Mail Archives: cygwin/2013/10/04/03:26:43

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2013/10/04/03:26:43

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:content-type:content-transfer-encoding; q=dns; s=default; b=mN6

NflwltXuO902S7USUcET4NcIJCgadiwHwOem9oK6ID7u2jXjeaMpMeTU2FaHGdsV

GwRicK0hdqYKFBw9jszVI56XzTFpWtkdSXY2CsIUuQLELc6tXogyvaTdPrzJLf55

gieFuQmvWEZ2RuVHpwU9AQi1RmWwLfKWuRUVY/bA=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:content-type:content-transfer-encoding; s=default; bh=4Odjvq7s3

R5HMwPr2X5fBoWDZ54=; b=LnsNSdXZe5PTQBPDZH/pU/ugbywjXx0pDi2ptRngd

SQCgWK2oOXCfDImrAOsEyWj+LO0XSt9yYOQSdwYDviEqTP5G6YMsiad0hRaat4XD

ncfsCZ78Kao0TY4sbQff/BwJicJ7DPRXZvgxmMPbLD3WbwzfYSccU2BVoFK6zVxe

O8=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: Yes, score=6.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,TBC autolearn=no version=3.3.2

X-HELO: mail-pd0-f179.google.com

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-type:content-transfer-encoding; bh=bBykKOS/MKbSeT5IEDOOoaMlD0duubrZRJEQXZ6Tqwc=; b=kmMPUmLsN5PhaGW3E8dSv3zO2mtkMc0NVrScWJ2zf0zW6fmnQ7c5lLnuWdI7xD54pD S1gexD8iv/Z1RYROsr+YiPwGd7t3v1WI4RcTfKG+RNndIR9UmVYQy+1vvVIkPdMpHDW0 wSmxXJRuyHQcOztl0XkMTmAdhrLpsdBo11bM6I/DPFi5f3eTmVoZZIYRwUeCtjRcMWGm utfw2aIRuT22h7waqBY8OWOaYN6mS+suTkm3AbyuoJiNrahu7o5Tstl/N+yFio7P4Oo/ YSRBmJj4LDtG0BexmeNMpfLiE7MYAufXgs5eSK3o7Q52XnpqS8o/8aOKEJc9EfaoeH42 ODIQ==

X-Gm-Message-State: ALoCoQmm5V8e0Hbr9YYl6y5LkEyk+qNoeROXlu2yHCAfmLAphcQ1vCpStvgOR0/Humx8Q/BWDaSF

X-Received: by 10.68.244.168 with SMTP id xh8mr12736622pbc.3.1380871585079; Fri, 04 Oct 2013 00:26:25 -0700 (PDT)

Message-ID: <524E6D9C.3040809@asperasoft.com>

Date: Fri, 04 Oct 2013 09:26:20 +0200

From: gaillard <gaillard AT asperasoft DOT com>

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120420 Thunderbird/12.0

MIME-Version: 1.0

To: cygwin AT cygwin DOT com

Subject: second exec channel cannot access windows share (open-ssh)

Hi,

My company uses cygwin to enable client users to access an application through
open-ssh server via an ssh exec-channel. After the session connects fine, the
firstly created exec channel is able to access the mounted shares installed on
the box (in my test a Windows Server 2008 R2).
The issue comes when opening the second exec channel that is not able to access
the shares.

 From the tests I made the second channel is not impersonating the user correctly
since it happears the application process runs as "Local System" which would
explain the issue.

The open-ssh service is installed under a special user account that runs with the
following settings in local security policy:
- adjust memory quotas for a process
- create a token object
- logon as a service
- replace a process level token

I tried to add this but without success:
- impersonate a client after authentication

I've also read the doc "Using Windows Security in Cygwin" but I'm unsure of the
correct diagnostic for the problem: wrong setting (do I need to use LSA 
authentication)
or is it a bug?

Any advice will be appreciated.
Thanks,

--Gilles

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:content-type:content-transfer-encoding; q=dns; s=default; b=mN6
	NflwltXuO902S7USUcET4NcIJCgadiwHwOem9oK6ID7u2jXjeaMpMeTU2FaHGdsV
	GwRicK0hdqYKFBw9jszVI56XzTFpWtkdSXY2CsIUuQLELc6tXogyvaTdPrzJLf55
	gieFuQmvWEZ2RuVHpwU9AQi1RmWwLfKWuRUVY/bA=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:content-type:content-transfer-encoding; s=default; bh=4Odjvq7s3
	R5HMwPr2X5fBoWDZ54=; b=LnsNSdXZe5PTQBPDZH/pU/ugbywjXx0pDi2ptRngd
	SQCgWK2oOXCfDImrAOsEyWj+LO0XSt9yYOQSdwYDviEqTP5G6YMsiad0hRaat4XD
	ncfsCZ78Kao0TY4sbQff/BwJicJ7DPRXZvgxmMPbLD3WbwzfYSccU2BVoFK6zVxe
	O8=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	Yes, score=6.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,TBC autolearn=no version=3.3.2
X-HELO:	mail-pd0-f179.google.com
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-type:content-transfer-encoding; bh=bBykKOS/MKbSeT5IEDOOoaMlD0duubrZRJEQXZ6Tqwc=; b=kmMPUmLsN5PhaGW3E8dSv3zO2mtkMc0NVrScWJ2zf0zW6fmnQ7c5lLnuWdI7xD54pD S1gexD8iv/Z1RYROsr+YiPwGd7t3v1WI4RcTfKG+RNndIR9UmVYQy+1vvVIkPdMpHDW0 wSmxXJRuyHQcOztl0XkMTmAdhrLpsdBo11bM6I/DPFi5f3eTmVoZZIYRwUeCtjRcMWGm utfw2aIRuT22h7waqBY8OWOaYN6mS+suTkm3AbyuoJiNrahu7o5Tstl/N+yFio7P4Oo/ YSRBmJj4LDtG0BexmeNMpfLiE7MYAufXgs5eSK3o7Q52XnpqS8o/8aOKEJc9EfaoeH42 ODIQ==
X-Gm-Message-State:	ALoCoQmm5V8e0Hbr9YYl6y5LkEyk+qNoeROXlu2yHCAfmLAphcQ1vCpStvgOR0/Humx8Q/BWDaSF
X-Received:	by 10.68.244.168 with SMTP id xh8mr12736622pbc.3.1380871585079; Fri, 04 Oct 2013 00:26:25 -0700 (PDT)
Message-ID:	<524E6D9C.3040809@asperasoft.com>
Date:	Fri, 04 Oct 2013 09:26:20 +0200
From:	gaillard <gaillard AT asperasoft DOT com>
User-Agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120420 Thunderbird/12.0
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	second exec channel cannot access windows share (open-ssh)