* Makefile.in (LIBS): Remove advapi32.dll.

(clean): Remove cyglsa.def.
	* cyglsa.c: Drop definitions required for VC++.  Don't include ntddk.h.
	Declare functions from NTDLL here.  Explain why.  Use NTDLL functions
	in place of ADVAPI32 functions.
	* cyglsa64.def: New file.
	* cyglsa64.dll: Regenerate.
	* make-64bit-version-with-mingw-w64.sh (LIBS): Remove advapi32.dll.
	Reference cyglsa64.def instead of mslsa.def.
	* make-64bit-version-with-visual-c.bat: Remove.
	* mslsa.def: Remove.

winsup/lsaauth/ChangeLog

@@ -1,4 +1,18 @@
-2011-03-30  Yaakov Selkowitz  <yselkowitz@users.sourceforge.net>
+2011-03-31  Corinna Vinschen  <corinna@vinschen.de>
+
+	* Makefile.in (LIBS): Remove advapi32.dll.
+	(clean): Remove cyglsa.def.
+	* cyglsa.c: Drop definitions required for VC++.  Don't include ntddk.h.
+	Declare functions from NTDLL here.  Explain why.  Use NTDLL functions
+	in place of ADVAPI32 functions.
+	* cyglsa64.def: New file.
+	* cyglsa64.dll: Regenerate.
+	* make-64bit-version-with-mingw-w64.sh (LIBS): Remove advapi32.dll.
+	Reference cyglsa64.def instead of mslsa.def.
+	* make-64bit-version-with-visual-c.bat: Remove.
+	* mslsa.def: Remove.
+
+2011-03-31  Yaakov Selkowitz  <yselkowitz@users.sourceforge.net>
 
 	* cyglsa.c: Fix compilation with MinGW-w64 toolchains.
 	* make-64bit-version-with-mingw-w64.sh: New file.

winsup/lsaauth/Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (c) 2006, Red Hat, Inc.
+# Copyright (c) 2006, 2008, 2009, 2011 Red Hat, Inc.
 #
 #     This program is free software; you can redistribute it and/or modify
 #     it under the terms of the GNU General Public License as published by
@@ -43,7 +43,7 @@ ifdef MINGW_CC
 override CC:=${MINGW_CC}
 endif
 
-LIBS		:= -ladvapi32 -lkernel32 -lntdll
+LIBS		:= -lkernel32 -lntdll
 
 DLL	:=	cyglsa.dll
 DEF_FILE:=	cyglsa.def
@@ -67,7 +67,7 @@ realclean: clean
 	rm -f  Makefile config.cache
 
 clean:
-	rm -f *.o *.dll
+	rm -f *.o *.dll cyglsa.def
 
 install: all
 	$(SHELL) $(updir1)/mkinstalldirs $(DESTDIR)$(bindir)

winsup/lsaauth/cyglsa.c

@@ -10,18 +10,13 @@ This software is a copyrighted work licensed under the terms of the
 Cygwin license.  Please consult the file "CYGWIN_LICENSE" for details. */
 
 #define WINVER 0x0600
-#define _CRT_SECURE_NO_DEPRECATE
 #include <ntstatus.h>
-#define WIN32_NO_STATUS
 #include <wchar.h>
 #include <windows.h>
 #include <wininet.h>
 #include <lmcons.h>
 #include <iptypes.h>
 #include <ntsecapi.h>
-#if defined(__MINGW32__) && !defined(_W64)
-#include <ntddk.h>
-#endif
 #include "../cygwin/cyglsa.h"
 #include "../cygwin/include/cygwin/version.h"
 
@@ -42,6 +37,19 @@ DllMain (HINSTANCE inst, DWORD reason, LPVOID res)
   return TRUE;
 }
 
+/* Declare NTDLL functions here to avoid problems with different
+   header file layout in different compiler environments. */
+#ifndef NT_SUCCESS
+#define NT_SUCCESS(s)	((s) >= 0)
+#endif
+NTSTATUS NTAPI NtAllocateLocallyUniqueId (PLUID);
+NTSTATUS NTAPI RtlCopySid (ULONG, PSID, PSID);
+NTSTATUS NTAPI RtlGetAce (PACL, ULONG, PVOID *);
+ULONG NTAPI RtlLengthSid (PSID);
+PULONG NTAPI RtlSubAuthoritySid (PSID, ULONG);
+PUCHAR NTAPI RtlSubAuthorityCountSid (PSID);
+BOOLEAN NTAPI RtlValidSid (PSID);
+
 #ifndef RtlInitEmptyUnicodeString
 __inline VOID NTAPI
 RtlInitEmptyUnicodeString(PUNICODE_STRING dest, PCWSTR buf, USHORT len)
@@ -111,7 +119,7 @@ print_sid (const char *prefix, int idx, PISID sid)
     cyglsa_printf ("NULL\n");
   else if (IsBadReadPtr (sid, 8))
     cyglsa_printf ("INVALID POINTER\n");
-  else if (!IsValidSid ((PSID) sid))
+  else if (!RtlValidSid ((PSID) sid))
     cyglsa_printf ("INVALID SID\n");
   else if (IsBadReadPtr (sid, 8 + sizeof (DWORD) * sid->SubAuthorityCount))
     cyglsa_printf ("INVALID POINTER SPACE\n");
@@ -191,9 +199,11 @@ print_dacl (PACL dacl)
         {
 	  PVOID vace;
 	  PACCESS_ALLOWED_ACE ace;
+	  NTSTATUS stat;
 
-	  if (!GetAce (dacl, i, &vace))
-	    cyglsa_printf ("[%lu] GetAce error %lu\n", i, GetLastError ());
+	  stat = RtlGetAce (dacl, i, &vace);
+	  if (!NT_SUCCESS (stat))
+	    cyglsa_printf ("[%lu] RtlGetAce status 0x%08lx\n", i, stat);
 	  else
 	    {
 	      ace = (PACCESS_ALLOWED_ACE) vace;
@@ -489,8 +499,8 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
       tokinf->ExpirationTime = authinf->inf.ExpirationTime;
       /* User SID */
       src_sid = (PSID) (base + authinf->inf.User.User.Sid);
-      size = GetLengthSid (src_sid);
-      CopySid (size, (PSID) tptr, src_sid);
+      size = RtlLengthSid (src_sid);
+      RtlCopySid (size, (PSID) tptr, src_sid);
       tokinf->User.User.Sid = (PSID) tptr;
       tptr += size;
       tokinf->User.User.Attributes = authinf->inf.User.User.Attributes;
@@ -504,16 +514,16 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
       for (i = 0; i < src_grps->GroupCount; ++i)
 	{
 	  src_sid = (PSID) (base + src_grps->Groups[i].Sid);
-	  size = GetLengthSid (src_sid);
-	  CopySid (size, (PSID) tptr, src_sid);
+	  size = RtlLengthSid (src_sid);
+	  RtlCopySid (size, (PSID) tptr, src_sid);
 	  tokinf->Groups->Groups[i].Sid = (PSID) tptr;
 	  tptr += size;
 	  tokinf->Groups->Groups[i].Attributes = src_grps->Groups[i].Attributes;
 	}
       /* Primary Group SID */
       src_sid = (PSID) (base + authinf->inf.PrimaryGroup.PrimaryGroup);
-      size = GetLengthSid (src_sid);
-      CopySid (size, (PSID) tptr, src_sid);
+      size = RtlLengthSid (src_sid);
+      RtlCopySid (size, (PSID) tptr, src_sid);
       tokinf->PrimaryGroup.PrimaryGroup = (PSID) tptr;
       tptr += size;
       /* Privileges */
@@ -540,7 +550,8 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
 	 not done in the 64 bit code above for hopefully obvious reasons... */
       LUID logon_sid_id;
 
-      if (must_create_logon_sid && !AllocateLocallyUniqueId (&logon_sid_id))
+      if (must_create_logon_sid
+	  && !NT_SUCCESS (NtAllocateLocallyUniqueId (&logon_sid_id)))
 	return STATUS_INSUFFICIENT_RESOURCES;
 
       if (!(tokinf = funcs->AllocateLsaHeap (authinf->inf_size)))
@@ -560,13 +571,13 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
 		((PBYTE) tokinf + (LONG_PTR) tokinf->Groups->Groups[i].Sid);
 	  if (must_create_logon_sid
 	      && tokinf->Groups->Groups[i].Attributes & SE_GROUP_LOGON_ID
-	      && *GetSidSubAuthorityCount (tokinf->Groups->Groups[i].Sid) == 3
-	      && *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 0)
+	      && *RtlSubAuthorityCountSid (tokinf->Groups->Groups[i].Sid) == 3
+	      && *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 0)
 		 == SECURITY_LOGON_IDS_RID)
 	    {
-	      *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 1)
+	      *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 1)
 	      = logon_sid_id.HighPart;
-	      *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 2)
+	      *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 2)
 	      = logon_sid_id.LowPart;
 	    }
 	}
@@ -593,12 +604,12 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
 		(PVOID)((LONG_PTR) &authinf->inf + authinf->inf_size));
 
   /* Create logon session. */
-  if (!AllocateLocallyUniqueId (logon_id))
+  stat = NtAllocateLocallyUniqueId (logon_id);
+  if (!NT_SUCCESS (stat))
     {
       funcs->FreeLsaHeap (*tok);
       *tok = NULL;
-      cyglsa_printf ("AllocateLocallyUniqueId failed: Win32 error %lu\n",
-	      GetLastError ());
+      cyglsa_printf ("NtAllocateLocallyUniqueId status 0x%08lx\n", stat);
       return STATUS_INSUFFICIENT_RESOURCES;
     }
   stat = funcs->CreateLogonSession (logon_id);

winsup/lsaauth/make-64bit-version-with-mingw-w64.sh

@@ -20,6 +20,6 @@ set -e
 CC="x86_64-w64-mingw32-gcc"
 CFLAGS="-fno-exceptions -O0 -Wall -Werror"
 LDFLAGS="-s -nostdlib -Wl,--entry,DllMain,--major-os-version,5,--minor-os-version,2"
-LIBS="-ladvapi32 -lkernel32 -lntdll"
+LIBS="-lkernel32 -lntdll"
 
-$CC $CFLAGS $LDFLAGS -shared -o cyglsa64.dll cyglsa.c mslsa.def $LIBS
+$CC $CFLAGS $LDFLAGS -shared -o cyglsa64.dll cyglsa.c cyglsa64.def $LIBS

winsup/lsaauth/make-64bit-version-with-visual-c.bat

@@ -1,30 +0,0 @@
-@echo off
-rem This batchfile shows how to generate a 64 bit version of cyglsa.dll.
-rem The 32 bit version will not work on 64 bit systems.
-rem
-rem Note that you need not only the SDK headers and libs, but also the
-rem 64 bit ntdll.lib file from a DDK supporting 64 bit builds.
-rem
-rem Make sure all necessary include paths are set in %Include% (inc\ddk,
-rem inc\atl, inc\crt) and make sure that %Lib% points to the 64 bit libs, not
-rem to the 32 bit libs.  In the latter case the link stage will succeed,
-rem but the resulting DLL is non-functional.
-rem
-rem This can be used as long as no x86_64-pe/coff capable gcc is available.
-rem Note that this is for building inside the source dir as not to interfere
-rem with the "official" 32 bit build in the build directory.
-rem
-rem Install the dll into /bin and use the cyglsa-config script to register it.
-rem Don't forget to reboot afterwards.
-rem
-rem Use "/DDEBUGGING" in the cl line to create debugging output to
-rem C:\cyglsa.dbgout at runtime.
-rem
-rem No idea when that changed, but in the latest SDKs you have to disable
-rem the security checks and there's apparently no runtmchk.lib anymore.
-rem I leave the old statements in for reference.
-rem cl /Wp64 /c cyglsa.c
-rem link /nodefaultlib /dll /machine:x64 /entry:DllMain /out:cyglsa64.dll /def:mslsa.def cyglsa.obj runtmchk.lib advapi32.lib kernel32.lib ntdll.lib
-rem cl /Wp64 /EHs-c- /GS- /GR- /GL- /c cyglsa.c
-cl /EHs-c- /GS- /GR- /GL- /c cyglsa.c
-link /nodefaultlib /dll /machine:x64 /entry:DllMain /out:cyglsa64.dll /def:mslsa.def cyglsa.obj advapi32.lib kernel32.lib ntdll.lib