Cygwin: wincap: drop no_msv1_0_s4u_logon_in_wow64 flag and related code

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2022-03-07 10:42:08 +01:00 · 2022-03-07 10:42:08 +01:00 · 23b5466aed
parent 8b3081f4ca
commit 23b5466aed
3 changed files with 0 additions and 189 deletions
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@ -368,149 +368,6 @@ get_logon_server (PCWSTR domain, PWCHAR server, ULONG flags)
  return false;
 }

-static bool
-get_user_groups (WCHAR *logonserver, cygsidlist &grp_list,
-		 PWCHAR user, PWCHAR domain)
-{
-  WCHAR dgroup[MAX_DOMAIN_NAME_LEN + GNLEN + 2], *grp_p;
-  LPGROUP_USERS_INFO_0 buf;
-  DWORD cnt, tot;
-  NET_API_STATUS ret;
-
-  /* Look only on logonserver */
-  ret = NetUserGetGroups (logonserver, user, 0, (LPBYTE *) &buf,
-			  MAX_PREFERRED_LENGTH, &cnt, &tot);
-  if (ret)
-    {
-      __seterrno_from_win_error (ret);
-      /* It's no error when the user name can't be found.
-	 It's also no error if access has been denied.  Yes, sounds weird, but
-	 keep in mind that ERROR_ACCESS_DENIED means the current user has no
-	 permission to access the AD user information.  However, if we return
-	 an error, Cygwin will call DsGetDcName with DS_FORCE_REDISCOVERY set
-	 to ask for another server.  This is not only time consuming, it's also
-	 useless; the next server will return access denied again. */
-      return ret == NERR_UserNotFound || ret == ERROR_ACCESS_DENIED;
-    }
-
-  grp_p = wcpncpy (dgroup, domain, MAX_DOMAIN_NAME_LEN);
-  *grp_p++ = L'\\';
-
-  for (DWORD i = 0; i < cnt; ++i)
-    {
-      cygsid gsid;
-      DWORD glen = SECURITY_MAX_SID_SIZE;
-      WCHAR dom[MAX_DOMAIN_NAME_LEN + 1];
-      DWORD dlen = sizeof (dom);
-      SID_NAME_USE use = SidTypeInvalid;
-
-      *wcpncpy (grp_p, buf[i].grui0_name, sizeof dgroup / sizeof *dgroup
-					 - (grp_p - dgroup) - 1) = L'\0';
-      if (!LookupAccountNameW (NULL, dgroup, gsid, &glen, dom, &dlen, &use))
-	debug_printf ("LookupAccountName(%W), %E", dgroup);
-      else if (well_known_sid_type (use))
-	grp_list *= gsid;
-      else if (legal_sid_type (use))
-	grp_list += gsid;
-      else
-	debug_printf ("Global group %W invalid. Use: %u", dgroup, use);
-    }
-
-  NetApiBufferFree (buf);
-  return true;
-}
-
-static bool
-get_user_local_groups (PWCHAR domain, cygsidlist &grp_list, PWCHAR user)
-{
-  LPLOCALGROUP_INFO_0 buf;
-  DWORD cnt, tot;
-  NET_API_STATUS ret;
-
-  /* We want to know the membership in local groups on the current machine.
-     Thus, don't ask the logonserver, ask the local machine.  In contrast
-     to most other NetUser functions, NetUserGetLocalGroups accepts the
-     username in DOMAIN\user form. */
-  WCHAR username[MAX_DOMAIN_NAME_LEN + UNLEN + 2];
-  wcpcpy (wcpcpy (wcpcpy (username, domain), L"\\"), user);
-  ret = NetUserGetLocalGroups (NULL, username, 0, LG_INCLUDE_INDIRECT,
-			       (LPBYTE *) &buf, MAX_PREFERRED_LENGTH,
-			       &cnt, &tot);
-  if (ret)
-    {
-      debug_printf ("username: %W", username);
-      __seterrno_from_win_error (ret);
-      return false;
-    }
-
-  WCHAR domlocal_grp[MAX_DOMAIN_NAME_LEN + GNLEN + 2];
-  WCHAR builtin_grp[2 * GNLEN + 2];
-  PWCHAR dg_ptr, bg_ptr = NULL;
-  SID_NAME_USE use;
-
-  dg_ptr = wcpcpy (domlocal_grp, domain);
-  *dg_ptr++ = L'\\';
-
-  for (DWORD i = 0; i < cnt; ++i)
-    {
-      cygsid gsid;
-      DWORD glen = SECURITY_MAX_SID_SIZE;
-      WCHAR dom[MAX_DOMAIN_NAME_LEN + 1];
-      DWORD domlen = MAX_DOMAIN_NAME_LEN + 1;
-
-      use = SidTypeInvalid;
-      wcscpy (dg_ptr, buf[i].lgrpi0_name);
-      if (LookupAccountNameW (NULL, domlocal_grp, gsid, &glen,
-			      dom, &domlen, &use))
-	{
-	  if (well_known_sid_type (use))
-	    grp_list *= gsid;
-	  else if (legal_sid_type (use))
-	    grp_list += gsid;
-	  else
-	    debug_printf ("Rejecting local %W. use: %u", dg_ptr, use);
-	}
-      else if (GetLastError () == ERROR_NONE_MAPPED)
-	{
-	  /* Check if it's a builtin group. */
-	  if (!bg_ptr)
-	    {
-	      /* Retrieve name of builtin group from system since it's
-		 localized. */
-	      glen = 2 * GNLEN + 2;
-	      if (!LookupAccountSidW (NULL, well_known_builtin_sid,
-				      builtin_grp, &glen, domain, &domlen, &use))
-		debug_printf ("LookupAccountSid(BUILTIN), %E");
-	      else
-		{
-		  bg_ptr = builtin_grp + wcslen (builtin_grp);
-		  bg_ptr = wcpcpy (builtin_grp, L"\\");
-		}
-	    }
-	  if (bg_ptr)
-	    {
-	      wcscpy (bg_ptr, dg_ptr);
-	      glen = SECURITY_MAX_SID_SIZE;
-	      domlen = MAX_DOMAIN_NAME_LEN + 1;
-	      if (LookupAccountNameW (NULL, builtin_grp, gsid, &glen,
-				      dom, &domlen, &use))
-		{
-		  if (!legal_sid_type (use))
-		    debug_printf ("Rejecting local %W. use: %u", dg_ptr, use);
-		  else
-		    grp_list *= gsid;
-		}
-	      else
-		debug_printf ("LookupAccountName(%W), %E", builtin_grp);
-	    }
-	}
-      else
-	debug_printf ("LookupAccountName(%W), %E", domlocal_grp);
-    }
-  NetApiBufferFree (buf);
-  return true;
-}
-
 static bool
 sid_in_token_groups (PTOKEN_GROUPS grps, cygpsid sid)
 {
@ -583,37 +440,6 @@ get_server_groups (cygsidlist &grp_list, PSID usersid,
  if (sid_id_auth (usersid) == 5 /* SECURITY_NT_AUTHORITY */
      && sid_sub_auth (usersid, 0) == SECURITY_NT_NON_UNIQUE)
    {
-      if (wincap.no_msv1_0_s4u_logon_in_wow64 ())
-	{
-	  WCHAR server[INTERNET_MAX_HOST_NAME_LENGTH + 3];
-
-	  if (!get_logon_server (domain, server, DS_IS_FLAT_NAME))
-	    return false;
-	  if (check_account_disabled == CHK_DISABLED)
-	    {
-	      NET_API_STATUS napi_stat;
-	      USER_INFO_1 *ui1;
-	      bool allow_user = false;
-
-	      napi_stat = NetUserGetInfo (server, user, 1, (LPBYTE *) &ui1);
-	      if (napi_stat == NERR_Success)
-		allow_user = !(ui1->usri1_flags & (UF_ACCOUNTDISABLE | UF_LOCKOUT));
-	      if (ui1)
-		NetApiBufferFree (ui1);
-	      if (!allow_user)
-		{
-		  debug_printf ("User denied: %W\\%W", domain, user);
-		  set_errno (EACCES);
-		  return false;
-		}
-	    }
-	  grp_list *= well_known_world_sid;
-	  grp_list *= well_known_authenticated_users_sid;
-	  get_user_groups (server, grp_list, user, domain);
-	  get_user_local_groups (domain, grp_list, user);
-	  return true;
-	}
-
      tmp_pathbuf tp;
      HANDLE token;
      NTSTATUS status;
--- a/winsup/cygwin/wincap.cc
+++ b/winsup/cygwin/wincap.cc
@ -36,7 +36,6 @@ wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = {
    has_posix_unlink_semantics_with_ignore_readonly:false,
    has_case_sensitive_dirs:false,
    has_posix_rename_semantics:false,
-    no_msv1_0_s4u_logon_in_wow64:true,
    has_con_24bit_colors:false,
    has_con_broken_csi3j:false,
    has_con_broken_il_dl:false,
@ -68,7 +67,6 @@ wincaps wincap_8 __attribute__((section (".cygwin_dll_common"), shared)) = {
    has_posix_unlink_semantics_with_ignore_readonly:false,
    has_case_sensitive_dirs:false,
    has_posix_rename_semantics:false,
-    no_msv1_0_s4u_logon_in_wow64:false,
    has_con_24bit_colors:false,
    has_con_broken_csi3j:false,
    has_con_broken_il_dl:false,
@ -100,7 +98,6 @@ wincaps wincap_8_1 __attribute__((section (".cygwin_dll_common"), shared)) = {
    has_posix_unlink_semantics_with_ignore_readonly:false,
    has_case_sensitive_dirs:false,
    has_posix_rename_semantics:false,
-    no_msv1_0_s4u_logon_in_wow64:false,
    has_con_24bit_colors:false,
    has_con_broken_csi3j:false,
    has_con_broken_il_dl:false,
@ -132,7 +129,6 @@ wincaps  wincap_10_1507 __attribute__((section (".cygwin_dll_common"), shared))
    has_posix_unlink_semantics_with_ignore_readonly:false,
    has_case_sensitive_dirs:false,
    has_posix_rename_semantics:false,
-    no_msv1_0_s4u_logon_in_wow64:false,
    has_con_24bit_colors:false,
    has_con_broken_csi3j:false,
    has_con_broken_il_dl:false,
@ -164,7 +160,6 @@ wincaps  wincap_10_1607 __attribute__((section (".cygwin_dll_common"), shared))
    has_posix_unlink_semantics_with_ignore_readonly:false,
    has_case_sensitive_dirs:false,
    has_posix_rename_semantics:false,
-    no_msv1_0_s4u_logon_in_wow64:false,
    has_con_24bit_colors:false,
    has_con_broken_csi3j:false,
    has_con_broken_il_dl:false,
@ -196,7 +191,6 @@ wincaps wincap_10_1703 __attribute__((section (".cygwin_dll_common"), shared)) =
    has_posix_unlink_semantics_with_ignore_readonly:false,
    has_case_sensitive_dirs:false,
    has_posix_rename_semantics:false,
-    no_msv1_0_s4u_logon_in_wow64:false,
    has_con_24bit_colors:true,
    has_con_broken_csi3j:false,
    has_con_broken_il_dl:false,
@ -228,7 +222,6 @@ wincaps wincap_10_1709 __attribute__((section (".cygwin_dll_common"), shared)) =
    has_posix_unlink_semantics_with_ignore_readonly:false,
    has_case_sensitive_dirs:false,
    has_posix_rename_semantics:false,
-    no_msv1_0_s4u_logon_in_wow64:false,
    has_con_24bit_colors:true,
    has_con_broken_csi3j:false,
    has_con_broken_il_dl:false,
@ -260,7 +253,6 @@ wincaps wincap_10_1803 __attribute__((section (".cygwin_dll_common"), shared)) =
    has_posix_unlink_semantics_with_ignore_readonly:false,
    has_case_sensitive_dirs:true,
    has_posix_rename_semantics:false,
-    no_msv1_0_s4u_logon_in_wow64:false,
    has_con_24bit_colors:true,
    has_con_broken_csi3j:false,
    has_con_broken_il_dl:false,
@ -292,7 +284,6 @@ wincaps wincap_10_1809 __attribute__((section (".cygwin_dll_common"), shared)) =
    has_posix_unlink_semantics_with_ignore_readonly:true,
    has_case_sensitive_dirs:true,
    has_posix_rename_semantics:true,
-    no_msv1_0_s4u_logon_in_wow64:false,
    has_con_24bit_colors:true,
    has_con_broken_csi3j:true,
    has_con_broken_il_dl:false,
@ -324,7 +315,6 @@ wincaps wincap_10_1903 __attribute__((section (".cygwin_dll_common"), shared)) =
    has_posix_unlink_semantics_with_ignore_readonly:true,
    has_case_sensitive_dirs:true,
    has_posix_rename_semantics:true,
-    no_msv1_0_s4u_logon_in_wow64:false,
    has_con_24bit_colors:true,
    has_con_broken_csi3j:false,
    has_con_broken_il_dl:true,
@ -356,7 +346,6 @@ wincaps wincap_10_2004 __attribute__((section (".cygwin_dll_common"), shared)) =
    has_posix_unlink_semantics_with_ignore_readonly:true,
    has_case_sensitive_dirs:true,
    has_posix_rename_semantics:true,
-    no_msv1_0_s4u_logon_in_wow64:false,
    has_con_24bit_colors:true,
    has_con_broken_csi3j:false,
    has_con_broken_il_dl:false,
@ -388,7 +377,6 @@ wincaps wincap_11 __attribute__((section (".cygwin_dll_common"), shared)) = {
    has_posix_unlink_semantics_with_ignore_readonly:true,
    has_case_sensitive_dirs:true,
    has_posix_rename_semantics:true,
-    no_msv1_0_s4u_logon_in_wow64:false,
    has_con_24bit_colors:true,
    has_con_broken_csi3j:false,
    has_con_broken_il_dl:false,
@ -463,7 +451,6 @@ wincapc::init ()
    {
      ((wincaps *)caps)->has_gaa_largeaddress_bug = false;
      ((wincaps *)caps)->has_broken_prefetchvm = false;
-      ((wincaps *)caps)->no_msv1_0_s4u_logon_in_wow64 = false;
    }

  __small_sprintf (osnam, "NT-%d.%d", version.dwMajorVersion,
--- a/winsup/cygwin/wincap.h
+++ b/winsup/cygwin/wincap.h
@ -30,7 +30,6 @@ struct wincaps
    unsigned has_posix_unlink_semantics_with_ignore_readonly	: 1;
    unsigned has_case_sensitive_dirs				: 1;
    unsigned has_posix_rename_semantics				: 1;
-    unsigned no_msv1_0_s4u_logon_in_wow64			: 1;
    unsigned has_con_24bit_colors				: 1;
    unsigned has_con_broken_csi3j				: 1;
    unsigned has_con_broken_il_dl				: 1;
@ -92,7 +91,6 @@ public:
  bool	IMPLEMENT (has_posix_unlink_semantics_with_ignore_readonly)
  bool	IMPLEMENT (has_case_sensitive_dirs)
  bool	IMPLEMENT (has_posix_rename_semantics)
-  bool	IMPLEMENT (no_msv1_0_s4u_logon_in_wow64)
  bool	IMPLEMENT (has_con_24bit_colors)
  bool	IMPLEMENT (has_con_broken_csi3j)
  bool	IMPLEMENT (has_con_broken_il_dl)