X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; q=dns; s= default; b=wMlziKgFpW/wn/EUaFoUqaE4Ks04N46Aqt2N7bSdBYiSCuQeW1Z9I yGy1nr9/I/CD9rQvyil+vruneUfytP64ycQXcOUI9aoaTtFDEuGZvEcoQEbWlwd5 HtEUQS/8Nr0JAL2CasWMcEDsQvRYJFl3oFWPhn+lWML4snhX0B9K1U= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:date:from:to:subject:message-id:reply-to :references:mime-version:content-type:in-reply-to; s=default; bh=pUpZwLveXeUOZqRwAx3uOZubso0=; b=vzrDm8Jq2OmVrZvQ8MujCWD6QLPw Aq3saeSpmmuxJkG0HthwkWTcoGRl5OPbHHl4L8Ufzi67prEYVEyKjDzSeFFZ3B1q RfvsicUM2HHHcTDtvOh26KJ+AcKNJvj3AFp/guW0SYnAFfFw/1f5edZQNBgLNUJL bY9MPgmGUIi6aC0= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 X-HELO: calimero.vinschen.de Date: Fri, 5 Sep 2014 13:16:40 +0200 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: Windows Server 2012R2 64bit and 32bit Cygwin sshd Message-ID: <20140905111640.GA6056@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <20140902140751 DOT GD6056 AT calimero DOT vinschen DOT de> <20140902153757 DOT GE6056 AT calimero DOT vinschen DOT de> <20140903133728 DOT GL6056 AT calimero DOT vinschen DOT de> <20140904122845 DOT GU6056 AT calimero DOT vinschen DOT de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="kLdbqvpuLRxNeSq5" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) --kLdbqvpuLRxNeSq5 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sep 4 14:12, Achim Gratz wrote: > Corinna Vinschen cygwin.com> writes: > > > I couldn't start cygserver as a service with (just) the built DLL in = place. > >=20 > > No idea why. The patch just adds debug output to strace ouptput, nothi= ng=20 > > else. >=20 > Whatever. I've installed all the binaries from that build and things work > normally now. >=20 > > > So I started it in debug mode from the command line (which makes it h= ave > > > less rights than it needs) and started the sshd in debug mode also. > >=20 > > In a cyg_server GUI session? If so, you should have all rights required > > when starting this in an elevated shell. >=20 > Not the token privileges, I don't think so. But I'm not sure how to chec= k. Windows whoami /all > Here's the salient parts from the strace (attaching to the sshd running a= s a > service in sandbox mode, running with no privilege separation produces a > slightly different trace, but the events leading up to the error are the = same): > [...] > 44 5026498 [main] sshd 2248 get_user_groups: Before NetUserGetGroups > --- Process 2248, exception 00000005 at 75511D4D >=20 > The process apparently gets killed while in the NetUserGetGroups call (mu= ch > as you suspected). I'm not sure this tells us anything new, though. :-( No, it just confirms it. Please remove the debug_printf patch and try this instead: Index: sec_auth.cc =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /cvs/src/src/winsup/cygwin/sec_auth.cc,v retrieving revision 1.57 diff -u -p -r1.57 sec_auth.cc --- sec_auth.cc 22 May 2014 16:40:13 -0000 1.57 +++ sec_auth.cc 5 Sep 2014 11:12:01 -0000 @@ -20,6 +20,7 @@ details. */ #include "fhandler.h" #include "dtable.h" #include "cygheap.h" +#include "exception.h" #include "ntdll.h" #include "tls_pbuf.h" #include @@ -255,9 +256,13 @@ get_user_groups (WCHAR *logonserver, cyg DWORD cnt, tot, len; NET_API_STATUS ret; =20 - /* Look only on logonserver */ - ret =3D NetUserGetGroups (logonserver, user, 0, (LPBYTE *) &buf, - MAX_PREFERRED_LENGTH, &cnt, &tot); + { + /* Experimental SEH */ + exception protect; + /* Look only on logonserver */ + ret =3D NetUserGetGroups (logonserver, user, 0, (LPBYTE *) &buf, + MAX_PREFERRED_LENGTH, &cnt, &tot); + } if (ret) { __seterrno_from_win_error (ret); @@ -306,9 +311,14 @@ get_user_local_groups (PWCHAR logonserve DWORD cnt, tot; NET_API_STATUS ret; =20 - ret =3D NetUserGetLocalGroups (logonserver, user, 0, LG_INCLUDE_INDIRECT, - (LPBYTE *) &buf, MAX_PREFERRED_LENGTH, - &cnt, &tot); + { + /* Experimental SEH */ + exception protect; + + ret =3D NetUserGetLocalGroups (logonserver, user, 0, LG_INCLUDE_INDIRE= CT, + (LPBYTE *) &buf, MAX_PREFERRED_LENGTH, + &cnt, &tot); + } if (ret) { __seterrno_from_win_error (ret); Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --kLdbqvpuLRxNeSq5 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUCZuYAAoJEPU2Bp2uRE+gANwP/1b5AhO47lOYnB7vWqDPiqii AsWtQC2tN63N4AWplgNfqmsTElEQMFKIG+Dnt8MZtXWmxyDpr0xNUoIz7z+8sWxI vk3MGBH0MWvD0l4LEBo9z/xhJWuTEuRWX9G6Iy9lYFjVDG0YxCSKVIbMzVyXoBTt 5fhWHhdSrU6wYCDM1ftOwwN0r/9A9au545oRXLGD9X4qmqoVF/qyjbB1uvIDoi+2 Tp9Ms2rGEenj5MnPabP5OLAnGbGjPp9Bpl2nklhGjePvX4v4tA2bl5gtxMu0GmW7 H8Yi2gbnUAAVTb1ibkC+kegVUQzfZ3JoWtTz9fd+Egd6qP0mLtEejWuX9ZyJcd7U t4Ej8j+abdQaO8dbHVS7a7Ixfp2DDS4ah2AxL6GgO7gsDUkZ83DvrBdGZF09qUfi PHiAJgeF9wZbfFZX2on0uwRRGHwLdAQbh2s6ggu+EqWKXA7YsCt8y7SlFhIUFAN6 YArBQevMmF8cIinIolROgUxep66LTB7xYYnWTa4WC7IcfZeb1AqKK6+XWhBTrVML g6QUJxKjTzZux0SkLcAMygLeJBrs+PyjVYuhXNPjOymqggRT3tM8mNZA/MiYNb3P WeJhSe9BIQNqD5dc4lgqfMzQBFn8RMKf0rJJDjniGMNQtXzjkERIhYh0XkpH1cp0 AQovQVkhbRj+OqzFXJzs =9X8D -----END PGP SIGNATURE----- --kLdbqvpuLRxNeSq5--