Drop max_sys_priv wincap

Convert sys_privs to const struct with TOKEN_PRIVILEGES layout.
Drop function get_system_priv_list.  Just use pointer to sys_privs.

Dropping max_sys_priv from wincaps requires to make sure that the
bitfield is 8 byte aligned on x86_64, otherwise gcc (5.3 only?)
apparently breaks access to the bitfield (off by 4 bytes).

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

winsup/cygwin/sec_auth.cc

@@ -598,67 +598,74 @@ get_setgroups_sidlist (cygsidlist &tmp_list, PSID usersid,
   tmp_list += groups.pgsid;
 }
 
-static ULONG sys_privs[] = {
-  SE_CREATE_TOKEN_PRIVILEGE,
-  SE_ASSIGNPRIMARYTOKEN_PRIVILEGE,
-  SE_LOCK_MEMORY_PRIVILEGE,
-  SE_INCREASE_QUOTA_PRIVILEGE,
-  SE_TCB_PRIVILEGE,
-  SE_SECURITY_PRIVILEGE,
-  SE_TAKE_OWNERSHIP_PRIVILEGE,
-  SE_LOAD_DRIVER_PRIVILEGE,
-  SE_SYSTEM_PROFILE_PRIVILEGE,		/* Vista ONLY */
-  SE_SYSTEMTIME_PRIVILEGE,
-  SE_PROF_SINGLE_PROCESS_PRIVILEGE,
-  SE_INC_BASE_PRIORITY_PRIVILEGE,
-  SE_CREATE_PAGEFILE_PRIVILEGE,
-  SE_CREATE_PERMANENT_PRIVILEGE,
-  SE_BACKUP_PRIVILEGE,
-  SE_RESTORE_PRIVILEGE,
-  SE_SHUTDOWN_PRIVILEGE,
-  SE_DEBUG_PRIVILEGE,
-  SE_AUDIT_PRIVILEGE,
-  SE_SYSTEM_ENVIRONMENT_PRIVILEGE,
-  SE_CHANGE_NOTIFY_PRIVILEGE,
-  SE_UNDOCK_PRIVILEGE,
-  SE_MANAGE_VOLUME_PRIVILEGE,
-  SE_IMPERSONATE_PRIVILEGE,
-  SE_CREATE_GLOBAL_PRIVILEGE,
-  SE_INCREASE_WORKING_SET_PRIVILEGE,
-  SE_TIME_ZONE_PRIVILEGE,
-  SE_CREATE_SYMBOLIC_LINK_PRIVILEGE
-};
-
-#define SYSTEM_PRIVILEGES_COUNT (sizeof sys_privs / sizeof *sys_privs)
-
-static PTOKEN_PRIVILEGES
-get_system_priv_list (size_t &size)
+/* Fixed size TOKEN_PRIVILEGES list to reflect privileges given to the
+   SYSTEM account by default. */
+const struct
 {
-  ULONG max_idx = 0;
-  while (max_idx < SYSTEM_PRIVILEGES_COUNT
-	 && sys_privs[max_idx] != wincap.max_sys_priv ())
-    ++max_idx;
-  if (max_idx >= SYSTEM_PRIVILEGES_COUNT)
-    api_fatal ("Coding error: wincap privilege %u doesn't exist in sys_privs",
-	       wincap.max_sys_priv ());
-  size = sizeof (ULONG) + (max_idx + 1) * sizeof (LUID_AND_ATTRIBUTES);
-  PTOKEN_PRIVILEGES privs = (PTOKEN_PRIVILEGES) malloc (size);
-  if (!privs)
-    {
-      debug_printf ("malloc (system_privs) failed.");
-      return NULL;
-    }
-  privs->PrivilegeCount = 0;
-  for (ULONG i = 0; i <= max_idx; ++i)
-    {
-      privs->Privileges[privs->PrivilegeCount].Luid.HighPart = 0L;
-      privs->Privileges[privs->PrivilegeCount].Luid.LowPart = sys_privs[i];
-      privs->Privileges[privs->PrivilegeCount].Attributes =
-	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT;
-      ++privs->PrivilegeCount;
-    }
-  return privs;
-}
+  DWORD PrivilegeCount;
+  LUID_AND_ATTRIBUTES Privileges[28];
+} sys_privs =
+{
+  28,
+  {
+    { { SE_CREATE_TOKEN_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_ASSIGNPRIMARYTOKEN_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_LOCK_MEMORY_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_INCREASE_QUOTA_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_TCB_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_SECURITY_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_TAKE_OWNERSHIP_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_LOAD_DRIVER_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_SYSTEM_PROFILE_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_SYSTEMTIME_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_PROF_SINGLE_PROCESS_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_INC_BASE_PRIORITY_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_CREATE_PAGEFILE_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_CREATE_PERMANENT_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_BACKUP_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_RESTORE_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_SHUTDOWN_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_DEBUG_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_AUDIT_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_SYSTEM_ENVIRONMENT_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_CHANGE_NOTIFY_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_UNDOCK_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_MANAGE_VOLUME_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_IMPERSONATE_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_CREATE_GLOBAL_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_INCREASE_WORKING_SET_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_TIME_ZONE_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
+    { { SE_CREATE_SYMBOLIC_LINK_PRIVILEGE, 0 },
+	SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }
+  }
+};
 
 static PTOKEN_PRIVILEGES
 get_priv_list (LSA_HANDLE lsa, cygsid &usersid, cygsidlist &grp_list,
@@ -672,7 +679,7 @@ get_priv_list (LSA_HANDLE lsa, cygsid &usersid, cygsidlist &grp_list,
     {
       if (mandatory_integrity_sid)
 	*mandatory_integrity_sid = mandatory_system_integrity_sid;
-      return get_system_priv_list (size);
+      return (PTOKEN_PRIVILEGES) &sys_privs;
     }
 
   if (mandatory_integrity_sid)