Mail Archives: cygwin/2006/08/12/12:48:09
On Sat, Aug 12, 2006 at 06:25:14PM +0200, Corinna Vinschen wrote:
> On Aug 11 10:35, David Rothenberger wrote:
> > On 8/11/2006 12:40 AM, Corinna Vinschen wrote:
> > > On Aug 10 09:42, David Rothenberger wrote:
> > >> On 8/10/2006 12:21 AM, Corinna Vinschen wrote:
> > >>> On Aug 9 11:37, David Rothenberger wrote:
> > >>>> I've noticed repeated logon failures in my Security event log with
> > >>>> the 2006-08-02 snapshot. (I have security auditing enabled.)
> > >>>>
> > >>>> I'm not sure whether this is expected behavior or not.
> > >>> It's expected behaviour if you didn't set up subauthentication.
> > >> Okay, I tried to setup subauthentication per
> > >> http://www.cygwin.com/ml/cygwin-developers/2006-07/msg00013.html. I
> > >> copied my cygsuba.dll to c:/windows/system32 and added the registry key
> > >> as indicated. Now, I get system error code 126 (ERROR_MOD_NOT_FOUND).
>
> Where do you get this message and how? Can you a bit explain how you test
> it and send the matching strace snippet?
I have cron running using the standard settings (I believe).
$ cygrunsrv --verbose --query cron
Service : cron
Current State : Running
Controls Accepted : Stop
Command : /usr/sbin/cron -D
stdin path : /dev/null
stdout path : /var/log/cron.log
stderr path : /var/log/cron.log
Process Type : Own Process
Startup : Automatic
Account : LocalSystem
I enabled a cron job to run "/bin/sleep 5" every minute. Then, I
attached to the already running cron process using strace.
Once the job ran, I shutdown the cron service, disabled the job, and
restarted the service.
I saw the following in the strace:
58 9889431 [main] CRON 4980 setegid32: new egid: 513 current: 544
86 9889517 [main] CRON 4980 setegid32: SetTokenInformation(hProcToken, TokenPrimaryGroup), Win32 error 1308
61 9889578 [main] CRON 4980 setegid32: SetTokenInformation(hProcImpToken, TokenPrimaryGroup), Win32 error 1308
56 9889634 [main] CRON 4980 seteuid32: uid: 1003 myself->uid: 18 myself->gid: 513
60 9889694 [main] CRON 4980 seteuid32: Found token -1
753 9890447 [main] CRON 4980 set_privilege: 1 = set_privilege ((token 71C) SeTcbPrivilege, 1)
1127 9891574 [main] CRON 4980 extract_nt_dom_user: pw_gecos 660EE9 (U-TELA\drothe,S-1-5-21-1275210071-616249376-839522115-1003)
1068 9892642 [main] CRON 4980 subauth: LsaLogonUser: -1073741515
73 9892715 [main] CRON 4980 seterrno_from_win_error: /netrel/src/cygwin/winsup/cygwin/security.cc:1067 windows error 126
62 9892777 [main] CRON 4980 geterrno_from_win_error: windows error 126 == errno 2
56 9892833 [main] CRON 4980 __set_errno: void seterrno_from_win_error(const char*, int, DWORD):310 val 2
102 9892935 [main] CRON 4980 seteuid32: subauthentication failed, try create token.
619 9893554 [main] CRON 4980 set_privilege: 0 = set_privilege ((token 71C) SeCreateTokenPrivilege, 1)
314 9893868 [main] CRON 4980 create_token: get_token = hProcToken
105 9893973 [main] CRON 4980 extract_nt_dom_user: pw_gecos 660EE9 (U-TELA\drothe,S-1-5-21-1275210071-616249376-839522115-1003)
31065 9925038 [main] CRON 4980 create_token: 2012 = create_token ()
222 9925260 [main] CRON 4980 load_registry_hive: User registry hive for S-1-5-21-1275210071-616249376-839522115-1003 already exists
93 9925353 [main] CRON 4980 set_privilege: 1 = set_privilege ((token 6BC) SeRestorePrivilege, 1)
56 9925409 [main] CRON 4980 set_privilege: 1 = set_privilege ((token 6BC) SeBackupPrivilege, 1)
53 9925462 [main] CRON 4980 set_privilege: 1 = set_privilege ((token 6BC) SeChangeNotifyPrivilege, 1)
98 9925560 [main] CRON 4980 open_shared: name Global\cygwin1S4.S-1-5-21-1275210071-616249376-839522115-1003.1, n 1, shared 0x60FD0000 (wanted 0x60FD0000), h 0x94
56 9925616 [main] CRON 4980 user_shared_initialize: opening user shared for 'S-1-5-21-1275210071-616249376-839522115-1003' at 0x60FD0000
165 9925781 [main] CRON 4980 user_shared_initialize: user shared version D7040001
54 9925835 [main] CRON 4980 setuid32: real: 1003, effective: 1003
> > I'm pretty much out of ideas. Any other thoughts?
>
> Are you running the services as SYSTEM or as another user account? In
> the latter case, you must add the SeTcpPrivilege to that account.
> Otherwise I have no idea what's wrong for you. I have five systems with
> four different OSes (2K, XP, 2K3, 2K3 R2 x64) running with
> subauthentication and I only had problems on 2K3 with two facts, the
> first being that the account was missing the SeTcbPrivilege, the second
> being that the subauth DLL must be built as 64 bit DLL to run correctly
> on 64 bit Windows.
I'm running the service as SYSTEM. I just copied the cygsuba.dll
from my cygwin build directory to /c/WINDOWS/system32 and then reset
the permissions.
$ ls -l /c/WINDOWS/system32/cygsuba.dll
-rwxrwx---+ 1 Administrators SYSTEM 4608 Aug 11 09:50 /c/WINDOWS/system32/cygsuba.dll
$ file !$
file /c/WINDOWS/system32/cygsuba.dll
/c/WINDOWS/system32/cygsuba.dll: PE executable for MS Windows (DLL) (console) Intel 80386 32-bit
$ getfacl !$
getfacl /c/WINDOWS/system32/cygsuba.dll
# file: /c/WINDOWS/system32/cygsuba.dll
# owner: Administrators
# group: SYSTEM
user::rwx
group::rwx
group:Users:r-x
group:Power Users:r-x
mask:rwx
other:---
$ sha1sum.exe /c/WINDOWS/system32/cygsuba.dll
87de7c4abd1db1ddb3ff243b99bc33b8e603422f */c/WINDOWS/system32/cygsuba.dll
I then added the registry key.
$ regtool get /machine/SYSTEM/CurrentControlSet/Control/Lsa/MSV1_0/Auth255
CYGSUBA
BTW, I see similar kinds of error messages when I attach strace to
sshd.
--
David Rothenberger spammer? -> spam AT daveroth DOT dyndns DOT org
GPG/PGP: 0x92D68FD8, DB7C 5146 1AB0 483A 9D27 DFBA FBB9 E328 92D6 8FD8
Love is being stupid together.
-- Paul Valery
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -