You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@apr.apache.org by bu...@apache.org on 2019/08/01 09:49:08 UTC
[Bug 51560] apr_stat for APR_FINFO_NORM using
GetEffectiveRightsFromAcl does not work in complex Active Directory forest
https://bz.apache.org/bugzilla/show_bug.cgi?id=51560
--- Comment #5 from Thorsten Schöning <ts...@am-soft.de> ---
I would like to mention an issue I ran into recently and while I don't think
its the same one, it sounds at least related:
http://mail-archives.apache.org/mod_mbox/perl-modperl/201907.mbox/ajax/%3C1649095749.20190731190733%40am-soft.de%3E
The main difference is that in my case no Active Directory is involved, but the
problem occurs with Windows-users without admin-privileges. My setup is running
mod_perl within HTTPd as a Windows service and that service uses a standard
user in Windows without any admin-privileges. In that context using "apr_stat"
with APR_FINFO_NORM fails, while the same usage with APR_FINFO_MIN succeeds.
File::stat::stat of Perl succeeds as well.
> sub finfo { $_[0]->{finfo}||=APR::Finfo::stat($_[0]->{filename},
> APR::Const::FINFO_NORM,
> $_[0]->pool); }
vs.
> sub finfo { $_[0]->{finfo}||=APR::Finfo::stat($_[0]->{filename},
> APR::Const::FINFO_MIN,
> $_[0]->pool); }
Using Process Monitor things look like Windows internally requests some
unexpected additional authentication. The following two lines in the logs are
the last ones directly associated to mod_perl, because "mandkomm.pl" belongs to
something I'm testing mod_perl with.
> 18:12:09,8533141 httpd.exe 20396 QueryRemoteProtocolInformation C:\Users\tschoening\Documents\Eclipse\Perl DocBeam\MandKomm\mandkomm.pl INVALID PARAMETER
> 18:12:09,8533617 httpd.exe 20396 QuerySecurityFile C:\Users\tschoening\Documents\Eclipse\Perl DocBeam\MandKomm\mandkomm.pl SUCCESS Information: Owner, Group, DACL
Directly afterwards the following Windows-related internal stuff happens:
> 18:12:09,8557370 httpd.exe 20396 CreateFile C:\Program Files\WindowsApps\Microsoft.LanguageExperiencePackde-DE_17763.14.39.0_neutral__8wekyb3d8bbwe\Windows\System32\de-DE\ntmarta.dll.mui SUCCESS Desired Access: Generic Read, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
> 18:12:09,8557889 httpd.exe 20396 CreateFileMapping C:\Program Files\WindowsApps\Microsoft.LanguageExperiencePackde-DE_17763.14.39.0_neutral__8wekyb3d8bbwe\Windows\System32\de-DE\ntmarta.dll.mui FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE|PAGE_NOCACHE
> 18:12:09,8558183 httpd.exe 20396 QueryStandardInformationFile C:\Program Files\WindowsApps\Microsoft.LanguageExperiencePackde-DE_17763.14.39.0_neutral__8wekyb3d8bbwe\Windows\System32\de-DE\ntmarta.dll.mui SUCCESS AllocationSize: 16.384, EndOfFile: 14.720, NumberOfLinks: 1, DeletePending: False, Directory: False
> 18:12:09,8558750 httpd.exe 20396 CreateFileMapping C:\Program Files\WindowsApps\Microsoft.LanguageExperiencePackde-DE_17763.14.39.0_neutral__8wekyb3d8bbwe\Windows\System32\de-DE\ntmarta.dll.mui SUCCESS SyncType: SyncTypeOther
> 18:12:09,8562021 httpd.exe 20396 CreateFile C:\Program Files\Apache Software Foundation\httpd\bin\logoncli.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
> 18:12:09,8564963 httpd.exe 20396 CreateFile C:\Windows\System32\logoncli.dll SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
> 18:12:09,8565506 httpd.exe 20396 QueryBasicInformationFile C:\Windows\System32\logoncli.dll SUCCESS CreationTime: 15.09.2018 09:28:46, LastAccessTime: 15.09.2018 09:28:46, LastWriteTime: 15.09.2018 09:28:46, ChangeTime: 18.12.2018 14:29:50, FileAttributes: A
> 18:12:09,8565821 httpd.exe 20396 CloseFile C:\Windows\System32\logoncli.dll SUCCESS
> 18:12:09,8567588 httpd.exe 20396 CreateFile C:\Windows\System32\logoncli.dll SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
> 18:12:09,8568147 httpd.exe 20396 CreateFileMapping C:\Windows\System32\logoncli.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE|PAGE_NOCACHE
> 18:12:09,8568718 httpd.exe 20396 CreateFileMapping C:\Windows\System32\logoncli.dll SUCCESS SyncType: SyncTypeOther
> 18:12:09,8570352 httpd.exe 20396 CloseFile C:\Windows\System32\logoncli.dll SUCCESS
> 18:12:09,8577214 httpd.exe 20396 CreateFile C:\Program Files\Apache Software Foundation\httpd\bin\netutils.dll NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a
> 18:12:09,8580361 httpd.exe 20396 CreateFile C:\Windows\System32\netutils.dll SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
> 18:12:09,8581042 httpd.exe 20396 QueryBasicInformationFile C:\Windows\System32\netutils.dll SUCCESS CreationTime: 15.09.2018 09:28:46, LastAccessTime: 15.09.2018 09:28:46, LastWriteTime: 15.09.2018 09:28:46, ChangeTime: 18.12.2018 14:29:37, FileAttributes: A
> 18:12:09,8581470 httpd.exe 20396 CloseFile C:\Windows\System32\netutils.dll SUCCESS
> 18:12:09,8583470 httpd.exe 20396 CreateFile C:\Windows\System32\netutils.dll SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
> 18:12:09,8584031 httpd.exe 20396 CreateFileMapping C:\Windows\System32\netutils.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE|PAGE_NOCACHE
> 18:12:09,8584618 httpd.exe 20396 CreateFileMapping C:\Windows\System32\netutils.dll SUCCESS SyncType: SyncTypeOther
> 18:12:09,8586230 httpd.exe 20396 CloseFile C:\Windows\System32\netutils.dll SUCCESS
> 18:12:09,8622225 httpd.exe 20396 CreateFile \\VORDEFINIERT*\MAILSLOT\NET\NETLOGON SUCCESS Desired Access: Generic Write, Read Attributes, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Superseded
> 18:12:09,8622960 httpd.exe 20396 WriteFile \\VORDEFINIERT*\MAILSLOT\NET\NETLOGON BAD NETWORK PATH Offset: 0, Length: 78, Priority: Normal
> 18:12:23,4057050 httpd.exe 20396 CloseFile \\VORDEFINIERT*\MAILSLOT\NET\NETLOGON SUCCESS
> 18:12:23,4094073 httpd.exe 20396 CreateFile \\VORDEFINIERT*\MAILSLOT\NET\NETLOGON SUCCESS Desired Access: Generic Write, Read Attributes, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Superseded
> 18:12:23,4095101 httpd.exe 20396 WriteFile \\VORDEFINIERT*\MAILSLOT\NET\NETLOGON Offset: 0, Length: 78, Priority: Normal
The NETLOGON-thing repeats until I guess a timeout of ~30 seconds happens and
starting HTTPd simply fails in the end.
As APR_FINFO_NORM seems to be normal usage, I don't think higher privileges
than those of a standard user should be necessary to succeed. The problem
happens with HTTPd using APR 1.70. as well as with APR 1.6.5. The thread at
dev@ mention changes regarding symlinks/junctions in both versions and while I
do use junctions in that context, the problem occurs with and without those in
both versions of APR.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org