From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-io1-f45.google.com (mail-io1-f45.google.com [209.85.166.45]) by sourceware.org (Postfix) with ESMTPS id 36C303849ADA for ; Wed, 24 Apr 2024 15:09:55 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 36C303849ADA Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=nrubsig.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 36C303849ADA Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=209.85.166.45 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713971398; cv=none; b=YBmy2kO18cnJRCuI9ZuSDuKj8nLsSe43DIwWwQLZUIsB4/9Yn+hpZCPoFj5hXqV7uF92Kms5tJJRCxQU3iZcoBcwVDdfOCuo1laJXju88NybMXsr3CfDLIdBoTf7vLOJfwMPNAqyShK3YFM4DEr9bWa87I05UcLYp7l1KADg53U= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713971398; c=relaxed/simple; bh=/9ytI1fR/PrAhI+xEi+BWAhD3fk7v4czgeePuc5rH+g=; h=MIME-Version:From:Date:Message-ID:Subject:To; b=kDsGeUGnsRVOPQTvA450OFVnANqWJJw2MX1AyJq82piSGS4FLmX9u6qudFz1DTr68pBZgxrFP/35I0eInS8MEZ+uEL6yqekQBCYzM6p2H5RNqpjB2mq4AFgWPVxRlEpMcWGKT6pAuuVMoDvZu2++1NUXUO07GF/L0XqI9P00H9g= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-io1-f45.google.com with SMTP id ca18e2360f4ac-7de80bc1f7cso75456939f.0 for ; Wed, 24 Apr 2024 08:09:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713971394; x=1714576194; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=0Rn27XqFUY7X0uNBwuqoL3Et6uJQn6/HYJH6rxH6sDo=; b=pyTLiphopWQA7SE9cd8zypbcc4WkU2MWC1cqkrC9ux8JP2fDM5CDmhCvVzQ/ZuiZdz Jjuez7SGLhbQsl/SJ3y/pN/N9C74GVS9OE3o4rUMvnTigPwdR9NTsNdd8Wb7M6LCRtUn zBhqq4FOI4hH/yw8X8U/dlMeUgW8soqB8GJVWiUUq1tIhfq/m+emXnGFblfVDQRnFj1o Nz9I7fERQrV/LePnr8B6mymJcDGYLPtrYNPDys7ZPsNVHUa5AGYXMYEawuG673gy9Oci VaytkNafqIYDGooatnK4kSDJPK9Sl0Ws4uUN00Ryv4pM6GFBI8MsgZQK8COEfdY0oKke RfQQ== X-Gm-Message-State: AOJu0Yxwo6FEP1dPdDxPOppt1i5SOhkHev0UUj+Iz91qb5iivCwrhkfR O0NKht8NWQjbxIAeFx17zdym9e9cBiCqoLxV6EhlgXvAmPY7ue+hNEirIobKJ2Y2HHhWbLd4eNj FGaA/Gs+4niQlgKPxyd6oHDx6JOPr4DUw X-Google-Smtp-Source: AGHT+IFHM11EEa+eFYrnYk7CIPZP2P7csKvW4gIbvFkFETn8lRwUgkoWGCz47Mr0xQNDFzOBtNAHOgoDWWQUt8I3Zl8= X-Received: by 2002:a6b:f315:0:b0:7da:1b06:8018 with SMTP id m21-20020a6bf315000000b007da1b068018mr3635877ioh.10.1713971393911; Wed, 24 Apr 2024 08:09:53 -0700 (PDT) MIME-Version: 1.0 From: Roland Mainz Date: Wed, 24 Apr 2024 17:09:27 +0200 Message-ID: Subject: User impersonation in filesystem mini-redirector daemon works with cmd.exe but not Cygwin mintty.exe ? To: cygwin@cygwin.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi! ---- I'm working right now on a filesystem min-redirector with CYGWIN_NT-10.0-19045 3.6.0-0.115.g579064bf4d40.x86_64 and noticed a malfunction. The mini-rdr userland daemon is running as user "SYSTEM"; "SeImpersonatePrivilege" and "SeDelegateSessionUserImpersonatePrivilege" are enabled, so user impersonation is supposed to work... ... but the mini-rdr daemon can NOT do impersonation with requests from Cygwin mintty.exe or Cygwin/KDE konsole.exe, as it only gets a process token. But if I run the same application with cmd.exe, then impersonation in the min-rdr works and each thread properly gets a thread/impersonation token. Does anyone have an idea what might be the difference in this case, and how I can debug this further ? ---- Bye, Roland P.S.: Out of curiosity, I tried this with /usr/bin/newgrp, and in this case the min-rdr daemon also gets an impersonation token... -- __ . . __ (o.\ \/ /.o) roland.mainz@nrubsig.org \__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer /O /==\ O\ TEL +49 641 3992797 (;O/ \/ \O;)