Sorry for my question if it's obvious but I came from developing in the embedded world.
I m trying to develop a simple windows application in c/c++ to authenticate through KDC using either GSSAPI or Kerberos API directly. The assumption is the KDC and the server components are already in place. I think I understand how the whole process of authentication through Kerberos works between client, server and the KDC.
The problem is I don't know where to start to start using the GSSAPI or Kerberos API. I m using window 8 with visual studio 2013. Does windows SDK already pre-package with GSSAPI/Kerberos V5 API(maybe SSPI) for developer to start calling? I read on the web that application would need to go through SSPI to access the Kerberos API. Is that true? Seems like I can also download the Kerberos V5 SDK from MIT website but getting it to compile in windows is not simple.
I guess my question is what do I need to get start? I am struggling to see how all these different pieces fit together. Anyone who went through what I m going through or who can help is much appreciated.
Thanks
I came across the same problem and saw this Q unanswered if someone hasn't had much experience in this domain then it might makes sense to look at the following:
A basic client-server implemented using SSPI/GSS with detailed steps
on how to setup stuff.
The corresponding MSDN documentation to
wrap your head around the same piece of code.
A better description of how to map SSPI API's to GSS API's.
On *nix you mostly have to rely on GSSAPI, they are popular hopefully there will be a port for your environment.
Related
I need some guides or keywords I can use for my additional research.
Assume there are client and server apps written in C++. There is a possibility to pass blobs from client to server and vise versa. On windows, we can introduce Kerberos utilization, generating, processing such blobs, accepting it, impersonating threads, etc. There are some examples on msdn. It's not so simple, but I've managed to make it work.
But what if my client runs on linux machine? The simplest and unsecured way of authentication is to pass username/domain/password of user in raw format via blobs. But if I want to use Kerberos? So, the questions are:
What preconditions do I need to have on client linux machine? My first thoughts were about some kind of samba/winbind things installed there. I heard samba authenticates to windows AD via Kerberos.
Is there any good examples of performing Kerberos handshake on linux? I know there are some examples on MIT website. Should I use these ones? I guess it's not so easy to make it work in a right way and test it (actually I KNOW it from my windows experience).
The API you should investigate is GSSAPI. If the windows server application uses SSPI ( the windows version of GSSAPI ) then you should be able to write an interoperable client using GSSAPI. It really depends on exactly how the windows server uses SSPI though. See MSDN SSPI for some details.
The MIT kerberos libraries are available with most linux distributions and have all the libraries you need to do GSSAPI with kerberos.
GSSAPI is a library for wrapping data, you still need to implement the resulting protocol exchange. Depending on exactly how the windows server is written this may be quite complex.
It is possible to use Active Directory as your KDC for writing linux client/server kerberos applications. Looking at the Linux Samba code should
help you understand some of the issues involved in writing a linux client
for windows based services.
I have a problem, and I know there are many ways to solve it. I hope you can help me chose the fittest.
I am developping an application mainly using Matlab, and I try to gradually shift some of its functionalities to c++. I develop on windows, for windows.
I am quite experienced in these two programming languages, but I know nothing of web development.
I want to add some functionalities to this application that will use some webservices hosted on a server protected by ssl.
I am alone on this project, but I can spend some time learning new stuff if need be.
I would like to know what tools you think I should better use for this task ?
So far, I have tried and failed the following approach :
calling the webservice directly from Matlab. I have added the self-signed ssl certificate to every truststore I could find on my computer, but I keep getting an error telling me that the certificate is not valid.
calling the webservice using gSoap and c++. For this, I need to rebuild the gSoap binaries with ssl capabilities. I tried too do so using visual studio and mingw/gcc but did not succeed, and I could not find any help online.
I have the feeling after a few hours/days browsing and looking for solution that the tools I try to use are not the most used and therefore not the best documented (and therefore not the best suited for a rookie), so what is your advice?
I think using gSoap from your C++ modules would be the best choice.
Information about using gSoap with SSL as client is available here: Secure SOAP Clients with HTTPS/SSL
A link about using gSoap for building a VS Application: Creating a gSoap eBay Client Application with Visual C++ 2008
May be this helps for using gSoap with MinGW: Using gSoap in Qt/Windows
What API is available to use Facebook from C or C++, and is there a library to do the grunt work for me? (So that you for instance can use Facebook from a desktop program written in C++.)
Thanks sehe.
Yes you are able to develop Facebook application using C/C++.
Here's a good API http://projects.seligstein.com/facebook/
You can develop a Facebook Application in whatever language you want, as long as you can ask for data over the network. The API does not care what language you are using to query it. The SDKs are only there as a starting point for languages that are commonly used to write applications, such as JavaScript and PHP.
EDIT:
I know the question has already been "answered", but since the asker changed their question, here is information about repositories on github which may serve as starting points for modern Open Graph API C++ applications. All of these are open source :)
https://github.com/search?type=Repositories&language=C%2B%2B&q=facebook&repo=&langOverride=&x=14&y=20&start_value=1
sure you can my facebook Graph mobile app is developed using Qt c++
I am looking for any information on the Microsoft TFS Web Services. First I know accessing the Microsoft TFS Web Services directly is not supported and Microsoft provides no documentation for doing this. Therefore I am not expecting any Microsoft support or assistance here.
I know all about the .Net API available for TFS which only works on Microsoft Operating Systems. I have used these many times on Windows, however I need to do non-Windows work to access TFS, I cannot use .Net and I cannot use a Proxy (or "shim") to be installed on a Windows computer to provide Web Services for the .Net API.
I know Teamprise reversed engineered the web services and they successfully used this knowledge to make a very good cross platform Team Explorer and command line implementation in Java to access TFS. So good in fact they were purchased by Microsoft and the product rebranded and rereleased as Microsoft Visual Studio Team Explorer Everywhere.
I have also tested the .Net API against Mono on several non-windows platforms and they are not compatible. The initial NTLMv2 authentication is using calls not supported by Mono. They appear to be, understandably, making Win32 specific calls for NTLMv2 support.
Therefore before I go to the trouble of reverse engineering them for myself, and dealing with NTLMv2 to do it. I am hoping that there is some hidden or buried information on the web that someone may have documented some portion of the web services for TFS from 2005, 2008 and/or 2010.
Please no comments or posts about how this is not recommended or supported by Microsoft, that I should find a way to use the .Net API, or suggesting the Proxy/Shim is the best solution. I am fully aware of the Microsoft's official stance on this, and what the supported workarounds would be.
I'm not aware of any documentation for the TFS web services, but I can share some tips on calling them.
The NTLM authentication you mention is really a separate layer: you must authenticate to IIS before it lets you call TFS web services. I'm not aware of any Open Source software that will do NTLM auth for you, but TFS 2010 makes it easy to enable "Negotiate" authentication (SPNEGO on Wikipedia, Authentication by using Kerberos Ticket on MSDN). Negotiate supports both NTLM and Kerberos subsystems, and there may be some existing software you can use to drive it using the system's Kerberos libraries (I think curl does it). If you had to build it yourself, it would probably be easier to go the Negotiate-with-Kerberos route.
Once you're authenticated, you can start calling services. Start by pulling down the WSDL for each service (stick a "?wsdl" suffix on each endpoint URI). Hop over to where TFS is installed and explore the web application directory for endpoints. There are several versions of some endpoints for back compat with TFS 2005 and 2008, but usually new versions are not redundant (they add new stuff). You might have a favorite SOAP client library already (there are many for Java), but I can't really recommend any because we wrote our own at Teamprise.
Services like version control, build, and common structure are easy to discover via WSDL. Most the operations have obvious names, but the complex type fields are often super-abbreviated. The best way to figure which methods to call when is to watch the VS TFS client or TEE with Fiddler or Wireshark or some other HTTP inspection program. TFS VC does do things like file uploads/downloads outside the web services (watch a network trace to see the multi-part MIME upload process and be sure you're sending the right values if you implement this).
A note of caution on the work item tracking web service: this one is going to be extremely hard to master. The WIT design involves the client pre-querying the server for large amounts of schema-less metadata, which is saved on the client (but refreshed incrementally as more web service calls are made). This metadata drives all the client side behavior about work items (what fields are in a work item type, the type of a field, which values are allowed in fields, the rules that run when they change, etc.) and it will take a long time and serious study to build the client behavior to bring a work item to life. Once you have a work item, sending it to the server for update via web services is easy.
It's a lot of work, but it's possible to do incrementally, for example, if you only need some VC features. The TEE team is working on making access from other platforms easier. Please contact Martin Woodward (martin.woodward#microsoft.com) if you have any questions or suggestions in this area.
There is a Java version of the TFS SDK that will run on Linux, Mac, and Windows. It is the SDK that Teamprise uses.
http://blogs.msdn.com/b/bharry/archive/2011/05/16/announcing-a-java-sdk-for-tfs.aspx
Coding directly against the TFS webservices is not supported (even though people have done it). MSFT could break the interface without letting you know in a service pack or other hotfix. Sometimes there aren't other options, but if the Java SDK works for you, I'd try to use that first.
There is good documentation now: https://www.visualstudio.com/integrate/get-started/rest/basics
In the place I work there are some software written in C# and some written in C++ (the most important ones). Some time ago we decided it would be a good idea to track any possible problem in the software, by sending stack trace and exception information over a web service. So I came with a WCF Service, that gets the information and store them on a database and send an automatic e-mail. It worked, we had to secure it through password, it's done, but now I want our other software, the one written in C++, to use this webservice (this software is used both on windows and linux, so we can't just make a call to another software in the user machine).
I've googled about it, and found this tutorial on how to use gSOAP, which so far didn't help me very much (lots of errors, it is not very detailed, and the web.config file is impossible to read). I was wondering if is there any other way to achieve this. In adition, since I'm using authentication on my webservice, it now has a wsHttpBinding (which AFAIK isn't supported by gSOAP).
Can you guys help me out?
Since your WCF service is in C# with .NET, and the only issue is getting the C++ application to be able to talk to it, one way is to follow the advice in REST / SOAP Endpoints for a WCF service and related articles.
Your C# programs continue to have the full SOAP access to your service.
Your C++ programs could do something like this for REST access:
"Browse" to the HTTP GET URL for the service command you wanted.
Then toss (or parse and use) whatever response came back.
It is a pretty minimal change to your WCF service to offer both SOAP and REST.
The REST ability opens your service to JavaScript as well as C++ clients.
You may need to restrict the interface to simple data, or class objects that are easy to parse in C++.
Will the machines running the C++ applications have the .NET Framework installed?
Check out: Create WCF service for unmanaged C++ clients