This is the mail archive of the
mailing list for the Cygwin project.
Re: Windows Server 2012R2 64bit and 32bit Cygwin sshd
- From: Achim Gratz <Stromeko at NexGo dot DE>
- To: cygwin at cygwin dot com
- Date: Thu, 4 Sep 2014 11:23:58 +0000 (UTC)
- Subject: Re: Windows Server 2012R2 64bit and 32bit Cygwin sshd
- Authentication-results: sourceware.org; auth=none
- References: <8761hphfps dot fsf at Rainer dot invalid> <loom dot 20140902T134545-288 at post dot gmane dot org> <20140902140751 dot GD6056 at calimero dot vinschen dot de> <loom dot 20140902T171114-72 at post dot gmane dot org> <20140902153757 dot GE6056 at calimero dot vinschen dot de> <loom dot 20140903T084528-450 at post dot gmane dot org> <loom dot 20140903T145724-31 at post dot gmane dot org> <20140903133728 dot GL6056 at calimero dot vinschen dot de>
Corinna Vinschen <corinna-cygwin <at> cygwin.com> writes:
> You already built your own Cygwin DLL, right? What you could do is to
> do some good old printf debugging. First let's try to find out if it's
> really one of the NetUser calls:
It looks like I need to install more than the DLL to make this work? I
couldn't start cygserver as a service with (just) the built DLL in place.
So I started it in debug mode from the command line (which makes it have
less rights than it needs) and started the sshd in debug mode also. Due to
presumably the missing rights mentioned I could only log in with an
administrative account (domain account, but restricted to run on the server
only). I didn't get any failure from the debug_printf instrumented
functions. With my normal user account I got a "/bin/bash: Operation not
permitted". The cygserver debug output also showed unfettered access to the
AD. With the sshd running without privilege separation I've noticed some
requests to the cygserver that seemed to indicate memory corruption: Early
on in starting the daemon it would normally try to get account information
for Administrators:544, but the debug output from cygserver was showing
sshdrs as the account name being asked for. Also there are (probably
unrelated since they are also present on x86_64) complaints about requests
of illegal length (11).
Going back to the original snapshot and using the same debugging setup the
behaviour was still the same. Since I could now start the services again, I
did that and am back to the original behaviour. I've asked our IT if there
are restrictions specifically targetting 32bit services or processes, but
got no answer so far (I'm not even sure this is possible).
I'm not sure what to make of these results, but at the moment I've ran out
of time anyway.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple