RPC_C_AUTHN_GSS_SCHANNEL

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Gianluca Braccini (gbraccini_at_tiscalinet.it)
Date: 01/27/05 

Date: Thu, 27 Jan 2005 15:45:11 +0100

Hi, i'm trying to use rpcsecure and ssl. But when client try to connect to
the server, this is not possibile because there is an access denied error.
These are my steps:

1) Installing a certificate on the machine:
    makecert -r -pe -n "CN=prova" -b 01/01/2000 -e 01/01/2036 -eku
1.3.6.5.5.7.3.1 -ss root -sr localMachine -sky exchange -sp "Microsoft RSA
Channel Crtographic Provider" -sy 12

2) Client side:

SCHANNEL_CRED SchannelCred;

PCCERT_CONTEXT pCertContext = NULL;
LPSTR pszCertName="prova";
HCERTSTORE hMyCertStore=NULL;

ULONG lStore =CERT_SYSTEM_STORE_LOCAL_MACHINE ;

hMyCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING |
PKCS_7_ASN_ENCODING, 0, lStore, L"Root");

if(!hMyCertStore)
{
      MessageBox( NULL, "CertOpenStore", "errore", MB_OK );
      return 0 ;
}

pCertContext = CertFindCertificateInStore(hMyCertStore, X509_ASN_ENCODING,
0, CERT_FIND_SUBJECT_STR_A, pszCertName, NULL);
if(pCertContext == NULL)
{
     MessageBox( NULL, "CertFindCertificateInStore", "errore", MB_OK );
    return 0;
}

ZeroMemory(&SchannelCred, sizeof(SchannelCred));

SchannelCred.dwVersion = SCHANNEL_CRED_VERSION;

SchannelCred.cCreds = 1;
SchannelCred.paCred = &pCertContext;

//------------------

   RPC_STATUS x;x = RpcBindingSetAuthInfo( h_bind,
             (unsigned char *) "RRSNET",
             RPC_C_AUTHN_LEVEL_PKT,
             RPC_C_AUTHN_GSS_SCHANNEL,
             &SchannelCred ,
             0
              );
   if( x != RPC_S_OK )
   {
...

3) On the same machine Server Side:

SCHANNEL_CRED SchannelCred;

PCCERT_CONTEXT pCertContext = NULL;
LPSTR pszCertName="prova";
HCERTSTORE hMyCertStore=NULL;

ULONG lStore =CERT_SYSTEM_STORE_LOCAL_MACHINE ;

hMyCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, X509_ASN_ENCODING |
PKCS_7_ASN_ENCODING, 0, lStore, L"Root");
if(!hMyCertStore)
{
         MessageBox( NULL, "open", "errore", MB_OK );
         return ;
}

pCertContext = CertFindCertificateInStore(hMyCertStore, X509_ASN_ENCODING,
0, CERT_FIND_SUBJECT_STR_A, pszCertName, NULL);
if(pCertContext == NULL)
{
     MessageBox( NULL, "Find", "errore", MB_OK );
    return ;
}

ZeroMemory(&SchannelCred, sizeof(SchannelCred));

SchannelCred.dwVersion = SCHANNEL_CRED_VERSION;

SchannelCred.cCreds = 1;
SchannelCred.paCred = &pCertContext;

    if ( RpcServerRegisterAuthInfo(NULL, RPC_C_AUTHN_GSS_SCHANNEL, NULL,
&SchannelCred ) == RPC_S_OK )
....

Have you some idea?
Where can i find some documentation that explain how to setup the
certificate in the store for enable client's connection?

Many Thanks

Gianluca

Relevant Pages

  • Re: What doesnt lend itself to OO?
    ... >> proxy and instructs the server to constuct the real object. ... rather than client code. ... If 'clock' is instantiated in the server, ... > for the server interface at the OOA level. ...
    (comp.object)
  • This is going straight to the pool room
    ... or not the client has privilege to do what they're trying to do, ... The server environment is this: ... 3GL User action Routines that Tier3 will execute on your behalf during the ... Routine Name: USER_INIT ...
    (comp.os.vms)
  • [Full-Disclosure] R: Full-Disclosure Digest, Vol 3, Issue 42
    ... Full-Disclosure Digest, Vol 3, Issue 42 ... SD Server 4.0.70 Directory Traversal Bug ... Arkeia Network Backup Client Remote Access ...
    (Full-Disclosure)
  • Re: What doesnt lend itself to OO?
    ... > rather than client code. ... no way to do that without also touching the object with clock semantics ... will not encapsulate both clock semantics and network semantics. ... The server can do whatever it wants ...
    (comp.object)
  • RE: Fax monitor incoming + outgoing calls?
    ... problem between the client computer and the SBS server. ... Client is using the internal IP address of the SBS server as the ... To the folder redirection GPO issue: ...
    (microsoft.public.windows.server.sbs)