* cyglsa.h: New header file.

	* environ.cc: Disable subauth settings.
	* grp.cc: Accomodate cygsidlist's count now being a method.
	* sec_helper.cc (SECURITY_MANDATORY_INTEGRITY_AUTHORITY): Remove.
	(mandatory_medium_integrity_sid): Remove.
	(mandatory_high_integrity_sid): Remove.
	(mandatory_system_integrity_sid): Remove.
	(fake_logon_sid): Add.
	(cygsid::get_sid): Add well_known parameter.  Set well_known_sid
	accordingly.
	(cygsid::getfromstr): Ditto.
	(cygsidlist::alloc_sids): Move here from security.cc.
	(cygsidlist::free_sids): Ditto.
	(cygsidlist::add): Move here from security.h.  Add well_known parameter.
	Set well_known_sid accordingly.  Don't allow duplicate SIDs.
	* security.cc: Include cyglsa.h and cygwin/version.h.  Throughout
	accomodate cygsidlist's count now being a method.  Throughout drop
	redundant "contains" tests.
	(get_user_local_groups): Add local groups as well known SIDs.
	(get_token_group_sidlist): Add well known groups as well known SIDs.
	(get_server_groups): Ditto.  Only call get_unix_group_sidlist after
	get_user_local_groups to maintain "well_known_sid" attribute.
	(get_initgroups_sidlist): Add well known groups as well known SIDs.
	(get_setgroups_sidlist): Add usersid and struct passwd parameter to
	allow calling get_server_groups from here.
	(get_system_priv_list): Make static.  Return size of TOKEN_PRIVILEGES
	structure.
	(get_priv_list): Ditto.
	(create_token): Accomodate above changes.  Drop misguided attempt to
	add MIC SIDs to created user token.  Print returned token as hex value.
	(subauth): Disable.
	(lsaauth): New function implementing client side of LSA authentication.
	* security.h (class cygsid): Add well_known_sid attribute.  Accomodate
	throughout.  Add *= operator to create a well known SID.
	(class cygsidlist): Rename count to cnt.  Make count a method.
	(cygsidlist::add): Move to sec_helper.cc.
	(cygsidlist::operator *=): New method to add well known SID.
	(cygsidlist::non_well_known_count): New method returning number of
	non well known SIDs in list.
	(cygsidlist::next_non_well_known_sid): New method returning next non
	well known SID by index.
	(mandatory_medium_integrity_sid): Drop declaration.
	(mandatory_high_integrity_sid): Drop declaration.
	(mandatory_system_integrity_sid): Drop declaration.
	(fake_logon_sid): Add declaration.
	(subauth): Disable declaration.
	(lsaauth): Add declaration.
	* syscalls.cc (seteuid32): Disable subauthentication.  Add LSA
	authentication.
	* wincap.h: Define needs_logon_sid_in_sid_list throughout.
	* wincap.cc: Ditto.

1 files changed, 13 insertions, 0 deletions

diff --git a/winsup/cygwin/wincap.cc b/winsup/cygwin/wincap.cc
index 8879f9e06..85405bae1 100644
--- a/winsup/cygwin/wincap.cc
+++ b/winsup/cygwin/wincap.cc
@@ -69,6 +69,7 @@ static NO_COPY wincaps wincap_unknown = {
   has_exclusiveaddruse:false,
   has_buggy_restart_scan:false,
   has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };
 
 static NO_COPY wincaps wincap_95 = {
@@ -129,6 +130,7 @@ static NO_COPY wincaps wincap_95 = {
   has_exclusiveaddruse:false,
   has_buggy_restart_scan:false,
   has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };
 
 static NO_COPY wincaps wincap_95osr2 = {
@@ -189,6 +191,7 @@ static NO_COPY wincaps wincap_95osr2 = {
   has_exclusiveaddruse:false,
   has_buggy_restart_scan:false,
   has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };
 
 static NO_COPY wincaps wincap_98 = {
@@ -249,6 +252,7 @@ static NO_COPY wincaps wincap_98 = {
   has_exclusiveaddruse:false,
   has_buggy_restart_scan:false,
   has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };
 
 static NO_COPY wincaps wincap_98se = {
@@ -309,6 +313,7 @@ static NO_COPY wincaps wincap_98se = {
   has_exclusiveaddruse:false,
   has_buggy_restart_scan:false,
   has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };
 
 static NO_COPY wincaps wincap_me = {
@@ -369,6 +374,7 @@ static NO_COPY wincaps wincap_me = {
   has_exclusiveaddruse:false,
   has_buggy_restart_scan:false,
   has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };
 
 static NO_COPY wincaps wincap_nt3 = {
@@ -429,6 +435,7 @@ static NO_COPY wincaps wincap_nt3 = {
   has_exclusiveaddruse:false,
   has_buggy_restart_scan:false,
   has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:true,
 };
 
 static NO_COPY wincaps wincap_nt4 = {
@@ -489,6 +496,7 @@ static NO_COPY wincaps wincap_nt4 = {
   has_exclusiveaddruse:false,
   has_buggy_restart_scan:false,
   has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:true,
 };
 
 static NO_COPY wincaps wincap_nt4sp4 = {
@@ -549,6 +557,7 @@ static NO_COPY wincaps wincap_nt4sp4 = {
   has_exclusiveaddruse:true,
   has_buggy_restart_scan:false,
   has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:true,
 };
 
 static NO_COPY wincaps wincap_2000 = {
@@ -609,6 +618,7 @@ static NO_COPY wincaps wincap_2000 = {
   has_exclusiveaddruse:true,
   has_buggy_restart_scan:true,
   has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:true,
 };
 
 static NO_COPY wincaps wincap_xp = {
@@ -669,6 +679,7 @@ static NO_COPY wincaps wincap_xp = {
   has_exclusiveaddruse:true,
   has_buggy_restart_scan:false,
   has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };
 
 static NO_COPY wincaps wincap_2003 = {
@@ -729,6 +740,7 @@ static NO_COPY wincaps wincap_2003 = {
   has_exclusiveaddruse:true,
   has_buggy_restart_scan:false,
   has_mandatory_integrity_control:false,
+  needs_logon_sid_in_sid_list:false,
 };
 
 static NO_COPY wincaps wincap_vista = {
@@ -789,6 +801,7 @@ static NO_COPY wincaps wincap_vista = {
   has_exclusiveaddruse:true,
   has_buggy_restart_scan:false,
   has_mandatory_integrity_control:true,
+  needs_logon_sid_in_sid_list:false,
 };
 
 wincapc wincap __attribute__((section (".cygwin_dll_common"), shared));