| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:to:from:subject:date:message-id:references | |
| :mime-version:content-type:content-transfer-encoding; q=dns; s= | |
| default; b=DNwcJXeOKOhGjfw55y4WIC0Qh71y/fgC2JJu9roh62NiXdUJxeiU5 | |
| jbOVWYIgWK+/8Ekbx9jRXumcco+MaZ2uBRKL5jGK90kZ7zA0rhntJMF4mnvVTaDp | |
| J54zGSwIhmKn7XJ49Mwk7+gD7mTLg8qPiAxy7i5WJfW3tnKf1vZKOk= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:to:from:subject:date:message-id:references | |
| :mime-version:content-type:content-transfer-encoding; s=default; | |
| bh=SW5ciyDntwojetxAbLXI2yU6/iA=; b=SDUfEM2NIsYExreGSR4VAOdWCno1 | |
| q4RvpVDzIv6M6CcLfIL2tAHZnQ/xSBZ4mY058KLftApEICeR1GESRSGcZB1dRc2P | |
| akT15n3kHgVZzDYqTzR73Kg57RSTMjrBetFDkPBxo/PyC7nHEcF0bbLjvT4Eq63o | |
| TZDPTQQX+u95qgA= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-5.2 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_LOW,RCVD_NUMERIC_HELO,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS,T_FSL_HELO_BARE_IP_2 autolearn=ham version=3.3.2 |
| X-HELO: | plane.gmane.org |
| To: | cygwin AT cygwin DOT com |
| From: | Achim Gratz <Stromeko AT NexGo DOT DE> |
| Subject: | Re: Windows Server 2012R2 64bit and 32bit Cygwin sshd |
| Date: | Thu, 4 Sep 2014 14:12:16 +0000 (UTC) |
| Lines: | 60 |
| Message-ID: | <loom.20140904T152825-543@post.gmane.org> |
| References: | <8761hphfps DOT fsf AT Rainer DOT invalid> <loom DOT 20140902T134545-288 AT post DOT gmane DOT org> <20140902140751 DOT GD6056 AT calimero DOT vinschen DOT de> <loom DOT 20140902T171114-72 AT post DOT gmane DOT org> <20140902153757 DOT GE6056 AT calimero DOT vinschen DOT de> <loom DOT 20140903T084528-450 AT post DOT gmane DOT org> <loom DOT 20140903T145724-31 AT post DOT gmane DOT org> <20140903133728 DOT GL6056 AT calimero DOT vinschen DOT de> <loom DOT 20140904T130950-773 AT post DOT gmane DOT org> <20140904122845 DOT GU6056 AT calimero DOT vinschen DOT de> |
| Mime-Version: | 1.0 |
| User-Agent: | Loom/3.14 (http://gmane.org/) |
| X-IsSubscribed: | yes |
Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes: > > I couldn't start cygserver as a service with (just) the built DLL in place. > > No idea why. The patch just adds debug output to strace ouptput, nothing > else. Whatever. I've installed all the binaries from that build and things work normally now. > > So I started it in debug mode from the command line (which makes it have > > less rights than it needs) and started the sshd in debug mode also. > > In a cyg_server GUI session? If so, you should have all rights required > when starting this in an elevated shell. Not the token privileges, I don't think so. But I'm not sure how to check. Here's the salient parts from the strace (attaching to the sshd running as a service in sandbox mode, running with no privilege separation produces a slightly different trace, but the events leading up to the error are the same): 262 1161585 [main] sshd 2044 getpid: 2044 = getpid() 10593 1172178 [main] sshd 2044 get_logon_server: DC: server: \\SC301 58 1172236 [main] sshd 2044 get_user_groups: Before NetUserGetGroups --- Process 560, exception 00000005 at 75511D4D 6543 1178779 [main] sshd 2044 get_user_groups: After NetUserGetGroups ret = 5 56 1178835 [main] sshd 2044 seterrno_from_win_error: ../../../../source/cygwin-snapshot-20140903-1/winsup/cygwin/sec_auth.cc:265 windows error 5 36 1178871 [main] sshd 2044 geterrno_from_win_error: windows error 5 == errno 13 33 1178904 [main] sshd 2044 get_user_local_groups: Before NetUserGetLocalGroups --- Process 560, exception 00000005 at 75511D4D 7964 1186868 [main] sshd 2044 get_user_local_groups: After NetUserGetLocalGroups ret = 5 50 1186918 [main] sshd 2044 seterrno_from_win_error: ../../../../source/cygwin-snapshot-20140903-1/winsup/cygwin/sec_auth.cc:318 windows error 5 38 1186956 [main] sshd 2044 geterrno_from_win_error: windows error 5 == errno 13 37 1186993 [main] sshd 2044 initgroups32: 0 = initgroups(gratz, 1049089) It then proceeds to log on via the token and mounts the entries from my personal fstab (that should fail if it was running as a different user for some of the entries). After checking for /etc/nologin this happens: 35 5023308 [main] sshd 2248 setegid32: new egid: 1049089 current: 197121 41 5023349 [main] sshd 2248 setegid32: NtSetInformationToken (hProcToken, TokenPrimaryGroup), 0xC000005B 3105 5026454 [main] sshd 2248 get_logon_server: DC: server: \\SC301 44 5026498 [main] sshd 2248 get_user_groups: Before NetUserGetGroups --- Process 2248, exception 00000005 at 75511D4D The process apparently gets killed while in the NetUserGetGroups call (much as you suspected). I'm not sure this tells us anything new, though. :-( Regards, Achim. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |