Initial release of the Cygwin subauthentication DLL.

* ChangeLog: New file.
        * Makefile.in: Ditto.
        * configure: Ditto. Generated from configure.in.
        * configure.in: Ditto.
        * cygsuba.c: Ditto.
        * cygsuba.din: Ditto.

winsup/subauth/ChangeLog

@@ -0,0 +1,9 @@
+Fri May  4 15:06:00  Corinna Vinschen <corinna@vinschen.de>
+
+	Initial release of the Cygwin subauthentication DLL.
+	* ChangeLog: New file.
+	* Makefile.in: Ditto.
+	* configure: Ditto. Generated from configure.in.
+	* configure.in: Ditto.
+	* cygsuba.c: Ditto.
+	* cygsuba.din: Ditto.

winsup/subauth/Makefile.in

@@ -0,0 +1,89 @@
+# Copyright (c) 2001, Red Hat, Inc.
+#
+#     This program is free software; you can redistribute it and/or modify
+#     it under the terms of the GNU General Public License as published by
+#     the Free Software Foundation; either version 2 of the License, or
+#     (at your option) any later version.
+#
+#     A copy of the GNU General Public License can be found at
+#     http://www.gnu.org/
+#
+# Written by Corinna Vinschen <vinschen@redhat.de>
+#
+# Makefile for Cygwin subauthentication DLL.
+
+SHELL := @SHELL@
+
+srcdir          := @srcdir@
+VPATH           := @srcdir@
+prefix          := @prefix@
+exec_prefix     := @exec_prefix@
+
+bindir          := @bindir@
+etcdir          := $(exec_prefix)/etc
+
+program_transform_name := @program_transform_name@
+
+INSTALL         := @INSTALL@
+INSTALL_PROGRAM := @INSTALL_PROGRAM@
+INSTALL_DATA    := @INSTALL_DATA@
+
+CC              := @CC@
+CC_FOR_TARGET   := $(CC)
+
+CFLAGS          := @CFLAGS@ -nostdinc
+
+include $(srcdir)/../Makefile.common
+
+WIN32_COMMON	:= -mno-cygwin
+WIN32_INCLUDES  := -I. -I$(srcdir) -I$(w32api_include)
+WIN32_CFLAGS    := $(CFLAGS) $(WIN32_COMMON) $(WIN32_INCLUDES)
+WIN32_LDFLAGS	:= $(CFLAGS) $(WIN32_COMMON) -L$(mingw_build) -nostdlib -Wl,-shared
+
+STARTFILE	:= $(mingw_build)/dllcrt2.o
+LIBS		:= -lmingw32 -lkernel32
+
+DLL	:=	cygsuba.dll
+DEF_FILE:=	cygsuba.def
+
+OBJ	=	cygsuba.o
+
+.SUFFIXES:
+.NOEXPORT:
+
+all: Makefile $(DLL)
+
+$(DEF_FILE): cygsuba.din config.status
+	$(SHELL) config.status
+
+$(DLL): $(OBJ) $(DEF_FILE)
+ifdef VERBOSE
+	$(CC) -s $(WIN32_LDFLAGS) -o $@ $(DEF_FILE) $(STARTFILE) $(OBJ) $(LIBS)
+else
+	@echo $(CC) .. -o $@ $(OBJ)
+	@$(CC) -s $(WIN32_LDFLAGS) -o $@ $(DEF_FILE) $(STARTFILE) $(OBJ) $(LIBS)
+endif
+
+.PHONY: all install clean realclean
+
+realclean: clean
+	rm -f  Makefile config.cache
+
+clean:
+	rm *.o *.dll
+
+install: all
+	$(SHELL) $(updir1)/mkinstalldirs $(bindir)
+	for i in $(PROGS) ; do \
+	  n=`echo $$i | sed '$(program_transform_name)'`; \
+	  $(INSTALL_PROGRAM) $$i $(bindir)/$$n; \
+	done
+
+%.o: %.c
+ifdef VERBOSE
+	$(CC) $(WIN32_CFLAGS) -c -o $@ $<
+else
+	@echo $(CC) -c $(CFLAGS) ... $(<F)
+	@$(CC) $(WIN32_CFLAGS) -c -o $@ $<
+endif
+

winsup/subauth/configure.in

@@ -0,0 +1,91 @@
+dnl Copyright (c) 2001, Red Hat, Inc.
+dnl
+dnl     This program is free software; you can redistribute it and/or modify
+dnl     it under the terms of the GNU General Public License as published by
+dnl     the Free Software Foundation; either version 2 of the License, or
+dnl     (at your option) any later version.
+dnl
+dnl     A copy of the GNU General Public License can be found at
+dnl     http://www.gnu.org/
+dnl
+dnl Written by Christopher Faylor <cgf@redhat.com>
+dnl Changed for subauth subdir by Corinna Vinschen <vinschen@redhat.com>
+
+dnl Autoconf configure script for Cygwin utilities.
+dnl
+dnl Process this file with autoconf to produce a configure script.
+
+AC_PREREQ(2.12)
+
+AC_INIT(Makefile.in)
+
+dnl FIXME: We temporarily define our own version of AC_PROG_CC.  This is
+dnl copied from autoconf 2.12, but does not call AC_PROG_CC_WORKS.  We
+dnl are probably using a cross compiler, which will not be able to fully
+dnl link an executable.  This should really be fixed in autoconf
+dnl itself.
+
+AC_DEFUN(LIB_AC_PROG_CC,
+[AC_BEFORE([$0], [AC_PROG_CPP])dnl
+AC_CHECK_PROG(CC, gcc, gcc)
+if test -z "$CC"; then
+  AC_CHECK_PROG(CC, cc, cc, , , /usr/ucb/cc)
+  test -z "$CC" && AC_MSG_ERROR([no acceptable cc found in \$PATH])
+fi
+
+AC_PROG_CC_GNU
+
+if test $ac_cv_prog_gcc = yes; then
+  GCC=yes
+dnl Check whether -g works, even if CFLAGS is set, in case the package
+dnl plays around with CFLAGS (such as to build both debugging and
+dnl normal versions of a library), tasteless as that idea is.
+  ac_test_CFLAGS="${CFLAGS+set}"
+  ac_save_CFLAGS="$CFLAGS"
+  CFLAGS=
+  AC_PROG_CC_G
+  if test "$ac_test_CFLAGS" = set; then
+    CFLAGS="$ac_save_CFLAGS"
+  elif test $ac_cv_prog_cc_g = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-O2"
+  fi
+else
+  GCC=
+  test "${CFLAGS+set}" = set || CFLAGS="-g"
+fi
+])
+
+AC_DEFUN(LIB_AC_PROG_CXX,
+[AC_BEFORE([$0], [AC_PROG_CPP])dnl
+AC_CHECK_TOOL(CXX, g++, g++)
+if test -z "$CXX"; then
+  AC_CHECK_PROG(CXX, c++, c++, , , )
+  test -z "$CC" && AC_MSG_ERROR([no acceptable cc found in \$PATH])
+fi
+
+CXXFLAGS='$(CFLAGS)'
+])
+
+AC_CANONICAL_SYSTEM
+
+LIB_AC_PROG_CC
+LIB_AC_PROG_CXX
+
+AC_ARG_PROGRAM
+
+if test "x$cross_compiling" = "xyes"; then
+  if test "x$program_transform_name" = "xs,x,x,"; then
+    program_transform_name=""
+  fi
+  if test "x$program_transform_name" = "x"; then
+    program_transform_name="s,^,$host-,"
+  else
+    program_transform_name="$program_transform_name -e s,^,$host-,"
+  fi
+fi
+
+AC_PROG_INSTALL
+
+AC_OUTPUT(Makefile cygsuba.def:cygsuba.din)

winsup/subauth/cygsuba.c

@@ -0,0 +1,141 @@
+/* cygsuba.c: Minimal subauthentication functionality to support
+              logon without password.
+
+   Copyright 2001 Red Hat, Inc.
+
+Written by Corinna Vinschen <vinschen@redhat.com>
+
+This file is part of Cygwin.
+
+This software is a copyrighted work licensed under the terms of the
+Cygwin license.  Please consult the file "CYGWIN_LICENSE" for
+details. */
+
+#include <windows.h>
+#include <subauth.h>
+#include <ntsecapi.h>
+
+NTSTATUS NTAPI
+Msv1_0SubAuthenticationRoutine (NETLOGON_LOGON_INFO_CLASS logon_level,
+				VOID *logon_inf,
+				ULONG flags,
+				USER_ALL_INFORMATION *usr_inf,
+				ULONG *which,
+				ULONG *usr_flags,
+				BOOLEAN *auth,
+				LARGE_INTEGER *logoff,
+				LARGE_INTEGER *kickoff)
+{
+  ULONG valid_account = USER_NORMAL_ACCOUNT;
+  if (!(flags & MSV1_0_PASSTHRU))
+    valid_account |= USER_TEMP_DUPLICATE_ACCOUNT;
+
+  *which = *usr_flags = 0;
+
+  /* Not a Network logon? 
+     TODO: How do I manage an interactive logon using a subauthentication
+     package??? The logon_level "interactive" is available but I never
+     got it working. I assume that's the reason I don't get a legal
+     logon session so that I can connect to network drives. */
+  if (logon_level != NetlogonNetworkInformation)
+    {
+      *auth = TRUE;
+      return STATUS_INVALID_INFO_CLASS;
+    }
+
+  /* Account type ok? */
+  if (!(usr_inf->UserAccountControl & valid_account))
+    {
+      *auth = FALSE;
+      return STATUS_NO_SUCH_USER;
+    }
+
+  /* Guest logon? */
+  if (flags & MSV1_0_GUEST_LOGON)
+    *usr_flags = LOGON_GUEST;
+
+#if defined (SSHD)
+  /* The same code could be used to allow the DLL checking for
+     SSH RSA/DSA keys. For that purpose, SSH would need it's
+     own implementation with the below field used to transport
+     the keys which have to be checked. This could be used to
+     allow secure logon with RSA/DSA instead of passwords.
+     Of course that needs lots of additions to the code... */
+  {
+    PNETLOGON_NETWORK_INFO nw_inf = (PNETLOGON_NETWORK_INFO) logon_inf;
+
+    /*
+        nw_inf->LmChallenge.data <=>
+			MSV1_0_LM20_LOGON::ChallengeToClient
+        nw_inf->NtChallengeResponse <=>
+			MSV1_0_LM20_LOGON::CaseSensitiveChallengeResponse
+        nw_inf->LmChallengeResponse <=>
+			MSV1_0_LM20_LOGON::CaseInsensitiveChallengeResponse
+    */
+    if (authentication_failed)
+      {
+        *auth = (usr_inf->UserAccountControl & USER_ACCOUNT_DISABLED) ?
+		         FALSE : TRUE;
+        return STATUS_WRONG_PASSWORD;
+      }
+  }
+#endif
+
+  /* All accounts except for the local admin are checked for being
+     locked out or disabled or expired. */
+  if (usr_inf->UserId != DOMAIN_USER_RID_ADMIN)
+    {
+      SYSTEMTIME CurrentTime;
+      LARGE_INTEGER LogonTime;
+
+      /* Account locked out? */
+      if (usr_inf->UserAccountControl & USER_ACCOUNT_AUTO_LOCKED)
+	{
+	  *auth = (usr_inf->UserAccountControl & USER_ACCOUNT_DISABLED) ?
+			   FALSE : TRUE;
+	  return STATUS_ACCOUNT_LOCKED_OUT;
+	}
+
+      /* Account disabled? */
+      if (usr_inf->UserAccountControl & USER_ACCOUNT_DISABLED)
+        {
+          *auth = FALSE;
+          return STATUS_ACCOUNT_DISABLED;
+        }
+
+      /* Account expired? */
+      GetSystemTime (&CurrentTime);
+      SystemTimeToFileTime(&CurrentTime, (LPFILETIME) &LogonTime);
+      if (usr_inf->AccountExpires.QuadPart &&
+          LogonTime.QuadPart >= usr_inf->AccountExpires.QuadPart)
+	{
+          *auth = TRUE;
+          return STATUS_ACCOUNT_EXPIRED;
+        }
+    }
+
+  /* Don't force logout. */
+  logoff->HighPart = 0x7FFFFFFF;
+  logoff->LowPart = 0xFFFFFFFF;
+  kickoff->HighPart = 0x7FFFFFFF;
+  kickoff->LowPart = 0xFFFFFFFF;
+
+  *auth = TRUE;
+  return STATUS_SUCCESS;
+}
+
+NTSTATUS NTAPI
+Msv1_0SubAuthenticationFilter (NETLOGON_LOGON_INFO_CLASS logon_level,
+			       VOID *logon_inf,
+			       ULONG flags,
+			       USER_ALL_INFORMATION *usr_inf,
+			       ULONG *which,
+			       ULONG *usr_flags,
+			       BOOLEAN *auth,
+			       LARGE_INTEGER *logoff,
+			       LARGE_INTEGER *kickoff)
+{
+  return Msv1_0SubAuthenticationRoutine (logon_level, logon_inf, flags,
+  					 usr_inf, which, usr_flags,
+					 auth, logoff, kickoff);
+}

winsup/subauth/cygsuba.din

@@ -0,0 +1,5 @@
+LIBRARY "cygsuba"
+
+EXPORTS
+Msv1_0SubAuthenticationRoutine = Msv1_0SubAuthenticationRoutine@36
+Msv1_0SubAuthenticationFilter = Msv1_0SubAuthenticationFilter@36