[dcerpc-dev] DCE/RPC client to interface with MSRPC

[James Peach]

On Jul 5, 2013, at 8:09 AM, Ilya Markov <ilyamarkov at yahoo.com> wrote:

> Hello all,

Hi Ilya,

> I am trying to write a Linux client that will talk to an MSRPC server. More specifically, I am trying to read the Windows Event Log.
> 
> I have managed to accomplish this with samba, but before commiting to it, I would like to explore my other options; and this looks like it might be a suitable alternative for what I'm trying to do (provided I can actually do it).
> 
> My questions/hurdles for this are:
>  1. Are there idl files describing the event log functions that can be used with the provided dceidl compiler? Samba provides the interface, but it is in its own IDL variant, pidl.

Microsoft provide very thorough documentation of all the RPC protocols. What I've done in the past is taken the IDL definitions from the MS documentation and built is with the DCE RPC toolchain. Typically this works great with only a few minor tweaks.

>  2. What would be the sequence to connect & authenticate with an MSRPC server. I can probably figure this out from the code, but if someone has a short/minimal sample it would be of good help. If someone has been able to fetch an event log and would like to share their experience, that would be the best :).

As a client, I'm not sure whether all the pieces you'd need are in the dcerpc.org tree. On Mac OS X, we use the SMB client framework to transport RPC over SMB named pipes and the authentication is done at the pipe layer.

J