Initial release of the Cygwin subauthentication DLL.
* ChangeLog: New file.
        * Makefile.in: Ditto.
        * configure: Ditto. Generated from configure.in.
        * configure.in: Ditto.
        * cygsuba.c: Ditto.
        * cygsuba.din: Ditto.
			
			
This commit is contained in:
		
							
								
								
									
										9
									
								
								winsup/subauth/ChangeLog
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										9
									
								
								winsup/subauth/ChangeLog
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,9 @@ | ||||
| Fri May  4 15:06:00  Corinna Vinschen <corinna@vinschen.de> | ||||
|  | ||||
| 	Initial release of the Cygwin subauthentication DLL. | ||||
| 	* ChangeLog: New file. | ||||
| 	* Makefile.in: Ditto. | ||||
| 	* configure: Ditto. Generated from configure.in. | ||||
| 	* configure.in: Ditto. | ||||
| 	* cygsuba.c: Ditto. | ||||
| 	* cygsuba.din: Ditto. | ||||
							
								
								
									
										89
									
								
								winsup/subauth/Makefile.in
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										89
									
								
								winsup/subauth/Makefile.in
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,89 @@ | ||||
| # Copyright (c) 2001, Red Hat, Inc. | ||||
| # | ||||
| #     This program is free software; you can redistribute it and/or modify | ||||
| #     it under the terms of the GNU General Public License as published by | ||||
| #     the Free Software Foundation; either version 2 of the License, or | ||||
| #     (at your option) any later version. | ||||
| # | ||||
| #     A copy of the GNU General Public License can be found at | ||||
| #     http://www.gnu.org/ | ||||
| # | ||||
| # Written by Corinna Vinschen <vinschen@redhat.de> | ||||
| # | ||||
| # Makefile for Cygwin subauthentication DLL. | ||||
|  | ||||
| SHELL := @SHELL@ | ||||
|  | ||||
| srcdir          := @srcdir@ | ||||
| VPATH           := @srcdir@ | ||||
| prefix          := @prefix@ | ||||
| exec_prefix     := @exec_prefix@ | ||||
|  | ||||
| bindir          := @bindir@ | ||||
| etcdir          := $(exec_prefix)/etc | ||||
|  | ||||
| program_transform_name := @program_transform_name@ | ||||
|  | ||||
| INSTALL         := @INSTALL@ | ||||
| INSTALL_PROGRAM := @INSTALL_PROGRAM@ | ||||
| INSTALL_DATA    := @INSTALL_DATA@ | ||||
|  | ||||
| CC              := @CC@ | ||||
| CC_FOR_TARGET   := $(CC) | ||||
|  | ||||
| CFLAGS          := @CFLAGS@ -nostdinc | ||||
|  | ||||
| include $(srcdir)/../Makefile.common | ||||
|  | ||||
| WIN32_COMMON	:= -mno-cygwin | ||||
| WIN32_INCLUDES  := -I. -I$(srcdir) -I$(w32api_include) | ||||
| WIN32_CFLAGS    := $(CFLAGS) $(WIN32_COMMON) $(WIN32_INCLUDES) | ||||
| WIN32_LDFLAGS	:= $(CFLAGS) $(WIN32_COMMON) -L$(mingw_build) -nostdlib -Wl,-shared | ||||
|  | ||||
| STARTFILE	:= $(mingw_build)/dllcrt2.o | ||||
| LIBS		:= -lmingw32 -lkernel32 | ||||
|  | ||||
| DLL	:=	cygsuba.dll | ||||
| DEF_FILE:=	cygsuba.def | ||||
|  | ||||
| OBJ	=	cygsuba.o | ||||
|  | ||||
| .SUFFIXES: | ||||
| .NOEXPORT: | ||||
|  | ||||
| all: Makefile $(DLL) | ||||
|  | ||||
| $(DEF_FILE): cygsuba.din config.status | ||||
| 	$(SHELL) config.status | ||||
|  | ||||
| $(DLL): $(OBJ) $(DEF_FILE) | ||||
| ifdef VERBOSE | ||||
| 	$(CC) -s $(WIN32_LDFLAGS) -o $@ $(DEF_FILE) $(STARTFILE) $(OBJ) $(LIBS) | ||||
| else | ||||
| 	@echo $(CC) .. -o $@ $(OBJ) | ||||
| 	@$(CC) -s $(WIN32_LDFLAGS) -o $@ $(DEF_FILE) $(STARTFILE) $(OBJ) $(LIBS) | ||||
| endif | ||||
|  | ||||
| .PHONY: all install clean realclean | ||||
|  | ||||
| realclean: clean | ||||
| 	rm -f  Makefile config.cache | ||||
|  | ||||
| clean: | ||||
| 	rm *.o *.dll | ||||
|  | ||||
| install: all | ||||
| 	$(SHELL) $(updir1)/mkinstalldirs $(bindir) | ||||
| 	for i in $(PROGS) ; do \ | ||||
| 	  n=`echo $$i | sed '$(program_transform_name)'`; \ | ||||
| 	  $(INSTALL_PROGRAM) $$i $(bindir)/$$n; \ | ||||
| 	done | ||||
|  | ||||
| %.o: %.c | ||||
| ifdef VERBOSE | ||||
| 	$(CC) $(WIN32_CFLAGS) -c -o $@ $< | ||||
| else | ||||
| 	@echo $(CC) -c $(CFLAGS) ... $(<F) | ||||
| 	@$(CC) $(WIN32_CFLAGS) -c -o $@ $< | ||||
| endif | ||||
|  | ||||
							
								
								
									
										1253
									
								
								winsup/subauth/configure
									
									
									
									
										vendored
									
									
										Executable file
									
								
							
							
						
						
									
										1253
									
								
								winsup/subauth/configure
									
									
									
									
										vendored
									
									
										Executable file
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							
							
								
								
									
										91
									
								
								winsup/subauth/configure.in
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										91
									
								
								winsup/subauth/configure.in
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,91 @@ | ||||
| dnl Copyright (c) 2001, Red Hat, Inc. | ||||
| dnl | ||||
| dnl     This program is free software; you can redistribute it and/or modify | ||||
| dnl     it under the terms of the GNU General Public License as published by | ||||
| dnl     the Free Software Foundation; either version 2 of the License, or | ||||
| dnl     (at your option) any later version. | ||||
| dnl | ||||
| dnl     A copy of the GNU General Public License can be found at | ||||
| dnl     http://www.gnu.org/ | ||||
| dnl | ||||
| dnl Written by Christopher Faylor <cgf@redhat.com> | ||||
| dnl Changed for subauth subdir by Corinna Vinschen <vinschen@redhat.com> | ||||
|  | ||||
| dnl Autoconf configure script for Cygwin utilities. | ||||
| dnl | ||||
| dnl Process this file with autoconf to produce a configure script. | ||||
|  | ||||
| AC_PREREQ(2.12) | ||||
|  | ||||
| AC_INIT(Makefile.in) | ||||
|  | ||||
| dnl FIXME: We temporarily define our own version of AC_PROG_CC.  This is | ||||
| dnl copied from autoconf 2.12, but does not call AC_PROG_CC_WORKS.  We | ||||
| dnl are probably using a cross compiler, which will not be able to fully | ||||
| dnl link an executable.  This should really be fixed in autoconf | ||||
| dnl itself. | ||||
|  | ||||
| AC_DEFUN(LIB_AC_PROG_CC, | ||||
| [AC_BEFORE([$0], [AC_PROG_CPP])dnl | ||||
| AC_CHECK_PROG(CC, gcc, gcc) | ||||
| if test -z "$CC"; then | ||||
|   AC_CHECK_PROG(CC, cc, cc, , , /usr/ucb/cc) | ||||
|   test -z "$CC" && AC_MSG_ERROR([no acceptable cc found in \$PATH]) | ||||
| fi | ||||
|  | ||||
| AC_PROG_CC_GNU | ||||
|  | ||||
| if test $ac_cv_prog_gcc = yes; then | ||||
|   GCC=yes | ||||
| dnl Check whether -g works, even if CFLAGS is set, in case the package | ||||
| dnl plays around with CFLAGS (such as to build both debugging and | ||||
| dnl normal versions of a library), tasteless as that idea is. | ||||
|   ac_test_CFLAGS="${CFLAGS+set}" | ||||
|   ac_save_CFLAGS="$CFLAGS" | ||||
|   CFLAGS= | ||||
|   AC_PROG_CC_G | ||||
|   if test "$ac_test_CFLAGS" = set; then | ||||
|     CFLAGS="$ac_save_CFLAGS" | ||||
|   elif test $ac_cv_prog_cc_g = yes; then | ||||
|     CFLAGS="-g -O2" | ||||
|   else | ||||
|     CFLAGS="-O2" | ||||
|   fi | ||||
| else | ||||
|   GCC= | ||||
|   test "${CFLAGS+set}" = set || CFLAGS="-g" | ||||
| fi | ||||
| ]) | ||||
|  | ||||
| AC_DEFUN(LIB_AC_PROG_CXX, | ||||
| [AC_BEFORE([$0], [AC_PROG_CPP])dnl | ||||
| AC_CHECK_TOOL(CXX, g++, g++) | ||||
| if test -z "$CXX"; then | ||||
|   AC_CHECK_PROG(CXX, c++, c++, , , ) | ||||
|   test -z "$CC" && AC_MSG_ERROR([no acceptable cc found in \$PATH]) | ||||
| fi | ||||
|  | ||||
| CXXFLAGS='$(CFLAGS)' | ||||
| ]) | ||||
|  | ||||
| AC_CANONICAL_SYSTEM | ||||
|  | ||||
| LIB_AC_PROG_CC | ||||
| LIB_AC_PROG_CXX | ||||
|  | ||||
| AC_ARG_PROGRAM | ||||
|  | ||||
| if test "x$cross_compiling" = "xyes"; then | ||||
|   if test "x$program_transform_name" = "xs,x,x,"; then | ||||
|     program_transform_name="" | ||||
|   fi | ||||
|   if test "x$program_transform_name" = "x"; then | ||||
|     program_transform_name="s,^,$host-," | ||||
|   else | ||||
|     program_transform_name="$program_transform_name -e s,^,$host-," | ||||
|   fi | ||||
| fi | ||||
|  | ||||
| AC_PROG_INSTALL | ||||
|  | ||||
| AC_OUTPUT(Makefile cygsuba.def:cygsuba.din) | ||||
							
								
								
									
										141
									
								
								winsup/subauth/cygsuba.c
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										141
									
								
								winsup/subauth/cygsuba.c
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,141 @@ | ||||
| /* cygsuba.c: Minimal subauthentication functionality to support | ||||
|               logon without password. | ||||
|  | ||||
|    Copyright 2001 Red Hat, Inc. | ||||
|  | ||||
| Written by Corinna Vinschen <vinschen@redhat.com> | ||||
|  | ||||
| This file is part of Cygwin. | ||||
|  | ||||
| This software is a copyrighted work licensed under the terms of the | ||||
| Cygwin license.  Please consult the file "CYGWIN_LICENSE" for | ||||
| details. */ | ||||
|  | ||||
| #include <windows.h> | ||||
| #include <subauth.h> | ||||
| #include <ntsecapi.h> | ||||
|  | ||||
| NTSTATUS NTAPI | ||||
| Msv1_0SubAuthenticationRoutine (NETLOGON_LOGON_INFO_CLASS logon_level, | ||||
| 				VOID *logon_inf, | ||||
| 				ULONG flags, | ||||
| 				USER_ALL_INFORMATION *usr_inf, | ||||
| 				ULONG *which, | ||||
| 				ULONG *usr_flags, | ||||
| 				BOOLEAN *auth, | ||||
| 				LARGE_INTEGER *logoff, | ||||
| 				LARGE_INTEGER *kickoff) | ||||
| { | ||||
|   ULONG valid_account = USER_NORMAL_ACCOUNT; | ||||
|   if (!(flags & MSV1_0_PASSTHRU)) | ||||
|     valid_account |= USER_TEMP_DUPLICATE_ACCOUNT; | ||||
|  | ||||
|   *which = *usr_flags = 0; | ||||
|  | ||||
|   /* Not a Network logon?  | ||||
|      TODO: How do I manage an interactive logon using a subauthentication | ||||
|      package??? The logon_level "interactive" is available but I never | ||||
|      got it working. I assume that's the reason I don't get a legal | ||||
|      logon session so that I can connect to network drives. */ | ||||
|   if (logon_level != NetlogonNetworkInformation) | ||||
|     { | ||||
|       *auth = TRUE; | ||||
|       return STATUS_INVALID_INFO_CLASS; | ||||
|     } | ||||
|  | ||||
|   /* Account type ok? */ | ||||
|   if (!(usr_inf->UserAccountControl & valid_account)) | ||||
|     { | ||||
|       *auth = FALSE; | ||||
|       return STATUS_NO_SUCH_USER; | ||||
|     } | ||||
|  | ||||
|   /* Guest logon? */ | ||||
|   if (flags & MSV1_0_GUEST_LOGON) | ||||
|     *usr_flags = LOGON_GUEST; | ||||
|  | ||||
| #if defined (SSHD) | ||||
|   /* The same code could be used to allow the DLL checking for | ||||
|      SSH RSA/DSA keys. For that purpose, SSH would need it's | ||||
|      own implementation with the below field used to transport | ||||
|      the keys which have to be checked. This could be used to | ||||
|      allow secure logon with RSA/DSA instead of passwords. | ||||
|      Of course that needs lots of additions to the code... */ | ||||
|   { | ||||
|     PNETLOGON_NETWORK_INFO nw_inf = (PNETLOGON_NETWORK_INFO) logon_inf; | ||||
|  | ||||
|     /* | ||||
|         nw_inf->LmChallenge.data <=> | ||||
| 			MSV1_0_LM20_LOGON::ChallengeToClient | ||||
|         nw_inf->NtChallengeResponse <=> | ||||
| 			MSV1_0_LM20_LOGON::CaseSensitiveChallengeResponse | ||||
|         nw_inf->LmChallengeResponse <=> | ||||
| 			MSV1_0_LM20_LOGON::CaseInsensitiveChallengeResponse | ||||
|     */ | ||||
|     if (authentication_failed) | ||||
|       { | ||||
|         *auth = (usr_inf->UserAccountControl & USER_ACCOUNT_DISABLED) ? | ||||
| 		         FALSE : TRUE; | ||||
|         return STATUS_WRONG_PASSWORD; | ||||
|       } | ||||
|   } | ||||
| #endif | ||||
|  | ||||
|   /* All accounts except for the local admin are checked for being | ||||
|      locked out or disabled or expired. */ | ||||
|   if (usr_inf->UserId != DOMAIN_USER_RID_ADMIN) | ||||
|     { | ||||
|       SYSTEMTIME CurrentTime; | ||||
|       LARGE_INTEGER LogonTime; | ||||
|  | ||||
|       /* Account locked out? */ | ||||
|       if (usr_inf->UserAccountControl & USER_ACCOUNT_AUTO_LOCKED) | ||||
| 	{ | ||||
| 	  *auth = (usr_inf->UserAccountControl & USER_ACCOUNT_DISABLED) ? | ||||
| 			   FALSE : TRUE; | ||||
| 	  return STATUS_ACCOUNT_LOCKED_OUT; | ||||
| 	} | ||||
|  | ||||
|       /* Account disabled? */ | ||||
|       if (usr_inf->UserAccountControl & USER_ACCOUNT_DISABLED) | ||||
|         { | ||||
|           *auth = FALSE; | ||||
|           return STATUS_ACCOUNT_DISABLED; | ||||
|         } | ||||
|  | ||||
|       /* Account expired? */ | ||||
|       GetSystemTime (&CurrentTime); | ||||
|       SystemTimeToFileTime(&CurrentTime, (LPFILETIME) &LogonTime); | ||||
|       if (usr_inf->AccountExpires.QuadPart && | ||||
|           LogonTime.QuadPart >= usr_inf->AccountExpires.QuadPart) | ||||
| 	{ | ||||
|           *auth = TRUE; | ||||
|           return STATUS_ACCOUNT_EXPIRED; | ||||
|         } | ||||
|     } | ||||
|  | ||||
|   /* Don't force logout. */ | ||||
|   logoff->HighPart = 0x7FFFFFFF; | ||||
|   logoff->LowPart = 0xFFFFFFFF; | ||||
|   kickoff->HighPart = 0x7FFFFFFF; | ||||
|   kickoff->LowPart = 0xFFFFFFFF; | ||||
|  | ||||
|   *auth = TRUE; | ||||
|   return STATUS_SUCCESS; | ||||
| } | ||||
|  | ||||
| NTSTATUS NTAPI | ||||
| Msv1_0SubAuthenticationFilter (NETLOGON_LOGON_INFO_CLASS logon_level, | ||||
| 			       VOID *logon_inf, | ||||
| 			       ULONG flags, | ||||
| 			       USER_ALL_INFORMATION *usr_inf, | ||||
| 			       ULONG *which, | ||||
| 			       ULONG *usr_flags, | ||||
| 			       BOOLEAN *auth, | ||||
| 			       LARGE_INTEGER *logoff, | ||||
| 			       LARGE_INTEGER *kickoff) | ||||
| { | ||||
|   return Msv1_0SubAuthenticationRoutine (logon_level, logon_inf, flags, | ||||
|   					 usr_inf, which, usr_flags, | ||||
| 					 auth, logoff, kickoff); | ||||
| } | ||||
							
								
								
									
										5
									
								
								winsup/subauth/cygsuba.din
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										5
									
								
								winsup/subauth/cygsuba.din
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,5 @@ | ||||
| LIBRARY "cygsuba" | ||||
|  | ||||
| EXPORTS | ||||
| Msv1_0SubAuthenticationRoutine = Msv1_0SubAuthenticationRoutine@36 | ||||
| Msv1_0SubAuthenticationFilter = Msv1_0SubAuthenticationFilter@36 | ||||
		Reference in New Issue
	
	Block a user