public inbox for cygwin-cvs@sourceware.org help / color / mirror / Atom feed
From: Corinna Vinschen <corinna@sourceware.org> To: cygwin-cvs@sourceware.org Subject: [newlib-cygwin] Cygwin: wincap: drop no_msv1_0_s4u_logon_in_wow64 flag and related code Date: Fri, 13 May 2022 12:38:47 +0000 (GMT) [thread overview] Message-ID: <20220513123847.B5E3F395B078@sourceware.org> (raw) https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=a70a969c64a4f101fdfea8a13a886563e703b0d0 commit a70a969c64a4f101fdfea8a13a886563e703b0d0 Author: Corinna Vinschen <corinna@vinschen.de> Date: Mon Mar 7 10:42:08 2022 +0100 Cygwin: wincap: drop no_msv1_0_s4u_logon_in_wow64 flag and related code Signed-off-by: Corinna Vinschen <corinna@vinschen.de> Diff: --- winsup/cygwin/sec_auth.cc | 174 ---------------------------------------------- winsup/cygwin/wincap.cc | 13 ---- winsup/cygwin/wincap.h | 2 - 3 files changed, 189 deletions(-) diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc index 2b1ce2203..a7610c71f 100644 --- a/winsup/cygwin/sec_auth.cc +++ b/winsup/cygwin/sec_auth.cc @@ -368,149 +368,6 @@ get_logon_server (PCWSTR domain, PWCHAR server, ULONG flags) return false; } -static bool -get_user_groups (WCHAR *logonserver, cygsidlist &grp_list, - PWCHAR user, PWCHAR domain) -{ - WCHAR dgroup[MAX_DOMAIN_NAME_LEN + GNLEN + 2], *grp_p; - LPGROUP_USERS_INFO_0 buf; - DWORD cnt, tot; - NET_API_STATUS ret; - - /* Look only on logonserver */ - ret = NetUserGetGroups (logonserver, user, 0, (LPBYTE *) &buf, - MAX_PREFERRED_LENGTH, &cnt, &tot); - if (ret) - { - __seterrno_from_win_error (ret); - /* It's no error when the user name can't be found. - It's also no error if access has been denied. Yes, sounds weird, but - keep in mind that ERROR_ACCESS_DENIED means the current user has no - permission to access the AD user information. However, if we return - an error, Cygwin will call DsGetDcName with DS_FORCE_REDISCOVERY set - to ask for another server. This is not only time consuming, it's also - useless; the next server will return access denied again. */ - return ret == NERR_UserNotFound || ret == ERROR_ACCESS_DENIED; - } - - grp_p = wcpncpy (dgroup, domain, MAX_DOMAIN_NAME_LEN); - *grp_p++ = L'\\'; - - for (DWORD i = 0; i < cnt; ++i) - { - cygsid gsid; - DWORD glen = SECURITY_MAX_SID_SIZE; - WCHAR dom[MAX_DOMAIN_NAME_LEN + 1]; - DWORD dlen = sizeof (dom); - SID_NAME_USE use = SidTypeInvalid; - - *wcpncpy (grp_p, buf[i].grui0_name, sizeof dgroup / sizeof *dgroup - - (grp_p - dgroup) - 1) = L'\0'; - if (!LookupAccountNameW (NULL, dgroup, gsid, &glen, dom, &dlen, &use)) - debug_printf ("LookupAccountName(%W), %E", dgroup); - else if (well_known_sid_type (use)) - grp_list *= gsid; - else if (legal_sid_type (use)) - grp_list += gsid; - else - debug_printf ("Global group %W invalid. Use: %u", dgroup, use); - } - - NetApiBufferFree (buf); - return true; -} - -static bool -get_user_local_groups (PWCHAR domain, cygsidlist &grp_list, PWCHAR user) -{ - LPLOCALGROUP_INFO_0 buf; - DWORD cnt, tot; - NET_API_STATUS ret; - - /* We want to know the membership in local groups on the current machine. - Thus, don't ask the logonserver, ask the local machine. In contrast - to most other NetUser functions, NetUserGetLocalGroups accepts the - username in DOMAIN\user form. */ - WCHAR username[MAX_DOMAIN_NAME_LEN + UNLEN + 2]; - wcpcpy (wcpcpy (wcpcpy (username, domain), L"\\"), user); - ret = NetUserGetLocalGroups (NULL, username, 0, LG_INCLUDE_INDIRECT, - (LPBYTE *) &buf, MAX_PREFERRED_LENGTH, - &cnt, &tot); - if (ret) - { - debug_printf ("username: %W", username); - __seterrno_from_win_error (ret); - return false; - } - - WCHAR domlocal_grp[MAX_DOMAIN_NAME_LEN + GNLEN + 2]; - WCHAR builtin_grp[2 * GNLEN + 2]; - PWCHAR dg_ptr, bg_ptr = NULL; - SID_NAME_USE use; - - dg_ptr = wcpcpy (domlocal_grp, domain); - *dg_ptr++ = L'\\'; - - for (DWORD i = 0; i < cnt; ++i) - { - cygsid gsid; - DWORD glen = SECURITY_MAX_SID_SIZE; - WCHAR dom[MAX_DOMAIN_NAME_LEN + 1]; - DWORD domlen = MAX_DOMAIN_NAME_LEN + 1; - - use = SidTypeInvalid; - wcscpy (dg_ptr, buf[i].lgrpi0_name); - if (LookupAccountNameW (NULL, domlocal_grp, gsid, &glen, - dom, &domlen, &use)) - { - if (well_known_sid_type (use)) - grp_list *= gsid; - else if (legal_sid_type (use)) - grp_list += gsid; - else - debug_printf ("Rejecting local %W. use: %u", dg_ptr, use); - } - else if (GetLastError () == ERROR_NONE_MAPPED) - { - /* Check if it's a builtin group. */ - if (!bg_ptr) - { - /* Retrieve name of builtin group from system since it's - localized. */ - glen = 2 * GNLEN + 2; - if (!LookupAccountSidW (NULL, well_known_builtin_sid, - builtin_grp, &glen, domain, &domlen, &use)) - debug_printf ("LookupAccountSid(BUILTIN), %E"); - else - { - bg_ptr = builtin_grp + wcslen (builtin_grp); - bg_ptr = wcpcpy (builtin_grp, L"\\"); - } - } - if (bg_ptr) - { - wcscpy (bg_ptr, dg_ptr); - glen = SECURITY_MAX_SID_SIZE; - domlen = MAX_DOMAIN_NAME_LEN + 1; - if (LookupAccountNameW (NULL, builtin_grp, gsid, &glen, - dom, &domlen, &use)) - { - if (!legal_sid_type (use)) - debug_printf ("Rejecting local %W. use: %u", dg_ptr, use); - else - grp_list *= gsid; - } - else - debug_printf ("LookupAccountName(%W), %E", builtin_grp); - } - } - else - debug_printf ("LookupAccountName(%W), %E", domlocal_grp); - } - NetApiBufferFree (buf); - return true; -} - static bool sid_in_token_groups (PTOKEN_GROUPS grps, cygpsid sid) { @@ -583,37 +440,6 @@ get_server_groups (cygsidlist &grp_list, PSID usersid, if (sid_id_auth (usersid) == 5 /* SECURITY_NT_AUTHORITY */ && sid_sub_auth (usersid, 0) == SECURITY_NT_NON_UNIQUE) { - if (wincap.no_msv1_0_s4u_logon_in_wow64 ()) - { - WCHAR server[INTERNET_MAX_HOST_NAME_LENGTH + 3]; - - if (!get_logon_server (domain, server, DS_IS_FLAT_NAME)) - return false; - if (check_account_disabled == CHK_DISABLED) - { - NET_API_STATUS napi_stat; - USER_INFO_1 *ui1; - bool allow_user = false; - - napi_stat = NetUserGetInfo (server, user, 1, (LPBYTE *) &ui1); - if (napi_stat == NERR_Success) - allow_user = !(ui1->usri1_flags & (UF_ACCOUNTDISABLE | UF_LOCKOUT)); - if (ui1) - NetApiBufferFree (ui1); - if (!allow_user) - { - debug_printf ("User denied: %W\\%W", domain, user); - set_errno (EACCES); - return false; - } - } - grp_list *= well_known_world_sid; - grp_list *= well_known_authenticated_users_sid; - get_user_groups (server, grp_list, user, domain); - get_user_local_groups (domain, grp_list, user); - return true; - } - tmp_pathbuf tp; HANDLE token; NTSTATUS status; diff --git a/winsup/cygwin/wincap.cc b/winsup/cygwin/wincap.cc index 5c385fba4..a1c0a452e 100644 --- a/winsup/cygwin/wincap.cc +++ b/winsup/cygwin/wincap.cc @@ -36,7 +36,6 @@ wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = { has_posix_unlink_semantics_with_ignore_readonly:false, has_case_sensitive_dirs:false, has_posix_rename_semantics:false, - no_msv1_0_s4u_logon_in_wow64:true, has_con_24bit_colors:false, has_con_broken_csi3j:false, has_con_broken_il_dl:false, @@ -68,7 +67,6 @@ wincaps wincap_8 __attribute__((section (".cygwin_dll_common"), shared)) = { has_posix_unlink_semantics_with_ignore_readonly:false, has_case_sensitive_dirs:false, has_posix_rename_semantics:false, - no_msv1_0_s4u_logon_in_wow64:false, has_con_24bit_colors:false, has_con_broken_csi3j:false, has_con_broken_il_dl:false, @@ -100,7 +98,6 @@ wincaps wincap_8_1 __attribute__((section (".cygwin_dll_common"), shared)) = { has_posix_unlink_semantics_with_ignore_readonly:false, has_case_sensitive_dirs:false, has_posix_rename_semantics:false, - no_msv1_0_s4u_logon_in_wow64:false, has_con_24bit_colors:false, has_con_broken_csi3j:false, has_con_broken_il_dl:false, @@ -132,7 +129,6 @@ wincaps wincap_10_1507 __attribute__((section (".cygwin_dll_common"), shared)) has_posix_unlink_semantics_with_ignore_readonly:false, has_case_sensitive_dirs:false, has_posix_rename_semantics:false, - no_msv1_0_s4u_logon_in_wow64:false, has_con_24bit_colors:false, has_con_broken_csi3j:false, has_con_broken_il_dl:false, @@ -164,7 +160,6 @@ wincaps wincap_10_1607 __attribute__((section (".cygwin_dll_common"), shared)) has_posix_unlink_semantics_with_ignore_readonly:false, has_case_sensitive_dirs:false, has_posix_rename_semantics:false, - no_msv1_0_s4u_logon_in_wow64:false, has_con_24bit_colors:false, has_con_broken_csi3j:false, has_con_broken_il_dl:false, @@ -196,7 +191,6 @@ wincaps wincap_10_1703 __attribute__((section (".cygwin_dll_common"), shared)) = has_posix_unlink_semantics_with_ignore_readonly:false, has_case_sensitive_dirs:false, has_posix_rename_semantics:false, - no_msv1_0_s4u_logon_in_wow64:false, has_con_24bit_colors:true, has_con_broken_csi3j:false, has_con_broken_il_dl:false, @@ -228,7 +222,6 @@ wincaps wincap_10_1709 __attribute__((section (".cygwin_dll_common"), shared)) = has_posix_unlink_semantics_with_ignore_readonly:false, has_case_sensitive_dirs:false, has_posix_rename_semantics:false, - no_msv1_0_s4u_logon_in_wow64:false, has_con_24bit_colors:true, has_con_broken_csi3j:false, has_con_broken_il_dl:false, @@ -260,7 +253,6 @@ wincaps wincap_10_1803 __attribute__((section (".cygwin_dll_common"), shared)) = has_posix_unlink_semantics_with_ignore_readonly:false, has_case_sensitive_dirs:true, has_posix_rename_semantics:false, - no_msv1_0_s4u_logon_in_wow64:false, has_con_24bit_colors:true, has_con_broken_csi3j:false, has_con_broken_il_dl:false, @@ -292,7 +284,6 @@ wincaps wincap_10_1809 __attribute__((section (".cygwin_dll_common"), shared)) = has_posix_unlink_semantics_with_ignore_readonly:true, has_case_sensitive_dirs:true, has_posix_rename_semantics:true, - no_msv1_0_s4u_logon_in_wow64:false, has_con_24bit_colors:true, has_con_broken_csi3j:true, has_con_broken_il_dl:false, @@ -324,7 +315,6 @@ wincaps wincap_10_1903 __attribute__((section (".cygwin_dll_common"), shared)) = has_posix_unlink_semantics_with_ignore_readonly:true, has_case_sensitive_dirs:true, has_posix_rename_semantics:true, - no_msv1_0_s4u_logon_in_wow64:false, has_con_24bit_colors:true, has_con_broken_csi3j:false, has_con_broken_il_dl:true, @@ -356,7 +346,6 @@ wincaps wincap_10_2004 __attribute__((section (".cygwin_dll_common"), shared)) = has_posix_unlink_semantics_with_ignore_readonly:true, has_case_sensitive_dirs:true, has_posix_rename_semantics:true, - no_msv1_0_s4u_logon_in_wow64:false, has_con_24bit_colors:true, has_con_broken_csi3j:false, has_con_broken_il_dl:false, @@ -388,7 +377,6 @@ wincaps wincap_11 __attribute__((section (".cygwin_dll_common"), shared)) = { has_posix_unlink_semantics_with_ignore_readonly:true, has_case_sensitive_dirs:true, has_posix_rename_semantics:true, - no_msv1_0_s4u_logon_in_wow64:false, has_con_24bit_colors:true, has_con_broken_csi3j:false, has_con_broken_il_dl:false, @@ -463,7 +451,6 @@ wincapc::init () { ((wincaps *)caps)->has_gaa_largeaddress_bug = false; ((wincaps *)caps)->has_broken_prefetchvm = false; - ((wincaps *)caps)->no_msv1_0_s4u_logon_in_wow64 = false; } __small_sprintf (osnam, "NT-%d.%d", version.dwMajorVersion, diff --git a/winsup/cygwin/wincap.h b/winsup/cygwin/wincap.h index 26cf4be8b..3114771e5 100644 --- a/winsup/cygwin/wincap.h +++ b/winsup/cygwin/wincap.h @@ -30,7 +30,6 @@ struct wincaps unsigned has_posix_unlink_semantics_with_ignore_readonly : 1; unsigned has_case_sensitive_dirs : 1; unsigned has_posix_rename_semantics : 1; - unsigned no_msv1_0_s4u_logon_in_wow64 : 1; unsigned has_con_24bit_colors : 1; unsigned has_con_broken_csi3j : 1; unsigned has_con_broken_il_dl : 1; @@ -92,7 +91,6 @@ public: bool IMPLEMENT (has_posix_unlink_semantics_with_ignore_readonly) bool IMPLEMENT (has_case_sensitive_dirs) bool IMPLEMENT (has_posix_rename_semantics) - bool IMPLEMENT (no_msv1_0_s4u_logon_in_wow64) bool IMPLEMENT (has_con_24bit_colors) bool IMPLEMENT (has_con_broken_csi3j) bool IMPLEMENT (has_con_broken_il_dl)
reply other threads:[~2022-05-13 12:38 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20220513123847.B5E3F395B078@sourceware.org \ --to=corinna@sourceware.org \ --cc=cygwin-cvs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).