5 files changed, 152 insertions, 159 deletions
diff --git a/winsup/cygwin/environ.cc b/winsup/cygwin/environ.cc
index 6ba1469f4..9248e8396 100644
--- a/winsup/cygwin/environ.cc
+++ b/winsup/cygwin/environ.cc
@@ -83,21 +83,8 @@ set_winsymlinks (const char *buf)
     allow_winsymlinks = WSYM_lnk;
   /* Make sure to try native symlinks only on systems supporting them. */
   else if (ascii_strncasematch (buf, "native", 6))
-    {
-      if (wincap.max_sys_priv () < SE_CREATE_SYMBOLIC_LINK_PRIVILEGE)
-	{
-	  if (!user_shared->warned_nonativesyms)
-	    {
-	      small_printf ("\"winsymlinks:%s\" option detected in CYGWIN environment variable.\n"
-			    "Native symlinks are not supported on Windows versions prior to\n"
-			    "Windows Vista/Server 2008.  This option will be ignored.\n", buf);
-	      user_shared->warned_nonativesyms = 1;
-	    }
-	}
-      else
-	allow_winsymlinks = ascii_strcasematch (buf + 6, "strict")
-			    ? WSYM_nativestrict : WSYM_native;
-    }
+    allow_winsymlinks = ascii_strcasematch (buf + 6, "strict")
+			? WSYM_nativestrict : WSYM_native;
 }
 
 /* The structure below is used to set up an array which is used to
diff --git a/winsup/cygwin/path.cc b/winsup/cygwin/path.cc
index eb4fc08ec..4ca8e0872 100644
--- a/winsup/cygwin/path.cc
+++ b/winsup/cygwin/path.cc
@@ -1759,15 +1759,7 @@ symlink_worker (const char *oldpath, const char *newpath, bool isdevice)
 	wsym_type = WSYM_lnk;
       /* AFS only supports native symlinks. */
       else if (win32_newpath.fs_is_afs ())
-	{
-	  /* Bail out if OS doesn't support native symlinks. */
-	  if (wincap.max_sys_priv () < SE_CREATE_SYMBOLIC_LINK_PRIVILEGE)
-	    {
-	      set_errno (EPERM);
-	      __leave;
-	    }
-	  wsym_type = WSYM_nativestrict;
-	}
+	wsym_type = WSYM_nativestrict;
       /* Don't try native symlinks on FSes not supporting reparse points. */
       else if ((wsym_type == WSYM_native || wsym_type == WSYM_nativestrict)
 	       && !(win32_newpath.fs_flags () & FILE_SUPPORTS_REPARSE_POINTS))
diff --git a/winsup/cygwin/sec_auth.cc b/winsup/cygwin/sec_auth.cc
index e8d1d9138..a3fbece40 100644
--- a/winsup/cygwin/sec_auth.cc
+++ b/winsup/cygwin/sec_auth.cc
@@ -598,67 +598,74 @@ get_setgroups_sidlist (cygsidlist &tmp_list, PSID usersid,
   tmp_list += groups.pgsid;
 }
 
-static ULONG sys_privs[] = {
-  SE_CREATE_TOKEN_PRIVILEGE,
-  SE_ASSIGNPRIMARYTOKEN_PRIVILEGE,
-  SE_LOCK_MEMORY_PRIVILEGE,
-  SE_INCREASE_QUOTA_PRIVILEGE,
-  SE_TCB_PRIVILEGE,
-  SE_SECURITY_PRIVILEGE,
-  SE_TAKE_OWNERSHIP_PRIVILEGE,
-  SE_LOAD_DRIVER_PRIVILEGE,
-  SE_SYSTEM_PROFILE_PRIVILEGE,		/* Vista ONLY */
-  SE_SYSTEMTIME_PRIVILEGE,
-  SE_PROF_SINGLE_PROCESS_PRIVILEGE,
-  SE_INC_BASE_PRIORITY_PRIVILEGE,
-  SE_CREATE_PAGEFILE_PRIVILEGE,
-  SE_CREATE_PERMANENT_PRIVILEGE,
-  SE_BACKUP_PRIVILEGE,
-  SE_RESTORE_PRIVILEGE,
-  SE_SHUTDOWN_PRIVILEGE,
-  SE_DEBUG_PRIVILEGE,
-  SE_AUDIT_PRIVILEGE,
-  SE_SYSTEM_ENVIRONMENT_PRIVILEGE,
-  SE_CHANGE_NOTIFY_PRIVILEGE,
-  SE_UNDOCK_PRIVILEGE,
-  SE_MANAGE_VOLUME_PRIVILEGE,
-  SE_IMPERSONATE_PRIVILEGE,
-  SE_CREATE_GLOBAL_PRIVILEGE,
-  SE_INCREASE_WORKING_SET_PRIVILEGE,
-  SE_TIME_ZONE_PRIVILEGE,
-  SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
-};
-
-#define SYSTEM_PRIVILEGES_COUNT (sizeof sys_privs / sizeof *sys_privs)
-
-static PTOKEN_PRIVILEGES
-get_system_priv_list (size_t &size)
+/* Fixed size TOKEN_PRIVILEGES list to reflect privileges given to the
+   SYSTEM account by default. */
+const struct
 {
-  ULONG max_idx = 0;
-  while (max_idx < SYSTEM_PRIVILEGES_COUNT
-	 && sys_privs[max_idx] != wincap.max_sys_priv ())
-    ++max_idx;
-  if (max_idx >= SYSTEM_PRIVILEGES_COUNT)
-    api_fatal ("Coding error: wincap privilege %u doesn't exist in sys_privs",
-	       wincap.max_sys_priv ());
-  size = sizeof (ULONG) + (max_idx + 1) * sizeof (LUID_AND_ATTRIBUTES);
-  PTOKEN_PRIVILEGES privs = (PTOKEN_PRIVILEGES) malloc (size);
-  if (!privs)
-    {
-      debug_printf ("malloc (system_privs) failed.");
-      return NULL;
-    }
-  privs->PrivilegeCount = 0;
-  for (ULONG i = 0; i <= max_idx; ++i)
-    {
-      privs->Privileges[privs->PrivilegeCount].Luid.HighPart = 0L;
-      privs->Privileges[privs->PrivilegeCount].Luid.LowPart = sys_privs[i];
-      privs->Privileges[privs->PrivilegeCount].Attributes =
-	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT;
-      ++privs->PrivilegeCount;
-    }
-  return privs;
-}
+  DWORD PrivilegeCount;
+  LUID_AND_ATTRIBUTES Privileges[28];
+} sys_privs =
+{
+  28,
+  {
+    { { SE_CREATE_TOKEN_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_ASSIGNPRIMARYTOKEN_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_LOCK_MEMORY_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_INCREASE_QUOTA_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_TCB_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_SECURITY_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_TAKE_OWNERSHIP_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_LOAD_DRIVER_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_SYSTEM_PROFILE_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_SYSTEMTIME_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_PROF_SINGLE_PROCESS_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_INC_BASE_PRIORITY_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_CREATE_PAGEFILE_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_CREATE_PERMANENT_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_BACKUP_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_RESTORE_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_SHUTDOWN_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_DEBUG_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_AUDIT_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_SYSTEM_ENVIRONMENT_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_CHANGE_NOTIFY_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_UNDOCK_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_MANAGE_VOLUME_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_IMPERSONATE_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_CREATE_GLOBAL_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_INCREASE_WORKING_SET_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_TIME_ZONE_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }
+  }
+};
 
 static PTOKEN_PRIVILEGES
 get_priv_list (LSA_HANDLE lsa, cygsid &usersid, cygsidlist &grp_list,
@@ -672,7 +679,7 @@ get_priv_list (LSA_HANDLE lsa, cygsid &usersid, cygsidlist &grp_list,
     {
       if (mandatory_integrity_sid)
 	*mandatory_integrity_sid = mandatory_system_integrity_sid;
-      return get_system_priv_list (size);
+      return (PTOKEN_PRIVILEGES) &sys_privs;
     }
 
   if (mandatory_integrity_sid)
diff --git a/winsup/cygwin/wincap.cc b/winsup/cygwin/wincap.cc
index 2b8336dfb..cb52aad6f 100644
--- a/winsup/cygwin/wincap.cc
+++ b/winsup/cygwin/wincap.cc
@@ -19,82 +19,87 @@ details. */
 
 wincaps wincap_vista __attribute__((section (".cygwin_dll_common"), shared)) = {
   def_guard_pages:1,
-  max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE,
-  is_server:false,
-  needs_count_in_si_lpres2:true,
-  has_gaa_largeaddress_bug:true,
-  has_broken_alloc_console:false,
-  has_console_logon_sid:false,
-  has_precise_system_time:false,
-  has_microsoft_accounts:false,
-  has_processor_groups:false,
-  has_broken_prefetchvm:false,
-  has_new_pebteb_region:false,
-  has_broken_whoami:true,
+  {
+    is_server:false,
+    needs_count_in_si_lpres2:true,
+    has_gaa_largeaddress_bug:true,
+    has_broken_alloc_console:false,
+    has_console_logon_sid:false,
+    has_precise_system_time:false,
+    has_microsoft_accounts:false,
+    has_processor_groups:false,
+    has_broken_prefetchvm:false,
+    has_new_pebteb_region:false,
+    has_broken_whoami:true,
+  },
 };
 
 wincaps wincap_7 __attribute__((section (".cygwin_dll_common"), shared)) = {
   def_guard_pages:1,
-  max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE,
-  is_server:false,
-  needs_count_in_si_lpres2:false,
-  has_gaa_largeaddress_bug:true,
-  has_broken_alloc_console:true,
-  has_console_logon_sid:true,
-  has_precise_system_time:false,
-  has_microsoft_accounts:false,
-  has_processor_groups:true,
-  has_broken_prefetchvm:false,
-  has_new_pebteb_region:false,
-  has_broken_whoami:true,
+  {
+    is_server:false,
+    needs_count_in_si_lpres2:false,
+    has_gaa_largeaddress_bug:true,
+    has_broken_alloc_console:true,
+    has_console_logon_sid:true,
+    has_precise_system_time:false,
+    has_microsoft_accounts:false,
+    has_processor_groups:true,
+    has_broken_prefetchvm:false,
+    has_new_pebteb_region:false,
+    has_broken_whoami:true,
+  },
 };
 
 wincaps wincap_8 __attribute__((section (".cygwin_dll_common"), shared)) = {
   def_guard_pages:2,
-  max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE,
-  is_server:false,
-  needs_count_in_si_lpres2:false,
-  has_gaa_largeaddress_bug:false,
-  has_broken_alloc_console:true,
-  has_console_logon_sid:true,
-  has_precise_system_time:true,
-  has_microsoft_accounts:true,
-  has_processor_groups:true,
-  has_broken_prefetchvm:false,
-  has_new_pebteb_region:false,
-  has_broken_whoami:false,
+  {
+    is_server:false,
+    needs_count_in_si_lpres2:false,
+    has_gaa_largeaddress_bug:false,
+    has_broken_alloc_console:true,
+    has_console_logon_sid:true,
+    has_precise_system_time:true,
+    has_microsoft_accounts:true,
+    has_processor_groups:true,
+    has_broken_prefetchvm:false,
+    has_new_pebteb_region:false,
+    has_broken_whoami:false,
+  },
 };
 
 wincaps wincap_10 __attribute__((section (".cygwin_dll_common"), shared)) = {
   def_guard_pages:2,
-  max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE,
-  is_server:false,
-  needs_count_in_si_lpres2:false,
-  has_gaa_largeaddress_bug:false,
-  has_broken_alloc_console:true,
-  has_console_logon_sid:true,
-  has_precise_system_time:true,
-  has_microsoft_accounts:true,
-  has_processor_groups:true,
-  has_broken_prefetchvm:true,
-  has_new_pebteb_region:false,
-  has_broken_whoami:false,
+  {
+    is_server:false,
+    needs_count_in_si_lpres2:false,
+    has_gaa_largeaddress_bug:false,
+    has_broken_alloc_console:true,
+    has_console_logon_sid:true,
+    has_precise_system_time:true,
+    has_microsoft_accounts:true,
+    has_processor_groups:true,
+    has_broken_prefetchvm:true,
+    has_new_pebteb_region:false,
+    has_broken_whoami:false,
+  },
 };
 
 wincaps wincap_10_1511 __attribute__((section (".cygwin_dll_common"), shared)) = {
   def_guard_pages:2,
-  max_sys_priv:SE_CREATE_SYMBOLIC_LINK_PRIVILEGE,
-  is_server:false,
-  needs_count_in_si_lpres2:false,
-  has_gaa_largeaddress_bug:false,
-  has_broken_alloc_console:true,
-  has_console_logon_sid:true,
-  has_precise_system_time:true,
-  has_microsoft_accounts:true,
-  has_processor_groups:true,
-  has_broken_prefetchvm:false,
-  has_new_pebteb_region:true,
-  has_broken_whoami:false,
+  {
+    is_server:false,
+    needs_count_in_si_lpres2:false,
+    has_gaa_largeaddress_bug:false,
+    has_broken_alloc_console:true,
+    has_console_logon_sid:true,
+    has_precise_system_time:true,
+    has_microsoft_accounts:true,
+    has_processor_groups:true,
+    has_broken_prefetchvm:false,
+    has_new_pebteb_region:true,
+    has_broken_whoami:false,
+  },
 };
 
 wincapc wincap __attribute__((section (".cygwin_dll_common"), shared));
diff --git a/winsup/cygwin/wincap.h b/winsup/cygwin/wincap.h
index 14837f7e0..e32674fd1 100644
--- a/winsup/cygwin/wincap.h
+++ b/winsup/cygwin/wincap.h
@@ -11,19 +11,22 @@ details. */
 
 struct wincaps
 {
-  DWORD    def_guard_pages;
-  DWORD    max_sys_priv;
-  unsigned is_server                                    : 1;
-  unsigned needs_count_in_si_lpres2			: 1;
-  unsigned has_gaa_largeaddress_bug			: 1;
-  unsigned has_broken_alloc_console			: 1;
-  unsigned has_console_logon_sid			: 1;
-  unsigned has_precise_system_time			: 1;
-  unsigned has_microsoft_accounts			: 1;
-  unsigned has_processor_groups				: 1;
-  unsigned has_broken_prefetchvm			: 1;
-  unsigned has_new_pebteb_region			: 1;
-  unsigned has_broken_whoami				: 1;
+  DWORD def_guard_pages;
+  /* The bitfields must be 8 byte aligned on x86_64, otherwise the bitfield
+     ops generated by gcc are off by 4 bytes. */
+  struct  __attribute__ ((aligned (8))) {
+    unsigned is_server				: 1;
+    unsigned needs_count_in_si_lpres2		: 1;
+    unsigned has_gaa_largeaddress_bug		: 1;
+    unsigned has_broken_alloc_console		: 1;
+    unsigned has_console_logon_sid		: 1;
+    unsigned has_precise_system_time		: 1;
+    unsigned has_microsoft_accounts		: 1;
+    unsigned has_processor_groups		: 1;
+    unsigned has_broken_prefetchvm		: 1;
+    unsigned has_new_pebteb_region		: 1;
+    unsigned has_broken_whoami			: 1;
+  };
 };
 
 class wincapc
@@ -53,7 +56,6 @@ public:
   {
     return ((wincaps *) this->caps)->def_guard_pages * page_size ();
   }
-  DWORD IMPLEMENT (max_sys_priv)
   bool  IMPLEMENT (is_server)
   bool	IMPLEMENT (needs_count_in_si_lpres2)
   bool	IMPLEMENT (has_gaa_largeaddress_bug)