X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=l7NT4x7grJngqXiAuYmPQ8jMaqHoHG7TBcDTyC2oNpZ+oQo/n0FgF
	QGT5uz4+g6HDXNC5TkEJCsCjC/cLJAyQEZWXKPp6u1Ab7+7bHqt5njKsA3S0qTIN
	vX4Xht74+6OCUOQsCT9qqQ/xathZOTlQr55Hv2gD+dr4Cdj/dPJYUU=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=zjBpgZNepLKxsUUMVM8VuwKBaio=; b=to9lmVC1BjAmwDHPDD7w+3x41uvS
	W86QTSRCSvf330Vymd9HmTuW/uuvP/x5NwLTfJIMMZKl1fMmfN+ACUsAy0qEIa8q
	BXWSOB0I9HxJXvKwlF4Are/z3laGFFeKCVYuNCScKVZxaUaLY060SALiDU0tFHZJ
	nV+EdUP8vMp7WoM=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-0.2 required=5.0 tests=AWL,BAYES_05,SPAM_BODY1 autolearn=no version=3.3.2
X-HELO: calimero.vinschen.de
Date: Thu, 4 Sep 2014 14:28:45 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Windows Server 2012R2 64bit and 32bit Cygwin sshd
Message-ID: <20140904122845.GU6056@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <8761hphfps DOT fsf AT Rainer DOT invalid> <loom DOT 20140902T134545-288 AT post DOT gmane DOT org> <20140902140751 DOT GD6056 AT calimero DOT vinschen DOT de> <loom DOT 20140902T171114-72 AT post DOT gmane DOT org> <20140902153757 DOT GE6056 AT calimero DOT vinschen DOT de> <loom DOT 20140903T084528-450 AT post DOT gmane DOT org> <loom DOT 20140903T145724-31 AT post DOT gmane DOT org> <20140903133728 DOT GL6056 AT calimero DOT vinschen DOT de> <loom DOT 20140904T130950-773 AT post DOT gmane DOT org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="ZUxj+kVYsk1YKJSS"
Content-Disposition: inline
In-Reply-To: <loom.20140904T130950-773@post.gmane.org>
User-Agent: Mutt/1.5.23 (2014-03-12)

--ZUxj+kVYsk1YKJSS
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sep  4 11:23, Achim Gratz wrote:
> Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > You already built your own Cygwin DLL, right?  What you could do is to
> > do some good old printf debugging.  First let's try to find out if it's
> > really one of the NetUser calls:
>=20
> It looks like I need to install more than the DLL to make this work?

No.

> I couldn't start cygserver as a service with (just) the built DLL in plac=
e.

No idea why.  The patch just adds debug output to strace ouptput, nothing=
=20
else.

> So I started it in debug mode from the command line (which makes it have
> less rights than it needs) and started the sshd in debug mode also.

In a cyg_server GUI session?  If so, you should have all rights required
when starting this in an elevated shell.

> Due to
> presumably the missing rights mentioned I could only log in with an
> administrative account (domain account, but restricted to run on  the ser=
ver
> only).  I didn't get any failure from the debug_printf instrumented
> functions.  With my normal user account I got a "/bin/bash: Operation not
> permitted".  The cygserver debug output also showed unfettered access to =
the
> AD.  With the sshd running without privilege separation I've noticed some
> requests to the cygserver that seemed to indicate memory corruption:  Ear=
ly
> on in starting the daemon it would normally try to get account information
> for Administrators:544, but the debug output from cygserver was showing
> sshdrs as the account name being asked for.  Also there are (probably
> unrelated since they are also present on x86_64) complaints about requests
> of illegal length (11).

Ok, I don't grok this.  If you have trouble with cygserver, which is
completely unrelated to this issue, please discuss this in a new thread
and please describe detailed what you did to provoke the problem and
paste what you see.


Thanks,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--ZUxj+kVYsk1YKJSS
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUCFr9AAoJEPU2Bp2uRE+ggJMP/3k3WsumuNOpvbiSRzwSrF/Y
wikex0NafWAnRFP5yvD6VlgkoSSsGhjQu3XSQbL3vGFAqnCK4nVIjwbAddq2RMFI
032tF7ZCTXgk7Z2cuOP4Ho0xiImSURs94FyCvoq4aq3NyOo+0xS8J9tEMMiM4ALH
Karw3VR6164ngvoUx1FY1ahlYomshNSoNaaFA8GWPWb+vr8uTCnIR3p6sFInA57o
6YIruxxlSbQ9vUq2GcFVtIQLsWud4vM6/aow0+cneNVt+SlSijbI7dx8iFBlbMSj
3kSuNNChCP0sEl1MvyghDbWyiF9EbmRPeNvT5df7vEno9pwn7ODvMSUNgVG/yER6
JGodDKv/fi5y+U8zkS3WAlLKm+6SxuGK+9n3de9Anbt4brtyPd0ng12X9f7ja0M+
LxPUYSGOrBxs8fPSp5DD3IRrCHQH5xaJCT8t7Ug/8nWG5SM+XkHl9Nug+R5a/nHq
9KqMX0lsd3zAlNVFBxaqGOBf7EWC2Pqipu0u28dEKWgXA+hRTO4LKyUJFCi1iQNH
SfIJvRjBRsAzbz7Yi9H94dEmSXANvCZVA27+sgSIlU1sBz5IFj25JoU6bi82pWMm
IfkYRthXX8l8hDOYetzfFoQcw4B0xze1LxKqhnLiQsNQyO2xOM9b/DGa8TW+aOD1
58BUO1EOjKpCGQppfT2F
=CthN
-----END PGP SIGNATURE-----

--ZUxj+kVYsk1YKJSS--