Quantcast

cron & Windows 7

classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

cron & Windows 7

Pierre A. Humblet
I got reports that cron is having problems with Cygwin 1.7.1 on
Windows 7 - 32 bits.
They occur only with seteuid method 1, not with method 2 nor method 3.

An earlier report http://cygwin.com/ml/cygwin/2009-11/msg00724.html
indicated that there was no problem with 1.7.0. There is no proof that
the Cygwin update to 1.7.1 caused the problem.

Basically cron starts with a process A that forks a process B, which
setsid and sleeps until the next minutes. It then forks a process C that runs
the crontabs and forks a process D for every user. Process D calls seteuid
and then execs /bin/sh.

The helpful user was willing to experiment and provided two straces
of cron, see attachments.

In trace_cron.log we see that, after the seteuid, process D cannot
load the user32 dll.
winerr 1114, A dynamic link library (DLL) initialization routine failed.
I believe that is occurring while trying to execute GetProcessWindowStation
in fhandler_console::need_invisible, called from spawn_guts.
This call is made while impersonated. I am not sure why it's needed
there given that a few lines below a brand new invisible WindowStation is
created anyway, at least in this case.

The other log trace_cron+syslog-ng.log was created in another run
where syslog-ng replaced the Windows application log. I had requested that
test because another unverified report claimed that doing so allowed cron to
run on Windows 7 64 bits.
In this case it didn't help, but the behavior is different (I doubt it's directly due
to syslog-ng). CreateProcessAsUser succeeds, but its parent never hears from
the child and quits after trying a few times (BTW, the creation of the WindowStation
is in the retry loop).

Incidentally, I noticed
   get_registry_hive_path: HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\XXX  not found
That's because there should be a " " between "Windows" and "NT". So USERPROFILE is
never set properly in the environment.

Sorry I don't have access to Windows 7 to investigate more deeply.

Pierre

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

trace_cron+syslog-ng.log (162K) Download Attachment
trace_cron.log (174K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Shaddy Baddah-10
Hi,

On 11/02/2010 3:28 AM, Pierre A. Humblet wrote:
> I got reports that cron is having problems with Cygwin 1.7.1 on
> Windows 7 - 32 bits.
> They occur only with seteuid method 1, not with method 2 nor method 3.

Based purely on the above (and not the rest of the report... sorry) I
suspect it might be due to a problem that has just been fixed in CVS
(http://cygwin.com/ml/cygwin-developers/2010-02/msg00037.html). If you
have time to kill before someone of authority intervenes, you may want
to try a snapshot (http://cygwin.com/snapshots/) and see if it helps.

Regards,
Shaddy

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Pierre A. Humblet
----- Original Message -----
From: "Shaddy Baddah"
To: "Pierre A. Humblet"
Cc: cygwin
Sent: Wednesday, February 10, 2010 23:36


| Hi,
|
| On 11/02/2010 3:28 AM, Pierre A. Humblet wrote:
| > I got reports that cron is having problems with Cygwin 1.7.1 on
| > Windows 7 - 32 bits.
| > They occur only with seteuid method 1, not with method 2 nor method 3.
|
| Based purely on the above (and not the rest of the report... sorry) I
| suspect it might be due to a problem that has just been fixed in CVS
| (http://cygwin.com/ml/cygwin-developers/2010-02/msg00037.html). If you
| have time to kill before someone of authority intervenes, you may want
| to try a snapshot (http://cygwin.com/snapshots/) and see if it helps.
|

Thanks Shaddy, I will point this to the user.
However according to the mails on the developers' list I don't see why the
changes would apply to Method 1.

Pierre

No, that's not quite correct.  If you call LogonUser (or the cyglsa sort
of password-less authentication) successfully, the system returns the
non-elevated token as well as the elevated token as a so-called linked
token.  In case of pubkey authentication, Cygwin refers to the elevated
token and uses that to switch the user context.  In case of password
authentication it does not do that so far.

In CVS it does now.

That's fantastic. Works great (I mean in terms of elevation of privelege). I suspect this is
going to please, or at least be noticed by a lot of users."




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Corinna Vinschen-2
On Feb 11 08:25, Pierre A. Humblet wrote:

> ----- Original Message -----
> From: "Shaddy Baddah"
> To: "Pierre A. Humblet"
> Cc: cygwin
> Sent: Wednesday, February 10, 2010 23:36
>
>
> | Hi,
> |
> | On 11/02/2010 3:28 AM, Pierre A. Humblet wrote:
> | > I got reports that cron is having problems with Cygwin 1.7.1 on
> | > Windows 7 - 32 bits.
> | > They occur only with seteuid method 1, not with method 2 nor method 3.
> |
> | Based purely on the above (and not the rest of the report... sorry) I
> | suspect it might be due to a problem that has just been fixed in CVS
> | (http://cygwin.com/ml/cygwin-developers/2010-02/msg00037.html). If you
> | have time to kill before someone of authority intervenes, you may want
> | to try a snapshot (http://cygwin.com/snapshots/) and see if it helps.
> |
>
> Thanks Shaddy, I will point this to the user.
> However according to the mails on the developers' list I don't see why the
> changes would apply to Method 1.
>
> Pierre

No, that's not related.  But we had a few reports on the list already
concerning sshd and it seemed to be a problem with using a non-Domain
cyg_server user running sshd, which lead to a crippled token:
http://cygwin.com/ml/cygwin/2010-01/msg00334.html
This is not related to W7, but should be a problem starting with
Windows Server 2003.

Pierre, you know a lot about this authentication stuff in Cygwin, you
applied a couple of patches yourself, and you have a copyright
assignment in place.  If you think there's another problem lurking,
please help with debugging and patches.


Thanks,
Corinna

--
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Matthias Andree
Am 11.02.2010 14:41, schrieb Corinna Vinschen:

> On Feb 11 08:25, Pierre A. Humblet wrote:
>> ----- Original Message -----
>> From: "Shaddy Baddah"
>> To: "Pierre A. Humblet"
>> Cc: cygwin
>> Sent: Wednesday, February 10, 2010 23:36
>>
>>
>> | Hi,
>> |
>> | On 11/02/2010 3:28 AM, Pierre A. Humblet wrote:
>> | > I got reports that cron is having problems with Cygwin 1.7.1 on
>> | > Windows 7 - 32 bits.
>> | > They occur only with seteuid method 1, not with method 2 nor method 3.
>> |
>> | Based purely on the above (and not the rest of the report... sorry) I
>> | suspect it might be due to a problem that has just been fixed in CVS
>> | (http://cygwin.com/ml/cygwin-developers/2010-02/msg00037.html). If you
>> | have time to kill before someone of authority intervenes, you may want
>> | to try a snapshot (http://cygwin.com/snapshots/) and see if it helps.
>> |
>>
>> Thanks Shaddy, I will point this to the user.
>> However according to the mails on the developers' list I don't see why the
>> changes would apply to Method 1.
>>
>> Pierre
>
> No, that's not related.  But we had a few reports on the list already
> concerning sshd and it seemed to be a problem with using a non-Domain
> cyg_server user running sshd, which lead to a crippled token:
> http://cygwin.com/ml/cygwin/2010-01/msg00334.html
> This is not related to W7, but should be a problem starting with
> Windows Server 2003.
>
> Pierre, you know a lot about this authentication stuff in Cygwin, you
> applied a couple of patches yourself, and you have a copyright
> assignment in place.  If you think there's another problem lurking,
> please help with debugging and patches.

Hi everyone,

let's not play Chinese Whispers. :-)
I am the one who reported this issue to Pierre and who provided the logs.

Windows 7 Professional 32-bit (German), build 7600,
this computer is not a domain client, but standalone.

Cygwin 1.7.1 release, cron logging to syslog-ng.

Running cron as dedicated user fails for me - see the logs Pierre referred to.
Configuring cyglsa as setuid method and running cron as "SYSTEM" works for me.

Is trying the CVS or a snapshot (which one?) worthwhile?
Anything besides cygwin1.dll to be replaced for a test?

Best

--
Matthias Andree

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Pierre A. Humblet
In reply to this post by Corinna Vinschen-2
----- Original Message -----
From: "Corinna Vinschen"
To: <[hidden email]>
Sent: Thursday, February 11, 2010 8:41


|
| No, that's not related.  But we had a few reports on the list already
| concerning sshd and it seemed to be a problem with using a non-Domain
| cyg_server user running sshd, which lead to a crippled token:
| http://cygwin.com/ml/cygwin/2010-01/msg00334.html
| This is not related to W7, but should be a problem starting with
| Windows Server 2003.
|
| Pierre, you know a lot about this authentication stuff in Cygwin, you
| applied a couple of patches yourself, and you have a copyright
| assignment in place.  If you think there's another problem lurking,
| please help with debugging and patches.

In this case there are no Domain issues. On this topic, I like your
suggestion to add BUILTIN\Users when the DC does not answer.
Alternatively mkgroup could add all the domain users to the Users group
(that way it could be customized to each site, if needed). Variations: add
such a switch to mkgroup or create a script to add the info.
 
Just to be clear I attempted to reproduce on Vista, but there it worked fine.
I don't have access to more advanced systems.

So the only bug I can fix is to add the missing space in get_registry_hive_path :(

I can also look into pruning out unneeded (and expensive on Win 7) calls
to fhandler_console::need_invisible
I have been trying to find a description of why it's needed (flashing windows?).
Are there some well defined tests?

Pierre  

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Corinna Vinschen-2
On Feb 11 09:54, Pierre A. Humblet wrote:

> From: "Corinna Vinschen"
> | No, that's not related.  But we had a few reports on the list already
> | concerning sshd and it seemed to be a problem with using a non-Domain
> | cyg_server user running sshd, which lead to a crippled token:
> | http://cygwin.com/ml/cygwin/2010-01/msg00334.html
> | This is not related to W7, but should be a problem starting with
> | Windows Server 2003.
> |
> | Pierre, you know a lot about this authentication stuff in Cygwin, you
> | applied a couple of patches yourself, and you have a copyright
> | assignment in place.  If you think there's another problem lurking,
> | please help with debugging and patches.
>
> In this case there are no Domain issues. On this topic, I like your
> suggestion to add BUILTIN\Users when the DC does not answer.

If a domain isn't involved, why fails loading user32 DLL?!?  In that
case there should be no issue with the user account since the local
SAM replies with the correct group list.  Or not?!?

> Alternatively mkgroup could add all the domain users to the Users group
> (that way it could be customized to each site, if needed). Variations: add
> such a switch to mkgroup or create a script to add the info.

Well, in the long run I'd like to drop the chance to add groups by adding
users to /etc/group.  This allows overriding AD settings for no good reason.

> So the only bug I can fix is to add the missing space in get_registry_hive_path :(

Yes, please go ahead.

> I can also look into pruning out unneeded (and expensive on Win 7) calls
> to fhandler_console::need_invisible
> I have been trying to find a description of why it's needed (flashing windows?).

Yes.  Windows 7 introduced a new application called conhost.exe, which
gets started now every time you open a console.  This application
handles all the console windows now and introduced a few neat little bugs.

One of them is the inability to open a console on another window station
just created in the same application.  The AllocConsole always creates
the console on the window station at process startup.  Reported to MSFT
in the Windows 7 beta phase, not important enough, won't fix.

Another bug with console handles is described in
dtable::init_std_file_from_handle().

Another bug is the fact that it's not possible to make console handles
non-inheritable.


Corinna

--
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Pierre A. Humblet

----- Original Message -----
From: "Corinna Vinschen"
To: <[hidden email]>
Sent: Thursday, February 11, 2010 10:17
|
| If a domain isn't involved, why fails loading user32 DLL?!?  In that
| case there should be no issue with the user account since the local
| SAM replies with the correct group list.  Or not?!?

The only strange output is
get_user_local_groups: LookupAccountName(BUILTIN\Administratoren), Win32 error 1332
but there should be other groups, like Users.

If we want to eliminate that possibility:
Matthias , could you edit /etc/passwd and change your gid from 513 to 545,
or edit /etc/group and add your id (text, not uid) in the last (currently empty)
field of the 545 group.

| Well, in the long run I'd like to drop the chance to add groups by adding
| users to /etc/group.  This allows overriding AD settings for no good reason.
I would at least keep it as backup. There have been reported cases were the DC
does not answer due to temporary network reasons.

B.t.w. I just tried mkgroup -lu on my local XP (still 1.5). It does NOT populate users
in some groups, in particular  Users (545)
Also when I ssh into my home XP (1.7), I get
mkgroup (376): [1722] The RPC server is unavailable.
both with explicit passwd or when using authorized_keys.

Pierre

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Corinna Vinschen-2
On Feb 11 12:52, Pierre A. Humblet wrote:

>
> ----- Original Message -----
> From: "Corinna Vinschen"
> To: <[hidden email]>
> Sent: Thursday, February 11, 2010 10:17
> |
> | If a domain isn't involved, why fails loading user32 DLL?!?  In that
> | case there should be no issue with the user account since the local
> | SAM replies with the correct group list.  Or not?!?
>
> The only strange output is
> get_user_local_groups: LookupAccountName(BUILTIN\Administratoren), Win32 error 1332
> but there should be other groups, like Users.

Uh oh.  Is the name of the BUILTIN group not BUILTIN on non-English
systems?  If so, the code in get_user_local_groups must be changed to
emit the correct name, rather than just storing the fixed string
"BUILTIN\\" in builtin_grp.

[...time passes...]

Can you please check if this untested(!) code is doing the right thing?

Index: sec_auth.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/sec_auth.cc,v
retrieving revision 1.29
diff -u -p -r1.29 sec_auth.cc
--- sec_auth.cc 6 Feb 2010 13:13:15 -0000 1.29
+++ sec_auth.cc 11 Feb 2010 18:44:05 -0000
@@ -320,20 +320,19 @@ get_user_local_groups (PWCHAR logonserve
     }
 
   WCHAR domlocal_grp[MAX_DOMAIN_NAME_LEN + GNLEN + 2];
-  WCHAR builtin_grp[sizeof ("BUILTIN\\") + GNLEN + 2];
-  PWCHAR dg_ptr, bg_ptr;
+  WCHAR builtin_grp[2 * GNLEN + 2];
+  PWCHAR dg_ptr, bg_ptr = NULL;
   SID_NAME_USE use;
 
   dg_ptr = wcpcpy (domlocal_grp, domain);
   *dg_ptr++ = L'\\';
-  bg_ptr = wcpcpy (builtin_grp, L"BUILTIN\\");
 
   for (DWORD i = 0; i < cnt; ++i)
     {
       cygsid gsid;
       DWORD glen = MAX_SID_LEN;
       WCHAR dom[MAX_DOMAIN_NAME_LEN + 1];
-      DWORD domlen = sizeof (dom);
+      DWORD domlen = MAX_DOMAIN_NAME_LEN + 1;
 
       use = SidTypeInvalid;
       wcscpy (dg_ptr, buf[i].lgrpi0_name);
@@ -348,17 +347,35 @@ get_user_local_groups (PWCHAR logonserve
       else if (GetLastError () == ERROR_NONE_MAPPED)
  {
   /* Check if it's a builtin group. */
-  wcscpy (bg_ptr, dg_ptr);
-  if (LookupAccountNameW (NULL, builtin_grp, gsid, &glen,
-  dom, &domlen, &use))
+  if (!bg_ptr)
     {
-      if (!legal_sid_type (use))
- debug_printf ("Rejecting local %W. use: %d", dg_ptr, use);
+      cygsid bgsid ("S-1-5-32");
+      glen = 2 * GNLEN + 2;
+      if (!LookupAccountSidW (NULL, bgsid, builtin_grp, &glen,
+      domain, &domlen, &use))
+ debug_printf ("LookupAccountSid(BUILTIN), %E");
       else
- grp_list *= gsid;
+ {
+  bg_ptr = builtin_grp + wcslen (builtin_grp);
+  bg_ptr = wcpcpy (builtin_grp, L"\\");
+  glen = MAX_SID_LEN;
+  domlen = MAX_DOMAIN_NAME_LEN + 1;
+ }
+    }
+  if (bg_ptr)
+    {
+      wcscpy (bg_ptr, dg_ptr);
+      if (LookupAccountNameW (NULL, builtin_grp, gsid, &glen,
+      dom, &domlen, &use))
+ {
+  if (!legal_sid_type (use))
+    debug_printf ("Rejecting local %W. use: %d", dg_ptr, use);
+  else
+    grp_list *= gsid;
+ }
+      else
+ debug_printf ("LookupAccountName(%W), %E", builtin_grp);
     }
-  else
-    debug_printf ("LookupAccountName(%W), %E", builtin_grp);
  }
       else
  debug_printf ("LookupAccountName(%W), %E", domlocal_grp);

> If we want to eliminate that possibility:
> Matthias , could you edit /etc/passwd and change your gid from 513 to 545,
> or edit /etc/group and add your id (text, not uid) in the last (currently empty)
> field of the 545 group.
>
> | Well, in the long run I'd like to drop the chance to add groups by adding
> | users to /etc/group.  This allows overriding AD settings for no good reason.
> I would at least keep it as backup. There have been reported cases were the DC
> does not answer due to temporary network reasons.

Yeah, it's just a nightmare for Admins...

> B.t.w. I just tried mkgroup -lu on my local XP (still 1.5). It does NOT populate users
> in some groups, in particular  Users (545)

It does not populate users in *any* group.  The option has been disabled.
The group list should only be used in rare cases, if at all.

> Also when I ssh into my home XP (1.7), I get
> mkgroup (376): [1722] The RPC server is unavailable.

For me this also occurs in a normal console window and that's to be
expected.  -l is an `optional_argument' option.  Try `mkgroup -l -u'.


Corinna

--
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Pierre A. Humblet
----- Original Message -----
From: "Corinna Vinschen"
To: <[hidden email]>
Sent: Thursday, February 11, 2010 13:52
|
| Uh oh.  Is the name of the BUILTIN group not BUILTIN on non-English
| systems?  If so, the code in get_user_local_groups must be changed to
| emit the correct name, rather than just storing the fixed string
| "BUILTIN\\" in builtin_grp.

Will do, this weekend at the latest. Matthias did a preliminary test on Win 7.
I learned that in German BUILTIN is VORDEFINIERT :)
I wonder if the translation is a Win 7 feature or if has been there all the time.

Pierre


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Robert Pendell-3
On Thu, Feb 11, 2010 at 6:01 PM, Pierre A. Humblet wrote:

> ----- Original Message -----
> From: "Corinna Vinschen"
> To: <[hidden email]>
> Sent: Thursday, February 11, 2010 13:52
> |
> | Uh oh.  Is the name of the BUILTIN group not BUILTIN on non-English
> | systems?  If so, the code in get_user_local_groups must be changed to
> | emit the correct name, rather than just storing the fixed string
> | "BUILTIN\\" in builtin_grp.
>
> Will do, this weekend at the latest. Matthias did a preliminary test on Win 7.
> I learned that in German BUILTIN is VORDEFINIERT :)
> I wonder if the translation is a Win 7 feature or if has been there all the time.
>
> Pierre
>
>

Hmm.... That's news to me.  I have access to many different iso's for
both Vista and Windows 7 that are language native in various other
languages through my Technet subscription.  If it is needed I could
probably go and get the many different names that BUILTIN goes by.
That is of course unless there is a more dynamic way of determining
it.


Robert Pendell
[hidden email]
CAcert Assurer
"A perfect world is one of chaos."

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Larry Hall (Cygwin)
On 02/11/2010 06:17 PM, Robert Pendell wrote:

> On Thu, Feb 11, 2010 at 6:01 PM, Pierre A. Humblet wrote:
>> ----- Original Message -----
>> From: "Corinna Vinschen"
>> To:<[hidden email]>
>> Sent: Thursday, February 11, 2010 13:52
>> |
>> | Uh oh.  Is the name of the BUILTIN group not BUILTIN on non-English
>> | systems?  If so, the code in get_user_local_groups must be changed to
>> | emit the correct name, rather than just storing the fixed string
>> | "BUILTIN\\" in builtin_grp.
>>
>> Will do, this weekend at the latest. Matthias did a preliminary test on Win 7.
>> I learned that in German BUILTIN is VORDEFINIERT :)
>> I wonder if the translation is a Win 7 feature or if has been there all the time.
>>
>> Pierre
>>
>>
>
> Hmm.... That's news to me.  I have access to many different iso's for
> both Vista and Windows 7 that are language native in various other
> languages through my Technet subscription.  If it is needed I could
> probably go and get the many different names that BUILTIN goes by.
> That is of course unless there is a more dynamic way of determining
> it.

No need.  Corinna's implementation takes a language agnostic approach. :-)


--
Larry Hall                              http://www.rfk.com
RFK Partners, Inc.                      (508) 893-9779 - RFK Office
216 Dalton Rd.                          (508) 893-9889 - FAX
Holliston, MA 01746

_____________________________________________________________________

A: Yes.
 > Q: Are you sure?
 >> A: Because it reverses the logical flow of conversation.
 >>> Q: Why is top posting annoying in email?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Corinna Vinschen-2
In reply to this post by Pierre A. Humblet
On Feb 11 18:01, Pierre A. Humblet wrote:

> ----- Original Message -----
> From: "Corinna Vinschen"
> To: <[hidden email]>
> Sent: Thursday, February 11, 2010 13:52
> |
> | Uh oh.  Is the name of the BUILTIN group not BUILTIN on non-English
> | systems?  If so, the code in get_user_local_groups must be changed to
> | emit the correct name, rather than just storing the fixed string
> | "BUILTIN\\" in builtin_grp.
>
> Will do, this weekend at the latest. Matthias did a preliminary test on Win 7.
> I learned that in German BUILTIN is VORDEFINIERT :)
> I wonder if the translation is a Win 7 feature or if has been there all the time.

I think it was always there, but I'm not sure.  Btw., there's a bug in
my patch:

            bg_ptr = wcpcpy (builtin_grp, L"\\");

should actually be

            bg_ptr = wcpcpy (bg_grp, L"\\");


Corinna

--
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Pierre A. Humblet
----- Original Message -----
From: "Corinna Vinschen"
To: <cygwin>
Sent: Friday, February 12, 2010 5:09
| On Feb 11 18:01, Pierre A. Humblet wrote:
| > ----- Original Message -----
| > From: "Corinna Vinschen"
| > To: <[hidden email]>
| > Sent: Thursday, February 11, 2010 13:52
| > |
| > | Uh oh.  Is the name of the BUILTIN group not BUILTIN on non-English
| > | systems?  If so, the code in get_user_local_groups must be changed to
| > | emit the correct name, rather than just storing the fixed string
| > | "BUILTIN\\" in builtin_grp.
| >
| > Will do, this weekend at the latest. Matthias did a preliminary test on Win 7.
| > I learned that in German BUILTIN is VORDEFINIERT :)
| > I wonder if the translation is a Win 7 feature or if has been there all the time.
|
| I think it was always there, but I'm not sure.

It's hard to believe that the bug has always been there on foreign machines...
A few other things:

1) I had the feeling that we have already discussed this in the past.
Take a look at
http://www.cygwin.com/ml/cygwin-patches/2002-q4/msg00255.html
(last line). Thanks to google :)

2) About http://cygwin.com/ml/cygwin/2010-01/msg00334.html
USERS is already always added to the token. It's done in get_token_group_sidlist.
This raises the possibility that fixing the language problem won't fix the current bugs
were user32 can't be loaded, and also with ws2_32.dll in your message

3) There is another major bug: scripts don't get executed while impersonated.
The problem is in access.

cron has setuid and tries to run sendmail ==> /bin/cronlog
  502 3438682 [main] cron 4000 av::fixup: C:\Program Files\cygwin_1.7\bin\cronlog is possibly a
script
 1832 3440514 [main] cron 4000 seterrno_from_win_error:
../../../../src/winsup/cygwin/security.cc:766 windows erro$
   61 3440575 [main] cron 4000 geterrno_from_win_error: windows error 6 == errno 9
   21 3440596 [main] cron 4000 __set_errno: void seterrno_from_win_error(const char*, int,
DWORD):319 val 9
   21 3440617 [main] cron 4000 check_file_access: flags 1, ret -1net helpmsg 6

net helpmsg 6
The handle is invalid.

I will get to it but if you have an idea let me know.

4) Finally I noticed that perl doesn't run with the cygwin0.dll I built in cvs (last nite).
Not sure if you see that too.

Pierre


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Corinna Vinschen-2
On Feb 12 10:19, Pierre A. Humblet wrote:

> From: "Corinna Vinschen"
> | I think it was always there, but I'm not sure.
>
> It's hard to believe that the bug has always been there on foreign machines...
> A few other things:
>
> 1) I had the feeling that we have already discussed this in the past.
> Take a look at
> http://www.cygwin.com/ml/cygwin-patches/2002-q4/msg00255.html
> (last line). Thanks to google :)

Cool!  Look at the date!  So I did it again wrong after you already
fixed it in 2002.  Oh well.  Btw, I tested this today and it seems the
patch is working.  I'll just change it to use a well_known_builtin_sid
rather than creating the SID on the fly.

> 2) About http://cygwin.com/ml/cygwin/2010-01/msg00334.html
> USERS is already always added to the token. It's done in get_token_group_sidlist.

Yes, but not in 1.7.1.  This is new since 2010-01-08.

> 3) There is another major bug: scripts don't get executed while impersonated.
> The problem is in access.
>
> cron has setuid and tries to run sendmail ==> /bin/cronlog
>   502 3438682 [main] cron 4000 av::fixup: C:\Program Files\cygwin_1.7\bin\cronlog is possibly a
> script
>  1832 3440514 [main] cron 4000 seterrno_from_win_error:
> ../../../../src/winsup/cygwin/security.cc:766 windows erro$
>    61 3440575 [main] cron 4000 geterrno_from_win_error: windows error 6 == errno 9
>    21 3440596 [main] cron 4000 __set_errno: void seterrno_from_win_error(const char*, int,
> DWORD):319 val 9
>    21 3440617 [main] cron 4000 check_file_access: flags 1, ret -1net helpmsg 6
>
> net helpmsg 6
> The handle is invalid.
>
> I will get to it but if you have an idea let me know.

I have no idea, sorry.  The Win32 error 6 is an invalid handle.  But the
token used here is always an impersonation token, just as AccessCheck
requires.  That's puzzeling.

> 4) Finally I noticed that perl doesn't run with the cygwin0.dll I built in cvs (last nite).
> Not sure if you see that too.

I see that, too.  But that's something for another thread, please.


Corinna

--
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Corinna Vinschen-2
On Feb 12 18:39, Corinna Vinschen wrote:

> On Feb 12 10:19, Pierre A. Humblet wrote:
> > From: "Corinna Vinschen"
> > | I think it was always there, but I'm not sure.
> >
> > It's hard to believe that the bug has always been there on foreign machines...
> > A few other things:
> >
> > 1) I had the feeling that we have already discussed this in the past.
> > Take a look at
> > http://www.cygwin.com/ml/cygwin-patches/2002-q4/msg00255.html
> > (last line). Thanks to google :)
>
> Cool!  Look at the date!  So I did it again wrong after you already
> fixed it in 2002.  Oh well.  Btw, I tested this today and it seems the
> patch is working.  I'll just change it to use a well_known_builtin_sid
> rather than creating the SID on the fly.

Nevertheless, would you mind to test it as well?  Easy chance that I
missed something.


Thanks,
Corinna

--
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Pierre A. Humblet
----- Original Message -----
From: "Corinna Vinschen"
Sent: Friday, February 12, 2010 12:4311474


| On Feb 12 18:39, Corinna Vinschen wrote:
| > On Feb 12 10:19, Pierre A. Humblet wrote:
| > > From: "Corinna Vinschen"
| > > | I think it was always there, but I'm not sure.
| > >
| > > It's hard to believe that the bug has always been there on foreign machines...
| > > A few other things:
| > >
| > > 1) I had the feeling that we have already discussed this in the past.
| > > Take a look at
| > > http://www.cygwin.com/ml/cygwin-patches/2002-q4/msg00255.html
| > > (last line). Thanks to google :)
| >
| > Cool!  Look at the date!  So I did it again wrong after you already
| > fixed it in 2002.  Oh well.  Btw, I tested this today and it seems the
| > patch is working.  I'll just change it to use a well_known_builtin_sid
| > rather than creating the SID on the fly.
|
| Nevertheless, would you mind to test it as well?  Easy chance that I
| missed something.

Matthias just tested what I did last night, which was based on what
you had sent, but also defining well_known_users_sid in security.h etc..
Now cron works on his system. Looks like we are duplicating efforts!

I just refreshed cvs and get_token_group_sidlist still has:
      grp_list *= well_known_users_sid;

I was also looking at the lsaauth code and noticed you exclude all
well-known groups.
Does lsa put them in the token anyway? Otherwise how does
USERS get in there?

I have many other observations but that will be for later.

Pierre





--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Corinna Vinschen-2
On Feb 12 13:33, Pierre A. Humblet wrote:

> From: "Corinna Vinschen"
> | On Feb 12 18:39, Corinna Vinschen wrote:
> | > Cool!  Look at the date!  So I did it again wrong after you already
> | > fixed it in 2002.  Oh well.  Btw, I tested this today and it seems the
> | > patch is working.  I'll just change it to use a well_known_builtin_sid
> | > rather than creating the SID on the fly.
> |
> | Nevertheless, would you mind to test it as well?  Easy chance that I
> | missed something.
>
> Matthias just tested what I did last night, which was based on what
> you had sent, but also defining well_known_users_sid in security.h etc..

Sorry, but I don't understand what you mean.  well_known_users_sid
*is* already defined in security.h since my patch from 2010-01-08.
 
> Now cron works on his system. Looks like we are duplicating efforts!
>
> I just refreshed cvs and get_token_group_sidlist still has:
>       grp_list *= well_known_users_sid;

Yes, sure.  What's the problem?  You wrote in
http://cygwin.com/ml/cygwin/2010-02/msg00291.html that always adding
well_known_users_sid is a good idea from your POV.  I currently don't
understand what you're trying to say.

> I was also looking at the lsaauth code and noticed you exclude all
> well-known groups.
> Does lsa put them in the token anyway? Otherwise how does
> USERS get in there?

Yes.

> I have many other observations but that will be for later.

Ok.


Corinna

--
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Pierre A. Humblet
----- Original Message -----
From: "Corinna Vinschen"
To: <[hidden email]>
Sent: Friday, February 12, 2010 13:47



| On Feb 12 13:33, Pierre A. Humblet wrote:
| >| > Matthias just tested what I did last night, which was based on what
| > you had sent, but also defining well_known_users_sid in security.h etc..
|
| Sorry, but I don't understand what you mean.  well_known_users_sid
| *is* already defined in security.h since my patch from 2010-01-08.

Oops, I meant well_known_builtin_sid, like what you just did.

| > Now cron works on his system. Looks like we are duplicating efforts!
| >
| > I just refreshed cvs and get_token_group_sidlist still has:
| >       grp_list *= well_known_users_sid;
|
| Yes, sure.  What's the problem?  You wrote in
| http://cygwin.com/ml/cygwin/2010-02/msg00291.html that always adding
| well_known_users_sid is a good idea from your POV.  I currently don't
| understand what you're trying to say.

Sorry, I misunderstood your earlier e-mail. I shouldn't multitask!

Pierre


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cron & Windows 7

Corinna Vinschen-2
On Feb 12 14:19, Pierre A. Humblet wrote:

> From: "Corinna Vinschen"
> | On Feb 12 13:33, Pierre A. Humblet wrote:
> | >| > Matthias just tested what I did last night, which was based on what
> | > you had sent, but also defining well_known_users_sid in security.h etc..
> |
> | Sorry, but I don't understand what you mean.  well_known_users_sid
> | *is* already defined in security.h since my patch from 2010-01-08.
>
> Oops, I meant well_known_builtin_sid, like what you just did.
>
> | > Now cron works on his system. Looks like we are duplicating efforts!
> | >
> | > I just refreshed cvs and get_token_group_sidlist still has:
> | >       grp_list *= well_known_users_sid;
> |
> | Yes, sure.  What's the problem?  You wrote in
> | http://cygwin.com/ml/cygwin/2010-02/msg00291.html that always adding
> | well_known_users_sid is a good idea from your POV.  I currently don't
> | understand what you're trying to say.
>
> Sorry, I misunderstood your earlier e-mail. I shouldn't multitask!

No worries.


Corinna

--
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Loading...