BUG: ODS API srv_revert_to_self Does Not Revert Multi-Protocol Connections

ID: Q238238

The information in this article applies to:

Microsoft SQL Server version 7.0

BUG #: 56167 (SQLBUG_70)

SYMPTOMS

SQL Server and ODS developed applications commonly use the ODS API srv_impersonate_client during login processing to test authentication credentials. The credentials are checked and the ODS API call srv_revert_to_self is invoked to revert the worker thread security context.

When the client connects over the multi-protocol network library, the srv_revert_to_self API returns FALSE and does not properly revert the worker thread security context. SQL Server does not log this failure in the errorlog.

CAUSE

The srv_revert_to_self function uses RpcRevertToSelf instead of RpcRevertToSelfEx.

WORKAROUND

Open Data Services(ODS) supports multiple network protocols. Using protocols such as Named Pipes or TCP/IP properly revert the worker thread context.

STATUS

Microsoft has confirmed this to be a problem in SQL Server version 7.0.

MORE INFORMATION

Since the revert does not take place properly, subsequent operations performed by the worker thread requiring a security check can fail. When the worker thread remains impersonated the security operation is a delegation attempt and not currently supported on Windows NT 4.0.

Examples of external actions would be BULK INSERT and linked server executions. You may see the following error from the BULK INSERT command:

Server: Msg 4861, Level 16, State 1, Line 1 Could not bulk insert because file '\\HSCDRMAN01\CDR\BCPFiles\BCP_cdr_05301999.close' could not be opened. Operating system error code 5(Access is denied.).

Additional query words:

Keywords :
Version : winnt:7.0
Platform : winnt
Issue type : kbbug