(class cyg_ldap): Remove members srch_msg and srch_entry.
(cyg_ldap::get_string_attribute): Remove private method taking index
argument.
(cyg_ldap::get_num_attribute): Ditto. Add method taking attribute name.
(cyg_ldap::get_primary_gid): Adjust to aforementioned change.
(cyg_ldap::get_unix_uid): Ditto.
(cyg_ldap::get_unix_gid): Ditto.
* ldap.cc: Throughout, use msg and entry in place of srch_msg and
srch_entry.
(std_user_attr): Add sAMAccountName and objectSid.
(group_attr): Ditto.
(cyg_ldap::close): Drop handling of srch_msg and srch_entry.
(cyg_ldap::get_string_attribute): Move earlier in file.
(cyg_ldap::get_num_attribute): Ditto.
(cyg_ldap::enumerate_ad_accounts): Add comments for clarity.
Use group_attr or user_attr rather than sid_attr to fetch all desired
attributes for an account right away.
(cyg_ldap::next_account): Store found SID in last_fetched_sid to
skip calls to fetch_ad_account from fetch_account_from_windows.
(cyg_ldap::get_string_attribute): Remove method taking index argument.
(cyg_ldap::get_num_attribute): Ditto.
* pwdgrp.h (class pg_ent): Fix formatting. Add member dom.
* passwd.cc (pg_ent::enumerate_ad): Store current flat domain name
in dom. Construct fetch_acc_t argument from LDAP attributes and
call fetch_account_from_windows with that.
* userinfo.h (enum fetch_user_arg_type_t): Rename FULL_grp_arg to
FULL_acc_arg. Change throughout.
(struct fetch_acc_t): Rename from fetch_full_grp_t. Change throughout.
(struct fetch_user_arg_t): Rename full_grp to full_acc. Change
throughout.
* cygserver_pwdgrp.h: Include userinfo.h. Drop workaround defining
fetch_user_arg_type_t locally.
* grp.cc (internal_getgrsid_cachedonly): New function.
(internal_getgrfull): Ditto.
(internal_getgroups): Rearrange function. Center around fetching all
cached group info first, calling LsaLookupSids on all so far non-cached
groups second. Pass all available info to new internal_getgrfull call.
* pwdgrp.h: Include userinfo.h. Move definitions of
fetch_user_arg_type_t and fetch_user_arg_t there.
(pwdgrp::add_group_from_windows): Declare with getting full group info.
Called from internal_getgrfull.
* uinfo.cc (pwdgrp::add_group_from_windows): Define.
(pwdgrp::fetch_account_from_line): Add default case.
(pwdgrp::fetch_account_from_file): Ditto.
(pwdgrp::fetch_account_from_windows): Handle FULL_grp_arg.
(client_request_pwdgrp::client_request_pwdgrp): Add default case.
* userinfo.h: New header.
(enum fetch_user_arg_type_t): Add FULL_grp_arg.
(struct fetch_full_grp_t): New datatype.
gr_mem entries.
(getgrgid_r): Don't try to copy gr_mem entries. Always set gr_mem
to an empty list.
(getgrnam_r): Ditto.
(app_gr): New static struct to store group data propagated to the
calling application via getgrgid/getgrnam.
(getgr_cp): Fill app_gr and return pointer to app_gr.g.
(getgrgid32): Call getgr_cp.
(getgrnam32): Ditto.
* passwd.cc (pwdgrp::parse_passwd): Set res.len.
(app_pw): New static struct to store passwd data propagated to the
calling application via getpwuid/getpwnam.
(getpw_cp): Fill app_pw and return pointer to app_pw.p.
(getpwuid32): Cal getpw_cp.
(getpwnam): Ditto.
* pwdgrp.h (struct pg_pwd): Add len member.
(struct pg_grp): Ditto.
* sec_helper.cc (cygpsid::pstring): Use sid_sub_auth_count macro.
(cygsid::get_sid): Use MAX_SUBAUTH_CNT rather than wrong constant 8.
Don't call memcpy to copy subauthorities into SID, use assignment.
(cygsid::getfromstr): Use MAX_SUBAUTH_CNT rather than wrong constant 8.
* security.h (MAX_SUBAUTH_CNT): New definition. Set to 11 to cover
Microsoft Accounts.
(MAX_SID_LEN): Define in terms of SID member sizes and MAX_SUBAUTH_CNT.
(DBGSID): Use MAX_SUBAUTH_CNT to define size of SubAuthority array.
* uinfo.cc (pwdgrp::fetch_account_from_windows): Handle Micosoft
Accounts. Handle them as well known group. Compare domain names
case-insensitive.
* winlean.h (PIPE_REJECT_REMOTE_CLIENTS): Drop temporary definition
since Mingw64 catched up.
(DNLEN): Redefine as 16. Explain why.
than PSID.
(cygheap_user::saved_sid): Ditto.
(cygheap_pwdgrp::cache_t): New type.
(cygheap_pwdgrp::caching): Convert to cache_t.
(cygheap_pwdgrp::nss_db_caching): Change accordingly.
(cygheap_pwdgrp::nss_db_full_caching): New inline method.
* grp.cc (internal_getgroups): Reinvent. Take cyg_ldap pointer as
third parameter and use throughout.
(getgroups32): Call internal_getgroups.
* pwdgrp.h (internal_getgroups): Declare.
* uinfo.cc (internal_getlogin): Partial rewrite to accommodate having
no connection to the DC. Give primary group from user token more
weight. Generate group entries for all groups in the user token if
caching is set to NSS_FULL_CACHING.
(cygheap_pwdgrp::init): Initialize caching to NSS_FULL_CACHING.
(cygheap_pwdgrp::nss_init_line): Handle "db_cache: full".
(pwdgrp::add_account_from_windows): Fix group handling in non-caching
mode.
(pwdgrp::fetch_account_from_windows): Default primary group for the
current user to primary group from user token. Check for primary
domain first after LookupAccountSid failed.
* external.cc (cygwin_internal): Call get_uid/get_gid instead of get_id.
* grp.cc (internal_getgrsid): Take additional cyg_ldap pointer.
Forward to pwdgrp::add_group_from_windows.
(internal_getgrnam): Ditto.
(internal_getgrgid): Ditto.
(gr_ent::enumerate_local): Drop ugid_caching bool from call to
pwdgrp::fetch_account_from_windows.
(getgroups32): Rename from internal_getgroups and drop getgroups32 stub.
Drop srchsid parameter and code handling it. Add local cyg_ldap
instance and forward to internal_getgrXXX.
(getgroups): Call getgroups32.
(get_groups): Add local cyg_ldap instance and forward to
internal_getgrXXX.
(getgrouplist): Ditto.
(setgroups32): Ditto.
* ldap.cc (cyg_ldap::open): Don't call close. Return true if connection
is already open.
(cyg_ldap::remap_uid): Forward this to internal_getpwsid.
(cyg_ldap::remap_gid): Forward this to internal_getgrsid.
* passwd.cc (internal_getpwsid): Take additional cyg_ldap pointer.
Forward to pwdgrp::add_user_from_windows.
(internal_getpwnam): Ditto.
(internal_getpwuid): Ditto.
(pg_ent::enumerate_builtin): Drop ugid_caching bool from call to
pwdgrp::fetch_account_from_windows.
(pg_ent::enumerate_sam): Ditto.
(pg_ent::enumerate_ad): Ditto. Forward local cldap instead.
* pwdgrp.h (internal_getpwsid): Align declaration to above change.
(internal_getpwnam): Ditto.
(internal_getpwuid): Ditto.
(internal_getgrsid): Ditto.
(internal_getgrgid): Ditto.
(internal_getgrnam): Ditto.
(internal_getgroups): Drop declaration.
(pwdgrp::add_account_from_windows): Align declaration to below change.
(pwdgrp::add_user_from_windows): Ditto.
(pwdgrp::add_group_from_windows): Ditto.
* sec_acl.cc (setacl): Add local cyg_ldap instance and forward to
internal_getpwuid and internal_getgrgid.
(getacl): Add local cyg_ldap instance and forward to cygpsid::get_id.
(aclfromtext32): Add local cyg_ldap instance and forward to
internal_getpwnam and internal_getgrnam.
* sec_helper.cc (cygpsid::get_id): Take additional cyg_ldap pointer.
Forward to internal_getgrsid and internal_getpwsid.
(get_sids_info): Drop ldap_open. Forward local cldap to
internal_getpwsid and internal_getgrXXX. Call CheckTokenMembership
rather than internal_getgroups.
* security.h (cygpsid::get_id): Add cyg_ldap pointer, drop default
parameter.
(cygpsid::get_uid): Add cyg_ldap pointer. Call get_id accordingly.
(cygpsid::get_gid): Ditto.
* uinfo.cc (internal_getlogin): Add local cyg_ldap instance and forward
to internal_getpwXXX and internal_getgrXXX calls.
(pwdgrp::add_account_from_windows): Take additional cyg_ldap pointer.
Forward to pwdgrp::fetch_account_from_windows.
(fetch_posix_offset): Drop ldap_open argument and handling. Get
cyg_ldap instance as pointer.
(pwdgrp::fetch_account_from_windows): Take additional cyg_ldap pointer.
Use it if it's not NULL, local instance otherwise. Drop ldap_open.
Drop fetching extended group arguments from AD for speed.
to declaration, set to true by default.
* uinfo.cc (pwdgrp::fetch_account_from_windows): Add bool parameter
"ugid_caching". Only add account to ugid_cache if set to true.
* grp.cc (gr_ent::enumerate_local): Call fetch_account_from_windows
with ugid_caching parameter set to false.
* passwd.cc (pg_ent::enumerate_builtin): Ditto.
(pg_ent::enumerate_sam): Ditto.
(pg_ent::enumerate_ad): Ditto.
CW_ENDENT info types.
* grp.cc (setgrent_filtered): New function, called from cygwin_internal.
(getgrent_filtered): Ditto.
(endgrent_filtered): Ditto.
* passwd.cc (pg_ent::setent): Set state explicitely to from_cache.
(pg_ent::getent): Handle the fact that a DC has no SAM and enumerating
local accounts is equivalent to enumerating domain accounts.
(setpwent_filtered): New function, called from cygwin_internal.
(getpwent_filtered): Ditto.
(endpwent_filtered): Ditto.
* pwdgrp.h (setpwent_filtered): Declare.
(getgrent_filtered): Ditto.
(endgrent_filtered): Ditto.
(setpwent_filtered): Ditto.
(getpwent_filtered): Ditto.
(endpwent_filtered): Ditto.
* include/sys/cygwin.h (cygwin_getinfo_types): Add CW_SETENT, CW_GETENT,
and CW_ENDENT.
(ldap_result): Import.
(ldap_searchW): Import.
(NetGroupEnum): Import.
(NetLocalGroupEnum): Import.
(NetUserEnum): Import.
* cygheap.h (class cygheap_pwdgrp): Add members enums and enum_tdoms.
(cygheap_pwdgrp::nss_db_enums): New inline method.
(cygheap_pwdgrp::nss_db_enum_tdoms): Ditto.
* cygtls.h (struct _local_storage): Drop unused members pw_pos and
grp_pos.
* grp.cc (grent): New static variable of class gr_ent.
(gr_ent::enumerate_caches): New method.
(gr_ent::enumerate_local): New method.
(gr_ent::getgrent): New method.
(setgrent): Call gr_ent method.
(getgrent32): Ditto.
(endgrent): Ditto.
* ldap.cc (sid_attr): Rename from nfs_attr.
(cyg_ldap::close): Abandon still running asynchronous search.
(cyg_ldap::fetch_ad_account): Reduce filter buffer size.
(cyg_ldap::enumerate_ad_accounts): New method.
(cyg_ldap::next_account): New method.
(cyg_ldap::fetch_posix_offset_for_domain): Reduce filter buffer size.
(cyg_ldap::fetch_unix_sid_from_ad): Ditto. Fix return value in case
no value has been read.
(cyg_ldap::fetch_unix_name_from_rfc2307): Reduce filter buffer size.
* ldap.h (class cyg_ldap): Add msg_id member.
(cyg_ldap::enumerate_ad_accounts): Declare.
(cyg_ldap::next_account): Declare:
* passwd.cc (pwent): New static variable of class pw_ent.
(pg_ent::clear_cache): New method.
(pg_ent::setent): New method.
(pg_ent::getent): New method.
(pg_ent::endent): New method.
(pg_ent::enumerate_file): New method.
(pg_ent::enumerate_builtin): New method.
(pg_ent::enumerate_sam): New method.
(pg_ent::enumerate_ad): New method.
(pw_ent::enumerate_caches): New method.
(pw_ent::enumerate_local): New method.
(pw_ent::getpwent): New method.
(setpwent): Call pw_ent method.
(getpwent): Ditto.
(endpwent): Ditto.
* pwdgrp.h (class pwdgrp): Define pg_ent, pw_ent and gr_ent as friend
classes.
(pwdgrp::add_account_post_fetch): Declare with extra bool parameter.
(pwdgrp::file_attr): New inline method.
(enum nss_enum_t): Define.
(class pg_ent): Define.
(class pw_ent): Define.
(class gr_ent): Define.
* tlsoffsets.h: Regenerate.
* tlsoffsets64.h: Ditto.
* uinfo.cc (cygheap_pwdgrp::init): Initialize enums and enum_tdoms.
(cygheap_pwdgrp::nss_init_line): Fix typo in preceeding comment.
Handle new "db_enum" keyword.
(pwdgrp::add_account_post_fetch): Take additional `bool lock' parameter
and acquire pglock before adding element to array if lock is true.
(pwdgrp::add_account_from_file): Call add_account_post_fetch with lock
set to true.
(pwdgrp::add_account_from_windows): Ditto in case of caching.
(pwdgrp::fetch_account_from_windows): Handle builtin aliases only
known to the domain controller. Only call NetLocalGroupGetInfo for
aliases.
/etc/nsswitch.conf file to configure it.
* Makefile.in (DLL_OFILES): Add ldap.o.
* autoload.cc: Import ldap functions from wldap32.dll.
(DsEnumerateDomainTrustsW): Import.
(NetGroupGetInfo): Import.
* cygheap.h (class cygheap_domain_info): New class to keep global
domain info.
(class cygheap_pwdgrp): New class to keep passwd/group caches and
configuration info from /etc/nssswitch.conf.
(struct init_cygheap): Add cygheap_domain_info member "dom" and
cygheap_pwdgrp member "pg".
* cygtls.h (struct _local_storage): Remove unused member "res".
Rearrange slightly, Add members pwbuf and grbuf to implement non-caching
passwd/group fetching from SAM/AD. Make pw_pos and pw_pos unsigned.
* fhandler_disk_file.cc (fhandler_base::fstat_by_nfs_ea): Add RFC 2307
uid/gid mapping.
* fhandler_process.cc: Drop including pwdgrp.h.
* fhandler_procsysvipc.cc: Ditto.
* fhandler_registry.cc (fhandler_registry::fstat): Set key uid/gid
to ILLEGAL_UID/ILLEGAL_GID rather than UNKNOWN_UID/UNKNOWN_GID.
* grp.cc (group_buf): Drop.
(gr): Drop.
(pwdgrp::parse_group): Fill pg_grp.
(pwdgrp::read_group): Remove.
(pwdgrp::init_grp): New method.
(pwdgrp::prep_tls_grbuf): New method.
(pwdgrp::find_group): New methods.
(internal_getgrsid): Convert to call new pwdgrp methods.
(internal_getgrnam): Ditto.
(internal_getgrgid): Ditto.
(getgrgid_r): Drop 2nd parameter from internal_getgrgid call.
(getgrgid32): Ditto.
(getgrnam_r): Ditto for internal_getgrnam.
(getgrnam32): Ditto.
(getgrent32): Convert to call new pwdgrp methods.
(internal_getgrent): Remove.
(internal_getgroups): Simplify, especially drop calls to
internal_getgrent.
* ldap.cc: New file implementing cyg_ldap class for LDAP access to AD
and RFC 2307 server.
* ldap.h: New header, declaring cyg_ldap class.
* passwd.cc (passwd_buf): Drop.
(pr): Drop.
(pwdgrp::parse_passwd): Fill pg_pwd.
(pwdgrp::read_passwd): Remove.
(pwdgrp::init_pwd): New method.
(pwdgrp::prep_tls_pwbuf): New method.
(find_user): New methods.
(internal_getpwsid): Convert to call new pwdgrp methods.
(internal_getpwnam): Ditto.
(internal_getpwuid): Ditto.
(getpwuid32): Drop 2nd parameter from internal_getpwuid call.
(getpwuid_r): Ditto.
(getpwnam): Ditto for internal_getpwnam.
(getpwnam_r): Ditto.
(getpwent): Convert to call new pwdgrp methods.
* path.cc (class etc): Remove all methods.
* path.h (class etc): Drop.
* pinfo.cc (pinfo_basic::pinfo_basic): Set gid to ILLEGAL_GID rather
than UNKNOWN_GID.
(pinfo_init): Ditto.
* pwdgrp.h (internal_getpwnam): Drop 2nd parameter from declaration.
(internal_getpwuid): Ditto.
(internal_getgrgid): Ditto.
(internal_getgrnam): Ditto.
(internal_getgrent): Drop declaration.
(enum fetch_user_arg_type_t): New type.
(struct fetch_user_arg_t): New type.
(struct pg_pwd): New type.
(struct pg_grp): New type.
(class pwdgrp): Rework to provide functions for file and db requests
and caching.
(class ugid_cache_t): New class to provide RFC 2307 uid map caching.
(ugid_cache): Declare.
* sec_acl.cc: Drop including pwdgrp.h.
* sec_auth.cc: Drop including dsgetdc.h and pwdgrp.h.
(get_logon_server): Convert third parameter to ULONG flags argument
to allow arbitrary flags values in DsGetDcNameW call and change calls
to this function throughout. Use cached account domain name rather
than calling GetComputerNameW.
(get_unix_group_sidlist): Remove.
(get_server_groups): Drop call to get_unix_group_sidlist.
(verify_token): Rework token group check without calling
internal_getgrent.
* sec_helper.cc (cygpsid::pstring): New methods, like string() but
return pointer to end of string.
(cygsid::getfromstr): Add wide character implementation.
(get_sids_info): Add RFC 2307 uid/gid mapping for Samba shares.
* security.cc: Drop including pwdgrp.h.
* security.h (DEFAULT_UID): Remove.
(UNKNOWN_UID): Remove.
(UNKNOWN_GID): Remove.
(uinfo_init): Move here from winsup.h.
(ILLEGAL_UID): Ditto.
(ILLEGAL_GID): Ditto.
(UNIX_POSIX_OFFSET): Define. Add lengthy comment.
(UNIX_POSIX_MASK): Ditto.
(MAP_UNIX_TO_CYGWIN_ID): Ditto.
(ILLEGAL_UID16): Move here from winsup.h.
(ILLEGAL_GID16): Ditto.
(uid16touid32): Ditto.
(gid16togid32): Ditto.
(sid_id_auth): New convenience macro for SID component access.
(sid_sub_auth_count): Ditto.
(sid_sub_auth): Ditto.
(sid_sub_auth_rid): Ditto.
(cygpsid::pstring): Declare.
(cygsid::getfromstr): Declare wide character variant.
(cygsid::operator=): Ditto.
(cygsid::operator*=): Ditto.
(get_logon_server): Change declaration according to source code.
* setlsapwd.cc (setlsapwd): Drop 2nd parameter from internal_getpwnam
call.
* shared.cc (memory_init): Call cygheap->pg.init in first process.
* syscalls.cc: Drop including pwdgrp.h.
* tlsoffsets.h: Regenerate.
* tlsoffsets64.h: Ditto.
* uinfo.cc (internal_getlogin): Drop gratuitious internal_getpwuid
call. Fix debug output. Overwrite user gid in border case of a
missing passwd file while a group file exists.
(pwdgrp::add_line): Allocate memory on cygheap.
(pwdgrp::load): Remove.
(ugid_cache): Define.
(cygheap_pwdgrp::init): New method.
(cygheap_pwdgrp::nss_init_line): New method.
(cygheap_pwdgrp::_nss_init): New method.
(cygheap_domain_info::init): New method.
(logon_sid): Define.
(get_logon_sid): New function.
(pwdgrp::add_account_post_fetch): New method.
(pwdgrp::add_account_from_file): New methods.
(pwdgrp::add_account_from_windows): New methods.
(pwdgrp::check_file): New method.
(pwdgrp::fetch_account_from_line): New method.
(pwdgrp::fetch_account_from_file): New method.
(pwdgrp::fetch_account_from_windows): New method.
* winsup.h: Move aforementioned macros and declarations to security.h.
Throughout, change syscalls to report on return values using new %R format
option.
* smallprint.cc (__small_vsprintf): Add parsing for %R to report on return
values and possible errno from syscalls.
* errno.cc (errmap): Add PRIVILEGE_NOT_HELD.
* fhandler_tty.cc (fhandler_pty_master::setup): When creating a thread use
shorter name to reduce debuggging output.
* select.cc (start_thread_pipe): Ditto.
(start_thread_serial): Ditto.
(start_thread_socket): Ditto.
(start_thread_mailslot): Ditto.
* sigproc.cc (talktome): Ditto.
* grp.cc (get_groups): New static function to run the core functionality
of initgroups and getgrouplist.
(initgroups32): Call get_groups and just create supplementary group
list in cygheap. Rename name of first argument to "user". Add an
assertion to test for a NULL user name.
(initgroups): Rename name of first argument to "user".
(getgrouplist): New function.
* posix.sgml (std-bsd): Add getgrouplist.
* include/cygwin/grp.h (getgrouplist): Declare.
* include/cygwin/version.h: Bump API minor number.
username from /etc/passwd before loading mount table.
(shared_info::init_installation_root): New function fetching Cygwin's
installation root dir and storing as native NT path in global shared
memory.
(shared_info::initialize): Call init_installation_root exactly once at
first startup.
* shared_info.h (SHARED_INFO_CB): Accommodate change to shared_info.
(CURR_SHARED_MAGIC): Ditto.
(class shared_info): Add installation_root member.
(shared_info::init_installation_root): Declare.
* grp.cc (pwdgrp::read_group): Call pwdgrp::load with native WCHAR path.
* passwd.cc (pwdgrp::read_passwd): Ditto. Avoid recursion.
(etc::init): Take POBJECT_ATTRIBUTES instead of path_conv.
* path.h (etc::init): Change prototype accordingly.
* pwdgrp.h (class pwdgrp): Store path as UNICODE_STRING/PWCHAR instead
of as path_conv.
(pwdgrp::load): Accommodate prototype.
* uinfo.cc (pwdgrp::load): Change argument type from char to wchar_t.
Create native NT path here instead of calling path_conv.
* mount.cc (find_root_from_cygwin_dll): Drop in favor of global
initializaion in shared_info.
(mount_info::init): Fetch native NT root dir from cygwin_shared.
(mount_info::from_fstab): Expect native NT path and use native NT
functions to access file. Convert username part in user fstab path
according to special char transformation rules.
* path.cc (tfx_chars): Convert slash to backslash.
(transform_chars): Implement for path given as PWCHAR.
(transform_chars): PUNICODE_STRING version calls PWCHAR version.
Remove useless commented code.
* dcrt0.cc (child_info_spawn::handle_spawn): Drop artificial
supplementary group list from calling setgroups in parent.
* grp.cc (internal_getgroups): Drop 9x-only code. Reformat.
* sec_auth.cc (get_logon_server): Do everything in WCHAR only.
(get_user_groups): Ditto. Use wlogonserver in LookupAccountNameW
calls, too.
(is_group_member): Get logon server as first argument and use in call
to NetLocalGroupGetMembers.
(get_user_local_groups): Get logon server as first argument and use in
calls to NetLocalGroupEnum and LookupAccountNameW. Revamp to work
more correctly in domain environments.
(get_server_groups): Accommodate aforementioned changed function calls.
* security.h (get_logon_server): Change prototype accordingly.
* uinfo.cc (cygheap_user::env_logsrv): Accommodate changed
get_logon_server call.
Accommodate changge throughout Cygwin.
(cygheap_user::imp_token): Rename from token. Accommodate changge
throughout Cygwin.
(rcygheap_user::eimpersonate): Use primary token for impersonation.
* grp.cc (internal_getgroups): Use primary impersonation token when
impersonated.
* security.h (_push_thread_privilege): Use primary impersonation token
when impersonated.
impersonation token, which collides with Vista UAC.
* cygheap.h (deimpersonate): revert to self instead of impersonating
hProcImpToken.
(reimpersonate): Only impersonate if setuid.
* dcrt0.cc (dll_crt0_0): Don't initialize hProcImpToken here.
(dll_crt0_1): Set privileges on hProcToken.
* fork.cc (frok::child): Set privileges on hProcToken. Close handle to
hProcImpToken.
* grp.cc (internal_getgroups): Use hProcToken instead of hProcImpToken.
* security.cc (check_access): Create hProcImpToken on demand here.
* security.h (set_process_privilege): Set privileges on hProcToken.
(_push_thread_privilege): Use hProcToken instead of hProcImpToken.
(pop_thread_privilege): If not setuid'ed, revert to self.
* syscalls.cc (setegid32): Drop setting primary group on hProcImpToken.
Close handle to hProcImpToken.
* uinfo.cc (internal_getlogin): Ditto.
* winsup.h (clear_procimptoken): New inline function.
* environ.cc: Disable subauth settings.
* grp.cc: Accomodate cygsidlist's count now being a method.
* sec_helper.cc (SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Remove.
(mandatory_medium_integrity_sid): Remove.
(mandatory_high_integrity_sid): Remove.
(mandatory_system_integrity_sid): Remove.
(fake_logon_sid): Add.
(cygsid::get_sid): Add well_known parameter. Set well_known_sid
accordingly.
(cygsid::getfromstr): Ditto.
(cygsidlist::alloc_sids): Move here from security.cc.
(cygsidlist::free_sids): Ditto.
(cygsidlist::add): Move here from security.h. Add well_known parameter.
Set well_known_sid accordingly. Don't allow duplicate SIDs.
* security.cc: Include cyglsa.h and cygwin/version.h. Throughout
accomodate cygsidlist's count now being a method. Throughout drop
redundant "contains" tests.
(get_user_local_groups): Add local groups as well known SIDs.
(get_token_group_sidlist): Add well known groups as well known SIDs.
(get_server_groups): Ditto. Only call get_unix_group_sidlist after
get_user_local_groups to maintain "well_known_sid" attribute.
(get_initgroups_sidlist): Add well known groups as well known SIDs.
(get_setgroups_sidlist): Add usersid and struct passwd parameter to
allow calling get_server_groups from here.
(get_system_priv_list): Make static. Return size of TOKEN_PRIVILEGES
structure.
(get_priv_list): Ditto.
(create_token): Accomodate above changes. Drop misguided attempt to
add MIC SIDs to created user token. Print returned token as hex value.
(subauth): Disable.
(lsaauth): New function implementing client side of LSA authentication.
* security.h (class cygsid): Add well_known_sid attribute. Accomodate
throughout. Add *= operator to create a well known SID.
(class cygsidlist): Rename count to cnt. Make count a method.
(cygsidlist::add): Move to sec_helper.cc.
(cygsidlist::operator *=): New method to add well known SID.
(cygsidlist::non_well_known_count): New method returning number of
non well known SIDs in list.
(cygsidlist::next_non_well_known_sid): New method returning next non
well known SID by index.
(mandatory_medium_integrity_sid): Drop declaration.
(mandatory_high_integrity_sid): Drop declaration.
(mandatory_system_integrity_sid): Drop declaration.
(fake_logon_sid): Add declaration.
(subauth): Disable declaration.
(lsaauth): Add declaration.
* syscalls.cc (seteuid32): Disable subauthentication. Add LSA
authentication.
* wincap.h: Define needs_logon_sid_in_sid_list throughout.
* wincap.cc: Ditto.
(get_server_groups): Declare new function.
* security.cc (is_group_member): Simplify.
(get_server_groups): New function.
(get_initgroups_sidlist): Call get_server_groups.
(verify_token): Allow token when supplementary sids are not in
/etc/group but are in the token.
Streamline the code.
* grp.cc (initgroups32): New implementation.
(getgroups32): Handle case where the supplementary groups are set.