delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2024/12/08/02:58:53

DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 4B87wqlI364076
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 4B87wqlI364076
Authentication-Results: delorie.com;
dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=cD/7EYqy
X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DE54A3858430
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
s=default; t=1733644730;
bh=yJiyKI2Gqu7ZYTAShNW7xSgySIK2pdVWVmUV/NPbDgA=;
h=Date:To:Subject:In-Reply-To:References:List-Id:List-Unsubscribe:
List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
From;
b=cD/7EYqyqPh3JVLvLI0FhglGDUK2All2NeUh1QX+H+z/pknipYtb2R7yN0qjVEZyB
hK7biYce+YYp8eCFNRfhthdZx5670L9X80LMMHoajA1+MPvFioGBNLWfAxFKOBaDOF
cydAviHOAiMr3CPspZsQOpxiHyR4+/i0YMgww5JE=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8225F385840C
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 8225F385840C
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1733644671; cv=none;
b=Bnj/VDdEb/9Gq2LW7tQH6sf9soUjtyAOFLZyDPcZR4vSRB3dB9A16c48jPXmCg+l9HuEOeRUSfdKS148D0N2hUQpPrlwwBjTBEVGfISZ8r0i6LjfUQ156nCHp8bKuw/CsWsSaCLWlards0RxDgwK1Rbd5Ek7FgrmafL31t/lvLw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
t=1733644671; c=relaxed/simple;
bh=W1kZfRYhhRQFIgQAuA4d0CSP65NtXBPvyPDcjvxaTfE=;
h=Date:From:To:Subject:Message-Id:Mime-Version:DKIM-Signature;
b=gOQt3qcYiXvmf8eIccBX4lGLWx91H8ofWtbX7cgj/omZ62X6z9EXokSy4xFzxjEUB3BrdHOP/BToJIzayQhMbZl6rJ8IrONOabBB3L9NvYQB8DYRFX7v3t9CAo+GZZR7NuTMxzit9zT55AJ4w27RBKY3tlgw0+iTxInWcItG9gA=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8225F385840C
Date: Sun, 8 Dec 2024 16:57:46 +0900
To: cygwin AT cygwin DOT com
Subject: Re: SMBFS mount's file cannot be made executable
Message-Id: <20241208165746.0cf0253334236d98027896c2@nifty.ne.jp>
In-Reply-To: <20241208081338.e097563889a03619fc467930@nifty.ne.jp>
References: <20241112175427 DOT 750ae77a8086594a765862c5 AT nifty DOT ne DOT jp>
<ZzNCXz3o9k40U9zA AT calimero DOT vinschen DOT de>
<20241113181755 DOT 02289e8e8d9af7e19e8f4387 AT nifty DOT ne DOT jp>
<CANV9t=SvYedzG-LmECwdT7kjipOyhgwsZ1yucnTm8mWMnNkJVw AT mail DOT gmail DOT com>
<20241114003740 DOT e573d7ec79d35da76225c9f1 AT nifty DOT ne DOT jp>
<CANV9t=TLh8xD7KBsF-MucZWNjP-L0KE04xUv2-2e=Z5fXTjk=w AT mail DOT gmail DOT com>
<20241114010807 DOT 99f46760b2240d472440c329 AT nifty DOT ne DOT jp>
<20241116002122 DOT 3f4fd325a497eb4261ad80f4 AT nifty DOT ne DOT jp>
<ZztqpBESgcTXcd3d AT calimero DOT vinschen DOT de>
<20241119175806 DOT 321cdb7e65a727a2eb58c8a6 AT nifty DOT ne DOT jp>
<Zzz7FJim9kIiqjyy AT calimero DOT vinschen DOT de>
<20241208081338 DOT e097563889a03619fc467930 AT nifty DOT ne DOT jp>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.30; i686-pc-mingw32)
Mime-Version: 1.0
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Takashi Yano via Cygwin <cygwin AT cygwin DOT com>
Reply-To: Takashi Yano <takashi DOT yano AT nifty DOT ne DOT jp>
Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com> 

On Sun, 8 Dec 2024 08:13:38 +0900
Takashi Yano wrote:
> On Tue, 19 Nov 2024 21:54:44 +0100
> Corinna Vinschen wrote:
> > On Nov 19 17:58, Takashi Yano via Cygwin wrote:
> > > On Mon, 18 Nov 2024 17:26:12 +0100
> > > Corinna Vinschen wrote:
> > > > We can safely assume that the current user is already authorized on the
> > > > SMB server.  So... shouldn't AuthzInitializeResourceManager be
> > > > sufficient and the code from class authz_ctx already does what we want?
> > > > We may just have to use in in place of calling NtCheckAccess(),
> > > > maybe with a tweak or two...
> > > 
> > > I already tried AuthzInitializeResourceManager(), but the result
> > > was the same with current implementation...
> > 
> > So you tried to call authz_get_user_attribute()?
> 
> Yes. But resulted in the same.
> 
> > > BTW, I come up with another implementation. This make the things
> > > much simpler. What do you think of the patch attached?
> > 
> > > [...]
> > >  int
> > >  check_file_access (path_conv &pc, int flags, bool effective)
> > >  {
> > > @@ -711,10 +618,14 @@ check_file_access (path_conv &pc, int flags, bool effective)
> > >      desired |= FILE_EXECUTE;
> > >    if (!get_file_sd (pc.handle (), pc, sd, false))
> > >      {
> > > -      /* Tweak Samba security descriptor as necessary. */
> > > -      if (pc.fs_is_samba ())
> > > -	convert_samba_sd (sd);
> > > -      ret = check_access (sd, file_mapping, desired, flags, effective);
> > > +      HANDLE h = CreateFileW (pc.get_nt_native_path ()->Buffer, desired,
> > > +			      0, NULL, OPEN_EXISTING,
> > > +			      FILE_FLAG_BACKUP_SEMANTICS, NULL);
> > > +      if (h != INVALID_HANDLE_VALUE)
> > > +	{
> > > +	  CloseHandle (h);
> > > +	  ret = 0;
> > > +	}
> > >      }
> > >    debug_printf ("flags %y, ret %d", flags, ret);
> > >    return ret;
> > 
> > No, we can't do that, it's too simple.
> > 
> > Just kidding.
> > 
> > This is so simple, I'm puzzled we never tried that before.  Or, if we
> > did, it's a loooong time ago...
> > 
> > If we really do this, we don't even need to call get_file_sd().  And it
> > should use NtOpenFile and reopen semantics i.e.  pc.init_reopen_attr().
> > Also, the sharing flags should allow all access.  And the `effective'
> > argument needs to be taken into account.
> 
> I have a question. What pc.init_reopen_attr() is for? I tested with
> pc.get_object_attr() instead, it works. What handle should I pass
> to pc.init_reopen_attr()?
> 
> Anyway, I revised the patch as attached. What do you think?

diff --git a/winsup/cygwin/sec/base.cc b/winsup/cygwin/sec/base.cc
index fcc5e1ff7..68e7fd9e1 100644
--- a/winsup/cygwin/sec/base.cc
+++ b/winsup/cygwin/sec/base.cc
@@ -643,6 +643,8 @@ check_file_access (path_conv &pc, int flags, bool effective)
       NtClose (h);
       ret = 0;
     }
+  else
+    __seterrno_from_nt_status (status);
   if (!effective && cygheap->user.issetuid ())
     {
       /* Recover impersonation token */

-- 
Takashi Yano <takashi DOT yano AT nifty DOT ne DOT jp>

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019