This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Windows Server 2012R2 64bit and 32bit Cygwin sshd
- From: Achim Gratz <Stromeko at NexGo dot DE>
- To: cygwin at cygwin dot com
- Date: Thu, 4 Sep 2014 14:12:16 +0000 (UTC)
- Subject: Re: Windows Server 2012R2 64bit and 32bit Cygwin sshd
- Authentication-results: sourceware.org; auth=none
- References: <8761hphfps dot fsf at Rainer dot invalid> <loom dot 20140902T134545-288 at post dot gmane dot org> <20140902140751 dot GD6056 at calimero dot vinschen dot de> <loom dot 20140902T171114-72 at post dot gmane dot org> <20140902153757 dot GE6056 at calimero dot vinschen dot de> <loom dot 20140903T084528-450 at post dot gmane dot org> <loom dot 20140903T145724-31 at post dot gmane dot org> <20140903133728 dot GL6056 at calimero dot vinschen dot de> <loom dot 20140904T130950-773 at post dot gmane dot org> <20140904122845 dot GU6056 at calimero dot vinschen dot de>
Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> > I couldn't start cygserver as a service with (just) the built DLL in place.
>
> No idea why. The patch just adds debug output to strace ouptput, nothing
> else.
Whatever. I've installed all the binaries from that build and things work
normally now.
> > So I started it in debug mode from the command line (which makes it have
> > less rights than it needs) and started the sshd in debug mode also.
>
> In a cyg_server GUI session? If so, you should have all rights required
> when starting this in an elevated shell.
Not the token privileges, I don't think so. But I'm not sure how to check.
Here's the salient parts from the strace (attaching to the sshd running as a
service in sandbox mode, running with no privilege separation produces a
slightly different trace, but the events leading up to the error are the same):
262 1161585 [main] sshd 2044 getpid: 2044 = getpid()
10593 1172178 [main] sshd 2044 get_logon_server: DC: server: \\SC301
58 1172236 [main] sshd 2044 get_user_groups: Before NetUserGetGroups
--- Process 560, exception 00000005 at 75511D4D
6543 1178779 [main] sshd 2044 get_user_groups: After NetUserGetGroups ret = 5
56 1178835 [main] sshd 2044 seterrno_from_win_error:
../../../../source/cygwin-snapshot-20140903-1/winsup/cygwin/sec_auth.cc:265
windows error 5
36 1178871 [main] sshd 2044 geterrno_from_win_error: windows error 5 ==
errno 13
33 1178904 [main] sshd 2044 get_user_local_groups: Before
NetUserGetLocalGroups
--- Process 560, exception 00000005 at 75511D4D
7964 1186868 [main] sshd 2044 get_user_local_groups: After
NetUserGetLocalGroups ret = 5
50 1186918 [main] sshd 2044 seterrno_from_win_error:
../../../../source/cygwin-snapshot-20140903-1/winsup/cygwin/sec_auth.cc:318
windows error 5
38 1186956 [main] sshd 2044 geterrno_from_win_error: windows error 5 ==
errno 13
37 1186993 [main] sshd 2044 initgroups32: 0 = initgroups(gratz, 1049089)
It then proceeds to log on via the token and mounts the entries from my
personal fstab (that should fail if it was running as a different user for
some of the entries). After checking for /etc/nologin this happens:
35 5023308 [main] sshd 2248 setegid32: new egid: 1049089 current: 197121
41 5023349 [main] sshd 2248 setegid32: NtSetInformationToken (hProcToken,
TokenPrimaryGroup), 0xC000005B
3105 5026454 [main] sshd 2248 get_logon_server: DC: server: \\SC301
44 5026498 [main] sshd 2248 get_user_groups: Before NetUserGetGroups
--- Process 2248, exception 00000005 at 75511D4D
The process apparently gets killed while in the NetUserGetGroups call (much
as you suspected). I'm not sure this tells us anything new, though. :-(
Regards,
Achim.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple