CACIC / agente-windows

Name	Last Update	Last Commit 325b7b3f – Versão 2.1.8.22: History
..
.cvsignore	Loading commit data...
AuthSSP.def	Loading commit data...
AuthSSP.dsp	Loading commit data...
AuthSSP.dsw	Loading commit data...
AuthSSP.vcproj	Loading commit data...
Auth_Seq.h	Loading commit data...
EventLogging.cpp	Loading commit data...
EventLogging.h	Loading commit data...
GenClientServerContext.cpp	Loading commit data...
GenClientServerContext.h	Loading commit data...
Readme.txt	Loading commit data...
authSSP.aps	Loading commit data...
authSSP.cpp	Loading commit data...
authSSP.h	Loading commit data...
authSSP.rc	Loading commit data...
authSSP.vcxproj	Loading commit data...
buildtime.h	Loading commit data...
buildtime.in	Loading commit data...
resource.h	Loading commit data...
vncAccessControl.cpp	Loading commit data...
vncAccessControl.h	Loading commit data...
vncSSP.cpp	Loading commit data...
vncSSP.h	Loading commit data...
vncSecurityEditor.cpp	Loading commit data...
vncSecurityEditor.h	Loading commit data...
vncSecurityEditorProps.h	Loading commit data...

Readme.txt

Idea for AuthSSP.dll:
Authenticate user with SSPI
Impersonate this user
Check access rights against this user with the impersonation/access token.
During logon/impersonation, group membership expansion (for the token) occurs:
- Universal groups anywhere in the forest
- Global groups
- Domain local groups in the user's domain
- Local groups
- This expansion includes all nested groups

Changing the CUPG (now CUPSD) interface: No longer passing one group after the other but pass a SecurityDescriptor for NT/W2k/XP.
This allows for just one Windows logon attempt to check authentication and authorization.

AuthSSP.dll is only used if there's a DWORD regkey HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\NewMSLogon set to 1.
Then all other authentication methods are skipped.