Corinna,
As result of the removal of create_token() (sec_auth.cc) in the call
flow
of seteuid32(), something like:
@@ cat seteuid.c
int
main()
{
errno = 0;
if (seteuid( (uid_t)1004) != 0) { // 1004 = uid of different user
printf("seteuid: errno = %d, errstr = %s\n", errno,
strerror(errno) );
} else printf("1004, OK\n");
}
returns an INCORRECT errno
(http://man7.org/linux/man-pages/man2/seteuid.2.html)
64-@@ ./seteuid
seteuid: errno = 13, errstr = Permission denied ... huh? WRONG!
On Linux this simple "Simple Test Case" will result in:
@@ seteuid: errno = 1, errstr = Operation not permitted
-----
Before the introduction of "Service for User Logon" (s4u), calling
seteuid (or companions) would eventually result in
- calling create_token, which in turn would call
- NtCreateToken
If NtCreateToken() failed, it returned the following status:
- STATUS_PRIVILEGE_NOT_HELD ((NTSTATUS)0xC0000061), which would
map to:
- ERROR_PRIVILEGE_NOT_HELD __MSABI_LONG(1314), which in turn would
map to:
- errno = EPERM (1, i.c. "Operation not permitted")
See errmap[],
geterrno_from_nt_status() and
geterrno_from_win_error() in winsup/cygwin/errno.cc
-----
Om my system I have fixed this regression as follows:
64-@@ uname -a
CYGWIN_NT-6.1 Seven 3.0.4(0.338/5/3) 2019-03-26 08:25 x86_64 Cygwin
I applied the following hack to winsup/cygwin/sec_auth.cc:
1496 HANDLE
1497 s4uauth (bool logon, PCWSTR domain, PCWSTR user, NTSTATUS
&ret_status)
1498 {
...
1525 if (logon) // true in the call flow from seteuid32()
1526 {
1527 /* Register as logon process. */
1528 debug_printf ("Impersonation requested");
1529 RtlInitAnsiString (&name, "Cygwin");
1530 status = LsaRegisterLogonProcess (&name, &lsa_hdl,
&sec_mode);
1531 }
1532 else
1533 {
1534 /* Connect untrusted to just create a identification token */
1535 debug_printf ("Identification requested");
1536 status = LsaConnectUntrusted (&lsa_hdl);
1537 }
1538 if (status != STATUS_SUCCESS)
1539 {
1540 debug_printf ("%s: %y", logon ? "LsaRegisterLogonProcess"
1541 : "LsaConnectUntrusted",
status);
// Henri: HACK!
// LsaRegisterLogonProcess returns
STATUS_PORT_CONNECTION_REFUSED
if (status == STATUS_PORT_CONNECTION_REFUSED) //
((NTSTATUS)0xC0000041)
// => EACCES
... WRONG!
{
// status that was previously returned by NtCreateToken
status = STATUS_PRIVILEGE_NOT_HELD; //
((NTSTATUS)0xC0000061) => EPERM
}
// STATUS_PRIVILEGE_NOT_HELD maps to ERROR_PRIVILEGE_NOT_HELD
(1314),
// which in turn maps to EPERM (1)
// Henri
1542 __seterrno_from_nt_status (status);
1543 goto out;
1544 }
Henri
Attached: errmapping-sorted.txt 1 INVALID_FUNCTION => 54 EBADRQC => Invalid request code
2 FILE_NOT_FOUND => 2 ENOENT => No such file or
directory
3 PATH_NOT_FOUND => 2 ENOENT => No such file or
directory
4 TOO_MANY_OPEN_FILES => 24 EMFILE => Too many open files
5 ACCESS_DENIED => 13 EACCES => Permission denied
6 INVALID_HANDLE => 9 EBADF => Bad file descriptor
8 NOT_ENOUGH_MEMORY => 12 ENOMEM => Cannot allocate
memory
13 INVALID_DATA => 22 EINVAL => Invalid argument
14 OUTOFMEMORY => 12 ENOMEM => Cannot allocate
memory
15 INVALID_DRIVE => 19 ENODEV => No such device
17 NOT_SAME_DEVICE => 18 EXDEV => Invalid
cross-device link
18 NO_MORE_FILES => 89 ENMFILE => No more files
19 WRITE_PROTECT => 30 EROFS => Read-only file
system
20 BAD_UNIT => 19 ENODEV => No such device
21 NOT_READY => 135 ENOMEDIUM => No medium found
23 CRC => 5 EIO => Input/output error
25 SEEK => 22 EINVAL => Invalid argument
27 SECTOR_NOT_FOUND => 22 EINVAL => Invalid argument
32 SHARING_VIOLATION => 16 EBUSY => Device or resource
busy
33 LOCK_VIOLATION => 16 EBUSY => Device or resource
busy
36 SHARING_BUFFER_EXCEEDED => 46 ENOLCK => No locks available
38 HANDLE_EOF => 61 ENODATA => No data available
39 HANDLE_DISK_FULL => 28 ENOSPC => No space left on
device
50 NOT_SUPPORTED => 88 ENOSYS => Function not
implemented
51 REM_NOT_LIST => 64 ENONET => Machine is not on
the network
52 DUP_NAME => 80 ENOTUNIQ => Name not unique on
network
53 BAD_NETPATH => 2 ENOENT => No such file or
directory
55 DEV_NOT_EXIST => 2 ENOENT => No such file or
directory
58 BAD_NET_RESP => 88 ENOSYS => Function not
implemented
59 UNEXP_NET_ERR => 5 EIO => Input/output error
64 NETNAME_DELETED => 2 ENOENT => No such file or
directory
67 BAD_NET_NAME => 2 ENOENT => No such file or
directory
80 FILE_EXISTS => 17 EEXIST => File exists
82 CANNOT_MAKE => 1 EPERM => Operation not
permitted
87 INVALID_PARAMETER => 22 EINVAL => Invalid argument
89 NO_PROC_SLOTS => 11 EAGAIN => Resource
temporarily unavailable
104 INVALID_AT_INTERRUPT_TIME => 4 EINTR => Interrupted system
call
109 BROKEN_PIPE => 32 EPIPE => Broken pipe
110 OPEN_FAILED => 5 EIO => Input/output error
112 DISK_FULL => 28 ENOSPC => No space left on
device
113 NO_MORE_SEARCH_HANDLES => 23 ENFILE => Too many open files
in system
120 CALL_NOT_IMPLEMENTED => 88 ENOSYS => Function not
implemented
123 INVALID_NAME => 2 ENOENT => No such file or
directory
126 MOD_NOT_FOUND => 2 ENOENT => No such file or
directory
127 PROC_NOT_FOUND => 3 ESRCH => No such process
128 WAIT_NO_CHILDREN => 10 ECHILD => No child processes
129 CHILD_NOT_COMPLETE => 16 EBUSY => Device or resource
busy
131 NEGATIVE_SEEK => 22 EINVAL => Invalid argument
145 DIR_NOT_EMPTY => 90 ENOTEMPTY => Directory not empty
156 SIGNAL_REFUSED => 5 EIO => Input/output error
161 BAD_PATHNAME => 2 ENOENT => No such file or
directory
162 SIGNAL_PENDING => 16 EBUSY => Device or resource
busy
164 MAX_THRDS_REACHED => 11 EAGAIN => Resource
temporarily unavailable
170 BUSY => 16 EBUSY => Device or resource
busy
183 ALREADY_EXISTS => 17 EEXIST => File exists
191 INVALID_EXE_SIGNATURE => 8 ENOEXEC => Exec format error
192 EXE_MARKED_INVALID => 8 ENOEXEC => Exec format error
193 BAD_EXE_FORMAT => 8 ENOEXEC => Exec format error
197 IOPL_NOT_ENABLED => 8 ENOEXEC => Exec format error
205 NO_SIGNAL_SENT => 5 EIO => Input/output error
206 FILENAME_EXCED_RANGE => 91 ENAMETOOLONG => File name too long
208 META_EXPANSION_TOO_LONG => 22 EINVAL => Invalid argument
209 INVALID_SIGNAL_NUMBER => 22 EINVAL => Invalid argument
210 THREAD_1_INACTIVE => 22 EINVAL => Invalid argument
216 EXE_MACHINE_TYPE_MISMATCH => 8 ENOEXEC => Exec format error
230 BAD_PIPE => 22 EINVAL => Invalid argument
231 PIPE_BUSY => 16 EBUSY => Device or resource
busy
232 NO_DATA => 32 EPIPE => Broken pipe
233 PIPE_NOT_CONNECTED => 70 ECOMM => Communication error
on send
234 MORE_DATA => 122 EMSGSIZE => Message too long
254 INVALID_EA_NAME => 22 EINVAL => Invalid argument
255 EA_LIST_INCONSISTENT => 22 EINVAL => Invalid argument
259 NO_MORE_ITEMS => 89 ENMFILE => No more files
267 DIRECTORY => 20 ENOTDIR => Not a directory
275 EAS_DIDNT_FIT => 28 ENOSPC => No space left on
device
277 EA_TABLE_FULL => 28 ENOSPC => No space left on
device
282 EAS_NOT_SUPPORTED => 134 ENOTSUP => Not supported
288 NOT_OWNER => 1 EPERM => Operation not
permitted
487 INVALID_ADDRESS => 22 EINVAL => Invalid argument
535 PIPE_CONNECTED => 16 EBUSY => Device or resource
busy
536 PIPE_LISTENING => 70 ECOMM => Communication error
on send
996 IO_INCOMPLETE => 11 EAGAIN => Resource
temporarily unavailable
997 IO_PENDING => 11 EAGAIN => Resource
temporarily unavailable
998 NOACCESS => 14 EFAULT => Bad address
1006 FILE_INVALID => 6 ENXIO => No such device or
address
1008 NO_TOKEN => 22 EINVAL => Invalid argument
1053 SERVICE_REQUEST_TIMEOUT => 16 EBUSY => Device or resource
busy
1067 PROCESS_ABORTED => 14 EFAULT => Bad address
1100 END_OF_MEDIA => 28 ENOSPC => No space left on
device
1101 FILEMARK_DETECTED => 5 EIO => Input/output error
1102 BEGINNING_OF_MEDIA => 5 EIO => Input/output error
1103 SETMARK_DETECTED => 5 EIO => Input/output error
1104 NO_DATA_DETECTED => 5 EIO => Input/output error
1106 INVALID_BLOCK_LENGTH => 5 EIO => Input/output error
1111 BUS_RESET => 5 EIO => Input/output error
1112 NO_MEDIA_IN_DRIVE => 135 ENOMEDIUM => No medium found
1117 IO_DEVICE => 5 EIO => Input/output error
1129 EOM_OVERFLOW => 5 EIO => Input/output error
1131 POSSIBLE_DEADLOCK => 56 EDEADLOCK => File locking
deadlock error
1142 TOO_MANY_LINKS => 31 EMLINK => Too many links
1165 DEVICE_REQUIRES_CLEANING => 5 EIO => Input/output error
1166 DEVICE_DOOR_OPEN => 5 EIO => Input/output error
1200 BAD_DEVICE => 19 ENODEV => No such device
1223 CANCELLED => 4 EINTR => Interrupted system
call
1225 CONNECTION_REFUSED => 111 ECONNREFUSED => Connection refused
1314 PRIVILEGE_NOT_HELD => 1 EPERM => Operation not
permitted
1332 NONE_MAPPED => 22 EINVAL => Invalid argument
1392 FILE_CORRUPT => 17 EEXIST => File exists
1393 DISK_CORRUPT => 5 EIO => Input/output error
1450 NO_SYSTEM_RESOURCES => 27 EFBIG => File too large
1451 NONPAGED_SYSTEM_RESOURCES => 11 EAGAIN => Resource
temporarily unavailable
1452 PAGED_SYSTEM_RESOURCES => 11 EAGAIN => Resource
temporarily unavailable
1453 WORKING_SET_QUOTA => 11 EAGAIN => Resource
temporarily unavailable
1454 PAGEFILE_QUOTA => 11 EAGAIN => Resource
temporarily unavailable
1455 COMMITMENT_LIMIT => 11 EAGAIN => Resource
temporarily unavailable
1460 TIMEOUT => 16 EBUSY => Device or resource
busy
1816 NOT_ENOUGH_QUOTA => 5 EIO => Input/output error
2202 BAD_USERNAME => 22 EINVAL => Invalid argument
2250 NOT_CONNECTED => 67 ENOLINK => Link has been
severed
2401 OPEN_FILES => 11 EAGAIN => Resource
temporarily unavailable
2402 ACTIVE_CONNECTIONS => 11 EAGAIN => Resource
temporarily unavailable
2404 DEVICE_IN_USE => 11 EAGAIN => Resource
temporarily unavailable
8341 DS_GENERIC_ERROR => 5 EIO => Input/output error
14001 SXS_CANT_GEN_ACTCTX => 84 ELIBBAD => Accessing a
corrupted shared library
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
