DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 4AIGRVLE2719950
Date: Mon, 18 Nov 2024 17:26:12 +0100
To: cygwin@cygwin.com
Subject: Re: SMBFS mount's file cannot be made executable
Message-ID: <ZztqpBESgcTXcd3d@calimero.vinschen.de>
Mail-Followup-To: cygwin@cygwin.com
References: <ZzIIO2NxmdYpox2A@calimero.vinschen.de>
 <20241112042937.740185a42d476993b4b1e31c@nifty.ne.jp>
 <20241112175427.750ae77a8086594a765862c5@nifty.ne.jp>
 <ZzNCXz3o9k40U9zA@calimero.vinschen.de>
 <20241113181755.02289e8e8d9af7e19e8f4387@nifty.ne.jp>
 <CANV9t=SvYedzG-LmECwdT7kjipOyhgwsZ1yucnTm8mWMnNkJVw@mail.gmail.com>
 <20241114003740.e573d7ec79d35da76225c9f1@nifty.ne.jp>
 <CANV9t=TLh8xD7KBsF-MucZWNjP-L0KE04xUv2-2e=Z5fXTjk=w@mail.gmail.com>
 <20241114010807.99f46760b2240d472440c329@nifty.ne.jp>
 <20241116002122.3f4fd325a497eb4261ad80f4@nifty.ne.jp>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20241116002122.3f4fd325a497eb4261ad80f4@nifty.ne.jp>
Precedence: list
From: Corinna Vinschen via Cygwin <cygwin@cygwin.com>
Reply-To: cygwin@cygwin.com
Cc: Corinna Vinschen <corinna-cygwin@cygwin.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cygwin-bounces~archive-cygwin=delorie.com@cygwin.com
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie.com@cygwin.com>

On Nov 16 00:21, Takashi Yano via Cygwin wrote:
> I built a test program, whose important part is:
> 
>   AUTHZ_RESOURCE_MANAGER_HANDLE hManager = NULL;
>   AUTHZ_CLIENT_CONTEXT_HANDLE hClient = NULL;
>   AUTHZ_ACCESS_REQUEST AccessRequest = {0};
>   AUTHZ_ACCESS_REPLY AccessReply = {0};
> 
>   AUTHZ_RPC_INIT_INFO_CLIENT authzRpcInitInfoClient = {0};
> 
>   WCHAR ObjectUuid[] = L"9a81c2bd-a525-471d-a4ed-49907c0b23da";
>   WCHAR ProtSeq[] = L"ncacn_ip_tcp";
>   WCHAR NetworkAddr[] = L"localhost";
>   WCHAR Endpoint[] = L"135";
> 
>   authzRpcInitInfoClient.version = AUTHZ_INIT_INFO_VERSION_V1;
>   authzRpcInitInfoClient.ObjectUuid = ObjectUuid;
>   authzRpcInitInfoClient.ProtSeq = ProtSeq;
>   authzRpcInitInfoClient.NetworkAddr = NetworkAddr;
>   authzRpcInitInfoClient.Endpoint = Endpoint;
> 
>   AuthzInitializeRemoteResourceManager (&authzRpcInitInfoClient, &hManager);
> 
>   char buf[1024];
>   PTOKEN_USER pTokenUser = (PTOKEN_USER) buf;
>   DWORD len;
> 
>   GetTokenInformation(hToken, TokenUser, pTokenUser, 1024, &len);
> 
>   LUID luid = {0,};
>   AuthzInitializeContextFromSid(0, pTokenUser->User.Sid, hManager,
>                                 NULL, luid, NULL, &hClient);
> 
> 
> This test code fails at AuthzInitializeContextFromSid() with
> RPC_S_UNKNOWN_IF. If AuthzInitializeRemoteResourceManager()
> is replaced with AuthzInitializeResourceManager(), the error
> does not occur.
> 
> I searched the combination of AuthzInitializeContextFromSid()
> and RPC_S_UNKNOWN_IF, however nothing was found.

RPC_S_UNKNOWN_IF means "unknown interface".  I assume this error has
nothing to do with AuthzInitializeContextFromSid(), but with the
AuthzInitializeRemoteResourceManager() call.

What I failed, though, is to find a working example for
AuthzInitializeRemoteResourceManager().

> Any suggestion would be appreciated.

As I said in my previous posting, maybe we don't really need
AuthzInitializeRemoteResourceManager().

We can safely assume that the current user is already authorized on the
SMB server.  So... shouldn't AuthzInitializeResourceManager be
sufficient and the code from class authz_ctx already does what we want?
We may just have to use in in place of calling NtCheckAccess(),
maybe with a tweak or two...


Corinna

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple