[cvsnt] (Reposting) Bug in pserver domain user aliasing

Ilya Slobodin islobodin at yandex.ru
Tue Nov 21 10:51:30 GMT 2006


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


Hi Tony,

Reposting the following patch as the bug still exists both in stable and 
current development branches.

Please use this fix or reply that this is not a bug.

Here is the short explanation:
When impersonating pserver(sserver) user to domain user, win32_valid_user() 
is called with cvs user name instead of domain user name and thus fails.

Best regards,
Ilya Slobodin
Moscow, Russia

Index: server.cpp
===================================================================
RCS file: /usr/local/cvs/cvsnt/src/server.c,v
retrieving revision 1.193
diff -u -r1.193 server.cpp
--- server.cpp 20 Nov 2006 14:35:54 -0000 1.193
+++ server.cpp 21 Nov 2006 10:02:49 -0000
@@ -4984,7 +4984,7 @@
         /* Verify blank passwords directly, otherwise use crypt(). */
         if ((found_password == NULL) || (password==NULL)
 #ifdef _WIN32 // NTServer mode sets password==NULL for authentication
-     || (found_password[0]=='!' && 
win32_valid_user(username,password,found_password+1, user_token))
+     || (found_password[0]=='!' && 
win32_valid_user(host_user_tmp,password,found_password+1, user_token))
 #endif
   || !CCrypt::compare(password, found_password))
         {




More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook