* Makefile.in (LIBS): Re-add advapi32.dll. Explain why.

	* make-64bit-version-with-mingw-w64.sh (LIBS): Ditto.
	* cyglsa.c: Drop NTDLL function declarations.  Use equivalent advapi32
	functions again, throughout.
	* cyglsa64.dll: Regenerate.

5 files changed, 36 insertions, 30 deletions

diff --git a/winsup/lsaauth/ChangeLog b/winsup/lsaauth/ChangeLog
index bbb763a..b78696a 100644
--- a/winsup/lsaauth/ChangeLog
+++ b/winsup/lsaauth/ChangeLog
@@ -1,3 +1,11 @@
+2012-05-29  Corinna Vinschen  <corinna@vinschen.de>
+
+	* Makefile.in (LIBS): Re-add advapi32.dll.  Explain why.
+	* make-64bit-version-with-mingw-w64.sh (LIBS): Ditto.
+	* cyglsa.c: Drop NTDLL function declarations.  Use equivalent advapi32
+	functions again, throughout.
+	* cyglsa64.dll: Regenerate.
+
 2011-05-10  Corinna Vinschen  <corinna@vinschen.de>
 
 	* Makefile.in: Don't override CC.
diff --git a/winsup/lsaauth/Makefile.in b/winsup/lsaauth/Makefile.in
index 948c08b..bb585df 100644
--- a/winsup/lsaauth/Makefile.in
+++ b/winsup/lsaauth/Makefile.in
@@ -41,7 +41,11 @@ ifdef MINGW_CC
 override CC:=${MINGW_CC}
 endif
 
-LIBS		:= -lkernel32 -lntdll
+# Never again try to remove advapi32.  It does not matter if the DLL calls
+# advapi32 functions or the equivalent ntdll functions.
+# But if the LSA authentication DLL is not linked against advapi32, it's
+# not recognized by LSA.
+LIBS		:= -ladvapi32 -lkernel32 -lntdll
 
 DLL	:=	cyglsa.dll
 DEF_FILE:=	cyglsa.def
diff --git a/winsup/lsaauth/cyglsa.c b/winsup/lsaauth/cyglsa.c
index e64d0e1..341fdd1 100644
--- a/winsup/lsaauth/cyglsa.c
+++ b/winsup/lsaauth/cyglsa.c
@@ -1,6 +1,6 @@
 /* cyglsa.c: LSA authentication module for Cygwin
 
-   Copyright 2006, 2008, 2010, 2011 Red Hat, Inc.
+   Copyright 2006, 2008, 2010, 2011, 2012 Red Hat, Inc.
 
    Written by Corinna Vinschen <corinna@vinschen.de>
 
@@ -41,13 +41,6 @@ DllMain (HINSTANCE inst, DWORD reason, LPVOID res)
 #ifndef NT_SUCCESS
 #define NT_SUCCESS(s)	((s) >= 0)
 #endif
-NTSTATUS NTAPI NtAllocateLocallyUniqueId (PLUID);
-NTSTATUS NTAPI RtlCopySid (ULONG, PSID, PSID);
-NTSTATUS NTAPI RtlGetAce (PACL, ULONG, PVOID *);
-ULONG NTAPI RtlLengthSid (PSID);
-PULONG NTAPI RtlSubAuthoritySid (PSID, ULONG);
-PUCHAR NTAPI RtlSubAuthorityCountSid (PSID);
-BOOLEAN NTAPI RtlValidSid (PSID);
 /* These standard POSIX functions are implemented in NTDLL and exported.
    There's just no header to define them and using wchar.h from mingw
    or Cygwin seems wrong somehow. */
@@ -123,7 +116,7 @@ print_sid (const char *prefix, int idx, PISID sid)
     cyglsa_printf ("NULL\n");
   else if (IsBadReadPtr (sid, 8))
     cyglsa_printf ("INVALID POINTER\n");
-  else if (!RtlValidSid ((PSID) sid))
+  else if (!IsValidSid ((PSID) sid))
     cyglsa_printf ("INVALID SID\n");
   else if (IsBadReadPtr (sid, 8 + sizeof (DWORD) * sid->SubAuthorityCount))
     cyglsa_printf ("INVALID POINTER SPACE\n");
@@ -203,11 +196,9 @@ print_dacl (PACL dacl)
         {
 	  PVOID vace;
 	  PACCESS_ALLOWED_ACE ace;
-	  NTSTATUS stat;
 
-	  stat = RtlGetAce (dacl, i, &vace);
-	  if (!NT_SUCCESS (stat))
-	    cyglsa_printf ("[%lu] RtlGetAce status 0x%08lx\n", i, stat);
+	  if (!GetAce (dacl, i, &vace))
+	    cyglsa_printf ("[%lu] GetAce error %lu\n", i, GetLastError ());
 	  else
 	    {
 	      ace = (PACCESS_ALLOWED_ACE) vace;
@@ -503,8 +494,8 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
       tokinf->ExpirationTime = authinf->inf.ExpirationTime;
       /* User SID */
       src_sid = (PSID) (base + authinf->inf.User.User.Sid);
-      size = RtlLengthSid (src_sid);
-      RtlCopySid (size, (PSID) tptr, src_sid);
+      size = GetLengthSid (src_sid);
+      CopySid (size, (PSID) tptr, src_sid);
       tokinf->User.User.Sid = (PSID) tptr;
       tptr += size;
       tokinf->User.User.Attributes = authinf->inf.User.User.Attributes;
@@ -518,16 +509,16 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
       for (i = 0; i < src_grps->GroupCount; ++i)
 	{
 	  src_sid = (PSID) (base + src_grps->Groups[i].Sid);
-	  size = RtlLengthSid (src_sid);
-	  RtlCopySid (size, (PSID) tptr, src_sid);
+	  size = GetLengthSid (src_sid);
+	  CopySid (size, (PSID) tptr, src_sid);
 	  tokinf->Groups->Groups[i].Sid = (PSID) tptr;
 	  tptr += size;
 	  tokinf->Groups->Groups[i].Attributes = src_grps->Groups[i].Attributes;
 	}
       /* Primary Group SID */
       src_sid = (PSID) (base + authinf->inf.PrimaryGroup.PrimaryGroup);
-      size = RtlLengthSid (src_sid);
-      RtlCopySid (size, (PSID) tptr, src_sid);
+      size = GetLengthSid (src_sid);
+      CopySid (size, (PSID) tptr, src_sid);
       tokinf->PrimaryGroup.PrimaryGroup = (PSID) tptr;
       tptr += size;
       /* Privileges */
@@ -554,8 +545,7 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
 	 not done in the 64 bit code above for hopefully obvious reasons... */
       LUID logon_sid_id;
 
-      if (must_create_logon_sid
-	  && !NT_SUCCESS (NtAllocateLocallyUniqueId (&logon_sid_id)))
+      if (must_create_logon_sid && !AllocateLocallyUniqueId (&logon_sid_id))
 	return STATUS_INSUFFICIENT_RESOURCES;
 
       if (!(tokinf = funcs->AllocateLsaHeap (authinf->inf_size)))
@@ -575,13 +565,13 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
 		((PBYTE) tokinf + (LONG_PTR) tokinf->Groups->Groups[i].Sid);
 	  if (must_create_logon_sid
 	      && tokinf->Groups->Groups[i].Attributes & SE_GROUP_LOGON_ID
-	      && *RtlSubAuthorityCountSid (tokinf->Groups->Groups[i].Sid) == 3
-	      && *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 0)
+	      && *GetSidSubAuthorityCount (tokinf->Groups->Groups[i].Sid) == 3
+	      && *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 0)
 		 == SECURITY_LOGON_IDS_RID)
 	    {
-	      *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 1)
+	      *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 1)
 	      = logon_sid_id.HighPart;
-	      *RtlSubAuthoritySid (tokinf->Groups->Groups[i].Sid, 2)
+	      *GetSidSubAuthority (tokinf->Groups->Groups[i].Sid, 2)
 	      = logon_sid_id.LowPart;
 	    }
 	}
@@ -608,12 +598,12 @@ LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
 		(PVOID)((LONG_PTR) &authinf->inf + authinf->inf_size));
 
   /* Create logon session. */
-  stat = NtAllocateLocallyUniqueId (logon_id);
-  if (!NT_SUCCESS (stat))
+  if (!AllocateLocallyUniqueId (logon_id))
     {
       funcs->FreeLsaHeap (*tok);
       *tok = NULL;
-      cyglsa_printf ("NtAllocateLocallyUniqueId status 0x%08lx\n", stat);
+      cyglsa_printf ("AllocateLocallyUniqueId failed: Win32 error %lu\n",
+		     GetLastError ());
       return STATUS_INSUFFICIENT_RESOURCES;
     }
   stat = funcs->CreateLogonSession (logon_id);
diff --git a/winsup/lsaauth/cyglsa64.dll b/winsup/lsaauth/cyglsa64.dll
index 14f1f6c..f3324d2 100644
--- a/winsup/lsaauth/cyglsa64.dll
+++ b/winsup/lsaauth/cyglsa64.dll
diff --git a/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh b/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh
index a93daf8..4a8c37c 100644
--- a/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh
+++ b/winsup/lsaauth/make-64bit-version-with-mingw-w64.sh
@@ -20,6 +20,10 @@ set -e
 CC="x86_64-w64-mingw32-gcc"
 CFLAGS="-fno-exceptions -O0 -Wall -Werror"
 LDFLAGS="-s -nostdlib -Wl,--entry,DllMain,--major-os-version,5,--minor-os-version,2"
-LIBS="-lkernel32 -lntdll"
+# Never again try to remove advapi32.  It does not matter if the DLL calls
+# advapi32 functions or the equivalent ntdll functions.
+# But if the LSA authentication DLL is not linked against advapi32, it's
+# not recognized by LSA.
+LIBS="-ladvapi32 -lkernel32 -lntdll"
 
 $CC $CFLAGS $LDFLAGS -shared -o cyglsa64.dll cyglsa.c cyglsa64.def $LIBS