| delorie.com/archives/browse.cgi | search |
| DMARC-Filter: | OpenDMARC Filter v1.4.2 delorie.com 4B9BCPC7787812 |
| Authentication-Results: | delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com |
| Authentication-Results: | delorie.com; spf=pass smtp.mailfrom=cygwin.com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 delorie.com 4B9BCPC7787812 |
| Authentication-Results: | delorie.com; |
| dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=jaRRrwcl | |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 2C1D43858290 |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; |
| s=default; t=1733742743; | |
| bh=sGEE7PukpSJ7LM2JzQ0bZPCi5+0xdGzc9m6e7luAPlc=; | |
| h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe: | |
| List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: | |
| From; | |
| b=jaRRrwclNz+3bEsjh3sAhQDKuDrkGKPZZi9aHSqeWlENu9mBqcAnBk7SZqz3uoJVK | |
| t1ezKs5sSsIKFZRGIIZH5mn4lIwdWeeSd5VE53X4CaebSuLp02w2N0SFpcGCY7Gk2b | |
| y0azjKUcH8b80gwUKegCUe36d/0Y3rGweEMEBQKc= | |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 730133858D34 |
| Date: | Mon, 9 Dec 2024 12:11:56 +0100 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: SMBFS mount's file cannot be made executable |
| Message-ID: | <Z1bQfIgv7MIDL1fB@calimero.vinschen.de> |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <20241113181755 DOT 02289e8e8d9af7e19e8f4387 AT nifty DOT ne DOT jp> |
| <CANV9t=SvYedzG-LmECwdT7kjipOyhgwsZ1yucnTm8mWMnNkJVw AT mail DOT gmail DOT com> | |
| <20241114003740 DOT e573d7ec79d35da76225c9f1 AT nifty DOT ne DOT jp> | |
| <CANV9t=TLh8xD7KBsF-MucZWNjP-L0KE04xUv2-2e=Z5fXTjk=w AT mail DOT gmail DOT com> | |
| <20241114010807 DOT 99f46760b2240d472440c329 AT nifty DOT ne DOT jp> | |
| <20241116002122 DOT 3f4fd325a497eb4261ad80f4 AT nifty DOT ne DOT jp> | |
| <ZztqpBESgcTXcd3d AT calimero DOT vinschen DOT de> | |
| <20241119175806 DOT 321cdb7e65a727a2eb58c8a6 AT nifty DOT ne DOT jp> | |
| <Zzz7FJim9kIiqjyy AT calimero DOT vinschen DOT de> | |
| <20241208081338 DOT e097563889a03619fc467930 AT nifty DOT ne DOT jp> | |
| MIME-Version: | 1.0 |
| In-Reply-To: | <20241208081338.e097563889a03619fc467930@nifty.ne.jp> |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.30 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Unsubscribe: | <https://cygwin.com/mailman/options/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe> | |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| From: | Corinna Vinschen via Cygwin <cygwin AT cygwin DOT com> |
| Reply-To: | cygwin AT cygwin DOT com |
| Cc: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| Errors-To: | cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com |
| Sender: | "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com> |
On Dec 8 08:13, Takashi Yano via Cygwin wrote:
> On Tue, 19 Nov 2024 21:54:44 +0100
> Corinna Vinschen wrote:
> > No, we can't do that, it's too simple.
> >
> > Just kidding.
> >
> > This is so simple, I'm puzzled we never tried that before. Or, if we
> > did, it's a loooong time ago...
> >
> > If we really do this, we don't even need to call get_file_sd(). And it
> > should use NtOpenFile and reopen semantics i.e. pc.init_reopen_attr().
> > Also, the sharing flags should allow all access. And the `effective'
> > argument needs to be taken into account.
>
> I have a question. What pc.init_reopen_attr() is for? I tested with
> pc.get_object_attr() instead, it works.
init_reopen_attr() uses the "open by handle" functionality as in the
Win32 API ReOpenFile(). It only does so if the filesystem supports it.
Samba usually does, so it's not clear to me why pc.init_reopen_attr()
fails for you.
> What handle should I pass to pc.init_reopen_attr()?
You could pass pc.handle(). Is pc.handle() in this scenario NULL,
perhaps?
> @@ -709,12 +615,44 @@ check_file_access (path_conv &pc, int flags, bool effective)
> desired |= FILE_WRITE_DATA;
> if (flags & X_OK)
> desired |= FILE_EXECUTE;
> - if (!get_file_sd (pc.handle (), pc, sd, false))
> +
> + NTSTATUS status;
> + if (!effective && cygheap->user.issetuid ())
> + {
> + /* Strip impersonation token temporarily */
> + HANDLE tok = NO_IMPERSONATION;
> + status = NtSetInformationThread (GetCurrentThread (),
> + ThreadImpersonationToken,
> + &tok, sizeof (tok));
> + if (!NT_SUCCESS (status))
> + {
> + debug_printf("NtSetInformationThread() for stripping "
> + "impersonation token failed: %y", status);
> + __seterrno_from_nt_status (status);
> + return ret;
> + }
> + }
You can simplify this:
if (!effective)
cygheap->user.deimpersonate ();
> + if (!effective && cygheap->user.issetuid ())
> + {
> + /* Recover impersonation token */
> + HANDLE tok = cygheap->user.imp_token () ?: hProcImpToken;
> + status = NtSetInformationThread (GetCurrentThread (),
> + ThreadImpersonationToken,
> + &tok, sizeof (tok));
> + if (!NT_SUCCESS (status))
> + debug_printf("NtSetInformationThread() for recovering "
> + "impersonation token failed: %y", status);
> }
And this:
if (!effective)
cygheap->user.reimpersonate ();
But please let's move to cygwin-patches for this.
Thanks,
Corinna
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |