delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2006/07/19/11:38:15

X-Spam-Check-By: sourceware.org
To: cygwin AT cygwin DOT com
From: Andrew DeFaria <Andrew AT DeFaria DOT com>
Subject: Re: CreateFileMapping problem but Win32 error is 0
Date: Wed, 19 Jul 2006 08:36:16 -0700
Lines: 103
Message-ID: <44BE5170.80307@DeFaria.com>
References: <44BDC603 DOT 6080809 AT DeFaria DOT com> <20060719094050 DOT GC18664 AT calimero DOT vinschen DOT de>
Mime-Version: 1.0
Cc: Dylan Ko <DKo AT Salira DOT com>, Jeffrey Stribling <JStribling AT Salira DOT com>
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
In-Reply-To: <20060719094050.GC18664@calimero.vinschen.de>
X-IsSubscribed: yes
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com 

Corinna Vinschen wrote:
> On Jul 18 22:41, Andrew DeFaria wrote:
>> I am helping a client install a new server and we use a process that 
>> essentially does an rsh <machine> make. The make process is fairly 
>> complicated. The new server is a Windows 2003 Server. There is no RDP 
>> involved - just an rsh. I'm getting errors like:
>>
>> 3 [main] bash 14596 C:\cygwin\bin\bash.exe: *** fatal error - 
>> C:\cygwin\bin\bash.exe: *** CreateFileMapping
>> Global\cygwin1S4.cygpid.4648, Win32 error 0.
>>
>> I've seen some posts regarding an error similar to this but it 
>> usually involves and RDP session and an error code of 5 but here I 
>> have no RDP session and the error code is strangely 0.
>>
>> The other thing that is odd is that in the process of make some of 
>> the compilations will fail as the above and others won't. IOW it's 
>> intermittent. Also it's not always bash that dies. Sometimes it's make:
>>
>> 4 [main] make (11352) C:\cygwin\bin\make.exe: *** fatal error - C: 
>> bin\make.exe: *** CreateFileMapping Global\cygwin1S4.cygpid.11352, 
>> Win32 . Terminating.
>>
>> Since the return code is 0 the make continues onward obliviously.
>>
>> Another interesting aspect is that if the user who is rsh'ing is 
>> added to the local Administrators group then all these errors disappear.
>>
>> Note that people have passwordless rsh access to the server.
> This is probably the problem. I just wrote a lengthy explanation of 
> what happens in case of public key authentication, see:
>
> http://cygwin.com/ml/cygwin/2006-07/msg00577.html
>
> You're getting the same problem in case of rhosts authentication, it 
> all boils down to "password-less authentication".
>
> Your case is not exactly related but it doesn't hurt to read this 
> first, just to get an impression and maybe a coffee break.
>
> I can't explain the error code 0 right now, but I assume your problem 
> is the handling of user rights related to global objects. Reading 
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/termserv/termserv/kernel_object_namespaces.asp
> gives a bit of insight into the general problem.
>
> I have to be able to reproduce the problem, which I can't ATM. As a 
> workaround try giving the "Create global objects" user right to the 
> sshd_server account alone. If that doesn't work, add the "Create 
> global objects" right to the users login in through rsh.
>
> Please report back the results of both tests.
First off, yes I am using the sshd_server account for the inetd service 
which, of course, starts the in.rshd process. I thought that this users, 
sshd_server, already had this right but apparently it didn't:

$ editrights -l -u sshd_server
SeDenyInteractiveLogonRight
SeDenyNetworkLogonRight
SeDenyRemoteInteractiveLogonRight

So I added it:

$ editrights -l -a SeCreateGlobalPrivilege -u sshd_server
SeCreateGlobalPrivilege
SeDenyInteractiveLogonRight
SeDenyNetworkLogonRight
SeDenyRemoteInteractiveLogonRight

Then I restarted inetd. Now when I rsh to the server I get:

$ rsh -l adefaria <server>
Switching to user adefaria failed!
rlogin: connection closed.

This is not good! So I removed SeCreateGlobalPrivilege from sshd_server 
and restart inetd and I get the same error! So I re-added all the rights 
I find from /bin/ssh-host-config:

$ editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server
$ editrights -a SeCreateTokenPrivilege -u sshd_server
$ editrights -a SeDenyInteractiveLogonRight -u sshd_server
$ editrights -a SeDenyNetworkLogonRight -u sshd_server
$ editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server
$ editrights -a SeIncreaseQuotaPrivilege -u sshd_server
$ editrights -a SeServiceLogonRight -u sshd_server

Restarted inetd and it's back. Odd...

Now we achieve passwordless login through rlogin/rsh by purposely 
setting the password blank in /etc/passwd. I changed that for my user to 
not have a blank password in /etc/passwd so that rsh prompts. This, of 
course, kills the ability to do rsh <machine> <cmd> but an rsh/rlogin 
<machine> still works. So I log in and then attempt the make and I get 
the same problem with CreateFileMapping.

As for adding "Create global objects" to my user take note that my user 
is part of the domain. I can use the Local Security Policy editor to add 
my domain user to the "Create global objects" property. I tried that but 
again no difference in the problem.
-- 
Andrew DeFaria <http://defaria.com>
I was thinking that women should put pictures of missing husbands on 
beer cans.


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019