* Makefile.in (LIBS): Re-add advapi32.dll. Explain why.

* make-64bit-version-with-mingw-w64.sh (LIBS): Ditto. * cyglsa.c: Drop NTDLL function declarations. Use equivalent advapi32 functions again, throughout. * cyglsa64.dll: Regenerate.
2012-05-29 12:46:01 +00:00 · 2012-05-29 12:46:01 +00:00 · 00ef94f338
parent d610936513
commit 00ef94f338
5 changed files with 36 additions and 30 deletions
--- a/winsup/lsaauth/ChangeLog
+++ b/winsup/lsaauth/ChangeLog
@ -1,3 +1,11 @@
+2012-05-29  Corinna Vinschen  <corinna@vinschen.de>
+
+	* Makefile.in (LIBS): Re-add advapi32.dll.  Explain why.
+	* make-64bit-version-with-mingw-w64.sh (LIBS): Ditto.
+	* cyglsa.c: Drop NTDLL function declarations.  Use equivalent advapi32
+	functions again, throughout.
+	* cyglsa64.dll: Regenerate.
+
 2011-05-10  Corinna Vinschen  <corinna@vinschen.de>

 	* Makefile.in: Don't override CC.
--- a/winsup/lsaauth/Makefile.in
+++ b/winsup/lsaauth/Makefile.in
@ -41,7 +41,11 @@ ifdef MINGW_CC
 override CC:=${MINGW_CC}
 endif

-LIBS		:= -lkernel32 -lntdll
+# Never again try to remove advapi32.  It does not matter if the DLL calls
+# advapi32 functions or the equivalent ntdll functions.
+# But if the LSA authentication DLL is not linked against advapi32, it's
+# not recognized by LSA.
+LIBS		:= -ladvapi32 -lkernel32 -lntdll

 DLL	:=	cyglsa.dll
 DEF_FILE:=	cyglsa.def
--- a/winsup/lsaauth/cyglsa.c
+++ b/winsup/lsaauth/cyglsa.c
@ -1,6 +1,6 @@
 /* cyglsa.c: LSA authentication module for Cygwin

-   Copyright 2006, 2008, 2010, 2011 Red Hat, Inc.
+   Copyright 2006, 2008, 2010, 2011, 2012 Red Hat, Inc.

   Written by Corinna Vinschen <corinna@vinschen.de>

@ -41,13 +41,6 @@ DllMain (HINSTANCE inst, DWORD reason, LPVOID res)
 #ifndef NT_SUCCESS
 #define NT_SUCCESS(s)	((s) >= 0)
 #endif
-NTSTATUS NTAPI NtAllocateLocallyUniqueId (PLUID);
-NTSTATUS NTAPI RtlCopySid (ULONG, PSID, PSID);
-NTSTATUS NTAPI RtlGetAce (PACL, ULONG, PVOID *);
-ULONG NTAPI RtlLengthSid (PSID);
-PULONG NTAPI RtlSubAuthoritySid (PSID, ULONG);
-PUCHAR NTAPI RtlSubAuthorityCountSid (PSID);
-BOOLEAN NTAPI RtlValidSid (PSID);
 /* These standard POSIX functions are implemented in NTDLL and exported.
   There's just no header to define them and using wchar.h from mingw
   or Cygwin seems wrong somehow. */
@ -123,7 +116,7 @@ print_sid (const char *prefix, int idx, PISID sid)
    cyglsa_printf ("NULL\n");
  else if (IsBadReadPtr (sid, 8))
    cyglsa_printf ("INVALID POINTER\n");
-  else if (!RtlValidSid ((PSID) sid))
+  else if (!IsValidSid ((PSID) sid))
    cyglsa_printf ("INVALID SID\n");
  else if (IsBadReadPtr (sid, 8 + sizeof (DWORD) * sid->SubAuthorityCount))
    cyglsa_printf ("INVALID POINTER SPACE\n");
@ -203,11 +196,9 @@ print_dacl (PACL dacl)
        {
 	  PVOID vace;
 	  PACCESS_ALLOWED_ACE ace;
-	  NTSTATUS stat;

-	  stat = RtlGetAce (dacl, i, &vace);
-	  if (!NT_SUCCESS (stat))
-	    cyglsa_printf ("[%lu] RtlGetAce status 0x%08lx\n", i, stat);
+	  if (!GetAce (dacl, i, &vace))
+	    cyglsa_printf ("[%lu] GetAce error %lu\n", i, GetLastError ());
 	  else
 	    {
 	      ace = (PACCESS_ALLOWED_ACE) vace;
@ -503,8 +494,8 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
      tokinf->ExpirationTime = authinf->inf.ExpirationTime;
      /* User SID */
      src_sid = (PSID) (base + authinf->inf.User.User.Sid);
-      size = RtlLengthSid (src_sid);
-      RtlCopySid (size, (PSID) tptr, src_sid);
+      size = GetLengthSid (src_sid);
+      CopySid (size, (PSID) tptr, src_sid);
      tokinf->User.User.Sid = (PSID) tptr;
      tptr += size;
      tokinf->User.User.Attributes = authinf->inf.User.User.Attributes;
@ -518,16 +509,16 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
      for (i = 0; i < src_grps->GroupCount; ++i)
 	{
 	  src_sid = (PSID) (base + src_grps->Groups[i].Sid);
-	  size = RtlLengthSid (src_sid);
-	  RtlCopySid (size, (PSID) tptr, src_sid);
+	  size = GetLengthSid (src_sid);
+	  CopySid (size, (PSID) tptr, src_sid);
 	  tokinf->Groups->Groups[i].Sid = (PSID) tptr;
 	  tptr += size;
 	  tokinf->Groups->Groups[i].Attributes = src_grps->Groups[i].Attributes;
 	}
      /* Primary Group SID */
      src_sid = (PSID) (base + authinf->inf.PrimaryGroup.PrimaryGroup);
-      size = RtlLengthSid (src_sid);
-      RtlCopySid (size, (PSID) tptr, src_sid);
+      size = GetLengthSid (src_sid);
+      CopySid (size, (PSID) tptr, src_sid);
      tokinf->PrimaryGroup.PrimaryGroup = (PSID) tptr;
      tptr += size;
      /* Privileges */
@ -554,8 +545,7 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
 	 not done in the 64 bit code above for hopefully obvious reasons... */
      LUID logon_sid_id;

-      if (must_create_logon_sid
-	  && !NT_SUCCESS (NtAllocateLocallyUniqueId (&logon_sid_id)))
+      if (must_create_logon_sid && !AllocateLocallyUniqueId (&logon_sid_id))
 	return STATUS_INSUFFICIENT_RESOURCES;

      if (!(tokinf = funcs->AllocateLsaHeap (authinf->inf_size)))
@ -575,13 +565,13 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
 		((PBYTE) tokinf + (LONG_PTR) tokinf->Groups->Groups[i].Sid);
 	  if (must_create_logon_sid
 	      && tokinf->Groups->Groups[i].Attributes & SE_GROUP_LOGON_ID
-	      && *RtlSubAuthorityCountSid (tokinf->Groups->Groups[i].Sid) == 3
-	      && *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 0)
+	      && *GetSidSubAuthorityCount (tokinf->Groups->Groups[i].Sid) == 3
+	      && *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 0)
 		 == SECURITY_LOGON_IDS_RID)
 	    {
-	      *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 1)
+	      *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 1)
 	      = logon_sid_id.HighPart;
-	      *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 2)
+	      *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 2)
 	      = logon_sid_id.LowPart;
 	    }
 	}
@ -608,12 +598,12 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
 		(PVOID)((LONG_PTR) &authinf->inf + authinf->inf_size));

  /* Create logon session. */
-  stat = NtAllocateLocallyUniqueId (logon_id);
-  if (!NT_SUCCESS (stat))
+  if (!AllocateLocallyUniqueId (logon_id))
    {
      funcs->FreeLsaHeap (*tok);
      *tok = NULL;
-      cyglsa_printf ("NtAllocateLocallyUniqueId status 0x%08lx\n", stat);
+      cyglsa_printf ("AllocateLocallyUniqueId failed: Win32 error %lu\n",
+		     GetLastError ());
      return STATUS_INSUFFICIENT_RESOURCES;
    }
  stat = funcs->CreateLogonSession (logon_id);
--- a/winsup/lsaauth/cyglsa64.dll
+++ b/winsup/lsaauth/cyglsa64.dll
--- a/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh
+++ b/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh
@ -20,6 +20,10 @@ set -e
 CC="x86_64-w64-mingw32-gcc"
 CFLAGS="-fno-exceptions -O0 -Wall -Werror"
 LDFLAGS="-s -nostdlib -Wl,--entry,DllMain,--major-os-version,5,--minor-os-version,2"
-LIBS="-lkernel32 -lntdll"
+# Never again try to remove advapi32.  It does not matter if the DLL calls
+# advapi32 functions or the equivalent ntdll functions.
+# But if the LSA authentication DLL is not linked against advapi32, it's
+# not recognized by LSA.
+LIBS="-ladvapi32 -lkernel32 -lntdll"

 $CC $CFLAGS $LDFLAGS -shared -o cyglsa64.dll cyglsa.c cyglsa64.def $LIBS