Mail Archives: cygwin/2024/04/24/11:10:23

Roland Mainz via Cygwin <cygwin AT cygwin DOT com> · Wed, 24 Apr 2024 17:09:27 +0200

Hi!

----

I'm working right now on a filesystem min-redirector with
CYGWIN_NT-10.0-19045  3.6.0-0.115.g579064bf4d40.x86_64 and noticed a
malfunction.
The mini-rdr userland daemon is running as user "SYSTEM";
"SeImpersonatePrivilege" and
"SeDelegateSessionUserImpersonatePrivilege" are enabled, so user
impersonation is supposed to work...

... but the mini-rdr daemon can NOT do impersonation with requests
from Cygwin mintty.exe or Cygwin/KDE konsole.exe, as it only gets a
process token.
But if I run the same application with cmd.exe, then impersonation in
the min-rdr works and each thread properly gets a thread/impersonation
token.

Does anyone have an idea what might be the difference in this case,
and how I can debug this further ?

----

Bye,
Roland

P.S.: Out of curiosity, I tried this with /usr/bin/newgrp, and in this
case the min-rdr daemon also gets an impersonation token...
-- 
  __ .  . __
 (o.\ \/ /.o) roland DOT mainz AT nrubsig DOT org
  \__\/\/__/  MPEG specialist, C&&JAVA&&Sun&&Unix programmer
  /O /==\ O\  TEL +49 641 3992797
 (;O/ \/ \O;)

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 98774384B11C
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1713971421;
	bh=0sG8+HiTN4pRslUFX5p2izGV0fClAJfYGe0TtmYKE/0=;
	h=Date:Subject:To:List-Id:List-Unsubscribe:List-Archive:List-Post:
	List-Help:List-Subscribe:From:Reply-To:From;
	b=EiZJLhnN3OVC6hVcLBznNAJ/3MgsVU0wCcIDzoErhtJSQgRzXNnAFfUDs8prcnm3W
	iU8kbNrNSeowkg2n4GMmqbH2oNYVzZWHd3g6iN4IKgx8u10pPK3fXfl0mCv2nJZzV8
	4aVmeumGa2A/YOIJ+w5wLZKBBabRBVc0ktuG/55A=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org 36C303849ADA
ARC-Filter:	OpenARC Filter v1.0.0 sourceware.org 36C303849ADA
ARC-Seal:	i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1713971398; cv=none;
	b=YBmy2kO18cnJRCuI9ZuSDuKj8nLsSe43DIwWwQLZUIsB4/9Yn+hpZCPoFj5hXqV7uF92Kms5tJJRCxQU3iZcoBcwVDdfOCuo1laJXju88NybMXsr3CfDLIdBoTf7vLOJfwMPNAqyShK3YFM4DEr9bWa87I05UcLYp7l1KADg53U=
ARC-Message-Signature:	i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1713971398; c=relaxed/simple;
	bh=/9ytI1fR/PrAhI+xEi+BWAhD3fk7v4czgeePuc5rH+g=;
	h=MIME-Version:From:Date:Message-ID:Subject:To;
	b=kDsGeUGnsRVOPQTvA450OFVnANqWJJw2MX1AyJq82piSGS4FLmX9u6qudFz1DTr68pBZgxrFP/35I0eInS8MEZ+uEL6yqekQBCYzM6p2H5RNqpjB2mq4AFgWPVxRlEpMcWGKT6pAuuVMoDvZu2++1NUXUO07GF/L0XqI9P00H9g=
ARC-Authentication-Results:	i=1; server2.sourceware.org
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20230601; t=1713971394; x=1714576194;
	h=to:subject:message-id:date:from:mime-version:x-gm-message-state
	:from:to:cc:subject:date:message-id:reply-to;
	bh=0Rn27XqFUY7X0uNBwuqoL3Et6uJQn6/HYJH6rxH6sDo=;
	b=pyTLiphopWQA7SE9cd8zypbcc4WkU2MWC1cqkrC9ux8JP2fDM5CDmhCvVzQ/ZuiZdz
	Jjuez7SGLhbQsl/SJ3y/pN/N9C74GVS9OE3o4rUMvnTigPwdR9NTsNdd8Wb7M6LCRtUn
	zBhqq4FOI4hH/yw8X8U/dlMeUgW8soqB8GJVWiUUq1tIhfq/m+emXnGFblfVDQRnFj1o
	Nz9I7fERQrV/LePnr8B6mymJcDGYLPtrYNPDys7ZPsNVHUa5AGYXMYEawuG673gy9Oci
	VaytkNafqIYDGooatnK4kSDJPK9Sl0Ws4uUN00Ryv4pM6GFBI8MsgZQK8COEfdY0oKke
	RfQQ==
X-Gm-Message-State:	AOJu0Yxwo6FEP1dPdDxPOppt1i5SOhkHev0UUj+Iz91qb5iivCwrhkfR
	O0NKht8NWQjbxIAeFx17zdym9e9cBiCqoLxV6EhlgXvAmPY7ue+hNEirIobKJ2Y2HHhWbLd4eNj
	FGaA/Gs+4niQlgKPxyd6oHDx6JOPr4DUw
X-Google-Smtp-Source:	AGHT+IFHM11EEa+eFYrnYk7CIPZP2P7csKvW4gIbvFkFETn8lRwUgkoWGCz47Mr0xQNDFzOBtNAHOgoDWWQUt8I3Zl8=
X-Received:	by 2002:a6b:f315:0:b0:7da:1b06:8018 with SMTP id
	m21-20020a6bf315000000b007da1b068018mr3635877ioh.10.1713971393911; Wed, 24
	Apr 2024 08:09:53 -0700 (PDT)
MIME-Version:	1.0
Date:	Wed, 24 Apr 2024 17:09:27 +0200
Message-ID:	<CAKAoaQnKy6XEAx9LUznrczmaESuFTRnbaTxj=Z3SgwiQ9BnjDQ@mail.gmail.com>
Subject:	User impersonation in filesystem mini-redirector daemon works with
	cmd.exe but not Cygwin mintty.exe ?
To:	cygwin AT cygwin DOT com
X-Spam-Status:	No, score=-1.6 required=5.0 tests=BAYES_00,
	FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,
	KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,
	SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version:	SpamAssassin 3.4.6 (2021-04-09) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.30
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Roland Mainz via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Roland Mainz <roland DOT mainz AT nrubsig DOT org>
Sender:	"Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019