Authentication on Window NT LAN through web
We want our students to see there results online . But we want to authenticate them by there user Id and password which they use inside the campus. on window NT network.
Can we access window NT password database if not then any other suggestions.
Thank you
Isn't this a question about your web server?
Similar Messages
-
Windows Client cannot connect to wireless LAN through EAP-TLS
I have a Cisco Aironet Access point which cannot be authenticated by a remote RADIUS server to connect to wireless lan through EAP-TLS. These is the debug output from the AAA process.
*Mar 7 10:56:56.337: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:56:56.369: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:56.385: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:56.385: dot11_auth_parse_client_pak: id is not matching req-id:1re
sp-id:2, waiting for response
*Mar 7 10:56:56.401: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:56.717: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:56.717: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:56.785: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:57.097: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:57.097: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:57.101: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:57.393: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:57.393: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:57.397: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:57.673: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:57.673: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:57.677: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:57.953: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:57.953: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:57.957: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:58.317: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:58.317: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:58.321: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:58.685: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:58.685: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:58.685: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:56:58.993: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
*Mar 7 10:56:58.993: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
esponse
*Mar 7 10:56:59.041: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:57:01.077: Client 0811.9650.8cb0 failed: reached maximum retries
*Mar 7 10:57:08.997: %RADIUS-4-RADIUS_DEAD: RADIUS server 165.72.12.12:1812,181
3 is not responding.
*Mar 7 10:57:08.997: %RADIUS-4-RADIUS_ALIVE: RADIUS server 165.72.12.12:1812,18
13 is being marked alive.
*Mar 7 10:57:14.481: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:57:14.521: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:57:44.521: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
n failed
*Mar 7 10:57:44.801: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:57:44.829: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:58:14.829: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
n failed
*Mar 7 10:58:15.105: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:58:15.141: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:58:45.141: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
n failed
*Mar 7 10:58:45.425: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:58:45.449: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:59:15.449: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
n failed
*Mar 7 10:59:15.729: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:59:15.753: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:59:45.753: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
n failed
*Mar 7 10:59:46.009: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:59:46.037: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:59:50.077: Client 0811.9650.8cb0 failed: reached maximum retries
*Mar 7 10:59:50.349: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:59:50.373: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 10:59:55.077: Client 0811.9650.8cb0 failed: reached maximum retries
*Mar 7 10:59:55.341: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 10:59:55.361: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 11:00:00.077: Client 0811.9650.8cb0 failed: reached maximum retries
*Mar 7 11:00:00.333: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 11:00:00.357: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 11:00:05.077: Client 0811.9650.8cb0 failed: reached maximum retries
*Mar 7 11:00:05.341: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
*Mar 7 11:00:05.365: dot11_auth_parse_client_pak: Received EAPOL packet from 08
11.9650.8cb0
*Mar 7 11:00:10.077: Client 0811.9650.8cb0 failed: reached maximum retriesKindly get verified the configuration and the compatibility if there is a mismatch. Please find the link below for more information on EAP-TLS functions in Access points and clients.
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a008009256b.shtml#wp39110 -
I have been experiencing several issues with my MacBook Pro Retina mid 2012. My MBPR is scheduled to go into the depot. However, I am wondering if anyone may be able to shed light on a few issues as this is the third "official" time my MBPR is going back for service ("one depot" trip; "one authorized" dealer; several in-store visits).
My Bluetooth is stating that the Bluetooth Chipset is Unknown (0). I also have had Bluetooth Preferences mysteriously change on me. In addition, while Bluetooth is off there are two serial modems turning on. I have turned them off, but they continue to pop up.
In addition, when I log in, my MBPR is not remembering me and my login name is not appearing on the slate-gray screen. The name and password are blank and the following message appears in the lower left hand corner. "login window authentication login window Name edit text has keyboard focus." As a side note, I am the only user. The login issue is a recent occurrence as we just totally wiped it again via a Command + R, and I don't believe I have an accessibility setting set to anything that would cause this, but wanted to check.
Should I be concerned here? Has anyone else had issues like this? I don't want to worry if I don't have to. I have had so many issues over the course of nine months. 5-6 wipes. Airport card replaced and I am about to pull my hair out if my MBPR doesn't come back worldly like clock work this time. I just can't send my days trying to get a $2300 product to work for me any longer. No idea what is wrong with it, but it is driving me insane. Cross your fingers for me and any guidance you have or thoughts would be welcomed. Thank you. EMMA few more issues...
In Console, the following is greyed out:
User and Diagnostic reports
Com.apple.launchd.peruser.0
Com.apple.launchd.peruser.88
Com.apple.launchd.peruser.89
Com.apple.launchd.peruser.92
Com.apple.launchd.peruser.97
Com.apple.launchd.peruser.200
Com.apple.launchd.peruser.201
Com.apple.launchd.peruser.202
Com.apple.launchd.peruser.212
*[user logs are accessible]
Krb5kdc
Radius
My guest files are locked, but again I am the administrator of MBPR.
I am worried about a keystroke logged or at least, trying to rule it out.
Also:
Mdworker32(225) [and other mdworker numbers] are sandboxing; stating deny Mach-lookup
Com.apple.Powermanagement.control, etc. long attachment with those files with version: ??? (???).
Postinstall: removing applications/Microsoft Office 2011/Microsoft Outlook.app
WARNINGS in Console include:
[NSImage compositeToPoint:fromRect:operation:fraction:] is deprecated in MacOSX 19.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction] instead.
There are a ton of other warnings. Before I go through this again, can someone tell me if this is normal (all of it -- above too); or if these are symptoms is a keystroke logger or hardware issues?
I ask because originally, when my computer went in for diagnostics (more than once), Apple stated the hardware was fine (other than Airport Card -- finally). However, if I've done 5-6 total wipes; created new users; do not have sharing set-up; have not played around in Terminal; and am up-to-date with versions -- and various issues KEEP COMING BACK -- I am left wondering if a keystroke logger would be possible here?!? I thought maybe a faulty logic board, but why would diagnostics be okay, then? Not trying to be hyperbole, just desperate.
Please help me rule keystroke logger out or at least, tell me so I know, so I can take appropriate action. If you think it could be the logic board with symptoms above, that would be a great too.
All I want to do is use the computer as intended, but I can't seem to get a real answer, so after nine months -- I am turning to the communities to see if anyone -- anyone at all -- can help. The last thing I can do is have the MBPR come back from the depot and the same thing occur. Any guidance or advice would be so gratefully appreciated. -
Disable Webservices access through web
Hi All,
In OFMW and AIA 11g ps3, how can we disable webservices access through web i.e. restrict webservice call from outside
world using OWSM security policies?
We dont want to use username based authentication or any other policies that is based on authentication and authorization.
Please let me know how can we achieve this?
Thanks in advance.Hi,
I think the best way would be to block the access to services at firewall so that these services have restricted access within the network. This can be achieved only if none of the services need to be exposed over to the internet.
Regards,
Neeraj Sehgal -
Do mac os get virus through web browsing ?
Hi, i wonder if mac can be infected by virus through web browsing ?
If yes, how can i protect myself. I have also installed some third party app how can i check if my computer is clean or not.You can be caught by some malware through uncareful browsing. To protect yourself simply avoid websites you know nothing about, don't click on a link unless you know what will happen, ignore any pop-ups or alerts telling you that you must immediately download something in order to protect or clean up your computer. These are all scams or are aimed at Windows machines.
Helpful Links Regarding Malware Protection
An excellent link to read is Tom Reed's Mac Malware Guide.
Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
See these Apple articles:
Mac OS X Snow Leopard and malware detection
OS X Lion- Protect your Mac from malware
OS X Mountain Lion- Protect your Mac from malware
About file quarantine in OS X
If you require anti-virus protection I recommend using VirusBarrier Express 1.1.6 or Dr.Web Light both from the App Store. They're both free, and since they're from the App Store, they won't destabilize the system. (Thank you to Thomas Reed for these recommendations.)
From user Joe Bailey comes this equally useful advice:
The facts are:
1. There is no anti-malware software that can detect 100% of the malware out there.
2. There is no anti-malware that can detect anything targeting the Mac because there
is no Mac malware in the wild, and therefore, no "signatures" to detect.
3. The very best way to prevent the most attacks is for you as the user to be aware that
the most successful malware attacks rely on very sophisticated social engineering
techniques preying on human avarice, ****, and fear.
4. Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on
your computer is intended to entice you to install their malware thinking it is a
protection against malware.
5. Some of the anti-malware products on the market are worse than the malware
from which they purport to protect you.
6. Be cautious where you go on the internet.
7. Only download anything from sites you know are safe.
8. Avoid links you receive in email, always be suspicious even if you get something
you think is from a friend, but you were not expecting.
9. If there is any question in your mind, then assume it is malware. -
How to achieve New Window requirement from One Web Template?
Hi Experts,
I've a WebTemplate contains 2 Graphs. Each graph have one Zoom Button. My requirement is, When I click the Zoom button that corresponding Grpah should display in a New Window. I've finished all the above requirements.
Since, I have One Mandatory field, I'm always getting the Variable Screen in a New Window while I clik the Zoom Button.
I need to avoid this "Rerun" feature in New Window.
Kindly suggest me how to achieve this..
Full points will be given.
Thanks
Jay JayHi Thanks.
Even I'm also trying for the same scenario only.
Actually I have 2 Web Templates.
In First Template I have 2 Charts and 2 Zoom buttons for each.
While I running the 1 Template, i give an Value in the Variable screen of First Web Template.
If I click a Zoom button of 1st Chart, It should open a New window with the Second Web Template. And Second Web Template should automatically take a First Template's Variable screen Values.
(Since, U have an Mandatory field in Second Template u were not faced this requirment.)
Even I tried with "TRANSFER_STATE". It is not taking the First Variable Screen's input values.
Kindly help me in this issue.
Thanks in advance. -
How to connect a PDF form to SQL server database through web service?
Hi,
I'm new to LiveCycle designer. I have designed a PDF form in LC designer ES2, which suppose to take a personnel number and retrieve the personnel information from a SQL server database. Currently its working fine with XML data and a search button, but I need to securly connect to a database through web service. I know how to connect to a wsdl file through designer. What I need is a wsdl file to connect the form to database. For this purpose, is there any WSDL code to use as the web service?
I really appreciate your help and advice.Hi,
I'm new to LiveCycle designer. I have designed a PDF form in LC designer ES2, which suppose to take a personnel number and retrieve the personnel information from a SQL server database. Currently its working fine with XML data and a search button, but I need to securly connect to a database through web service. I know how to connect to a wsdl file through designer. What I need is a wsdl file to connect the form to database. For this purpose, is there any WSDL code to use as the web service?
I really appreciate your help and advice. -
6i Reports doesn't work in 9IDS through web.
when I generate the report(which I built directly in 9IDS) through web it is working fine and also I can see contents in .html,.jsp and .gif (web source) files.
But if I try to run the report which I have built in Reports 6i, I am getting blank page(browser-IE6) and when I see the contents of .html,.jsp nothing is there, even in the web source also through report builder.Although I compiled it in 9IDS.
So how can I run my reports through web which I have developed in Report 6i?The reports created in 6i is not directly target for jsp, so there is no web source even you open it in 9iDS. It is not possible to convert a paper layout to native web layout (otherwise, we don't need to distinguish it in 9i). There are some fundamental differences between these two models. If you want to reuse some report objects in jsp, we do provide <rw:include> tag to bridge these two on the object level.
Thanks,
-Shaun -
How to restrict 'Broadcast and Export' option of BW report through web.
Helllo,
Please anyone let me know, how NOT to give/allow "Broadcast and Export' option in BW report, when accessed through Web.
Is there is any Auhtorization object which restrictes this option.Hi,
Please check this, it may help you.
http://help.sap.com/saphelp_nw70/helpdata/en/80/1a68b4e07211d2acb80000e829fbfe/frameset.htm
Regards,
Madhu -
I am sharing my macbook pro over a network with windows 7, however through windows 7 I can access my whole computer instead of just the shared files!
Hi Sig,
The issue is that i only want the shared folders to be accessed through windows 7.
Whats the point otherwise to have shared folders?
thanks.. -
Problem in Creating a System through WEB AS
Hi ,
I created a System (ECC 6.0) in Portal and testing it through WEB AS.I'am able to "Test the connection for Connectors" but when coming to test WEBAS am getting an error "<b>Test Details:
The test consists of the following steps:
1. Check the validity of the system ID in the system object
2. Check whether the system can be retrieved
3. Check whether a SAP system is defined in the system object
4. Validate the following parameters: WAS protocol; WAS host name
5. Check HTTP/S connectivity to the defined backend application
Results
1. The system ID is valid
2. Retrieval of the system was successful
3. The system object represents an SAP system
4. The following parameters are valid: Web AS Protocol (http) Web AS Host Name (srtplecd:8000)
5. HTTP/S connection failed</b> "
please help me in this.
with regards,
pradeep.BYes i had entered everything required for WAS and when i'am doing Connection Tests through WAS am getting this error "<b>SAP Web AS Connection
Test Details:
The test consists of the following steps:
1. Check the validity of the system ID in the system object
2. Check whether the system can be retrieved
3. Check whether a SAP system is defined in the system object
4. Validate the following parameters: WAS protocol; WAS host name
5. Check HTTP/S connectivity to the defined backend application
Results
1. The system ID is valid
2. Retrieval of the system was successful
3. The system object represents an SAP system
4. The following parameters are valid: Web AS Protocol (http) Web AS Host Name (srtplecd:8000)
5. HTTP/S connection failed</b>" -
Invalid element RenderOptionsSpec - CB error while calling Output Service through web service
Hi,
I am trying to call generatePDFOutput from Output Service through web service.
I have generated the proxy class using RAD webservice client option by http://10.235.0.232:8080/soap/services/OutputService?wsdl
here is my code
OutputServiceServiceLocator outputService =new OutputServiceServiceLocator();URL serviceURL =
new URL("http://10.235.0.232:8080/soap/services/OutputService?blob=base64");OutputServiceSoapBindingStub outputClient =
new OutputServiceSoapBindingStub(serviceURL, outputService);
((javax.xml.rpc.Stub) outputClient)._setProperty(javax.xml.rpc.Stub.
USERNAME_PROPERTY,DSC_CREDENTIAL_USERNAME);((javax.xml.rpc.Stub) outputClient)._setProperty(javax.xml.rpc.Stub.
PASSWORD_PROPERTY,DSC_CREDENTIAL_PASSWORD);
//Reference XML data to merge into the PDF document
BLOB inData =new BLOB();inData.setBinaryData("Input xml in bytes");
formName =
"/AdobePOC/Forms/sample.xdp";
//Set PDF run-time options
PDFOutputOptionsSpec pdfOptions =new PDFOutputOptionsSpec();pdfOptions.setFileURI(
"repository://");
RenderOptionsSpec renderOptions =
new RenderOptionsSpec();renderOptions.setCacheEnabled(
true);
BLOBHolder generatePDFOutputPDFDoc =
new BLOBHolder();BLOBHolder generatePDFOutputMetaDataDoc =
new BLOBHolder();BLOBHolder generatePDFOutputResultDoc =
new BLOBHolder();OutputResultHolder outResultHolder =
new OutputResultHolder();
//Create a PDF Document
outputClient.generatePDFOutput(TransformationFormat.PDFA, formName,"repository://", pdfOptions, renderOptions,inData, generatePDFOutputPDFDoc,generatePDFOutputMetaDataDoc, generatePDFOutputResultDoc,outResultHolder);
return generatePDFOutputResultDoc.value;
I am getting the following error while executing the above code.
09 17:05:05:407 IST] 00000028 SystemErr R AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userExceptionfaultSubcode:
faultString:
org.xml.sax.SAXException: Invalid element in com.adobe.livecycle.output.client.RenderOptionsSpec - CBfaultActor:
faultNode:faultDetail:
{}faultData:<ns1:exception xmlns:ns1="http://adobe.com/idp/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/><ns2:message xmlns:ns2="http://adobe.com/idp/services">Invalid element in com.adobe.livecycle.output.client.RenderOptionsSpec - CB</ns2:message>
{http://xml.apache.org/axis/}hostname:A1AIGMD02018
[6/25/09 17:05:05:407 IST] 00000028 SystemErr R org.xml.sax.SAXException: Invalid element in com.adobe.livecycle.output.client.RenderOptionsSpec - CB[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.axis.message.SOAPFaultBuilder.createFault(
SOAPFaultBuilder.java:222)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.axis.message.SOAPFaultBuilder.endElement(
SOAPFaultBuilder.java:129)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.axis.encoding.DeserializationContext.endElement(
DeserializationContext.java:1087)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source)
[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch( Unknown Source)
[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source)
[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.axis.encoding.DeserializationContext.parse(
DeserializationContext.java:227)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.axis.SOAPPart.getAsSOAPEnvelope(
SOAPPart.java:696)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.axis.Message.getSOAPEnvelope(
Message.java:435)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(
MustUnderstandChecker.java:62)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.axis.client.AxisClient.invoke(
AxisClient.java:206)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.axis.client.Call.invokeEngine(
Call.java:2784)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.axis.client.Call.invoke(
Call.java:2767)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.axis.client.Call.invoke(
Call.java:2443)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.axis.client.Call.invoke(
Call.java:2366)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.axis.client.Call.invoke(
Call.java:1812)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at com.adobe.idp.services.OutputServiceSoapBindingStub.generatePDFOutput(
OutputServiceSoapBindingStub.java:579)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at com.adobe.idp.services.WebOutputService.call(
WebOutputService.java:70)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at com.aig.dbg.cto.service.webService.controller.ServiceCallThroWebService.call(
ServiceCallThroWebService.java:13)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at com.aig.dbg.cto.service.webService.controller.WebServiceHandler.perform(
WebServiceHandler.java:92)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.struts.action.ActionServlet.processActionPerform(
ActionServlet.java:1787)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.struts.action.ActionServlet.process(
ActionServlet.java:1586)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at org.apache.struts.action.ActionServlet.doGet(
ActionServlet.java:492)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at com.aig.dbg.cto.service.publishing.controller.PubServlet.doGet(
PubServlet.java:42)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at javax.servlet.http.HttpServlet.service(
HttpServlet.java:743)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at javax.servlet.http.HttpServlet.service(
HttpServlet.java:856)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(
ServletWrapper.java:966)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(
ServletWrapper.java:478)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(
ServletWrapper.java:463)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(
WebApp.java:3129)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(
WebGroup.java:238)[6/25/09 17:05:05:427 IST] 00000028 SystemErr R at com.ibm.ws.webcontainer.WebContainer.handleRequest(
WebContainer.java:811)[6/25/09 17:05:05:437 IST] 00000028 SystemErr R at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(
WebContainer.java:1433)[6/25/09 17:05:05:437 IST] 00000028 SystemErr R at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(
WCChannelLink.java:93)[6/25/09 17:05:05:437 IST] 00000028 SystemErr R at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(
HttpInboundLink.java:465)[6/25/09 17:05:05:437 IST] 00000028 SystemErr R at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(
HttpInboundLink.java:394)[6/25/09 17:05:05:437 IST] 00000028 SystemErr R at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(
HttpICLReadCallback.java:102)[6/25/09 17:05:05:437 IST] 00000028 SystemErr R at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(
AioReadCompletionListener.java:152)[6/25/09 17:05:05:437 IST] 00000028 SystemErr R at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(
AbstractAsyncFuture.java:213)[6/25/09 17:05:05:437 IST] 00000028 SystemErr R at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(
AbstractAsyncFuture.java:195)[6/25/09 17:05:05:437 IST] 00000028 SystemErr R at com.ibm.io.async.AsyncFuture.completed(
AsyncFuture.java:136)[6/25/09 17:05:05:437 IST] 00000028 SystemErr R at com.ibm.io.async.ResultHandler.complete(
ResultHandler.java:194)[6/25/09 17:05:05:437 IST] 00000028 SystemErr R at com.ibm.io.async.ResultHandler.runEventProcessingLoop(
ResultHandler.java:741)[6/25/09 17:05:05:437 IST] 00000028 SystemErr R at com.ibm.io.async.ResultHandler$2.run(
ResultHandler.java:863)[6/25/09 17:05:05:437 IST] 00000028 SystemErr R at com.ibm.ws.util.ThreadPool$Worker.run(
ThreadPool.java:1510)
Please help me to fix this error.
Thanks in advance
Lavanya.Hodmi, Thanks for your reply.
If i set RenderOptionsSpec values its not throwing Invalid element RenderOptionsSpec - CB error but its throwing ALC-DSC-000-000 internal error
[6/26/09 17:11:35:021 IST] 00000029 SystemErr R AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userExceptionfaultSubcode:
faultString:
com.adobe.livecycle.output.exception.OutputException: ALC-DSC-000-000: com.adobe.idp.dsc.DSCException: Internal error.faultActor:
faultNode:faultDetail:
{}faultData:<ns1:result xmlns:ns1="http://adobe.com/idp/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:nil="true"/>
{http://xml.apache.org/axis/}hostname:A1AIGMD01299
[6/26/09 17:11:35:021 IST] 00000029 SystemErr R
com.adobe.livecycle.output.exception.OutputException: ALC-DSC-000-000: com.adobe.idp.dsc.DSCException: Internal error.[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.axis.message.SOAPFaultBuilder.createFault(
SOAPFaultBuilder.java:222)[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.axis.message.SOAPFaultBuilder.endElement(
SOAPFaultBuilder.java:129)[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.axis.encoding.DeserializationContext.endElement(
DeserializationContext.java:1087)[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source)
[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source)
[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch( Unknown Source)
[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.xerces.jaxp.SAXParserImpl.parse(Unknown Source)
[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.axis.encoding.DeserializationContext.parse(
DeserializationContext.java:227)[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.axis.SOAPPart.getAsSOAPEnvelope(
SOAPPart.java:696)[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.axis.Message.getSOAPEnvelope(
Message.java:435)[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(
MustUnderstandChecker.java:62)[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.axis.client.AxisClient.invoke(
AxisClient.java:206)[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.axis.client.Call.invokeEngine(
Call.java:2784)[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.axis.client.Call.invoke(
Call.java:2767)[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.axis.client.Call.invoke(
Call.java:2443)[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.axis.client.Call.invoke(
Call.java:2366)[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at org.apache.axis.client.Call.invoke(
Call.java:1812)[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at com.adobe.idp.services.OutputServiceSoapBindingStub.generatePDFOutput(
OutputServiceSoapBindingStub.java:579)[6/26/09 17:11:35:111 IST] 00000029 SystemErr R at com.adobe.idp.services.WebOutputService.call(WebOutputService.java)
[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.aig.dbg.cto.service.webService.controller.WebServiceHandler.perform(
WebServiceHandler.java:76)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at org.apache.struts.action.ActionServlet.processActionPerform(
ActionServlet.java:1787)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at org.apache.struts.action.ActionServlet.process(
ActionServlet.java:1586)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at org.apache.struts.action.ActionServlet.doGet(
ActionServlet.java:492)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.aig.dbg.cto.service.publishing.controller.PubServlet.doGet(
PubServlet.java:42)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at javax.servlet.http.HttpServlet.service(
HttpServlet.java:743)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at javax.servlet.http.HttpServlet.service(
HttpServlet.java:856)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(
ServletWrapper.java:966)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(
ServletWrapper.java:478)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.handleRequest(
ServletWrapper.java:463)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(
WebApp.java:3129)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(
WebGroup.java:238)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.ws.webcontainer.WebContainer.handleRequest(
WebContainer.java:811)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(
WebContainer.java:1433)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(
WCChannelLink.java:93)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(
HttpInboundLink.java:465)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(
HttpInboundLink.java:394)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(
HttpInboundLink.java:274)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(
NewConnectionInitialReadCallback.java:214)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(
NewConnectionInitialReadCallback.java:113)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(
AioReadCompletionListener.java:152)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(
AbstractAsyncFuture.java:213)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.io.async.AbstractAsyncFuture.fireCompletionActions(
AbstractAsyncFuture.java:195)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.io.async.AsyncFuture.completed(
AsyncFuture.java:136)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.io.async.ResultHandler.complete(
ResultHandler.java:194)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.io.async.ResultHandler.runEventProcessingLoop(
ResultHandler.java:741)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.io.async.ResultHandler$2.run(
ResultHandler.java:863)[6/26/09 17:11:35:121 IST] 00000029 SystemErr R at com.ibm.ws.util.ThreadPool$Worker.run(
ThreadPool.java:1510)
Please help me to fix this also.
Thanks in advance
Lavanya. -
Error while Submiting Support message through Web browser
Hi Gurus
I am geting error while submiting Support message through Web browser i.e BSP . Please find the error message below
"Error: The system could not create the message because of an RFC connection "NONE " error Service-specific Csutomizing missing for transaction ZLFN"
Note: ZLFN is our Service Desk Message type.
Any ideas where i am doing wrong?
Points will be rewarded
Thanks
BhaskarHello,
check if when you configured your new transaction type ZLFN you have included a corresponding entry in view CRMC_SERVICE_H.
If the transaction type is missing in this view, you have this error.
Regards,
Raquel Cunha -
SChannel Fails Authentication on Windows Server 2008 R2 Using TLS1
I am trying to use SChannel to secure a socket connection. I modified the example at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa380537(v=vs.85).aspx, converting it from Negotiate to SChannel. Following the specs for the SSPI APIs I was able the get a Client & Server connection authenticated on Windows 7.
However, when I try running the same programs on Windows Server 2008 R2, either the Client side or Server side fails, depending on how I select the security protocol.
Here is the modified example code, details about my results follow the code.
Client.cpp
// Client-side program to establish an SSPI socket connection
// with a server and exchange messages.
// Define macros and constants.
#include "StdAfx.h"
#include <windows.h>
#include <winsock.h>
#include <stdio.h>
#include <stdlib.h>
#include "SspiExample.h"
#include <string>
#include <iostream>
CredHandle g_hCred;
SecHandle g_hCtext;
#define SSPI_CLIENT "SChannelClient:" __FUNCTION__
void main(int argc, char * argv[])
SOCKET Client_Socket;
BYTE Data[BIG_BUFF];
PCHAR pMessage;
WSADATA wsaData;
SECURITY_STATUS ss;
DWORD cbRead;
ULONG cbHeader;
ULONG cbMaxMessage;
ULONG cbTrailer;
SecPkgContext_StreamSizes SecPkgSizes;
SecPkgContext_PackageInfo SecPkgPkgInfo;
SecPkgContext_ConnectionInfo ConnectionInfo;
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName);
char Server[512] = {0};
WCHAR CertName[512] = {0};
// Validate cmd line parameters
if ( argc != 3 )
LOGA ( ( __log_buf, SSPI_CLIENT " required parameters ServerName & CertName not entered.\n"));
LOGA( ( __log_buf, SSPI_CLIENT " Abort and start over with required parameters.\n") );
std::cin.get();
else
// argv[1] - ServerName - the name of the computer running the server sample.
// argv[2] - TargetName the common name of the certificate provided
// by the target server program.
memcpy(Server, argv[1], strlen(argv[1]));
size_t sizCN;
mbstowcs_s(&sizCN, CertName, strlen(argv[2])+1, argv[2], _TRUNCATE);
LOGA ( ( __log_buf, SSPI_CLIENT " input parameters - ServerName %s CertName %ls.\n", Server, CertName ));
// Initialize the socket and the SSP security package.
if(WSAStartup (0x0101, &wsaData))
MyHandleError( __FUNCTION__ " Could not initialize winsock ");
// Connect to a server.
SecInvalidateHandle( &g_hCtext );
if (!ConnectAuthSocket (
&Client_Socket,
&g_hCred,
&g_hCtext,
Server,
CertName))
MyHandleError( __FUNCTION__ " Authenticated server connection ");
LOGA ( ( __log_buf, SSPI_CLIENT " connection authenticated.\n"));
// An authenticated session with a server has been established.
// Receive and manage a message from the server.
// First, find and display the name of the SSP,
// the transport protocol supported by the SSP,
// and the size of the header, maximum message, and
// trailer blocks for this SSP.
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_PACKAGE_INFO,
&SecPkgPkgInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT "QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " QueryContextAttributes failed.\n");
else
LOGA ( ( __log_buf, SSPI_CLIENT " Package Name: %ls\n", SecPkgPkgInfo.PackageInfo->Name));
// Free the allocated buffer.
FreeContextBuffer(SecPkgPkgInfo.PackageInfo);
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_STREAM_SIZES,
&SecPkgSizes );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " Query context ");
cbHeader = SecPkgSizes.cbHeader;
cbMaxMessage = SecPkgSizes.cbMaximumMessage;
cbTrailer = SecPkgSizes.cbTrailer;
LOGA ( ( __log_buf, SSPI_CLIENT " cbHeader %u, cbMaxMessage %u, cbTrailer %u\n", cbHeader, cbMaxMessage, cbTrailer ));
ss = QueryContextAttributes(
&g_hCtext,
SECPKG_ATTR_CONNECTION_INFO,
&ConnectionInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " QueryContextAttributes failed: 0x%08x\n", ss));
MyHandleError( __FUNCTION__ " Query context ");
switch(ConnectionInfo.dwProtocol)
case SP_PROT_TLS1_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: TLS1\n"));
break;
case SP_PROT_SSL3_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: SSL3\n"));
break;
case SP_PROT_PCT1_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: PCT\n"));
break;
case SP_PROT_SSL2_CLIENT:
LOGA ( ( __log_buf, SSPI_CLIENT " Protocol: SSL2\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Protocol: 0x%x\n", ConnectionInfo.dwProtocol));
switch(ConnectionInfo.aiCipher)
case CALG_RC4:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: RC4\n");)
break;
case CALG_3DES:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: Triple DES\n"));
break;
case CALG_RC2:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: RC2\n"));
break;
case CALG_DES:
case CALG_CYLINK_MEK:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: DES\n"));
break;
case CALG_SKIPJACK:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: Skipjack\n"));
break;
case CALG_AES_256:
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher: AES 256\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Cipher: 0x%x\n", ConnectionInfo.aiCipher));
LOGA ( ( __log_buf, SSPI_CLIENT " Cipher strength: %d\n", ConnectionInfo.dwCipherStrength));
switch(ConnectionInfo.aiHash)
case CALG_MD5:
LOGA ( ( __log_buf, SSPI_CLIENT " Hash: MD5\n"));
break;
case CALG_SHA:
LOGA ( ( __log_buf, SSPI_CLIENT " Hash: SHA\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Hash: 0x%x\n", ConnectionInfo.aiHash));
LOGA ( ( __log_buf, SSPI_CLIENT " Hash strength: %d\n", ConnectionInfo.dwHashStrength));
switch(ConnectionInfo.aiExch)
case CALG_RSA_KEYX:
case CALG_RSA_SIGN:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: RSA\n"));
break;
case CALG_KEA_KEYX:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: KEA\n"));
break;
case CALG_DH_EPHEM:
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange: DH Ephemeral\n"));
break;
default:
LOGA ( ( __log_buf, SSPI_CLIENT " Unknown Key exchange: 0x%x\n", ConnectionInfo.aiExch));
LOGA ( ( __log_buf, SSPI_CLIENT " Key exchange strength: %d\n", ConnectionInfo.dwExchStrength));
// Decrypt and display the message from the server.
if (!ReceiveBytes(
Client_Socket,
Data,
BIG_BUFF,
&cbRead))
MyHandleError( __FUNCTION__ " No response from server\n");
if (0 == cbRead)
MyHandleError(__FUNCTION__ " Zero bytes received.\n");
pMessage = (PCHAR) DecryptThis(
Data,
&cbRead,
&g_hCtext);
// Skip the header to get the decrypted message
pMessage += cbHeader;
ULONG cbMessage = cbRead-cbHeader-cbTrailer;
if ((cbMessage == strlen(TEST_MSG)) &&
!strncmp(pMessage, TEST_MSG, strlen(TEST_MSG)) )
LOGA ( ( __log_buf, SSPI_CLIENT " SUCCESS!! The message from the server is \n -> %.*s \n",
cbMessage, pMessage ))
else
LOGA ( ( __log_buf, SSPI_CLIENT " UNEXPECTED message from the server: \n -> %.*s \n",
cbMessage, pMessage ));
LOGA ( ( __log_buf, SSPI_CLIENT " rcvd msg size %u, exp size %u\n", cbMessage, strlen(TEST_MSG) ));
// Terminate socket and security package.
DeleteSecurityContext (&g_hCtext);
FreeCredentialHandle (&g_hCred);
shutdown (Client_Socket, 2);
closesocket (Client_Socket);
if (SOCKET_ERROR == WSACleanup ())
MyHandleError( __FUNCTION__ " Problem with socket cleanup ");
exit (EXIT_SUCCESS);
} // end main
// ConnectAuthSocket establishes an authenticated socket connection
// with a server and initializes needed security package resources.
BOOL ConnectAuthSocket (
SOCKET *s,
CredHandle *g_hCred,
PSecHandle phCtext,
char * pServer,
WCHAR * pCertName)
unsigned long ulAddress;
struct hostent *pHost;
SOCKADDR_IN sin;
// Lookup the server's address.
LOGA ( ( __log_buf, SSPI_CLIENT " entry.\n"));
ulAddress = inet_addr (pServer);
if (INADDR_NONE == ulAddress)
LOGA ( ( __log_buf, SSPI_CLIENT " calling gethostbyname with %s.\n", pServer ));
pHost = gethostbyname (pServer);
if (NULL == pHost)
MyHandleError(__FUNCTION__ " Unable to resolve host name ");
memcpy((char FAR *)&ulAddress, pHost->h_addr, pHost->h_length);
std::string ipAddrStr;
ipAddrStr = inet_ntoa( *(struct in_addr*)*pHost->h_addr_list);
LOGA ( ( __log_buf, __FUNCTION__ " gethostbyname - ipAddress %s, name %s.\n", ipAddrStr.c_str(), pHost->h_name ) );
// Create the socket.
*s = socket (
PF_INET,
SOCK_STREAM,
0);
if (INVALID_SOCKET == *s)
MyHandleError(__FUNCTION__ " Unable to create socket");
else
LOGA ( ( __log_buf, SSPI_CLIENT " Socket created.\n"));
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = ulAddress;
sin.sin_port = htons (g_usPort);
// Connect to the server.
if (connect (*s, (LPSOCKADDR) &sin, sizeof (sin)))
closesocket (*s);
MyHandleError( __FUNCTION__ " Connect failed ");
LOGA ( ( __log_buf, SSPI_CLIENT " Connection established.\n"));
// Authenticate the connection.
if (!DoAuthentication (*s, pCertName))
closesocket (*s);
MyHandleError( __FUNCTION__ " Authentication ");
LOGA ( ( __log_buf, SSPI_CLIENT " success.\n"));
return(TRUE);
} // end ConnectAuthSocket
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName)
BOOL fDone = FALSE;
DWORD cbOut = 0;
DWORD cbIn = 0;
PBYTE pInBuf;
PBYTE pOutBuf;
if(!(pInBuf = (PBYTE) malloc(MAXMESSAGE)))
MyHandleError( __FUNCTION__ " Memory allocation ");
if(!(pOutBuf = (PBYTE) malloc(MAXMESSAGE)))
MyHandleError( __FUNCTION__ " Memory allocation ");
cbOut = MAXMESSAGE;
LOGA ( ( __log_buf, SSPI_CLIENT " 1st message.\n"));
if (!GenClientContext (
NULL,
0,
pOutBuf,
&cbOut,
&fDone,
pCertName,
&g_hCred,
&g_hCtext
LOGA ( ( __log_buf, SSPI_CLIENT " GenClientContext failed\n"));
return(FALSE);
if (!SendMsg (s, pOutBuf, cbOut ))
MyHandleError(__FUNCTION__ " Send message failed ");
while (!fDone)
if (!ReceiveMsg (
s,
pInBuf,
MAXMESSAGE,
&cbIn))
MyHandleError( __FUNCTION__ " Receive message failed ");
cbOut = MAXMESSAGE;
LOGA ( ( __log_buf, SSPI_CLIENT " Message loop.\n"));
if (!GenClientContext (
pInBuf,
cbIn,
pOutBuf,
&cbOut,
&fDone,
pCertName,
&g_hCred,
&g_hCtext))
MyHandleError( __FUNCTION__ " GenClientContext failed");
if (!SendMsg (
s,
pOutBuf,
cbOut))
MyHandleError( __FUNCTION__ " Send message failed");
LOGA ( ( __log_buf, SSPI_CLIENT " fDone %s.\n", fDone ? "Yes" : "No" ));
if (NULL != pInBuf)
free(pInBuf);
pInBuf = NULL;
if (NULL != pOutBuf)
free(pOutBuf);
pOutBuf = NULL;
LOGA ( ( __log_buf, SSPI_CLIENT " exit.\n"));
return(TRUE);
BOOL GenClientContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
WCHAR *pCertName,
CredHandle *g_hCred,
struct _SecHandle *g_hCtext)
SECURITY_STATUS ss;
TimeStamp Lifetime;
SecBufferDesc OutBuffDesc;
SecBuffer OutSecBuff;
SecBufferDesc InBuffDesc;
SecBuffer InSecBuff[2];
ULONG ContextAttributes;
static TCHAR lpPackageName[1024];
if( NULL == pIn )
wcscpy_s(lpPackageName, 1024 * sizeof(TCHAR), UNISP_NAME );
ss = AcquireCredentialsHandle (
NULL,
lpPackageName,
SECPKG_CRED_OUTBOUND,
NULL,
NULL,
NULL,
NULL,
g_hCred,
&Lifetime);
if (!(SEC_SUCCESS (ss)))
MyHandleError( __FUNCTION__ " AcquireCreds failed ");
// Prepare the buffers.
OutBuffDesc.ulVersion = 0;
OutBuffDesc.cBuffers = 1;
OutBuffDesc.pBuffers = &OutSecBuff;
OutSecBuff.cbBuffer = *pcbOut;
OutSecBuff.BufferType = SECBUFFER_TOKEN;
OutSecBuff.pvBuffer = pOut;
// The input buffer is created only if a message has been received
// from the server.
if (pIn)
LOGA ( ( __log_buf, SSPI_CLIENT " Call InitializeSecurityContext with pIn supplied.\n"));
InBuffDesc.ulVersion = 0;
InBuffDesc.cBuffers = 1;
InBuffDesc.pBuffers = InSecBuff;
InSecBuff[0].cbBuffer = cbIn;
InSecBuff[0].BufferType = SECBUFFER_TOKEN;
InSecBuff[0].pvBuffer = pIn;
InSecBuff[1].pvBuffer = NULL;
InSecBuff[1].cbBuffer = 0;
InSecBuff[1].BufferType = SECBUFFER_EMPTY;
ss = InitializeSecurityContext (
g_hCred,
g_hCtext,
pCertName,
MessageAttribute,
0,
0,
&InBuffDesc,
0,
g_hCtext,
&OutBuffDesc,
&ContextAttributes,
&Lifetime);
else
LOGA ( ( __log_buf, SSPI_CLIENT " Call InitializeSecurityContext with NULL pIn.\n"));
ss = InitializeSecurityContext (
g_hCred,
NULL,
pCertName,
MessageAttribute,
0,
0,
NULL,
0,
g_hCtext,
&OutBuffDesc,
&ContextAttributes,
&Lifetime);
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_CLIENT " InitializeSecurityContext failed with error 0x%08x\n", ss));
MyHandleError ( __FUNCTION__ " InitializeSecurityContext failed " );
LOGA ( ( __log_buf, SSPI_CLIENT " InitializeSecurityContext returned 0x%08x\n", ss));
// If necessary, complete the token.
if ((SEC_I_COMPLETE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss))
ss = CompleteAuthToken (g_hCtext, &OutBuffDesc);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " complete failed: 0x%08x\n", ss));
return FALSE;
*pcbOut = OutSecBuff.cbBuffer;
*pfDone = !((SEC_I_CONTINUE_NEEDED == ss) ||
(SEC_I_COMPLETE_AND_CONTINUE == ss));
LOGA ( ( __log_buf, SSPI_CLIENT " Token buffer generated (%lu bytes):\n", OutSecBuff.cbBuffer));
PrintHexDump (OutSecBuff.cbBuffer, (PBYTE)OutSecBuff.pvBuffer);
return TRUE;
PBYTE DecryptThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[4];
ULONG ulQop = 0;
// By agreement, the server encrypted the message and set the size
// of the trailer block to be just what it needed. DecryptMessage
// needs the size of the trailer block.
// The size of the trailer is in the first DWORD of the
// message received.
LOGA ( ( __log_buf, SSPI_CLIENT " data before decryption including trailer (%lu bytes):\n",
*pcbMessage));
PrintHexDump (*pcbMessage, (PBYTE) pBuffer);
// Prepare the buffers to be passed to the DecryptMessage function.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 4;
BuffDesc.pBuffers = SecBuff;
SecBuff[0].cbBuffer = *pcbMessage;
SecBuff[0].BufferType = SECBUFFER_DATA;
SecBuff[0].pvBuffer = pBuffer;
SecBuff[1].cbBuffer = 0;
SecBuff[1].BufferType = SECBUFFER_EMPTY;
SecBuff[1].pvBuffer = NULL;
SecBuff[2].cbBuffer = 0;
SecBuff[2].BufferType = SECBUFFER_EMPTY;
SecBuff[2].pvBuffer = NULL;
SecBuff[3].cbBuffer = 0;
SecBuff[3].BufferType = SECBUFFER_EMPTY;
SecBuff[3].pvBuffer = NULL;
ss = DecryptMessage(
hCtxt,
&BuffDesc,
0,
&ulQop);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " DecryptMessage failed with error 0x%08x\n", ss))
else
LOGA ( ( __log_buf, SSPI_CLIENT " DecryptMessage success? Status: 0x%08x\n", ss));
// Return a pointer to the decrypted data. The trailer data
// is discarded.
return pBuffer;
PBYTE VerifyThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt,
ULONG cbMaxSignature)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[2];
ULONG ulQop = 0;
PBYTE pSigBuffer;
PBYTE pDataBuffer;
// The global cbMaxSignature is the size of the signature
// in the message received.
LOGA ( ( __log_buf, SSPI_CLIENT " data before verifying (including signature):\n"));
PrintHexDump (*pcbMessage, pBuffer);
// By agreement with the server,
// the signature is at the beginning of the message received,
// and the data that was signed comes after the signature.
pSigBuffer = pBuffer;
pDataBuffer = pBuffer + cbMaxSignature;
// The size of the message is reset to the size of the data only.
*pcbMessage = *pcbMessage - (cbMaxSignature);
// Prepare the buffers to be passed to the signature verification
// function.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 2;
BuffDesc.pBuffers = SecBuff;
SecBuff[0].cbBuffer = cbMaxSignature;
SecBuff[0].BufferType = SECBUFFER_TOKEN;
SecBuff[0].pvBuffer = pSigBuffer;
SecBuff[1].cbBuffer = *pcbMessage;
SecBuff[1].BufferType = SECBUFFER_DATA;
SecBuff[1].pvBuffer = pDataBuffer;
ss = VerifySignature(
hCtxt,
&BuffDesc,
0,
&ulQop
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_CLIENT " VerifyMessage failed with error 0x%08x\n", ss));
else
LOGA ( ( __log_buf, SSPI_CLIENT " Message was properly signed.\n"));
return pDataBuffer;
} // end VerifyThis
void PrintHexDump(
DWORD length,
PBYTE buffer)
DWORD i,count,index;
CHAR rgbDigits[]="0123456789abcdef";
CHAR rgbLine[100];
char cbLine;
for(index = 0; length;
length -= count, buffer += count, index += count)
count = (length > 16) ? 16:length;
sprintf_s(rgbLine, 100, "%4.4x ",index);
cbLine = 6;
for(i=0;i<count;i++)
rgbLine[cbLine++] = rgbDigits[buffer[i] >> 4];
rgbLine[cbLine++] = rgbDigits[buffer[i] & 0x0f];
if(i == 7)
rgbLine[cbLine++] = ':';
else
rgbLine[cbLine++] = ' ';
for(; i < 16; i++)
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
for(i = 0; i < count; i++)
if(buffer[i] < 32 || buffer[i] > 126)
rgbLine[cbLine++] = '.';
else
rgbLine[cbLine++] = buffer[i];
rgbLine[cbLine++] = 0;
LOGA ( ( __log_buf, SSPI_CLIENT " %s\n", rgbLine));
BOOL SendMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
if (0 == cbBuf)
return(TRUE);
// Send the size of the message.
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes\n", cbBuf ));
if (!SendBytes (s, (PBYTE)&cbBuf, sizeof (cbBuf)))
LOGA ( ( __log_buf, SSPI_CLIENT " size failed.\n" ) );
return(FALSE);
// Send the body of the message.
if (!SendBytes (
s,
pBuf,
cbBuf))
LOGA ( ( __log_buf, SSPI_CLIENT " body failed.\n" ) );
return(FALSE);
LOGA ( ( __log_buf, SSPI_CLIENT " success\n" ) );
return(TRUE);
BOOL ReceiveMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
DWORD cbRead;
DWORD cbData;
// Receive the number of bytes in the message.
LOGA ( ( __log_buf, SSPI_CLIENT " entry.\n" ));
if (!ReceiveBytes (
s,
(PBYTE)&cbData,
sizeof (cbData),
&cbRead))
return(FALSE);
if (sizeof (cbData) != cbRead)
LOGA ( ( __log_buf, SSPI_CLIENT " failed: size of cbData %lu, bytes %lu\n", sizeof (cbData), cbRead));
return(FALSE);
// Read the full message.
if (!ReceiveBytes (
s,
pBuf,
cbData,
&cbRead))
return(FALSE);
if (cbRead != cbData)
return(FALSE);
*pcbRead = cbRead;
return(TRUE);
} // end ReceiveMessage
BOOL SendBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
PBYTE pTemp = pBuf;
int cbSent;
int cbRemaining = cbBuf;
if (0 == cbBuf)
return(TRUE);
while (cbRemaining)
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes.\n", cbRemaining ));
cbSent = send (
s,
(const char *)pTemp,
cbRemaining,
0);
if (SOCKET_ERROR == cbSent)
LOGA ( ( __log_buf, SSPI_CLIENT " send failed: 0x%08.8X\n", GetLastError ()));
return FALSE;
pTemp += cbSent;
cbRemaining -= cbSent;
LOGA ( ( __log_buf, SSPI_CLIENT " success\n" ) );
return TRUE;
BOOL ReceiveBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
PBYTE pTemp = pBuf;
int cbRead, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_CLIENT " Entry: %lu bytes.\n", cbRemaining ));
while (cbRemaining)
cbRead = recv (
s,
(char *)pTemp,
cbRemaining,
0);
LOGA ( ( __log_buf, SSPI_CLIENT " %lu bytes remaining.\n", cbRemaining ));
if (0 == cbRead)
break;
if (SOCKET_ERROR == cbRead)
LOGA ( ( __log_buf, SSPI_CLIENT " recv failed: 0x%08.8X\n", GetLastError ()));
return FALSE;
cbRemaining -= cbRead;
pTemp += cbRead;
*pcbRead = cbBuf - cbRemaining;
LOGA ( ( __log_buf, SSPI_CLIENT " success.\n" ));
return TRUE;
} // end ReceiveBytes
void MyHandleError(char *s)
DWORD err = GetLastError();
if (err)
LOGA ( ( __log_buf, SSPI_CLIENT " %s error (0x%08.8X). Exiting.\n",s, err ))
else
LOGA ( ( __log_buf, SSPI_CLIENT " %s error (no error info). Exiting.\n",s ));
exit (EXIT_FAILURE);
Server.cpp
// This is a server-side SSPI Windows Sockets program.
#include "StdAfx.h"
#include <windows.h>
#include <winsock.h>
#include <stdio.h>
#include <stdlib.h>
#include "Sspiexample.h"
#include <iostream>
CredHandle g_hcred;
struct _SecHandle g_hctxt;
static PBYTE g_pInBuf = NULL;
static PBYTE g_pOutBuf = NULL;
static DWORD g_cbMaxMessage;
static TCHAR g_lpPackageName[1024];
BOOL AcceptAuthSocket (SOCKET *ServerSocket, std::string certThumb );
#define SSPI_SERVER "SChannelServer:" __FUNCTION__
void main (int argc, char * argv[])
CHAR pMessage[200];
DWORD cbMessage;
PBYTE pDataToClient = NULL;
DWORD cbDataToClient = 0;
PWCHAR pUserName = NULL;
DWORD cbUserName = 0;
SOCKET Server_Socket;
WSADATA wsaData;
SECURITY_STATUS ss;
PSecPkgInfo pkgInfo;
SecPkgContext_StreamSizes SecPkgSizes;
SecPkgContext_PackageInfo SecPkgPkgInfo;
ULONG cbMaxMessage;
ULONG cbHeader;
ULONG cbTrailer;
std::string certThumb;
// Create a certificate if no thumbprint is supplied. Otherwise, use the provided
// thumbprint to find the certificate.
if ( (argc > 1) && (strlen( argv[1]) > 0) )
certThumb.assign(argv[1]);
else
LOGA( ( __log_buf, SSPI_SERVER " : No certificate thumbprint supplied.\n") );
LOGA( ( __log_buf, SSPI_SERVER " : Press ENTER to create a certificate, or abort and start over with a thumbprint.\n") );
std::cin.get();
certThumb.clear();
Insert code to find or create X.509 certificate.
// Set the default package to SChannel.
wcscpy_s(g_lpPackageName, 1024 * sizeof(TCHAR), UNISP_NAME);
// Initialize the socket interface and the security package.
if( WSAStartup (0x0101, &wsaData))
LOGA ( ( __log_buf, SSPI_SERVER " Could not initialize winsock: \n") );
cleanup();
ss = QuerySecurityPackageInfo (
g_lpPackageName,
&pkgInfo);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " Could not query package info for %s, error 0x%08x\n",
g_lpPackageName, ss) );
cleanup();
g_cbMaxMessage = pkgInfo->cbMaxToken;
FreeContextBuffer(pkgInfo);
g_pInBuf = (PBYTE) malloc (g_cbMaxMessage);
g_pOutBuf = (PBYTE) malloc (g_cbMaxMessage);
if (NULL == g_pInBuf || NULL == g_pOutBuf)
LOGA ( ( __log_buf, SSPI_SERVER " Memory allocation error.\n"));
cleanup();
// Start looping for clients.
while(TRUE)
LOGA ( ( __log_buf, SSPI_SERVER " Waiting for client to connect...\n"));
// Make an authenticated connection with client.
if (!AcceptAuthSocket (&Server_Socket, certThumb ))
LOGA ( ( __log_buf, SSPI_SERVER " Could not authenticate the socket.\n"));
cleanup();
ss = QueryContextAttributes(
&g_hctxt,
SECPKG_ATTR_STREAM_SIZES,
&SecPkgSizes );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " failed: 0x%08x\n", ss));
exit(1);
// The following values are used for encryption and signing.
cbMaxMessage = SecPkgSizes.cbMaximumMessage;
cbHeader = SecPkgSizes.cbHeader;
cbTrailer = SecPkgSizes.cbTrailer;
LOGA ( ( __log_buf, SSPI_SERVER " cbHeader %u, cbMaxMessage %u, cbTrailer %u\n", cbHeader, cbMaxMessage, cbTrailer ));
ss = QueryContextAttributes(
&g_hctxt,
SECPKG_ATTR_PACKAGE_INFO,
&SecPkgPkgInfo );
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " failed: 0x%08x\n", ss));
exit(1);
else
LOGA ( ( __log_buf, SSPI_SERVER " Package Name: %ls\n", SecPkgPkgInfo.PackageInfo->Name));
// Free the allocated buffer.
FreeContextBuffer(SecPkgPkgInfo.PackageInfo);
// Send the client an encrypted message.
strcpy_s(pMessage, sizeof(pMessage),
TEST_MSG);
cbMessage = (DWORD)strlen(pMessage);
EncryptThis (
(PBYTE) pMessage,
cbMessage,
&pDataToClient,
&cbDataToClient,
cbHeader,
cbTrailer);
// Send the encrypted data to client.
if (!SendBytes(
Server_Socket,
pDataToClient,
cbDataToClient))
LOGA ( ( __log_buf, SSPI_SERVER " send message failed. \n"));
cleanup();
LOGA ( ( __log_buf, SSPI_SERVER " %d encrypted bytes sent. \n", cbDataToClient));
if (Server_Socket)
DeleteSecurityContext (&g_hctxt);
FreeCredentialHandle (&g_hcred);
shutdown (Server_Socket, 2) ;
closesocket (Server_Socket);
Server_Socket = 0;
if (pUserName)
free (pUserName);
pUserName = NULL;
cbUserName = 0;
if(pDataToClient)
free (pDataToClient);
pDataToClient = NULL;
cbDataToClient = 0;
} // end while loop
LOGA ( ( __log_buf, SSPI_SERVER " Server ran to completion without error.\n"));
cleanup();
} // end main
BOOL AcceptAuthSocket (SOCKET *ServerSocket, std::string certThumb )
SOCKET sockListen;
SOCKET sockClient;
SOCKADDR_IN sockIn;
// Create listening socket.
sockListen = socket (
PF_INET,
SOCK_STREAM,
0);
if (INVALID_SOCKET == sockListen)
LOGA ( ( __log_buf, SSPI_SERVER " Failed to create socket: %u\n", GetLastError ()));
return(FALSE);
// Bind to local port.
sockIn.sin_family = AF_INET;
sockIn.sin_addr.s_addr = 0;
sockIn.sin_port = htons(usPort);
if (SOCKET_ERROR == bind (
sockListen,
(LPSOCKADDR) &sockIn,
sizeof (sockIn)))
LOGA ( ( __log_buf, SSPI_SERVER " bind failed: %u\n", GetLastError ()));
return(FALSE);
// Listen for client.
if (SOCKET_ERROR == listen (sockListen, 1))
LOGA ( ( __log_buf, SSPI_SERVER " Listen failed: %u\n", GetLastError ()));
return(FALSE);
else
LOGA ( ( __log_buf, SSPI_SERVER " Listening ! \n"));
// Accept client.
sockClient = accept (
sockListen,
NULL,
NULL);
if (INVALID_SOCKET == sockClient)
LOGA ( ( __log_buf, SSPI_SERVER " accept failed: %u\n",GetLastError() ) );
return(FALSE);
closesocket (sockListen);
*ServerSocket = sockClient;
return(DoAuthentication (sockClient, certThumb ));
} // end AcceptAuthSocket
BOOL DoAuthentication (SOCKET AuthSocket, std::string certThumb )
SECURITY_STATUS ss;
DWORD cbIn, cbOut;
BOOL done = FALSE;
TimeStamp Lifetime;
BOOL fNewConversation;
fNewConversation = TRUE;
PCCERT_CONTEXT pCertCtxt;
Insert code to retrieve pCertCtxt
// Build SCHANNEL_CRED structure to hold CERT_CONTEXT for call to AcquireCredentialsHandle
SCHANNEL_CRED credSchannel = {0};
credSchannel.dwVersion = SCHANNEL_CRED_VERSION;
credSchannel.grbitEnabledProtocols = SP_PROT_SSL2_SERVER | SP_PROT_TLS1_SERVER;
credSchannel.cCreds = 1;
credSchannel.paCred = &pCertCtxt;
ss = AcquireCredentialsHandle (
NULL, //pszPrincipal
g_lpPackageName, //pszPackage
SECPKG_CRED_INBOUND, //fCredentialuse
NULL, //pvLogonID
&credSchannel, //pAuthData - need SCHANNEL_CRED structure that indicates the protocol to use and the settings for various customizable channel features.
NULL, //pGetKeyFn
NULL, //pvGetKeyArgument
&g_hcred, //phCredential
&Lifetime); //ptsExpiry
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_SERVER " AcquireCreds failed: 0x%08x\n", ss));
return(FALSE);
while(!done)
if (!ReceiveMsg (
AuthSocket,
g_pInBuf,
g_cbMaxMessage,
&cbIn))
return(FALSE);
cbOut = g_cbMaxMessage;
if (!GenServerContext (
g_pInBuf,
cbIn,
g_pOutBuf,
&cbOut,
&done,
fNewConversation))
LOGA ( ( __log_buf, SSPI_SERVER " GenServerContext failed.\n"));
return(FALSE);
fNewConversation = FALSE;
if (!SendMsg (
AuthSocket,
g_pOutBuf,
cbOut))
LOGA ( ( __log_buf, SSPI_SERVER " Send message failed.\n"));
return(FALSE);
return(TRUE);
} // end DoAuthentication
BOOL GenServerContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
BOOL fNewConversation)
SECURITY_STATUS ss;
TimeStamp Lifetime;
SecBufferDesc OutBuffDesc;
SecBuffer OutSecBuff;
SecBufferDesc InBuffDesc;
SecBuffer InSecBuff;
ULONG Attribs = 0;
// Prepare output buffers.
OutBuffDesc.ulVersion = 0;
OutBuffDesc.cBuffers = 1;
OutBuffDesc.pBuffers = &OutSecBuff;
OutSecBuff.cbBuffer = *pcbOut;
OutSecBuff.BufferType = SECBUFFER_TOKEN;
OutSecBuff.pvBuffer = pOut;
// Prepare input buffers.
InBuffDesc.ulVersion = 0;
InBuffDesc.cBuffers = 1;
InBuffDesc.pBuffers = &InSecBuff;
InSecBuff.cbBuffer = cbIn;
InSecBuff.BufferType = SECBUFFER_TOKEN;
InSecBuff.pvBuffer = pIn;
LOGA ( ( __log_buf, SSPI_SERVER " Token buffer received (%lu bytes):\n", InSecBuff.cbBuffer));
PrintHexDump (InSecBuff.cbBuffer, (PBYTE)InSecBuff.pvBuffer);
ss = AcceptSecurityContext (
&g_hcred,
fNewConversation ? NULL : &g_hctxt,
&InBuffDesc,
Attribs,
SECURITY_NATIVE_DREP,
&g_hctxt,
&OutBuffDesc,
&Attribs,
&Lifetime);
if (!SEC_SUCCESS (ss))
LOGA ( ( __log_buf, SSPI_SERVER " AcceptSecurityContext failed: 0x%08x\n", ss));
OutputDebugStringA( "." );
return FALSE;
// Complete token if applicable.
if ((SEC_I_COMPLETE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss))
ss = CompleteAuthToken (&g_hctxt, &OutBuffDesc);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " complete failed: 0x%08x\n", ss));
OutputDebugStringA( "." );
return FALSE;
*pcbOut = OutSecBuff.cbBuffer;
// fNewConversation equals FALSE.
LOGA ( ( __log_buf, SSPI_SERVER " Token buffer generated (%lu bytes):\n",
OutSecBuff.cbBuffer));
PrintHexDump (
OutSecBuff.cbBuffer,
(PBYTE)OutSecBuff.pvBuffer);
*pfDone = !((SEC_I_CONTINUE_NEEDED == ss)
|| (SEC_I_COMPLETE_AND_CONTINUE == ss));
LOGA ( ( __log_buf, SSPI_SERVER " AcceptSecurityContext result = 0x%08x\n", ss));
return TRUE;
} // end GenServerContext
BOOL EncryptThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
ULONG * pcbOutput,
ULONG cbHeader,
ULONG cbTrailer)
SECURITY_STATUS ss;
SecBufferDesc BuffDesc;
SecBuffer SecBuff[4];
ULONG ulQop = 0;
// The size of the trailer (signature + padding) block is
// determined from the global cbSecurityTrailer.
LOGA ( ( __log_buf, SSPI_SERVER " Data before encryption: %s\n", pMessage));
LOGA ( ( __log_buf, SSPI_SERVER " Length of data before encryption: %d \n",cbMessage));
// Prepare buffers.
BuffDesc.ulVersion = 0;
BuffDesc.cBuffers = 4;
BuffDesc.pBuffers = SecBuff;
PBYTE pHeader;
pHeader = (PBYTE) malloc (cbHeader);
SecBuff[0].cbBuffer = cbHeader;
SecBuff[0].BufferType = SECBUFFER_STREAM_HEADER;
SecBuff[0].pvBuffer = pHeader;
SecBuff[1].cbBuffer = cbMessage;
SecBuff[1].BufferType = SECBUFFER_DATA;
SecBuff[1].pvBuffer = pMessage;
PBYTE pTrailer;
pTrailer = (PBYTE) malloc (cbTrailer);
SecBuff[2].cbBuffer = cbTrailer;
SecBuff[2].BufferType = SECBUFFER_STREAM_TRAILER;
SecBuff[2].pvBuffer = pTrailer;
SecBuff[3].cbBuffer = 0;
SecBuff[3].BufferType = SECBUFFER_EMPTY;
SecBuff[3].pvBuffer = NULL;
ss = EncryptMessage(
&g_hctxt,
ulQop,
&BuffDesc,
0);
if (!SEC_SUCCESS(ss))
LOGA ( ( __log_buf, SSPI_SERVER " EncryptMessage failed: 0x%08x\n", ss));
return(FALSE);
else
LOGA ( ( __log_buf, SSPI_SERVER " The message has been encrypted. \n"));
// Allocate a buffer to hold the encrypted data constructed from the 3 buffers.
*pcbOutput = cbHeader + cbMessage + cbTrailer;
* ppOutput = (PBYTE) malloc (*pcbOutput);
memset (*ppOutput, 0, *pcbOutput);
memcpy (*ppOutput, pHeader, cbHeader);
memcpy (*ppOutput + cbHeader, pMessage, cbMessage);
memcpy (*ppOutput + cbHeader + cbMessage, pTrailer, cbTrailer);
LOGA ( ( __log_buf, SSPI_SERVER " data after encryption including trailer (%lu bytes):\n",
*pcbOutput));
PrintHexDump (*pcbOutput, *ppOutput);
return TRUE;
} // end EncryptThis
void PrintHexDump(DWORD length, PBYTE buffer)
DWORD i,count,index;
CHAR rgbDigits[]="0123456789abcdef";
CHAR rgbLine[100];
char cbLine;
for(index = 0; length;
length -= count, buffer += count, index += count)
count = (length > 16) ? 16:length;
sprintf_s(rgbLine, 100, "%4.4x ",index);
cbLine = 6;
for(i=0;i<count;i++)
rgbLine[cbLine++] = rgbDigits[buffer[i] >> 4];
rgbLine[cbLine++] = rgbDigits[buffer[i] & 0x0f];
if(i == 7)
rgbLine[cbLine++] = ':';
else
rgbLine[cbLine++] = ' ';
for(; i < 16; i++)
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
rgbLine[cbLine++] = ' ';
for(i = 0; i < count; i++)
if(buffer[i] < 32 || buffer[i] > 126)
rgbLine[cbLine++] = '.';
else
rgbLine[cbLine++] = buffer[i];
rgbLine[cbLine++] = 0;
LOGA ( ( __log_buf, SSPI_SERVER " %s\n", rgbLine));
} // end PrintHexDump
BOOL SendMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
if (0 == cbBuf)
return(TRUE);
// Send the size of the message.
if (!SendBytes (
s,
(PBYTE)&cbBuf,
sizeof (cbBuf)))
return(FALSE);
// Send the body of the message.
if (!SendBytes (
s,
pBuf,
cbBuf))
return(FALSE);
return(TRUE);
} // end SendMsg
BOOL ReceiveMsg (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
DWORD cbRead;
DWORD cbData;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
// Retrieve the number of bytes in the message.
if (!ReceiveBytes (
s,
(PBYTE)&cbData,
sizeof (cbData),
&cbRead))
LOGA ( ( __log_buf, SSPI_SERVER " ReceiveBytes failed retrieving byte count.\n", cbBuf ));
return(FALSE);
if (sizeof (cbData) != cbRead)
LOGA ( ( __log_buf, SSPI_SERVER " Error: buffer size (%lu) differs from reported size (%lu)\n", sizeof(cbData), cbRead ));
return(FALSE);
// Read the full message.
if (!ReceiveBytes (
s,
pBuf,
cbData,
&cbRead))
LOGA ( ( __log_buf, SSPI_SERVER " ReceiveBytes failed.\n", cbBuf ));
return(FALSE);
if (cbRead != cbData)
LOGA ( ( __log_buf, SSPI_SERVER " Error: buffer bytes (%lu) differs from reported bytes (%lu)\n", cbData, cbRead ));
return(FALSE);
*pcbRead = cbRead;
return(TRUE);
} // end ReceiveMsg
BOOL SendBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf)
PBYTE pTemp = pBuf;
int cbSent, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
if (0 == cbBuf)
return(TRUE);
while (cbRemaining)
cbSent = send (
s,
(const char *)pTemp,
cbRemaining,
0);
if (SOCKET_ERROR == cbSent)
LOGA ( ( __log_buf, SSPI_SERVER " send failed: %u\n", GetLastError ()));
return FALSE;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes sent\n", cbSent ));
pTemp += cbSent;
cbRemaining -= cbSent;
return TRUE;
} // end SendBytes
BOOL ReceiveBytes (
SOCKET s,
PBYTE pBuf,
DWORD cbBuf,
DWORD *pcbRead)
PBYTE pTemp = pBuf;
int cbRead, cbRemaining = cbBuf;
LOGA ( ( __log_buf, SSPI_SERVER " %lu bytes\n", cbBuf ));
while (cbRemaining)
cbRead = recv (
s,
(char *)pTemp,
cbRemaining,
0);
if (0 == cbRead)
break;
if (SOCKET_ERROR == cbRead)
LOGA ( ( __log_buf, SSPI_SERVER " recv failed: %u\n", GetLastError () ) );
return FALSE;
cbRemaining -= cbRead;
pTemp += cbRead;
*pcbRead = cbBuf - cbRemaining;
return TRUE;
} // end ReceivesBytes
void cleanup()
if (g_pInBuf)
free (g_pInBuf);
g_pInBuf = NULL;
if (g_pOutBuf)
free (g_pOutBuf);
g_pOutBuf = NULL;
WSACleanup ();
exit(0);
SspiExample.h
// SspiExample.h
#include <schnlsp.h>
#include <sspi.h>
#include <windows.h>
#include <string>
BOOL SendMsg (SOCKET s, PBYTE pBuf, DWORD cbBuf);
BOOL ReceiveMsg (SOCKET s, PBYTE pBuf, DWORD cbBuf, DWORD *pcbRead);
BOOL SendBytes (SOCKET s, PBYTE pBuf, DWORD cbBuf);
BOOL ReceiveBytes (SOCKET s, PBYTE pBuf, DWORD cbBuf, DWORD *pcbRead);
void cleanup();
BOOL GenClientContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
WCHAR *pCertName,
CredHandle *hCred,
PSecHandle phCtext
BOOL GenServerContext (
BYTE *pIn,
DWORD cbIn,
BYTE *pOut,
DWORD *pcbOut,
BOOL *pfDone,
BOOL fNewCredential
BOOL EncryptThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
LPDWORD pcbOutput,
ULONG cbHeader,
ULONG cbTrailer
PBYTE DecryptThis(
PBYTE achData,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt
BOOL
SignThis (
PBYTE pMessage,
ULONG cbMessage,
BYTE ** ppOutput,
LPDWORD pcbOutput
PBYTE VerifyThis(
PBYTE pBuffer,
LPDWORD pcbMessage,
struct _SecHandle *hCtxt,
ULONG cbMaxSignature
void PrintHexDump(DWORD length, PBYTE buffer);
BOOL ConnectAuthSocket (
SOCKET *s,
CredHandle *hCred,
PSecHandle phCtext,
char * pServer,
WCHAR * pCertName
BOOL CloseAuthSocket (SOCKET s);
BOOL DoAuthentication (SOCKET s, WCHAR * pCertName );
BOOL DoAuthentication (SOCKET s, std::string certThumb );
void MyHandleError(char *s);
#define DBG_SIZE 1024
int OutputDebug( char buff[DBG_SIZE] )
int retval;
char debugstring[DBG_SIZE+32];
retval = _snprintf_s( debugstring, DBG_SIZE+32, _TRUNCATE, " %s", buff );
OutputDebugStringA( debugstring );
return retval;
int DbgBufCopy( char *buff, const char *format, ...)
int iLen;
va_list args;
/// Call va_start to start the variable list
va_start(args, format);
/// Call _vsnprintf_s to copy debug information to the buffer
iLen = _vsnprintf_s(buff, DBG_SIZE, _TRUNCATE, format, args);
/// Call va_end to end the variable list
va_end(args);
return iLen;
#define LOGA(_format_and_args_)\
{ char __log_buf[DBG_SIZE];\
DbgBufCopy _format_and_args_;\
printf("%s", __log_buf );\
OutputDebug(__log_buf);\
#define TEST_MSG "This is your server speaking"
My initial attempt built an SCHANNEL_CRED structure following the documentation to set
grbitEnabledProtocols to 0, and let SChannel select the protocol. This worked on Windows 7, selecting TLS1. When I ran the same exe-s on 2008 R2, the Client program failed, with InitializeSecurityContext returning SEC_E_DECRYPT_FAILURE.
The failure occurred on the 2nd call, using phNewContext returned on the first call.
My next attempt set grbitEnabledProtocols to SP_PROT_TLS1_SERVER. This also worked on Win 7, but 2008R2 failed again, this time on the Server side. AcceptSecurityContext failed, returning SEC_E_ALGORITHM_MISMATCH.
TLS is a requirement for my project, but to try getting the sample to run, I next set grbitEnabledProtocols to SP_PROT_SSL2_SERVER. This did work for 2008R2, selecting SSL2, but now the Server failed on Win7 with AcceptSecurityContext returning
SEC_E_ALGORITHM_MISMATCH.
My final try was to set grbitEnabledProtocols to SP_PROT_TLS1_SERVER | SP_PROT_SSL2_SERVER, but that failed identically to the first case, with the Client on 2008R2 returning SEC_E_DECRYPT_FAILURE.
So my question is - What is required to get SChannel to select TLS regardless of the Windows version on which the programs are running?Thank you for the reference. That did provide the information I needed to get TLS working. However, the documentation is not accurate with regard to setting the registry keys and values.
The tables all show DisabledByDefault as a subkey under the protocol. They also describe a DWORD value, Enabled, as the mechanism to enable/disable a protocol.
What I found is DisabledByDefault is a DWORD value under Client/Server and it appears to be the determining factor to whether a protocol is enabled/disabled.
The only way I was able to get TLS 1.1 working is with the following path present:
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client
Under Client, I must have DisabledByDefault set to 0. With that, the Enabled value does not need to be present.
This held true for any level of TLS.
I also found the setting of grbitEnabledProtocols in the SCHANNEL_CRED structure to be misleading. From the description at
https://msdn.microsoft.com/en-us/library/windows/desktop/aa379810(v=vs.85).aspx, I thought my Server program could set this field to 0, and SChannel would select the protocol as directed by the registry. What I found is that the structure flag must
agree with the registry setting for TLS to work. That is with the resgistry key above for TLS 1.1, I must set grbitEnabledProtocols to SP_PROT_TLS1_1.
Can you confirm the relationship between the SCHANNEL_CRED contents and registry state? -
How to get Thunderbolt Display recognized in Windows 8.1 through boot camp 2013 iMac
Ok so I have got the run-around quite a few times trying to figure this enigma out. I recently upgraded to the Haswell 2013 iMac from my 2011 iMac. I had been using my thunderbolt display with my "old" iMac and I was running Windows 8.1 through bootcamp. My display worked wonderfully and I had no issues. I just upgraded from windows 8 to windows 8.1, I had no idea that boot camp "does not support windows 8.1."
When I got my new machine I migrated my entire operating system from the old computer to the new (which was way way way harder than I had anticipated). Now it seems that almost everything works besides the thunderbolt monitor, which is not even detected. The monitor works when running OS X, but not when running Windows 8.1.
I just wondered if anyone had already had and fixed this issue, or if it is just a waiting game unitl the new boot camp support drivers for windows 8.1 come out.
Also if anyone could explain why it worked on my old machine and not my new one I would appreciate it, I have some ideas as to why but I would appreciate any input.
Thank you!
-ArthurFIXED!
Well I just went to the NVIDIA website, downloaded the latest driver for the graphics card, installed it, and now Both monitors work.
Seems like a no brainer,but just in case this issue is a problem for other users I hope that this was helpful.
P.S. Windows 8.1 may not be supported by boot camp yet, but the boot camp driver package for windows 8 along with the graphics card driver I downloaded made my computer work better than I expected!
Maybe you are looking for
-
Have an ipod shuffle (about 3-4yrs old)- is it possible that it will no longer hold a charge? When I put in on my PC the yellow light flashes. I took it to an Apple repair store on Monday and the gentleman there charged it for me...and it fully charg
-
Connect to another SQL server from SAP
Hi All, I want to connect SAP to another SQL server. Basically each day I need to take data from 2 tables in SAP tables to another sql server. I want this to be automated via a program in SAP. Please suggest me some methods to achieve this. I have se
-
EPMA Windows Services not starting
Before you all jump on me, I've read almost all of the threads and documentation concerning this issue that are out there. I've checked the databases and they are configured appropriately, I've checked the IPv6 settings and they are ok. this EPMA ins
-
To reduce execution time of CJ30,CJ32,CJ36,CJ35,CJ40
Dear experts, We are having about 500 WBS under one Project definition , when ever we try to allot budget in CJ30, Release budget in CJ32, give supplement , withdraw amount from any of the WBS it takes lot of time ( around 2-3 hrs for each ). please
-
Multiple pages per sheet not working
Help! I'm unable to print multiple pages per sheet in Adobe Reader X (version 10.1.3). It doesn't seem to matter what printer I select but only one image shows in the preview screen. I tried repairing the software but to no avail Screenshot image att