[cvsnt] RE: Impersonation failed

[Andrus Suitsu]

Hi!

Well-well, the problem has not gone away. Impersonation against domain
usernames works fine over SSPI but fails miserably using pserver protocol.

It fails in the nt_setuid method of setuid.c. Around line 330 there is twice
a call to LsaEnumerateAccountRights. It looks like the first call never
succeeds; it returned FILE_NOT_FOUND system error after I converted the
NTSTATUS code to system error code. The second occurence I didn't do a
complete trace since it was a loop, but encountered error codes 2 and 5
(access denied) in the first few loop cycles. The net result is that the
final call to NtCreateToken fails always.

The PC I am using had XP freshly installed yesterday with SP1 also added.
The PC is a domain member. CVSNT 1.11.1.3 57i (installed 2 hours ago) runs
on that same PC, where I also created an empty test repository. I run the
tests from the same PC in a command window. It just doesn't work. I have
tried to run the service as the local system and also as the
DOMAIN\Administrator with no difference in the results.

What could be wrong? Why can SSPI impersonate and pserver cannot?

I really need pserver, lots of programs we use around here have built-in
support only for pserver. SSPI is only useful for WinCVS usage.


Frustrated but still hopeful,

Andrus Suitsu