From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2155) id 6E3983858D35; Mon, 18 Nov 2024 16:26:14 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6E3983858D35 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1731947174; bh=X705XTX+HysCau+Cb2flhAEjrke33UD7nglFy2UWaV4=; h=Date:From:To:Subject:Reply-To:References:In-Reply-To:From; b=u3NvCB0iHslwDuanroE/A6UUHigXAPF+J/r74PKVDHDs8SggwmlzxwQhUawdu1qfA JZsgFwqlHEVld5cxxOqdoQiPamEh9cU3Nu+io2cfeicq6whtjHvFEZIPETaImVcnMy WwH1y+j3bO0tjmxBHOlX8BIxRM3WBNqB14OlO7bE= Received: by calimero.vinschen.de (Postfix, from userid 500) id 66FDBA814E0; Mon, 18 Nov 2024 17:26:12 +0100 (CET) Date: Mon, 18 Nov 2024 17:26:12 +0100 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: SMBFS mount's file cannot be made executable Message-ID: Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <20241112042937.740185a42d476993b4b1e31c@nifty.ne.jp> <20241112175427.750ae77a8086594a765862c5@nifty.ne.jp> <20241113181755.02289e8e8d9af7e19e8f4387@nifty.ne.jp> <20241114003740.e573d7ec79d35da76225c9f1@nifty.ne.jp> <20241114010807.99f46760b2240d472440c329@nifty.ne.jp> <20241116002122.3f4fd325a497eb4261ad80f4@nifty.ne.jp> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20241116002122.3f4fd325a497eb4261ad80f4@nifty.ne.jp> List-Id: On Nov 16 00:21, Takashi Yano via Cygwin wrote: > I built a test program, whose important part is: > > AUTHZ_RESOURCE_MANAGER_HANDLE hManager = NULL; > AUTHZ_CLIENT_CONTEXT_HANDLE hClient = NULL; > AUTHZ_ACCESS_REQUEST AccessRequest = {0}; > AUTHZ_ACCESS_REPLY AccessReply = {0}; > > AUTHZ_RPC_INIT_INFO_CLIENT authzRpcInitInfoClient = {0}; > > WCHAR ObjectUuid[] = L"9a81c2bd-a525-471d-a4ed-49907c0b23da"; > WCHAR ProtSeq[] = L"ncacn_ip_tcp"; > WCHAR NetworkAddr[] = L"localhost"; > WCHAR Endpoint[] = L"135"; > > authzRpcInitInfoClient.version = AUTHZ_INIT_INFO_VERSION_V1; > authzRpcInitInfoClient.ObjectUuid = ObjectUuid; > authzRpcInitInfoClient.ProtSeq = ProtSeq; > authzRpcInitInfoClient.NetworkAddr = NetworkAddr; > authzRpcInitInfoClient.Endpoint = Endpoint; > > AuthzInitializeRemoteResourceManager (&authzRpcInitInfoClient, &hManager); > > char buf[1024]; > PTOKEN_USER pTokenUser = (PTOKEN_USER) buf; > DWORD len; > > GetTokenInformation(hToken, TokenUser, pTokenUser, 1024, &len); > > LUID luid = {0,}; > AuthzInitializeContextFromSid(0, pTokenUser->User.Sid, hManager, > NULL, luid, NULL, &hClient); > > > This test code fails at AuthzInitializeContextFromSid() with > RPC_S_UNKNOWN_IF. If AuthzInitializeRemoteResourceManager() > is replaced with AuthzInitializeResourceManager(), the error > does not occur. > > I searched the combination of AuthzInitializeContextFromSid() > and RPC_S_UNKNOWN_IF, however nothing was found. RPC_S_UNKNOWN_IF means "unknown interface". I assume this error has nothing to do with AuthzInitializeContextFromSid(), but with the AuthzInitializeRemoteResourceManager() call. What I failed, though, is to find a working example for AuthzInitializeRemoteResourceManager(). > Any suggestion would be appreciated. As I said in my previous posting, maybe we don't really need AuthzInitializeRemoteResourceManager(). We can safely assume that the current user is already authorized on the SMB server. So... shouldn't AuthzInitializeResourceManager be sufficient and the code from class authz_ctx already does what we want? We may just have to use in in place of calling NtCheckAccess(), maybe with a tweak or two... Corinna