Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Sat, 13 Jul 2002 10:58:23 -0400 From: Jason Tishler Subject: Re: setuid() problem when disconnected from PDC under 1.3.12-2 In-reply-to: <20020712120736.GA2372@tishler.net> To: cygwin AT cygwin DOT com Mail-followup-to: cygwin AT cygwin DOT com Message-id: <20020713145823.GK2372@tishler.net> MIME-version: 1.0 Content-type: multipart/mixed; boundary="Boundary_(ID_pC3wCdndynbBemaIsW+CDw)" User-Agent: Mutt/1.4i References: <20020712120736 DOT GA2372 AT tishler DOT net> --Boundary_(ID_pC3wCdndynbBemaIsW+CDw) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline On Fri, Jul 12, 2002 at 08:07:36AM -0400, Jason Tishler wrote: > On Tue, Jul 09, 2002 at 11:44:33PM -0400, Matt Swift wrote: > > A recent upgarde of openssh has broken incoming ssh service. When I > > debug the sshd, I see the error below in the Event Viewer... > > [snip] > > fatal: setuid 1006: Permission denied. > > I am experiencing a possibly related problem with sshd under 1.3.12-2. > If I ssh to my laptop when disconnected from my PDC, then key exchange > fails with the above error. The following is a snippet from a strace (of the attached setuid.cc running under the LocalSystem account) that shows what is happening in the above case: 123 148512 [main] setuid 2672 seteuid32: uid: 19695 myself->gid: 18 192 148704 [main] setuid 2672 seteuid32: Process token not verified 1659 150363 [main] setuid 2672 set_process_privilege: 0 = set_process_privilege (SeCreateTokenPrivilege, 1) 1438 151801 [main] setuid 2672 extract_nt_dom_user: pw_gecos = A011350 (Jason Tishler,U-PALO-ALTO\JATIS,S-1-5-21-136257377-364972176-1563891627-119695) 2305210 2457011 [main] setuid 2672 seterrno_from_win_error: ../../../../src/winsup/cygwin/security.cc:278 windows error 2453 ^^^^ **** 384 2457395 [main] setuid 2672 geterrno_from_win_error: unknown windows error 2453, setting errno to 13 Note that the Windows error 2453 corresponds to NERR_DCNotFound. The corresponding code from the Cygwin DLL is: BOOL get_logon_server (const char *domain, char *server, WCHAR *wserver) { ... /* Try to get the primary domain controller for the domain */ sys_mbstowcs (wdomain, domain, INTERNET_MAX_HOST_NAME_LENGTH + 1); if ((ret = NetGetDCName (NULL, wdomain, (LPBYTE *) &buf)) == STATUS_SUCCESS) { ... } __seterrno_from_win_error (ret); return FALSE; } So, it seems that get_logon_server() will always fail for domain users when they are disconnected from their PDC. I haven't figured out how to fix the above yet but at least I have better characterized the problem. Jason --Boundary_(ID_pC3wCdndynbBemaIsW+CDw) Content-type: text/plain; charset=us-ascii; NAME=setuid.cc Content-transfer-encoding: 7BIT Content-disposition: attachment; filename=setuid.cc #include #include #include #include int main(int argc, char* argv[]) { int uid = 500; if (argc > 1) uid = atoi(argv[1]); int s = setuid(uid); if (s == -1) printf("setuid failed with errno = %d\n", errno); return 33; } --Boundary_(ID_pC3wCdndynbBemaIsW+CDw) Content-Type: text/plain; charset=us-ascii -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/ --Boundary_(ID_pC3wCdndynbBemaIsW+CDw)--