[Cvsnt] Cant get any remote protocols working - please help

Brian Smith brian-l-smith at uiowa.edu
Mon Feb 18 10:45:54 GMT 2002 

Sure, I know the patch isn't acceptable. However, it seems to work 
(denying and accepting requests correctly) in my testing for NTSERVER 
mode (no passwd file, SystemAuth=yes). I don't really know anything 
about this stuff, so I'm learning as I go. Please correct my mistakes.

My understanding is that NTSERVER mode doesn't need to do the password 
checking in my situation. Since I used a named pipe to connect (that is 
what NTSERVER is), then I should have already been authenticated through 
the named pipe (inside of ntserver_auth_protocol_connect), correct? If 
so, why does the server try to authenticate me again with a password 
(which it has no way of knowing)?

Here is the call-stack that I get for LogonUser (which fails):

      server_authenticate_connection()
      check_password()
      win32_valid_user("SmithBL", NULL, NULL)
      LogonUser("SmithBl", NULL, NULL,
                LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT,
                user);

Thanks,
Brian

Tony Hoyle wrote:
> Brian Smith wrote:
> 
>> It seems that CVSNT is still trying to authenticate the user with 
>> LogonUser even when SystemAuth=yes, and even when it doesn't even have 
>> a password to use. I think that the server needs to check the 
>> SystemAuth setting before trying any password-checking. For example, 
>> the attached patch seems to work for my setting (but, I don't use any 
>> passwd file at all). The patch has a "_asm int 3;" breakpoint in it so 
>> that you can start debugging at what I think is the right spot.
>>
> SystemAuth=Yes means first check the passwd file, then check the system 
> users (Using LogonUser).
> SystemAuth=No means only check the passwd file.
> 
> There has been a long-standing redundant check in the ntserver case, 
> which I've removed in the latest CVS, however removing all the checking 
> is not the correct way to go about it (your patch would break every 
> other protocol & leaves your cvs server wide open).
> 
> Tony
> 
> _______________________________________________
> Cvsnt mailing list
> Cvsnt at cvsnt.org
> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt

_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt

More information about the cvsnt mailing list