[Cvsnt] User context switch in sshd using RSAAuthentication]

Tony Hoyle tmh at nothing-on.tv
Mon Dec 17 15:43:35 GMT 2001


On Mon, 17 Dec 2001 15:23:34 +0000 (UTC), "Daniel Lohmann"
<daniel at uni-koblenz.de> wrote:

>
>All I got from reading previous mails was, that the cvsnt-service should do
>some kind of user context change, because calling GetUserName() always
>returns "SYSTEM", which is the account the service is running under. I
>suppose that I do not have to tell you stories about impersonation and
>things like that, so I would appreciate if you could give me a brief summary
>about the problem and where it exactly occurs.
>
It's not a problem for cvsnt, as it never reads GetUserName()
normally.  It's a problem for the cygwin sshd, though, and this
affects cvsnt which thinks it's running under the system account when
it is really running under the user account (thereby affecting
logging, etc.)

If you use LogonUser() then ImpersonateLoggedOnUser() then
GetUserName() works.. however using NtCreateToken() then
ImpersonateLoggedOnUser() stops GetUserName() working, even though the
tokens are (as far as anyone can work out) identical.

The context switch works and authentication is behaving correctly,
it's just the one function returning the incorrect value, which makes
ssh authentication under NT rather crippled.

Tony

_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt



More information about the cvsnt mailing list