ print_sid (const char *prefix, int idx, PISID sid) cyglsa_printf ("NULL\n"); else if (IsBadReadPtr (sid, 8)) cyglsa_printf ("INVALID POINTER\n"); - else if (!RtlValidSid ((PSID) sid)) + else if (!IsValidSid ((PSID) sid)) cyglsa_printf ("INVALID SID\n"); else if (IsBadReadPtr (sid, 8 + sizeof (DWORD) * sid->SubAuthorityCount)) cyglsa_printf ("INVALID POINTER SPACE\n"); @@ -203,11 +196,9 @@ print_dacl (PACL dacl) { PVOID vace; PACCESS_ALLOWED_ACE ace; - NTSTATUS stat; - stat = RtlGetAce (dacl, i, &vace); - if (!NT_SUCCESS (stat)) - cyglsa_printf ("[%lu] RtlGetAce status 0x%08lx\n", i, stat); + if (!GetAce (dacl, i, &vace)) + cyglsa_printf ("[%lu] GetAce error %lu\n", i, GetLastError ()); else { ace = (PACCESS_ALLOWED_ACE) vace; @@ -503,8 +494,8 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type, tokinf->ExpirationTime = authinf->inf.ExpirationTime; /* User SID */ src_sid = (PSID) (base + authinf->inf.User.User.Sid); - size = RtlLengthSid (src_sid); - RtlCopySid (size, (PSID) tptr, src_sid); + size = GetLengthSid (src_sid); + CopySid (size, (PSID) tptr, src_sid); tokinf->User.User.Sid = (PSID) tptr; tptr += size; tokinf->User.User.Attributes = authinf->inf.User.User.Attributes; @@ -518,16 +509,16 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type, for (i = 0; i < src_grps->GroupCount; ++i) { src_sid = (PSID) (base + src_grps->Groups[i].Sid); - size = RtlLengthSid (src_sid); - RtlCopySid (size, (PSID) tptr, src_sid); + size = GetLengthSid (src_sid); + CopySid (size, (PSID) tptr, src_sid); tokinf->Groups->Groups[i].Sid = (PSID) tptr; tptr += size; tokinf->Groups->Groups[i].Attributes = src_grps->Groups[i].Attributes; } /* Primary Group SID */ src_sid = (PSID) (base + authinf->inf.PrimaryGroup.PrimaryGroup); - size = RtlLengthSid (src_sid); - RtlCopySid (size, (PSID) tptr, src_sid); + size = GetLengthSid (src_sid); + CopySid (size, (PSID) tptr, src_sid); tokinf->PrimaryGroup.PrimaryGroup = (PSID) tptr; tptr += size; /* Privileges */ @@ -554,8 +545,7 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type, not done in the 64 bit code above for hopefully obvious reasons... */ LUID logon_sid_id; - if (must_create_logon_sid - && !NT_SUCCESS (NtAllocateLocallyUniqueId (&logon_sid_id))) + if (must_create_logon_sid && !AllocateLocallyUniqueId (&logon_sid_id)) return STATUS_INSUFFICIENT_RESOURCES; if (!(tokinf = funcs->AllocateLsaHeap (authinf->inf_size))) @@ -575,13 +565,13 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type, ((PBYTE) tokinf + (LONG_PTR) tokinf->Groups->Groups[i].Sid); if (must_create_logon_sid && tokinf->Groups->Groups[i].Attributes & SE_GROUP_LOGON_ID - && *RtlSubAuthorityCountSid (tokinf->Groups->Groups[i].Sid) == 3 - && *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 0) + && *GetSidSubAuthorityCount (tokinf->Groups->Groups[i].Sid) == 3 + && *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 0) == SECURITY_LOGON_IDS_RID) { - *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 1) + *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 1) = logon_sid_id.HighPart; - *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 2) + *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 2) = logon_sid_id.LowPart; } } @@ -608,12 +598,12 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type, (PVOID)((LONG_PTR) &authinf->inf + authinf->inf_size)); /* Create logon session. */ - stat = NtAllocateLocallyUniqueId (logon_id); - if (!NT_SUCCESS (stat)) + if (!AllocateLocallyUniqueId (logon_id)) { funcs->FreeLsaHeap (*tok); *tok = NULL; - cyglsa_printf ("NtAllocateLocallyUniqueId status 0x%08lx\n", stat); + cyglsa_printf ("AllocateLocallyUniqueId failed: Win32 error %lu\n", + GetLastError ()); return STATUS_INSUFFICIENT_RESOURCES; } stat = funcs->CreateLogonSession (logon_id); diff --git a/winsup/lsaauth/cyglsa64.dll b/winsup/lsaauth/cyglsa64.dll index 14f1f6cff..f3324d26a 100644 Binary files a/winsup/lsaauth/cyglsa64.dll and b/winsup/lsaauth/cyglsa64.dll differ diff --git a/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh b/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh index a93daf8f3..4a8c37c23 100644 --- a/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh +++ b/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh @@ -20,6 +20,10 @@ set -e CC="x86_64-w64-mingw32-gcc" CFLAGS="-fno-exceptions -O0 -Wall -Werror" LDFLAGS="-s -nostdlib -Wl,--entry,DllMain,--major-os-version,5,--minor-os-version,2" -LIBS="-lkernel32 -lntdll" +# Never again try to remove advapi32. It does not matter if the DLL calls +# advapi32 functions or the equivalent ntdll functions. +# But if the LSA authentication DLL is not linked against advapi32, it's +# not recognized by LSA. +LIBS="-ladvapi32 -lkernel32 -lntdll" $CC $CFLAGS $LDFLAGS -shared -o cyglsa64.dll cyglsa.c cyglsa64.def $LIBS