public inbox for cygwin-cvs@sourceware.org
help / color / mirror / Atom feed
* [newlib-cygwin] Cygwin: wincap: drop no_msv1_0_s4u_logon_in_wow64 flag and related code
@ 2022-05-13 12:38 Corinna Vinschen
0 siblings, 0 replies; only message in thread
From: Corinna Vinschen @ 2022-05-13 12:38 UTC (permalink / raw)
To: cygwin-cvs
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=a70a969c64a4f101fdfea8a13a886563e703b0d0
commit a70a969c64a4f101fdfea8a13a886563e703b0d0
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Mon Mar 7 10:42:08 2022 +0100
Cygwin: wincap: drop no_msv1_0_s4u_logon_in_wow64 flag and related code
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/sec_auth.cc | 174 ----------------------------------------------
winsup/cygwin/wincap.cc | 13 ----
winsup/cygwin/wincap.h | 2 -
3 files changed, 189 deletions(-)
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index 2b1ce2203..a7610c71f 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -368,149 +368,6 @@ get_logon_server (PCWSTR domain, PWCHAR server, ULONG flags)
return false;
}
-static bool
-get_user_groups (WCHAR *logonserver, cygsidlist &grp_list,
- PWCHAR user, PWCHAR domain)
-{
- WCHAR dgroup[MAX_DOMAIN_NAME_LEN + GNLEN + 2], *grp_p;
- LPGROUP_USERS_INFO_0 buf;
- DWORD cnt, tot;
- NET_API_STATUS ret;
-
- /* Look only on logonserver */
- ret = NetUserGetGroups (logonserver, user, 0, (LPBYTE *) &buf,
- MAX_PREFERRED_LENGTH, &cnt, &tot);
- if (ret)
- {
- __seterrno_from_win_error (ret);
- /* It's no error when the user name can't be found.
- It's also no error if access has been denied. Yes, sounds weird, but
- keep in mind that ERROR_ACCESS_DENIED means the current user has no
- permission to access the AD user information. However, if we return
- an error, Cygwin will call DsGetDcName with DS_FORCE_REDISCOVERY set
- to ask for another server. This is not only time consuming, it's also
- useless; the next server will return access denied again. */
- return ret == NERR_UserNotFound || ret == ERROR_ACCESS_DENIED;
- }
-
- grp_p = wcpncpy (dgroup, domain, MAX_DOMAIN_NAME_LEN);
- *grp_p++ = L'\\';
-
- for (DWORD i = 0; i < cnt; ++i)
- {
- cygsid gsid;
- DWORD glen = SECURITY_MAX_SID_SIZE;
- WCHAR dom[MAX_DOMAIN_NAME_LEN + 1];
- DWORD dlen = sizeof (dom);
- SID_NAME_USE use = SidTypeInvalid;
-
- *wcpncpy (grp_p, buf[i].grui0_name, sizeof dgroup / sizeof *dgroup
- - (grp_p - dgroup) - 1) = L'\0';
- if (!LookupAccountNameW (NULL, dgroup, gsid, &glen, dom, &dlen, &use))
- debug_printf ("LookupAccountName(%W), %E", dgroup);
- else if (well_known_sid_type (use))
- grp_list *= gsid;
- else if (legal_sid_type (use))
- grp_list += gsid;
- else
- debug_printf ("Global group %W invalid. Use: %u", dgroup, use);
- }
-
- NetApiBufferFree (buf);
- return true;
-}
-
-static bool
-get_user_local_groups (PWCHAR domain, cygsidlist &grp_list, PWCHAR user)
-{
- LPLOCALGROUP_INFO_0 buf;
- DWORD cnt, tot;
- NET_API_STATUS ret;
-
- /* We want to know the membership in local groups on the current machine.
- Thus, don't ask the logonserver, ask the local machine. In contrast
- to most other NetUser functions, NetUserGetLocalGroups accepts the
- username in DOMAIN\user form. */
- WCHAR username[MAX_DOMAIN_NAME_LEN + UNLEN + 2];
- wcpcpy (wcpcpy (wcpcpy (username, domain), L"\\"), user);
- ret = NetUserGetLocalGroups (NULL, username, 0, LG_INCLUDE_INDIRECT,
- (LPBYTE *) &buf, MAX_PREFERRED_LENGTH,
- &cnt, &tot);
- if (ret)
- {
- debug_printf ("username: %W", username);
- __seterrno_from_win_error (ret);
- return false;
- }
-
- WCHAR domlocal_grp[MAX_DOMAIN_NAME_LEN + GNLEN + 2];
- WCHAR builtin_grp[2 * GNLEN + 2];
- PWCHAR dg_ptr, bg_ptr = NULL;
- SID_NAME_USE use;
-
- dg_ptr = wcpcpy (domlocal_grp, domain);
- *dg_ptr++ = L'\\';
-
- for (DWORD i = 0; i < cnt; ++i)
- {
- cygsid gsid;
- DWORD glen = SECURITY_MAX_SID_SIZE;
- WCHAR dom[MAX_DOMAIN_NAME_LEN + 1];
- DWORD domlen = MAX_DOMAIN_NAME_LEN + 1;
-
- use = SidTypeInvalid;
- wcscpy (dg_ptr, buf[i].lgrpi0_name);
- if (LookupAccountNameW (NULL, domlocal_grp, gsid, &glen,
- dom, &domlen, &use))
- {
- if (well_known_sid_type (use))
- grp_list *= gsid;
- else if (legal_sid_type (use))
- grp_list += gsid;
- else
- debug_printf ("Rejecting local %W. use: %u", dg_ptr, use);
- }
- else if (GetLastError () == ERROR_NONE_MAPPED)
- {
- /* Check if it's a builtin group. */
- if (!bg_ptr)
- {
- /* Retrieve name of builtin group from system since it's
- localized. */
- glen = 2 * GNLEN + 2;
- if (!LookupAccountSidW (NULL, well_known_builtin_sid,
- builtin_grp, &glen, domain, &domlen, &use))
- debug_printf ("LookupAccountSid(BUILTIN), %E");
- else
- {
- bg_ptr = builtin_grp + wcslen (builtin_grp);
- bg_ptr = wcpcpy (builtin_grp, L"\\");
- }
- }
- if (bg_ptr)
- {
- wcscpy (bg_ptr, dg_ptr);
- glen = SECURITY_MAX_SID_SIZE;
- domlen = MAX_DOMAIN_NAME_LEN + 1;
- if (LookupAccountNameW (NULL, builtin_grp, gsid, &glen,
- dom, &domlen, &use))
- {
- if (!legal_sid_type (use))
- debug_printf ("Rejecting local %W. use: %u", dg_ptr, use);
- else
- grp_list *= gsid;
- }
- else
- debug_printf ("LookupAccountName(%W), %E", builtin_grp);
- }
- }
- else
- debug_printf ("LookupAccountName(%W), %E", domlocal_grp);
- }
- NetApiBufferFree (buf);
- return true;
-}
-
static bool
sid_in_token_groups (PTOKEN_GROUPS grps, cygpsid sid)
{
@@ -583,37 +440,6 @@ get_server_groups (cygsidlist &grp_list, PSID usersid,
if (sid_id_auth (usersid) == 5 /* SECURITY_NT_AUTHORITY */
&& sid_sub_auth (usersid, 0) == SECURITY_NT_NON_UNIQUE)
{
- if (wincap.no_msv1_0_s4u_logon_in_wow64 ())
- {
- WCHAR server[INTERNET_MAX_HOST_NAME_LENGTH + 3];
-
- if (!get_logon_server (domain, server, DS_IS_FLAT_NAME))
- return false;
- if (check_account_disabled == CHK_DISABLED)
- {
- NET_API_STATUS napi_stat;
- USER_INFO_1 *ui1;
- bool allow_user = false;
-
- napi_stat = NetUserGetInfo (server, user, 1, (LPBYTE *) &ui1);
- if (napi_stat == NERR_Success)
- allow_user = !(ui1->usri1_flags & (UF_ACCOUNTDISABLE | UF_LOCKOUT));
- if (ui1)
- NetApiBufferFree (ui1);
- if (!allow_user)
- {
- debug_printf ("User denied: %W\\%W", domain, user);
- set_errno (EACCES);
- return false;
- }
- }
- grp_list *= well_known_world_sid;
- grp_list *= well_known_authenticated_users_sid;
- get_user_groups (server, grp_list, user, domain);
- get_user_local_groups (domain, grp_list, user);
- return true;
- }
-
tmp_pathbuf tp;
HANDLE token;
NTSTATUS status;
diff --git a/winsup/cygwin/wincap.cc b/winsup/cygwin/wincap.cc
index 5c385fba4..a1c0a452e 100644
--- a/winsup/cygwin/wincap.cc
+++ b/winsup/cygwin/wincap.cc
@@ -36,7 +36,6 @@ wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = {
has_posix_unlink_semantics_with_ignore_readonly:false,
has_case_sensitive_dirs:false,
has_posix_rename_semantics:false,
- no_msv1_0_s4u_logon_in_wow64:true,
has_con_24bit_colors:false,
has_con_broken_csi3j:false,
has_con_broken_il_dl:false,
@@ -68,7 +67,6 @@ wincaps wincap_8 __attribute__((section (".cygwin_dll_common"), shared)) = {
has_posix_unlink_semantics_with_ignore_readonly:false,
has_case_sensitive_dirs:false,
has_posix_rename_semantics:false,
- no_msv1_0_s4u_logon_in_wow64:false,
has_con_24bit_colors:false,
has_con_broken_csi3j:false,
has_con_broken_il_dl:false,
@@ -100,7 +98,6 @@ wincaps wincap_8_1 __attribute__((section (".cygwin_dll_common"), shared)) = {
has_posix_unlink_semantics_with_ignore_readonly:false,
has_case_sensitive_dirs:false,
has_posix_rename_semantics:false,
- no_msv1_0_s4u_logon_in_wow64:false,
has_con_24bit_colors:false,
has_con_broken_csi3j:false,
has_con_broken_il_dl:false,
@@ -132,7 +129,6 @@ wincaps wincap_10_1507 __attribute__((section (".cygwin_dll_common"), shared))
has_posix_unlink_semantics_with_ignore_readonly:false,
has_case_sensitive_dirs:false,
has_posix_rename_semantics:false,
- no_msv1_0_s4u_logon_in_wow64:false,
has_con_24bit_colors:false,
has_con_broken_csi3j:false,
has_con_broken_il_dl:false,
@@ -164,7 +160,6 @@ wincaps wincap_10_1607 __attribute__((section (".cygwin_dll_common"), shared))
has_posix_unlink_semantics_with_ignore_readonly:false,
has_case_sensitive_dirs:false,
has_posix_rename_semantics:false,
- no_msv1_0_s4u_logon_in_wow64:false,
has_con_24bit_colors:false,
has_con_broken_csi3j:false,
has_con_broken_il_dl:false,
@@ -196,7 +191,6 @@ wincaps wincap_10_1703 __attribute__((section (".cygwin_dll_common"), shared)) =
has_posix_unlink_semantics_with_ignore_readonly:false,
has_case_sensitive_dirs:false,
has_posix_rename_semantics:false,
- no_msv1_0_s4u_logon_in_wow64:false,
has_con_24bit_colors:true,
has_con_broken_csi3j:false,
has_con_broken_il_dl:false,
@@ -228,7 +222,6 @@ wincaps wincap_10_1709 __attribute__((section (".cygwin_dll_common"), shared)) =
has_posix_unlink_semantics_with_ignore_readonly:false,
has_case_sensitive_dirs:false,
has_posix_rename_semantics:false,
- no_msv1_0_s4u_logon_in_wow64:false,
has_con_24bit_colors:true,
has_con_broken_csi3j:false,
has_con_broken_il_dl:false,
@@ -260,7 +253,6 @@ wincaps wincap_10_1803 __attribute__((section (".cygwin_dll_common"), shared)) =
has_posix_unlink_semantics_with_ignore_readonly:false,
has_case_sensitive_dirs:true,
has_posix_rename_semantics:false,
- no_msv1_0_s4u_logon_in_wow64:false,
has_con_24bit_colors:true,
has_con_broken_csi3j:false,
has_con_broken_il_dl:false,
@@ -292,7 +284,6 @@ wincaps wincap_10_1809 __attribute__((section (".cygwin_dll_common"), shared)) =
has_posix_unlink_semantics_with_ignore_readonly:true,
has_case_sensitive_dirs:true,
has_posix_rename_semantics:true,
- no_msv1_0_s4u_logon_in_wow64:false,
has_con_24bit_colors:true,
has_con_broken_csi3j:true,
has_con_broken_il_dl:false,
@@ -324,7 +315,6 @@ wincaps wincap_10_1903 __attribute__((section (".cygwin_dll_common"), shared)) =
has_posix_unlink_semantics_with_ignore_readonly:true,
has_case_sensitive_dirs:true,
has_posix_rename_semantics:true,
- no_msv1_0_s4u_logon_in_wow64:false,
has_con_24bit_colors:true,
has_con_broken_csi3j:false,
has_con_broken_il_dl:true,
@@ -356,7 +346,6 @@ wincaps wincap_10_2004 __attribute__((section (".cygwin_dll_common"), shared)) =
has_posix_unlink_semantics_with_ignore_readonly:true,
has_case_sensitive_dirs:true,
has_posix_rename_semantics:true,
- no_msv1_0_s4u_logon_in_wow64:false,
has_con_24bit_colors:true,
has_con_broken_csi3j:false,
has_con_broken_il_dl:false,
@@ -388,7 +377,6 @@ wincaps wincap_11 __attribute__((section (".cygwin_dll_common"), shared)) = {
has_posix_unlink_semantics_with_ignore_readonly:true,
has_case_sensitive_dirs:true,
has_posix_rename_semantics:true,
- no_msv1_0_s4u_logon_in_wow64:false,
has_con_24bit_colors:true,
has_con_broken_csi3j:false,
has_con_broken_il_dl:false,
@@ -463,7 +451,6 @@ wincapc::init ()
{
((wincaps *)caps)->has_gaa_largeaddress_bug = false;
((wincaps *)caps)->has_broken_prefetchvm = false;
- ((wincaps *)caps)->no_msv1_0_s4u_logon_in_wow64 = false;
}
__small_sprintf (osnam, "NT-%d.%d", version.dwMajorVersion,
diff --git a/winsup/cygwin/wincap.h b/winsup/cygwin/wincap.h
index 26cf4be8b..3114771e5 100644
--- a/winsup/cygwin/wincap.h
+++ b/winsup/cygwin/wincap.h
@@ -30,7 +30,6 @@ struct wincaps
unsigned has_posix_unlink_semantics_with_ignore_readonly : 1;
unsigned has_case_sensitive_dirs : 1;
unsigned has_posix_rename_semantics : 1;
- unsigned no_msv1_0_s4u_logon_in_wow64 : 1;
unsigned has_con_24bit_colors : 1;
unsigned has_con_broken_csi3j : 1;
unsigned has_con_broken_il_dl : 1;
@@ -92,7 +91,6 @@ public:
bool IMPLEMENT (has_posix_unlink_semantics_with_ignore_readonly)
bool IMPLEMENT (has_case_sensitive_dirs)
bool IMPLEMENT (has_posix_rename_semantics)
- bool IMPLEMENT (no_msv1_0_s4u_logon_in_wow64)
bool IMPLEMENT (has_con_24bit_colors)
bool IMPLEMENT (has_con_broken_csi3j)
bool IMPLEMENT (has_con_broken_il_dl)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-05-13 12:38 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-13 12:38 [newlib-cygwin] Cygwin: wincap: drop no_msv1_0_s4u_logon_in_wow64 flag and related code Corinna Vinschen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).