[Cvsnt] Cant get any remote protocols working - please help

Bo Berglund Bo.Berglund at system3r.se
Mon Feb 18 16:12:58 GMT 2002


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


Not knowing the lowlevel details, for what it's worth here is what I found:
When you use ntserver you are authenticated by Windows using the pipe.
But the passwd file is still used by the CVS system, because that is a
secondary validation. CVS will only accept users that have been entered
into the passwd file. When using the ntserver protocol it does not matter
which password is stored in the file, in fact I found out that the only
item needed is the login name of the users who are legitimate CVS users.
My guess is that this is the normal way for CVS to screen ordinary users
from cvs users and only allowing certain users access to the repository.

In any case I am running with cvsnt (latest build from HEAD revision) and
WinCvs 1.3 (also using HEAD here). I am using ntserver and I had to enter
usernames into passwd to make it work. But there is no password at all in
the file.

/Bo

-----Original Message-----
From: Brian Smith [mailto:brian-l-smith at uiowa.edu]
Sent: den 18 februari 2002 11:44
To: cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook
Subject: Re: [Cvsnt] Cant get any remote protocols working - please help


Sure, I know the patch isn't acceptable. However, it seems to work 
(denying and accepting requests correctly) in my testing for NTSERVER 
mode (no passwd file, SystemAuth=yes). I don't really know anything 
about this stuff, so I'm learning as I go. Please correct my mistakes.

My understanding is that NTSERVER mode doesn't need to do the password 
checking in my situation. Since I used a named pipe to connect (that is 
what NTSERVER is), then I should have already been authenticated through 
the named pipe (inside of ntserver_auth_protocol_connect), correct? If 
so, why does the server try to authenticate me again with a password 
(which it has no way of knowing)?

Here is the call-stack that I get for LogonUser (which fails):

      server_authenticate_connection()
      check_password()
      win32_valid_user("SmithBL", NULL, NULL)
      LogonUser("SmithBl", NULL, NULL,
                LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT,
                user);

Thanks,
Brian

Tony Hoyle wrote:
> Brian Smith wrote:
> 
>> It seems that CVSNT is still trying to authenticate the user with 
>> LogonUser even when SystemAuth=yes, and even when it doesn't even have 
>> a password to use. I think that the server needs to check the 
>> SystemAuth setting before trying any password-checking. For example, 
>> the attached patch seems to work for my setting (but, I don't use any 
>> passwd file at all). The patch has a "_asm int 3;" breakpoint in it so 
>> that you can start debugging at what I think is the right spot.
>>
> SystemAuth=Yes means first check the passwd file, then check the system 
> users (Using LogonUser).
> SystemAuth=No means only check the passwd file.
> 
> There has been a long-standing redundant check in the ntserver case, 
> which I've removed in the latest CVS, however removing all the checking 
> is not the correct way to go about it (your patch would break every 
> other protocol & leaves your cvs server wide open).
> 
> Tony
> 
_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs



More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook