none
EXECUTE AS , fatal exception RRS feed

  • Question

  • Hi There

    If i add a new sysadmin login and that login is a user in a DB. If i execute the command EXECUTE AS 'LoginName':

    I get the following error:

    SqlDumpExceptionHandler: Process 57 generated fatal exception c0000005 EXCEPTION_ACCESS_VIOLATION. SQL Server is terminating this process

    WHats up with this?

    If my dbo for this db is linked to a sysadmin login i have no problem with EXECUTE as 'dbo'.

    WHy do i get fatal errors when trying to execute as a a login name that is sysadmin?

    On the net all referencing to the fatal error have nothing to do with EXECUTE AS?

    Thanx

     

    Wednesday, October 11, 2006 7:52 AM

Answers

  •   I will try to find as much as I can from the stack dump you provided us, but from a quick look it seems like the AV was caused by dereferencing a NULL pointer, most likely some data structure or object that was not initialized to a valid value.

     

       I am also trying to repro it manually based on your description; I want to find out under what circumstances we may hit this bug (without any success myself so far). If you don’t mind I would like to as a few more questions: Did you updated SLQ Server (or the database) from SQL Server 2000 or previous version?

     

       Unfortunately you haven’t been able to reproduce the issue anymore. Please, if you ever see it again let me know, I will really appreciate your help.

     

      The part where I can help today is regarding the EXECUTE AS usage:

    ·         EXECUTE AS USER takes as a parameter a user (DB principal) name and will create a database “sandboxed” token that doesn’t have any server-scoped privileges and cannot be used on other databases.

    ·         EXECUTE AS LOGIN takes as a parameter a user (DB principal) name and will create a full token, which means that it is a token that is valid anywhere in the instance.

     

      In your particular scenario, as you are trying to impersonate a sysadmin, EXECUTE AS USER will not work, if you want to impersonate a sysadmin and keep the privileges (anyway, sysadmins are mapped to dbo on the database as you already mentioned) you should use EXECUTE AS LOGIN.

     

      There are mechanisms to make the EXECUTE AS USER context valid across DBs (i.e. digital signatures), but such mechanisms work better when impersonating a context for a module (SP, trigger, etc.) execution. Let me know if you would like an example on this area.

     

      I will let you know if I can find the root cause of the bug, and I will also appreciate any additional help you can provide us in case you see this incident happening again.

     

      Thanks a lot for your help, we really appreciate it.

     

    -Raul Garcia

      SDE/T

      SQL Server Engine

    Friday, October 13, 2006 9:32 PM
    Moderator

All replies

  • Just check whether the below URL would help you.

    http://www.kbalertz.com/Feedback.aspx?kbNumber=818897

     

    Wednesday, October 11, 2006 10:12 AM
  • HI

    This does not apply to me, the link si for 2000, resolution service pack.

    I am running SS2005 SP1.

    Thanx

    Wednesday, October 11, 2006 10:21 AM
  •   I will need your help to investigate this one. I would appreciate if you can find the mini memory dump in the Log folder; the name of the file should be “SQLDUMPnnnn.txt”, where nnn is a sequential number. The information on this file will help us to try to find out where in the code was the problem.

     

       I will also appreciate if you can share a sample script I can use to repro this bug as well as the following information:

    ·         OS version and language.

    ·         If you are using 64bit OS, whether you are using SQL Server 64 bit or 32 bit edition

    ·         If any 3rd party or custom XP/SCLR is running on SQL Server

    ·         Were you trying to impersonate a Windows login or a SQL login

     

       From there I will try to analyze and repro the bug on my side and I will get back to you as soon as I can.

     

      Thanks a lot for your help,

     

    -Raul Garcia

      SDE/T

      SQL Server Engine

    Thursday, October 12, 2006 5:39 PM
    Moderator
  • Hi Raul

    As luck would have it i am having trouble re-creating the problem.

    I am running MS WInder Server 2003 Enterprise SP 1.

    Sql Server 2005 Enterprise Edition 32Bit SP1.

    No 3rd party custom xp's or clr.

    I am trying to impersonate a sql login.

    I created a sql login called Queuereader, sysadmin, dbo in my user database obviously.

    I then executed the following:

    EXECUTE AS USER = 'Queuereader', to test an activated sp.

    I then got the error, not sure what i did differently last time , maybe default db or something?

    The dump is as follows:

    =====================================================================                                           
           BugCheck Dump                                                                                            
    =====================================================================                                           
                                                                                                                    
    This file is generated by Microsoft SQL Server                                                                  
    version 9.00.2047.00                                                                                            
    upon detection of fatal unexpected error. Please return this file,                                              
    the query or program that produced the bugcheck, the database and                                               
    the error log, and any other pertinent information with a Service Request.                                      
                                                                                                                    
                                                                                                                    
    Computer type is AT/AT COMPATIBLE.                                                                              
    Bios Version is DELL   - 1                                                                                      
    Phoenix ROM BIOS PLUS Version 1.10 A00                                                                          
    Current time is 09:21:09 10/11/06.                                                                              
    8 Intel x86 level 15, 3325 Mhz processor (s).                                                                   
    Windows NT 5.2 Build 3790 CSD Service Pack 1.                                                                   
                                        
    Memory                              
    MemoryLoad = 49%                    
    Total Physical = 4091 MB            
    Available Physical = 2073 MB        
    Total Page File = 5969 MB           
    Available Page File = 4060 MB       
    Total Virtual = 2047 MB             
    Available Virtual = 332 MB          
    ***Stack Dump being sent to C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\SQLDump0010.txt             
    SqlDumpExceptionHandler: Process 54 generated fatal exception c0000005 EXCEPTION_ACCESS_VIOLATION. SQL Server is
    terminating this process.                                                                                       
    * *******************************************************************************                               
    *                                                                                                               
    * BEGIN STACK DUMP:                                                                                             
    *   10/11/06 09:21:09 spid 54                                                                                   
    *                                                                                                               
    *                                                                                                               
    *   Exception Address = 01C4DC28 Module(sqlservr+00C4DC28)                                                      
    *   Exception Code    = c0000005 EXCEPTION_ACCESS_VIOLATION                                                     
    *   Access Violation occurred reading address 000000B4                                                          
    * Input Buffer 84 bytes -                                                                                       
    *             EXECUTE AS USER = 'Queuereader'                                                                   
    *                                                                                                               
    *                                                                                                               
    *  MODULE                          BASE      END       SIZE                                                     
    * sqlservr                       01000000  02BCEFFF  01bcf000                                                   
    * ntdll                          7C800000  7C8BFFFF  000c0000                                                   
    * kernel32                       77E40000  77F41FFF  00102000                                                   
    * MSVCR80                        78130000  781CAFFF  0009b000                                                   
    * msvcrt                         77BA0000  77BF9FFF  0005a000                                                   
    * MSVCP80                        7C420000  7C4A6FFF  00087000                                                   
    * ADVAPI32                       77F50000  77FEBFFF  0009c000                                                   
    * RPCRT4                         77C50000  77CEEFFF  0009f000                                                   
    * USER32                         77380000  77411FFF  00092000                                                   
    * GDI32                          77C00000  77C47FFF  00048000                                                   
    * CRYPT32                        761B0000  76242FFF  00093000                                                   
    * MSASN1                         76190000  761A1FFF  00012000                                                   
    * Secur32                        76F50000  76F62FFF  00013000                                                   
    * MSWSOCK                        71B20000  71B60FFF  00041000                                                   
    * WS2_32                         71C00000  71C16FFF  00017000                                                   
    * WS2HELP                        71BF0000  71BF7FFF  00008000                                                   
    * USERENV                        76920000  769E3FFF  000c4000                                                   
    * opends60                       333E0000  333E6FFF  00007000                                                   
    * NETAPI32                       71C40000  71C97FFF  00058000                                                   
    * SHELL32                        7C8D0000  7D0D2FFF  00803000                                                   
    * SHLWAPI                        77DA0000  77DF1FFF  00052000                                                   
    * comctl32                       77420000  77522FFF  00103000                                                   
    * psapi                          76B70000  76B7AFFF  0000b000                                                   
    * instapi                        48060000  48069FFF  0000a000                                                   
    * sqlevn70                       4F610000  4F7A3FFF  00194000                                                   
    * SQLOS                          344D0000  344D4FFF  00005000                                                   
    * rsaenh                         68000000  6802EFFF  0002f000                                                   
    * AUTHZ                          76C40000  76C53FFF  00014000                                                   
    * MSCOREE                        79000000  79044FFF  00045000                                                   
    * ole32                          77670000  777A3FFF  00134000                                                   
    * msv1_0                         76C90000  76CB6FFF  00027000                                                   
    * iphlpapi                       76CF0000  76D09FFF  0001a000                                                   
    * kerberos                       62800000  62857FFF  00058000                                                   
    * cryptdll                       766E0000  766EBFFF  0000c000                                                   
    * schannel                       76750000  76776FFF  00027000                                                   
    * COMRES                         77010000  770D5FFF  000c6000                                                   
    * XOLEHLP                        628C0000  628C5FFF  00006000                                                   
    * MSDTCPRX                       628D0000  62947FFF  00078000                                                   
    * msvcp60                        780C0000  78120FFF  00061000                                                   
    * MTXCLU                         62950000  62968FFF  00019000                                                   
    * VERSION                        77B90000  77B97FFF  00008000                                                   
    * WSOCK32                        71BB0000  71BB8FFF  00009000                                                   
    * OLEAUT32                       77D00000  77D8BFFF  0008c000                                                   
    * CLUSAPI                        62970000  62981FFF  00012000                                                   
    * RESUTILS                       62990000  629A2FFF  00013000                                                   
    * DNSAPI                         76ED0000  76EF8FFF  00029000                                                   
    * winrnr                         76F70000  76F76FFF  00007000                                                   
    * WLDAP32                        76F10000  76F3DFFF  0002e000                                                   
    * rasadhlp                       76F80000  76F84FFF  00005000                                                   
    * security                       62DE0000  62DE3FFF  00004000                                                   
    * msfte                          63740000  63998FFF  00259000                                                   
    * dbghelp                        639A0000  63AB2FFF  00113000                                                   
    * WINTRUST                       76BB0000  76BDAFFF  0002b000                                                   
    * imagehlp                       76C10000  76C38FFF  00029000                                                   
    * dssenh                         68100000  68123FFF  00024000                                                   
    * hnetcfg                        63DA0000  63DF8FFF  00059000                                                   
    * wshtcpip                       71AE0000  71AE7FFF  00008000                                                   
    * NTMARTA                        77E00000  77E21FFF  00022000                                                   
    * SAMLIB                         63D10000  63D1EFFF  0000f000                                                   
    * ntdsapi                        766F0000  76704FFF  00015000                                                   
    * xpsp2res                       63F40000  64204FFF  002c5000                                                   
    * CLBCatQ                        777B0000  77832FFF  00083000                                                   
    * sqlncli                        64210000  64431FFF  00222000                                                   
    * COMCTL32                       77530000  775C6FFF  00097000                                                   
    * comdlg32                       762B0000  762F9FFF  0004a000                                                   
    * SQLNCLIR                       007B0000  007E2FFF  00033000                                                   
    * msftepxy                       645C0000  645D4FFF  00015000                                                   
    * xpsqlbot                       64EA0000  64EA5FFF  00006000                                                   
    * xpstar90                       64FC0000  65007FFF  00048000                                                   
    * SQLSCM90                       65020000  65028FFF  00009000                                                   
    * ODBC32                         65040000  6507CFFF  0003d000                                                   
    * BatchParser90                  65080000  6509EFFF  0001f000                                                   
    * ATL80                          7C630000  7C64AFFF  0001b000                                                   
    * odbcint                        65370000  65386FFF  00017000                                                   
    * xpstar90                       65390000  653B5FFF  00026000                                                   
    * xplog70                        653C0000  653CBFFF  0000c000                                                   
    * xplog70                        653E0000  653E2FFF  00003000                                                   
    * dbghelp                        657D0000  658E2FFF  00113000                                                   
    *                                                                                                               
    *        Edi: 00000000:                                                                                         
    *        Esi: 00000010:                                                                                         
    *        Eax: 00000000:                                                                                         
    *        Ebx: 00000000:                                                                                         
    *        Ecx: 00000E38:                                                                                         
    *        Edx: 5EB72040:  01039F10  00002000  00000005  00000000  00AE2740  00000000                             
    *        Eip: 01C4DC28:  00B4988B  8D8B0000  FFFFFF44  8B04418B  F8034C7B  9589C933                             
    *        Ebp: 645BE4BC:  645BED48  01C67102  5EB723E0  645BED68  645B2A1D  00000000                             
    *      SegCs: 0000001B:                                                                                         
    *     EFlags: 00010216:  0020006D  00690046  0065006C  005C0073  00510053  0058004C                             
    *        Esp: 645BE2C0:  01003D15  5EB72064  00000000  5EB723E0  5EB723E0  645BE30C                             
    *      SegSs: 00000023:                                                                                         
    * *******************************************************************************                               
    * -------------------------------------------------------------------------------                               
    * Short Stack Dump                                                                                              
    01C4DC28 Module(sqlservr+00C4DC28)                                                                              
    01C67102 Module(sqlservr+00C67102)                                                                              
    01C676C3 Module(sqlservr+00C676C3)                                                                              
    01C44B7D Module(sqlservr+00C44B7D)                                                                              
    01C4AC82 Module(sqlservr+00C4AC82)                                                                              
    01288864 Module(sqlservr+00288864)                                                                              
    01B00AC0 Module(sqlservr+00B00AC0)                                                                              
    010251BC Module(sqlservr+000251BC)                                                                              
    01025741 Module(sqlservr+00025741)                                                                              
    01023E34 Module(sqlservr+00023E34)                                                                              
    01041DD5 Module(sqlservr+00041DD5)                                                                              
    0103DFD4 Module(sqlservr+0003DFD4)                                                                              
    01006A96 Module(sqlservr+00006A96)                                                                              
    01006BBC Module(sqlservr+00006BBC)                                                                              
    01006DAB Module(sqlservr+00006DAB)                                                                              
    01447562 Module(sqlservr+00447562)                                                                              
    0144859B Module(sqlservr+0044859B)                                                                              
    0144789A Module(sqlservr+0044789A)                                                                              
    01447720 Module(sqlservr+00447720)                                                                              
    781329AA Module(MSVCR80+000029AA)                                                                               
    78132A36 Module(MSVCR80+00002A36)   

    PSS @0x392155D0
    ---------------

     

    CSession @0x39214278
    --------------------
    m_spid = 54                          m_cRef = 15                          m_rgcRefType[0] = 1                   
    m_rgcRefType[1] = 1                  m_rgcRefType[2] = 12                 m_rgcRefType[3] = 1                   
    m_rgcRefType[4] = 0                  m_rgcRefType[5] = 0                  m_pmo = 0x39214040                    
    m_pstackBhfPool = 0x39215D20         m_dwLoginFlags = 0x03e0              m_fBackground = 0                     
    m_fClientRequestConnReset = 0        m_fUserProc = -1                     m_fConnReset = 0                      
    m_fIsConnReset = 0                   m_fInLogin = 0                       m_fReplRelease = 0                    
    m_fKill = 0                          m_ulLoginStamp = 97741               m_eclClient = 5                       
    m_protType = 5                       m_hHttpToken = FFFFFFFF             

    m_pV7LoginRec
    ---------------------
    00000000:   42010000 02000972 00100000 00000006 60140000 †B......r........`...                                  

    00000014:   00000000 e0030000 00000000 00000000 5e000d00 †................^...                                  

    00000028:   78000200 7c000000 92002e00 ee000e00 0a010000 †x...|...............                                  

    0000003C:   0a011c00 42010000 42010000 00166f49 bfc04201 †....B...B.....oI..B.                                  

    00000050:   00004201 00004201 00000000 0000†††††††††††††††..B...B....... 

     

    CPhysicalConnection @0x39214188
    -------------------------------
    m_pPhyConn->m_pmo = 0x39214040       m_pPhyConn->m_pNetConn = 0x39214788  m_pPhyConn->m_pConnList = 0x39214260  
    m_pPhyConn->m_pSess = 0x39214278     m_pPhyConn->m_fTracked = -1          m_pPhyConn->m_cbPacketsize = 4096     
    m_pPhyConn->m_fMars = 0              m_pPhyConn->m_fKill = 0             

    CBatch @0x39214A90
    ------------------
    m_pSess = 0x39214278                 m_pConn = 0x392149F0                 m_cRef = 3                            
    m_rgcRefType[0] = 1                  m_rgcRefType[1] = 1                  m_rgcRefType[2] = 1                   
    m_rgcRefType[3] = 0                  m_rgcRefType[4] = 0                  m_pTask = 0x00AE05C8                  


    EXCEPT (null) @0x645BC730
    -------------------------
    exc_number = 0                       exc_severity = 0                     exc_func = 0x023F4C60                 

     

    Task @0x00AE05C8
    ----------------
    CPU Ticks used (ms) = 0              Task State = 2                                                             
    WAITINFO_INTERNAL: WaitResource = 0x00000000                              WAITINFO_INTERNAL: WaitType = 0x0     
    WAITINFO_INTERNAL: WaitSpinlock = 0x00000000                              SchedulerId = 0x2                     
    ThreadId = 0xbdc                     m_state = 0                          m_eAbortSev = 0                       

     

    EC @0x392155D8
    --------------
    spid = 54                            ecid = 0                             ec_stat = 0x0                         
    ec_stat2 = 0x0                       ec_atomic = 0x0                      __fSubProc = 1                        
    ec_dbccContext = 0x00000000          __pSETLS = 0x39214A30                __pSEParams = 0x39214CD0              
    __pDbLocks = 0x392158C0             

    SEInternalTLS @0x39214A30
    -------------------------
     m_flags = 0                          m_TLSstatus = 3                      m_owningTask = 0x00AE05C8            
     m_activeHeapDatasetList = 0x39214A30                                      m_activeIndexDatasetList = 0x39214A38


    SEParams @0x39214CD0
    --------------------
     m_lockTimeout = -1                   m_isoLevel = 4096                    m_logDontReplicate = 0               
     m_neverReplicate = 0                 m_XactWorkspace = 0x040DCD80         m_pSessionLocks = 0x39215AD0         
     m_pDbLocks = 0x392158C0              m_execStats = 0x04840330             m_pAllocFileLimit = 0x00000000       


     

    Friday, October 13, 2006 5:08 AM
  •   I will try to find as much as I can from the stack dump you provided us, but from a quick look it seems like the AV was caused by dereferencing a NULL pointer, most likely some data structure or object that was not initialized to a valid value.

     

       I am also trying to repro it manually based on your description; I want to find out under what circumstances we may hit this bug (without any success myself so far). If you don’t mind I would like to as a few more questions: Did you updated SLQ Server (or the database) from SQL Server 2000 or previous version?

     

       Unfortunately you haven’t been able to reproduce the issue anymore. Please, if you ever see it again let me know, I will really appreciate your help.

     

      The part where I can help today is regarding the EXECUTE AS usage:

    ·         EXECUTE AS USER takes as a parameter a user (DB principal) name and will create a database “sandboxed” token that doesn’t have any server-scoped privileges and cannot be used on other databases.

    ·         EXECUTE AS LOGIN takes as a parameter a user (DB principal) name and will create a full token, which means that it is a token that is valid anywhere in the instance.

     

      In your particular scenario, as you are trying to impersonate a sysadmin, EXECUTE AS USER will not work, if you want to impersonate a sysadmin and keep the privileges (anyway, sysadmins are mapped to dbo on the database as you already mentioned) you should use EXECUTE AS LOGIN.

     

      There are mechanisms to make the EXECUTE AS USER context valid across DBs (i.e. digital signatures), but such mechanisms work better when impersonating a context for a module (SP, trigger, etc.) execution. Let me know if you would like an example on this area.

     

      I will let you know if I can find the root cause of the bug, and I will also appreciate any additional help you can provide us in case you see this incident happening again.

     

      Thanks a lot for your help, we really appreciate it.

     

    -Raul Garcia

      SDE/T

      SQL Server Engine

    Friday, October 13, 2006 9:32 PM
    Moderator
  • Thanx Raul

    I will try the execute as login.

    Yes this database was upgraded from 32bit sql server 2000 SP3 to Sql Server 2005 SP1.

    Thanx

    Monday, October 16, 2006 11:46 AM