From: Achim Gratz <Stromeko@NexGo.DE>
To: cygwin@cygwin.com
Subject: Re: Windows Server 2012R2 64bit and 32bit Cygwin sshd
Date: Thu, 04 Sep 2014 14:12:00 -0000 [thread overview]
Message-ID: <loom.20140904T152825-543@post.gmane.org> (raw)
In-Reply-To: <20140904122845.GU6056@calimero.vinschen.de>
Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > I couldn't start cygserver as a service with (just) the built DLL in place.
>
> No idea why. The patch just adds debug output to strace ouptput, nothing
> else.
Whatever. I've installed all the binaries from that build and things work
normally now.
> > So I started it in debug mode from the command line (which makes it have
> > less rights than it needs) and started the sshd in debug mode also.
>
> In a cyg_server GUI session? If so, you should have all rights required
> when starting this in an elevated shell.
Not the token privileges, I don't think so. But I'm not sure how to check.
Here's the salient parts from the strace (attaching to the sshd running as a
service in sandbox mode, running with no privilege separation produces a
slightly different trace, but the events leading up to the error are the same):
262 1161585 [main] sshd 2044 getpid: 2044 = getpid()
10593 1172178 [main] sshd 2044 get_logon_server: DC: server: \\SC301
58 1172236 [main] sshd 2044 get_user_groups: Before NetUserGetGroups
--- Process 560, exception 00000005 at 75511D4D
6543 1178779 [main] sshd 2044 get_user_groups: After NetUserGetGroups ret = 5
56 1178835 [main] sshd 2044 seterrno_from_win_error:
../../../../source/cygwin-snapshot-20140903-1/winsup/cygwin/sec_auth.cc:265
windows error 5
36 1178871 [main] sshd 2044 geterrno_from_win_error: windows error 5 ==
errno 13
33 1178904 [main] sshd 2044 get_user_local_groups: Before
NetUserGetLocalGroups
--- Process 560, exception 00000005 at 75511D4D
7964 1186868 [main] sshd 2044 get_user_local_groups: After
NetUserGetLocalGroups ret = 5
50 1186918 [main] sshd 2044 seterrno_from_win_error:
../../../../source/cygwin-snapshot-20140903-1/winsup/cygwin/sec_auth.cc:318
windows error 5
38 1186956 [main] sshd 2044 geterrno_from_win_error: windows error 5 ==
errno 13
37 1186993 [main] sshd 2044 initgroups32: 0 = initgroups(gratz, 1049089)
It then proceeds to log on via the token and mounts the entries from my
personal fstab (that should fail if it was running as a different user for
some of the entries). After checking for /etc/nologin this happens:
35 5023308 [main] sshd 2248 setegid32: new egid: 1049089 current: 197121
41 5023349 [main] sshd 2248 setegid32: NtSetInformationToken (hProcToken,
TokenPrimaryGroup), 0xC000005B
3105 5026454 [main] sshd 2248 get_logon_server: DC: server: \\SC301
44 5026498 [main] sshd 2248 get_user_groups: Before NetUserGetGroups
--- Process 2248, exception 00000005 at 75511D4D
The process apparently gets killed while in the NetUserGetGroups call (much
as you suspected). I'm not sure this tells us anything new, though. :-(
Regards,
Achim.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2014-09-04 14:12 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-18 17:26 Achim Gratz
2014-08-19 13:37 ` Achim Gratz
2014-08-19 17:02 ` Corinna Vinschen
2014-08-19 17:21 ` Achim Gratz
2014-08-19 19:09 ` Corinna Vinschen
2014-08-19 19:21 ` Achim Gratz
2014-09-02 11:52 ` Achim Gratz
2014-09-02 14:07 ` Corinna Vinschen
2014-09-02 15:16 ` Achim Gratz
2014-09-02 15:38 ` Corinna Vinschen
2014-09-02 17:32 ` Achim Gratz
2014-09-03 7:17 ` Achim Gratz
2014-09-03 13:03 ` Achim Gratz
2014-09-03 13:37 ` Corinna Vinschen
2014-09-04 11:24 ` Achim Gratz
2014-09-04 12:28 ` Corinna Vinschen
2014-09-04 14:12 ` Achim Gratz [this message]
2014-09-04 14:59 ` Achim Gratz
2014-09-05 11:16 ` Corinna Vinschen
2014-09-05 11:56 ` Corinna Vinschen
2014-09-05 18:17 ` Achim Gratz
2014-09-03 13:26 ` Corinna Vinschen
2014-09-02 16:25 ` Achim Gratz
2014-09-02 19:14 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=loom.20140904T152825-543@post.gmane.org \
--to=stromeko@nexgo.de \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).