2006-11-27 08:43 AEST by Arthur Barrett - When impersonating pserver(sserver) user to domain user, win32_valid_user() is 
called with cvs user name instead of domain user name and thus fails.

2006-11-27 08:45 AEST by Arthur Barrett - Created an attachment (id=874)
Suggested patch

2006-11-27 09:01 AEST by Arthur Barrett - 
Here is some explanation to the fix provided by Ilya. 

I add user with following command

cvs passwd -a -r DomainUser -D MyDomain CvsUser

That gives the following passwd file:

CvsUser:!MyDomain:DomainUser

If we try to authorize, the function win32_valid_user() is called with 
("CvsUser", "password", "MyDomain", user_token) and athorization fails as no 
CvsUser is known in MyDomain. If we change the first parameter 
to "host_user_tmp", that gives ("DomainUser", "password", "MyDomain", 
user_token), the authorization succseeds.

I have fixed this call in CVSNT_2_5_03_2260, but it also exists in older and 
newer revisions of server.cpp. I hope this fix is useful as I found some more 
similar questions and no valid answers on user aliasing in the newsgroup.

2008-06-05 12:17 AEST by Arthur Barrett - This still apears to be wrong in the code:
File: server.cpp        Status: Up-to-date
Working revision:    1.106.2.210.6.61


        /* Of course, maybe there was no system user portion... */
        if (host_user_tmp == NULL)
            host_user_tmp = (char*)username;

        /* Verify blank passwords directly, otherwise use crypt(). */
        if ((found_password == NULL) || (password==NULL)
#ifdef _WIN32 // NTServer mode sets password==NULL for authentication
            || (found_password[0]=='!' && win32_valid_user(username,password,fou
nd_password+1, user_token))
#endif
            || ((strcmp (found_password, crypt(password,found_password)))
                 == 0))