From jpeach at apple.com Mon Mar 4 20:47:45 2013 From: jpeach at apple.com (James Peach) Date: Mon, 04 Mar 2013 20:47:45 -0800 Subject: [dcerpc-dev] DCE-RPC with gss negotiate In-Reply-To: References: Message-ID: On 25/02/2013, at 5:53 AM, SaNtosh kuLkarni wrote: > Hi, > > I am trying to develop a DCE-RPC based client which talks to a MSRPC based server running on Windows. > > I configured the DCE/RPC build with --enable gss-negotiate. > > The security nego flow on the linux rpc client is as follows > > unsigned32 authn_protocol = rpc_c_authn_gss_negotiate; > unsigned32 authn_level = rpc_c_authn_level_pkt_privacy; > > rpc_binding_set_auth_info (hello_IfHandle, (unsigned_char_p_t)principal, > authn_level, > authn_protocol,NULL, > rpc_c_authz_name, &st); > if (st != rpc_s_ok) { > dce_error_inq_text(st, error_text, &error_inq_st); > fprintf(stderr, "Cannot set security authorization for server %s: %s\n", entry_name, error_text); > } > > Is there anything else that need to be done.I have developed a similar windows client which works fine.But when i do the same security api flow and set the protocol and auth level it fails on linux with the following I'm not sure that we ever worked on the GSS mechanism. We did implement NETLOGON and local auth mechs, but you might have to make some changes to implement GSS. I'd be happy to merge any patches ... J > > > [pid: 020951] [time: 000001] [thread: 099547a8] STATE CLIENT ASSOC: 0x9954610 state->INIT_WAIT event->REJ_CONF > [pid: 020951] [time: 000001] [thread: 099547a8] [file: cnrcvr.c, line: 1259] > [pid: 020951] [time: 000001] [thread: 099547a8] (rpc__mem_free) type 23 @ 0xb6900468 > [pid: 020951] [time: 000001] [thread: 099547a8] [file: rpcmem.c, line: 171] > [pid: 020951] [time: 000001] [thread: 099547a8] STATE CLIENT ASSOC: 0x9954610 new state->CLOSED > [pid: 020951] [time: 000001] [thread: 099547a8] [file: cnrcvr.c, line: 1259] > [pid: 020951] [time: 000001] [thread: 09919008] CN: call_rep->0x994e400 assoc->0x9954610 desc->0x994e258 presentation negotiation failed st = 16c9a046 > [pid: 020951] [time: 000001] [thread: 09919008] [file: cnassoc.c, line: 819] > [pid: 020951] [time: 000001] [thread: 09919008] (rpc__cn_call_start) STATE CLIENT CALL: 0 new state->CALL_FAILED_DNE > > > I would be grateful if anyone could guide me on this.Thanks! > > > > > -- > Regards, > Santosh > _______________________________________________ > dcerpc-dev mailing list > dcerpc-dev at lists.macosforge.org > https://lists.macosforge.org/mailman/listinfo/dcerpc-dev From santosh.yesoptus at gmail.com Tue Mar 5 17:56:51 2013 From: santosh.yesoptus at gmail.com (SaNtosh kuLkarni) Date: Wed, 6 Mar 2013 07:26:51 +0530 Subject: [dcerpc-dev] DCE-RPC with gss negotiate In-Reply-To: References:

Message-ID: Thank you for the timely reply. Sent from my Sony Xperia? smartphone On Mar 5, 2013 10:18 AM, "James Peach" wrote: > On 25/02/2013, at 5:53 AM, SaNtosh kuLkarni > wrote: > > > Hi, > > > > I am trying to develop a DCE-RPC based client which talks to a MSRPC > based server running on Windows. > > > > I configured the DCE/RPC build with --enable gss-negotiate. > > > > The security nego flow on the linux rpc client is as follows > > > > unsigned32 authn_protocol = rpc_c_authn_gss_negotiate; > > unsigned32 authn_level = rpc_c_authn_level_pkt_privacy; > > > > rpc_binding_set_auth_info (hello_IfHandle, > (unsigned_char_p_t)principal, > > authn_level, > > authn_protocol,NULL, > > rpc_c_authz_name, &st); > > if (st != rpc_s_ok) { > > dce_error_inq_text(st, error_text, &error_inq_st); > > fprintf(stderr, "Cannot set security authorization for > server %s: %s\n", entry_name, error_text); > > } > > > > Is there anything else that need to be done.I have developed a similar > windows client which works fine.But when i do the same security api flow > and set the protocol and auth level it fails on linux with the following > > I'm not sure that we ever worked on the GSS mechanism. We did implement > NETLOGON and local auth mechs, but you might have to make some changes to > implement GSS. I'd be happy to merge any patches ... > > J > > > > > > > [pid: 020951] [time: 000001] [thread: 099547a8] STATE CLIENT ASSOC: > 0x9954610 state->INIT_WAIT event->REJ_CONF > > [pid: 020951] [time: 000001] [thread: 099547a8] [file: cnrcvr.c, > line: 1259] > > [pid: 020951] [time: 000001] [thread: 099547a8] (rpc__mem_free) type 23 > @ 0xb6900468 > > [pid: 020951] [time: 000001] [thread: 099547a8] [file: rpcmem.c, > line: 171] > > [pid: 020951] [time: 000001] [thread: 099547a8] STATE CLIENT ASSOC: > 0x9954610 new state->CLOSED > > [pid: 020951] [time: 000001] [thread: 099547a8] [file: cnrcvr.c, > line: 1259] > > [pid: 020951] [time: 000001] [thread: 09919008] CN: call_rep->0x994e400 > assoc->0x9954610 desc->0x994e258 presentation negotiation failed st = > 16c9a046 > > [pid: 020951] [time: 000001] [thread: 09919008] [file: cnassoc.c, > line: 819] > > [pid: 020951] [time: 000001] [thread: 09919008] (rpc__cn_call_start) > STATE CLIENT CALL: 0 new state->CALL_FAILED_DNE > > > > > > I would be grateful if anyone could guide me on this.Thanks! > > > > > > > > > > -- > > Regards, > > Santosh > > _______________________________________________ > > dcerpc-dev mailing list > > dcerpc-dev at lists.macosforge.org > > https://lists.macosforge.org/mailman/listinfo/dcerpc-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: