[Cvsnt] gserver impersonation

Brian Smith brian-l-smith at uiowa.edu
Fri Mar 1 02:26:23 GMT 2002 

Tony Hoyle wrote:
> Brian Smith wrote:
>
>> Actually, I changed my mind. I would like to have a seperate DLL
>> (gserver_sspi_protocol.dll) for the gserver/sspi.
>
>
> OK
>
>> My first reason is that I would like the new protocol DLL to be
>> responsible for registering/deregistering the service-protocol-name
>> (SPN) in Active Directory (AD). I would like to do this by adding two
>> functions to protocol_interface:
>>         void server_install();  -- called when service gets installed
>>         void server_uninstall();-- called when service gets uninstalled
>
> Does this get called by InstallShield then?  I'm probably going to need
> to write a post-installation program anyway so it fits in nicely (to
> migrate .cvspass and .cvsrc into their new places in the registry).

The current prototypes are:
     BOOL server_install(char const ** message);
     BOOL server_uninstall(char const ** message);

Thesee functions return TRUE if there were no errors and FALSE if there
was an error. [message] is an OUT parameter that the service can provide
for logging purposes.

These functions get called by the code in Service.cpp (in the cvsserver
project). After service creation, the "server_install" function for each
installed protocol is installed. Similarly, after service deletion (also
in Service.cpp:main()), the server_uninstall() function of each
installed protocol is called. Also, if the service detects that the
service's account settings change, each services' server_uninstall()
function will be called, followed immediately by server_install().  The
resultant message (if any) will get logged using ReportError. If any of
the protocols returns FALSE (an error occurred), then a log message
"CVSNT [un]installed with warnings" will be output.

For gserver_sspi_protocol.dll, the server_install function will register
the service with Active Directory with a SPN of "CVS/server:port" using
DsServerRegisterSpn. The server_uninstall function will de-register the
SPN. Basically, this will only work when the service is to run under the
LocalSystem account. For domain accounts, you have to have a domain
administrator add the SPN to the directory in most cases. Since I will
never be a domain admin, I can only test the auto-registration for
LocalSystem, so people shouldn't expect auto-registration to work for
domain accounts.

- Brian

_______________________________________________
Cvsnt mailing list
Cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt

More information about the cvsnt mailing list