Regression: errno returned by seteuid and companions incorrect

Houder houder@xs4all.nl
Tue Mar 26 09:55:00 GMT 2019


Corinna,

As result of the removal of create_token() (sec_auth.cc) in the call 
flow
of seteuid32(), something like:

@@ cat seteuid.c
int
main()
{
     errno = 0;
     if (seteuid( (uid_t)1004) != 0) { // 1004 = uid of different user
         printf("seteuid: errno = %d, errstr = %s\n", errno, 
strerror(errno) );
     } else printf("1004, OK\n");
}

returns an INCORRECT errno 
(http://man7.org/linux/man-pages/man2/seteuid.2.html)

64-@@ ./seteuid
seteuid: errno = 13, errstr = Permission denied ... huh? WRONG!

On Linux this simple "Simple Test Case" will result in:

@@ seteuid: errno = 1, errstr = Operation not permitted

-----
Before the introduction of "Service for User Logon" (s4u), calling
seteuid (or companions) would eventually result in

  - calling create_token, which in turn would call
  - NtCreateToken

If NtCreateToken() failed, it returned the following status:

  - STATUS_PRIVILEGE_NOT_HELD ((NTSTATUS)0xC0000061), which would
    map to:
  - ERROR_PRIVILEGE_NOT_HELD __MSABI_LONG(1314), which in turn would
    map to:
  - errno = EPERM (1, i.c. "Operation not permitted")

See errmap[],
   geterrno_from_nt_status() and
   geterrno_from_win_error() in winsup/cygwin/errno.cc

-----
Om my system I have fixed this regression as follows:

64-@@ uname -a
CYGWIN_NT-6.1 Seven 3.0.4(0.338/5/3) 2019-03-26 08:25 x86_64 Cygwin

I applied the following hack to winsup/cygwin/sec_auth.cc:

1496 HANDLE
1497 s4uauth (bool logon, PCWSTR domain, PCWSTR user, NTSTATUS 
&ret_status)
1498 {
...
1525   if (logon) // true in the call flow from seteuid32()
1526     {
1527       /* Register as logon process. */
1528       debug_printf ("Impersonation requested");
1529       RtlInitAnsiString (&name, "Cygwin");
1530       status = LsaRegisterLogonProcess (&name, &lsa_hdl, 
&sec_mode);
1531     }
1532   else
1533     {
1534       /* Connect untrusted to just create a identification token */
1535       debug_printf ("Identification requested");
1536       status = LsaConnectUntrusted (&lsa_hdl);
1537     }
1538   if (status != STATUS_SUCCESS)
1539     {
1540       debug_printf ("%s: %y", logon ? "LsaRegisterLogonProcess"
1541                                     : "LsaConnectUntrusted", 
status);
// Henri: HACK!
            // LsaRegisterLogonProcess returns 
STATUS_PORT_CONNECTION_REFUSED
            if (status == STATUS_PORT_CONNECTION_REFUSED) // 
((NTSTATUS)0xC0000041)
                                                          // => EACCES 
... WRONG!
              {
                // status that was previously returned by NtCreateToken
                status = STATUS_PRIVILEGE_NOT_HELD; // 
((NTSTATUS)0xC0000061) => EPERM
              }
            // STATUS_PRIVILEGE_NOT_HELD maps to ERROR_PRIVILEGE_NOT_HELD 
(1314),
            // which in turn maps to EPERM (1)
// Henri
1542       __seterrno_from_nt_status (status);
1543       goto out;
1544     }

Henri

Attached: errmapping-sorted.txt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: errmapping-sorted.txt
URL: <http://cygwin.com/pipermail/cygwin/attachments/20190326/ccc04976/attachment.txt>
-------------- next part --------------

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


More information about the Cygwin mailing list