delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2002/04/17/11:22:57

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Wed, 17 Apr 2002 11:25:53 -0400
From: Jason Tishler <jason AT tishler DOT net>
Subject: Re: sshd/cron seteuid() problem in latest CVS
In-reply-to: <20020415131809.J29277@cygbert.vinschen.de>
To: cygwin AT cygwin DOT com
Mail-followup-to: cygwin AT cygwin DOT com
Message-id: <20020417152553.GA1344@tishler.net>
MIME-version: 1.0
User-Agent: Mutt/1.3.24i
References: <20020412152132 DOT GC948 AT tishler DOT net>
<20020415131809 DOT J29277 AT cygbert DOT vinschen DOT de> 

--Boundary_(ID_hCGiDzQvDrsq3tT7jTPvLA)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline

Corinna,

On Mon, Apr 15, 2002 at 01:18:09PM +0200, Corinna Vinschen wrote:
> On Fri, Apr 12, 2002 at 11:21:32AM -0400, Jason Tishler wrote:
> > Using the latest CVS, I am getting the following Event Log error messages:
> > 
> >     o fatal: setuid 19695: Operation not permitted
> >     o (CRON) error (can't switch user context)
> > 
> > with sshd and cron, respectively.  After some debugging, I determined
> > that the following patch is causing the problem:
> > 
> >     http://cygwin.com/ml/cygwin-cvs/2002-q1/msg00218.html
> > 
> > The above patch needs to be reverted or reworked.  See attached for an
> > strace snippet.
> > 
> > Note that I'm operating in a domain environment.  My WAG is that this
> > problem may not be apparent in a workgroup environment.
> 
> This isn't clear to me.  The patch only changes the way, the PDC
> is elicited.

After some more digging, I believe that I have found the root cause to
the above problem.  The new way, via NetGetDCName(), causes two extra
backslashes to be prepended to the PDC name as demonstrated by the
attached test program:

    NetServerEnum PDC = PALO-ALTO-PDC
    NetGetDCName PDC = \\PALO-ALTO-PDC

This causes the NetUserGetGroups() call in get_user_groups() to SEGV
(at least under gdb) and hence, ultimately create_token() fails.

My WAG regarding domain vs. workgroup was correct because the workgroup
path through this code does not cause extra backslashes to be prepended.

I will submit a patch to cygwin-patches to correct this problem.

Thanks,
Jason

--Boundary_(ID_hCGiDzQvDrsq3tT7jTPvLA)
Content-type: text/plain; charset=us-ascii; NAME=net.cc
Content-transfer-encoding: 7BIT
Content-disposition: attachment; filename=net.cc

#include <stdio.h>
#include <windows.h>
#include <lm.h>

int
main()
{
	LPSERVER_INFO_101 buf;
	DWORD count, total;
	NET_API_STATUS status = NetServerEnum(
			NULL,
			101,
			(LPBYTE*) &buf,
			MAX_PREFERRED_LENGTH,
			&count,
			&total,
			SV_TYPE_DOMAIN_CTRL,
			NULL,
			NULL);
	if (status == NERR_Success)
		printf("NetServerEnum PDC = %ls\n", buf[0].sv101_name);

	WCHAR* buf2;
	status = NetGetDCName(NULL, NULL, (LPBYTE*) &buf2);
	if (status == NERR_Success)
		printf("NetGetDCName PDC = %ls\n", buf2);

	return 0;
}


--Boundary_(ID_hCGiDzQvDrsq3tT7jTPvLA)
Content-Type: text/plain; charset=us-ascii

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/
--Boundary_(ID_hCGiDzQvDrsq3tT7jTPvLA)--

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019