my problem could also be stated as "why am I getting ERROR_NO_TOKEN from call to OpenThreadToken"?
The faulting piece is:
hMainThread = OpenThread(THREAD_QUERY_INFORMATION, FALSE, threadID);
if (hMainThread == NULL)
{
printf("Couldn't open thread. : %d\n", GetLastError());
return -1;
}
if (!OpenThreadToken(hMainThread, TOKEN_READ, FALSE, &hMainThreadToken))
{
printf("Couldn't open thread token: %d\n", GetLastError());
return -1;
}
I am getting the second error line with 1008. The owner process of the thread is started with runas /user:someoneelse
I believe I understand something wrong about impersonation. Does runas not impersonate? Also funny thing is that I went trying this code on several main thread IDs in my system and it worked for main thread of taskmgr.exe.. So the code is probably ok and so is the behaviour of Windows leaving us with me thinking "If you use runas, your main thread automaticaly gets an acces token set.. right?" - which is probably the only thing that is wrong here. So when does the thread get it's asociated access token?
RunAs does not use thread impersonation, the whole process runs as the specified user.
When OpenThreadToken fails you usually just fall back to OpenProcessToken.
See this topic on MSDN for the ways a thread can impersonate a user/client. ImpersonateNamedPipeClient is perhaps the most commonly used function, especially when a service needs to impersonate the client.
I've the following simple code to check my getuid function:
uidActual=getuid();
printf ("User id is [%d]\n", uidActual);
error=setuid(197623);
printf("[%d]",error);
uidActual=getuid();
printf ("\n User id is [%d]\n", uidActual);
But it always returns a -1 as error, so the uid doesn't change.
The 197623 in setuid seems right as I've, apart from other things, the following in my mkpasswd command:
user1: 197609:197609[...]
user2: 197623:197121[...]
Where 197609 and 197623 must be the id for the user as in fact I start the application with user 1 and I obtain its id properly displaying at the beginning and the end: "User id is 197609".
I've set all permissions for everyone on the created executable and I've even run the executable as a root in cygwin with cygstart --action=runas ./a.exe and it still doesn't work.
Funny thing is that the setgid (for changing group) function works perfectly with setgid(197121), even without special permissions or running. So I'm out of ideas of why this function always returns an error.
Any idea on what is wrong on my code that could be causing the problem?
Thanks for your attention.
the posted code must be run by a user with appropriate privileges. Perhaps by:
sudo ./a.exe
here is an excerpt from the (linux) man page for setuid()
"EPERM The user is not privileged (Linux: does not have the CAP_SETUID capability) and uid does not match the real UID or saved set-user-ID of the calling process."
I have little issue with XOpenDisplay function. In school I can run program and it works good when using XOpenDisplay("ip:0"), but on my local machine in home when I run program (changed ip on current) got "Segmentation fault (core dumped)", but with empy string XOpenDisplay("") it works fine. I need to be able to use ip. Used host +, but nothing changes.
My system is Kubuntu 14.04.1: 3.16.0-30-generic #40~14.04.1-Ubuntu SMP Thu Jan 15 17:43:14 UTC 2015
Here is code of program:
#include <X11/Xlib.h>
#include <X11/X.h>
#include <stdio.h>
Display *mydisplay;
Window mywindow;
XSetWindowAttributes mywindowattributes;
XGCValues mygcvalues;
GC mygc;
Visual *myvisual;
int mydepth;
int myscreen;
Colormap mycolormap;
XColor mycolor,mycolor1,dummy;
int i;
main()
{
mydisplay = XOpenDisplay("192.168.0.12:0");
myscreen = DefaultScreen(mydisplay);
myvisual = DefaultVisual(mydisplay,myscreen);
mydepth = DefaultDepth(mydisplay,myscreen);
mywindowattributes.background_pixel = XWhitePixel(mydisplay,myscreen);
mywindowattributes.override_redirect = True;
mywindow = XCreateWindow(mydisplay,XRootWindow(mydisplay,myscreen),
0,0,500,500,10,mydepth,InputOutput,
myvisual,CWBackPixel|CWOverrideRedirect,
&mywindowattributes);
mycolormap = DefaultColormap(mydisplay,myscreen);
XAllocNamedColor(mydisplay,mycolormap,"cyan",&mycolor,&dummy);
XAllocNamedColor(mydisplay,mycolormap,"red",&mycolor1,&dummy);
XMapWindow(mydisplay,mywindow);
mygc = DefaultGC(mydisplay,myscreen);
XSetForeground(mydisplay,mygc,mycolor.pixel);
XFillRectangle(mydisplay,mywindow,mygc,100,100,300,300);
XSetForeground(mydisplay,mygc,mycolor1.pixel);
XSetFunction(mydisplay,mygc,GXcopy);
XSetLineAttributes(mydisplay,mygc,10,LineSolid,CapProjecting,JoinMiter);
XDrawLine(mydisplay,mywindow,mygc,100,100,400,400);
XDrawLine(mydisplay,mywindow,mygc,100,400,400,100);
XFlush(mydisplay);
sleep(10);
XCloseDisplay(mydisplay);
exit(0);
}
I can only guess that need to set something, but have no idea where is that option.
You shall always check whether functions returned successfully, or not. It is not a Haskell, where all the checking done for you by monad, it is C. As for your particular case, the problem is that the function XOpenDisplay fails and returns null for you. In the next line you're trying to use DefaultScreen with the result. The DefaultScreen is defined as
#define DefaultScreen(dpy) ((dpy)->default_screen)
I.e. it just a macro, which using the first argument as a pointer. In your case it does ((0)->default_screen), i.e. it dereferencing the null pointer, and that leads to the segfault you see.
Also, about the XOpenDisplay("192.168.0.12:0"); — you didn't mentioned that you're trying to connect to another PC, so, if it's the same computer where the app running, try to call the function as XOpenDisplay("127.0.0.1:0");
UPD: okay, I tried to run the code at my PC, and the function doesn't work for me too. To find the reason I started the code under strace app, and saw
…
connect(3, {sa_family=AF_INET, sin_port=htons(6000), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ECONNREFUSED (Connection refused)
…
Aha! So, the app trying to connect to XServer, but Xserver refuses the connection. Actually, it have a security reason to disable it by default — so, that nobody would connect to your XServer from a network unless you specifically allowed it. For the function to work you need to launch your XServer with the option that allows such a connection. Right now DisplayManagers are the ones, who manages xsessions, so you need to set some option depending on your DM.
The solution for lightdm
Open the /etc/lightdm/lightdm.conf, and paste the line xserver-allow-tcp=true in the section [SeatDefaults](you will see it).
The solution for gdm
Edit the file /etc/gdm/gdm.schemas, you will find there something like
<schema>
<key>security/DisallowTCP</key>
<signature>b</signature>
<default>true</default>
</schema>
Change the true to false.
if((sem_init(sem, 1, 1)) == 1) perror("error initiating sem");
If I include this line of code my program simply starts and exits. I just started learning how to use semaphores. I'm using cygwin and when this line is commented out the printf's ABOVE this print to console but when include this, nothing happens.
I did the following to get cygserver going-
CYGWIN=server
ran /bin/cygserver-config
ran /usr/sbin/cygserver
for the config it said the cygserver is already running
And for the sygserver it saids-
initailaizing complete
failed to created named pipe: is the daemon already running?
fatal error on IPC transport: closing down
Any ideas?
I figured out what was wrong. I was using data(struct) = shmat() before I was assigning any memory to data. That for some reason was stopping my 'printf' from working.
I have a command line app and have the code
chdir("/var");
FILE *scriptFile = fopen("wiki.txt", "w");
fputs("tell application \"Firefox\"\n activate\n",scriptFile);
fclose(scriptFile);
and when I run it in Xcode I get an EXC_BAD_ACCESS when it gets to the first fputs(); call
Probably the call to fopen() failed because you don't have write permissions in /var. In this case fopen() returns NULL and passing NULL to fputs() will cause an access violation.
Are you checking to make sure the file is properly being opened?
Normally you will need superuser privileges to write into /var, so this is likely your problem.
I already answered this in the comment and a couple people have told you what you've done wrong as answers but I decided to add a little sample code with error checking:
chdir("/var");
FILE *scriptFile = fopen("wiki.txt", "w");
if( !scriptFile ) {
fprintf(stderr, "Error opening file: %s\n", strerror(errno));
exit(-1);
} else {
fputs("tell application \"Firefox\"\n activate\n",scriptFile);
fclose(scriptFile);
}
Now you will see an error if your file is not opened and it will describe why (in your case, access denied). You can make this work for testing by either 1) replacing your filename with something world writeable, like "/tmp/wiki.txt"; or 2) running your utility with privileges sudo ./your_command_name.