[cvsnt] Latest Updates

[Tony Hoyle]

cvsnt 2.0.21

A couple of bug fixes.  Major streamlining of the Win32 authentication
code as it was duplicated all over the place...

First release of 'proper' impersonation with an Lsa Helper DLL.  This
gives a real user token & has the advantage that you don't have to do
anything special on Win2003 to use it (W2k3 has the Create Token
privilige explicitly disabled for non-system processes, even running
as LocalSystem).  This also has the advantage that the username etc.
is set right so if someone manages to graft a call to it into cygwin
it'll make the ssh stuff work correctly.

The above is checked with a debug/checked build of NT which says it's
doing it right, and I've stress tested it to death, but as this is a
first release the usual cautions apply.

This is only called in pserver/sserver, and then only in certain
circumstances - the call sequence goes like:

1. If the supplied username/password is a valid Win32 logon, use that.
2. If S4U is enabled (win2003 domain, win2003 CVSNT) then use that.
3. If the LSA helper is installed and active, use that.
4. Fall back onto the old NTCreate token method.

Other protocols (sspi, etc.) have their own native methods of handling
this so aren't affected.

I initially had reservations about putting this in, citing security,
but was talked around.  It doesn't actually present a problem, as the
only way to install/call it is to do it as administrator (and once
someone is administrator on a machine why would they bother hacking
something like this?  There's hundreds of easier things they could do
to compromise the machine).  Plus the old NTCreateToken method is well
known and has the same issues.

Tony