seteuid problem Win2003

[Vikentsy Lapa <vlapa at newman dot bas-net dot by>]

Hello, all.

I run simple seteuid programm which switch user context form user   admin   to user   UserDom1.

Programm output is
$ ./t_seteuid.exe
Process EUID: 11133
seteuid failed:: Permission denied
Process EUID: 11133

My working enviroment is 
Windows 2003 Server Ver 5.2
Cygwin DLL version info: DLL version: 1.7.5
more info see in cygcheck.out

strace output
 227892 [main] t_seteuid 2228 seteuid32: uid: 11139 myself->uid: 11133 myself->gid: 10512
 228163 [main] t_seteuid 2228 seteuid32: Found token -1
 229504 [main] t_seteuid 2228 extract_nt_dom_user: pw_gecos A59724 (UserDom1,U-SCC\UserDom1,S-1-5-21-1492043062-37880527
54-1970821042-1139)
 230580 [main] t_seteuid 2228 lsaprivkeyauth: Try logon for SCC\UserDom1
 245597 [main] t_seteuid 2228 seteuid32: lsaprivkeyauth failed, try lsaauth.
 246301 [main] t_seteuid 2228 lsaauth: LsaRegisterLogonProcess: 0xC0000041
 246541 [main] t_seteuid 2228 seterrno_from_win_error: /ext/build/netrel/src/cygwin-1.7.5-1/winsup/cygwin/sec_auth.cc:97
0 windows error 5
 246936 [main] t_seteuid 2228 geterrno_from_win_error: windows error 5 == errno 13
 247165 [main] t_seteuid 2228 __set_errno: void seterrno_from_win_error(const char*, int, DWORD):319 val 13
 247404 [main] t_seteuid 2228 lsaauth: 0x0 = lsaauth ()
 247683 [main] t_seteuid 2228 seteuid32: lsaauth failed, try create_token.
 250018 [main] t_seteuid 2228 get_logon_server: DC: rediscovery: 0, server: \\GCGWIN
 460050 [main] t_seteuid 2228 seterrno_from_win_error: /ext/build/netrel/src/cygwin-1.7.5-1/winsup/cygwin/sec_auth.cc:90
1 windows error 1314
 460679 [main] t_seteuid 2228 geterrno_from_win_error: unknown windows error 1314, setting errno to 13
 460976 [main] t_seteuid 2228 __set_errno: void seterrno_from_win_error(const char*, int, DWORD):319 val 13
 461414 [main] t_seteuid 2228 create_token: 0xFFFFFFFF = create_token ()
 461736 [main] t_seteuid 2228 seteuid32: create_token failed, bail out of here
                                  
I try use methods with lsa-cygwin package and with user rights

editrights -u admin -l
SeCreateTokenPrivilege
SeAssignPrimaryTokenPrivilege
SeTcbPrivilege

/etc/passwd
admin:unused:11133:10512:admin,U-SCC\admin,S-1-5-21-1492043062-3788052754-1970821042-1133:/home/admin:/bin/bash
UserDom1:unused:11139:10513:UserDom1,U-SCC\UserDom1,S-1-5-21-1492043062-3788052754-1970821042-1139:/home/UserDom1:/bin/bash

Any idea what I have to check ?


Programm text is
--------------------------------------------------------------------------------
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>

int main(){

int rc;

printf("Process EUID: %d \n", ( int) geteuid());

rc = seteuid(11139);

if ( rc ) {
  perror("seteuid failed:");
  printf("Process EUID: %d \n", ( int) geteuid());
  return 1;
}

printf("Process EUID: %d \n", ( int) geteuid());
return 0;
}
--------------------------------------------------------------------------------

in windows 7  same programm work good. From strace output i see that lsaprivkeyauth used successfully.

 545   29990 [main] t_seteuid 932 seteuid32: uid: 11139 myself->uid: 11133 myself->gid: 10513
   60   30050 [main] t_seteuid 932 seteuid32: Found token -1
 1242   31292 [main] t_seteuid 932 extract_nt_dom_user: pw_gecos D1919E (UserDom1,U-SCC\UserDom1,S-1-5-21-1492043062-3788052754-1970821042-1139)
 3641   34933 [main] t_seteuid 932 lsaprivkeyauth: Try logon for SCC\UserDom1
81853  116786 [main] t_seteuid 932 load_registry_hive: User registry hive for S-1-5-21-1492043062-3788052754-1970821042-1139 already exists
  428  117214 [main] t_seteuid 932 open_shared: name S-1-5-21-1492043062-3788052754-1970821042-1139.1, n 1, shared 0x60FD0000 (wanted 0x60FD0000), h 0x120
  403  117617 [main] t_seteuid 932 user_info::create: opening user shared for 'S-1-5-21-1492043062-3788052754-1970821042-1139' at 0x60FD0000
   55  117672 [main] t_seteuid 932 user_info::create: user shared version 0

Attachment: cygcheck.out
Description: Text document

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple