Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
cvsnt 2.0.21 A couple of bug fixes. Major streamlining of the Win32 authentication code as it was duplicated all over the place... First release of 'proper' impersonation with an Lsa Helper DLL. This gives a real user token & has the advantage that you don't have to do anything special on Win2003 to use it (W2k3 has the Create Token privilige explicitly disabled for non-system processes, even running as LocalSystem). This also has the advantage that the username etc. is set right so if someone manages to graft a call to it into cygwin it'll make the ssh stuff work correctly. The above is checked with a debug/checked build of NT which says it's doing it right, and I've stress tested it to death, but as this is a first release the usual cautions apply. This is only called in pserver/sserver, and then only in certain circumstances - the call sequence goes like: 1. If the supplied username/password is a valid Win32 logon, use that. 2. If S4U is enabled (win2003 domain, win2003 CVSNT) then use that. 3. If the LSA helper is installed and active, use that. 4. Fall back onto the old NTCreate token method. Other protocols (sspi, etc.) have their own native methods of handling this so aren't affected. I initially had reservations about putting this in, citing security, but was talked around. It doesn't actually present a problem, as the only way to install/call it is to do it as administrator (and once someone is administrator on a machine why would they bother hacking something like this? There's hundreds of easier things they could do to compromise the machine). Plus the old NTCreateToken method is well known and has the same issues. Tony