+#define HAS_CREATE_TOKEN 1
+#define HAS_NTSEC_BY_DEFAULT 2
+#define HAS_CREATE_TOKEN_WO_NTSEC 3
+
+static int
+has_capability(int what)
+{
+ static int inited;
+ static int has_create_token;
+ static int has_ntsec_by_default;
+ static int has_create_token_wo_ntsec;
+
+ /*
+ * has_capability() basically calls uname() and checks if
+ * specific capabilities of Cygwin can be evaluated from that.
+ * This simplifies the calling functions which only have to ask
+ * for a capability using has_capability() instead of having
+ * to figure that out by themselves.
+ */
+ if (!inited) {
+ struct utsname uts;
+
+ if (!uname(&uts)) {
+ int major_high = 0, major_low = 0, minor = 0;
+ int api_major_version = 0, api_minor_version = 0;
+ char *c;
+
+ sscanf(uts.release, "%d.%d.%d", &major_high,
+ &major_low, &minor);
+ if ((c = strchr(uts.release, '(')) != NULL) {
+ sscanf(c + 1, "%d.%d", &api_major_version,
+ &api_minor_version);
+ }
+ if (major_high > 1 ||
+ (major_high == 1 && (major_low > 3 ||
+ (major_low == 3 && minor >= 2))))
+ has_create_token = 1;
+ if (api_major_version > 0 || api_minor_version >= 56)
+ has_ntsec_by_default = 1;
+ if (major_high > 1 ||
+ (major_high == 1 && major_low >= 5))
+ has_create_token_wo_ntsec = 1;
+ inited = 1;
+ }
+ }
+ switch (what) {
+ case HAS_CREATE_TOKEN:
+ return (has_create_token);
+ case HAS_NTSEC_BY_DEFAULT:
+ return (has_ntsec_by_default);
+ case HAS_CREATE_TOKEN_WO_NTSEC:
+ return (has_create_token_wo_ntsec);
+ }
+ return (0);
+}
+
+int
+check_nt_auth(int pwd_authenticated, struct passwd *pw)