Free Downloads, Community Forum,
FAQs and Developer Resources


Make /Tools Your Home | Link to us

Today's posts | Posts since last visit | Most Active Topics

All Forums Register Login Search Subscriptions My Profile Inbox
Tool Warehouse FAQs Resources Help Member List Address Book Logout

Problems using signcode and user profiles.

 
Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [SFU / Interix / SUA Technology] >> Windows Server 2003 R2 SUA >> Problems using signcode and user profiles. Page: [1]
Login
Message << Older Topic   Newer Topic >>
Problems using signcode and user profiles. - Jun. 14, '06, 12:52:04 AM   
bdavison

 

Posts: 15
Joined: May 18, '06,
Status: offline
Hi,

I have a problem using signcode.exe and signtool.exe from an RSH connection.
I can run the following command from the console fine.
signcode.exe -spc C:\Data\mycredentials.spc -v C:\Data\myprivatekey.pvk C:\Data\CEAWord.dll -tw 10 -tr 2 -t http://timestamp.verisign.com/scripts/timstamp.dll

When I try and run it from and RSH connection however I get the following error.
Error: Unable to open a CSP provider with the correct private key
Error: Signing Failed.  Result = 80092006, (-2146885626)

If I just run
signcode.exe /?
it runs fine. which indicates to me that the problem is not related to file handle problems as I have earlier thought.

If I try to run
signcode.exe C:\Data\CEAWord.dll

I get the following error.
Error: There is no valid certificate in the my cert store
Error: Signing Failed.  Result = 8009200c, (-2146885620)

This should work because I've imported the certificates into the "My Certs" store.

The same sorts of errors come up with signtool.
Google fined heaps of related problems but only one is the same but there is no solution posted.

So it seems to me that the program is failing becaue the RSH connection is not "really" running as the user as it doesn't have the users profile???

Is there any way to run an RSH command in a users profile?
Is there another solution to this problem?

Thanks,
Bernie.
Post #: 1
RE: Problems using signcode and user profiles. - Jun. 19, '06, 3:24:26 AM   
bdavison

 

Posts: 15
Joined: May 18, '06,
Status: offline
Does anyone have any ideas of how to fix this problem?
It's a critical issue for me.

Thanks,
Bernie.

(in reply to bdavison)
Post #: 2
RE: Problems using signcode and user profiles. - Jun. 19, '06, 1:40:13 PM   
Rodney

 

Posts: 3695
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
You can switch the Interix rsh daemon off (in /etc/inetd.conf) and
then activate the Win32 RshSvc instead. The RshSvc is part of SFU 3.5.
The general rule is if you are going to do primarily Win32 things then
use the Win32 RshSvc (daemon); if you are primarily doing Unix things
then use rshd (via inetd).

(in reply to bdavison)
Post #: 3
RE: Problems using signcode and user profiles. - Jun. 19, '06, 8:04:39 PM   
bdavison

 

Posts: 15
Joined: May 18, '06,
Status: offline
Okay, sounds like a plan but RshSvc is not provided with R2 or SUA?
Should I just install 3.5 over top of SUA to get the required service?

Thanks,
Bernie.

(in reply to Rodney)
Post #: 4
RE: Problems using signcode and user profiles. - Jun. 19, '06, 11:04:04 PM   
Rodney

 

Posts: 3695
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
Right, RshSvc isn't with R2 (or thereafter). I didn't know it is R2 you are on.

I know that the Interix with 3.5 won't run on R2 (due to kernel changes).
I don't know about RshSvc though installing on R2. I've not looked at trying
to see if it can be installed alone fromn the SFU CD.

(in reply to bdavison)
Post #: 5
RE: Problems using signcode and user profiles. - Jun. 19, '06, 11:14:11 PM   
bdavison

 

Posts: 15
Joined: May 18, '06,
Status: offline
Sorry about not specifying which version I was using. I just figured that since this was posted in the "Windows Server 2003 R2 SUA" forum that would be obvious.

In the install of SFU 3.5 you can select the Remote Connection only but I'm not sure how much this installs.

Further assistance would be greatly appreciated.
I've used the other service with an Windows 2003 SP1 server with just SFU 3.5 installed and it worked fine.

Since it wasn't provided in R2 I used the service that was provided.
Problem is that it doesn't work properly.
As can be seen from this issue.

Thanks,
Bernie.

(in reply to Rodney)
Post #: 6
RE: Problems using signcode and user profiles. - Jun. 20, '06, 12:51:07 AM   
Rodney

 

Posts: 3695
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
> Sorry about not specifying which version I was using. I just figured that since this was posted in the "Windows Server 2003 R2 SUA" forum that would be obvious.

ah, right.

> Since it wasn't provided in R2 I used the service that was provided.

That's fine.

> Problem is that it doesn't work properly.

Actually that isn't correct. Rshd is provided for it's Unix-ness first and foremost.
From that point on any Win32 program is being started from a Unix environment, not a Win32
environment. There are shared points of information (such as PATH). But not all information.
It's very likely that you can get the Win32 program to happen, but your going to have to delve
into the Win32 environment and pick out what's needed and apply it yourself.
Start by looking at the environment variables. This usually covers most cases. Particularly
if you remember that Win32 programs will want Win32 path syntax. Only PATH gets automatically
converted for the transition from the Unix environment to the Win32 environment.

(in reply to bdavison)
Post #: 7
RE: Problems using signcode and user profiles. - Jun. 20, '06, 2:05:29 AM   
bdavison

 

Posts: 15
Joined: May 18, '06,
Status: offline
Hi Rodney,

Your explanation seems a reasonable synopsis however it neglects that the issue is to do with authentication of processes using the Interix RSHD.
If the other service is no longer provided one can only assume that the provided service that is provided now meets any deficiencies that the earlier version had.
It would appear that this is not the case from the issue experienced.

Do you know of any work-around?
The environment seems a reasonable place to look and will investigate that but if the cause truly is authentication I'd think that having authentication information in environment variables would be a major security flaw in Windows. Surely this isn't the case?

Thanks,
Bernie.

(in reply to Rodney)
Post #: 8
RE: Problems using signcode and user profiles. - Jun. 20, '06, 5:04:42 AM   
Rodney

 

Posts: 3695
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
Try running "regpwd" for the target user.
This will register the user's password which will construct a different security token.
Then try it.

I hadn't been looking at it as an authentication issue. I'd been looking at it as a
"the program isn't running right" issue (which is the problem 99% of the time).

(in reply to bdavison)
Post #: 9
RE: Problems using signcode and user profiles. - Jun. 20, '06, 9:32:33 PM   
bdavison

 

Posts: 15
Joined: May 18, '06,
Status: offline
Thanks for that Rodney,
Have tried that with no success unfortunately.

Any other ideas?

(in reply to Rodney)
Post #: 10
RE: Problems using signcode and user profiles. - Jun. 21, '06, 2:35:00 PM   
Rodney

 

Posts: 3695
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline
Well, it's not an authentication issue as viewed by the security system then.
That information is identical on a per process basis. The rights and privileges
for each process for a particular user is the same. That leaves it to being
something at the per subsystem or per application level. Since Win32 is rather
"thin" on much of this (i.e. it mostly just passes things along to the kernel)
it has to be at the per application level -- which includes envronmental settings.
The registry information is the same and permission access to files is also the
same since it goes through the same security system.

Your error message of:
> Error: There is no valid certificate in the my cert store

Indicates to me (since you wrote you had placed the certs) that the app is
looking at another location. It's likely looking at a default location because
it's not finding "something" to tell it otherwise.
Dump out all of the environment variables for when it works and doesn't work.
Then compare the two sets and review the delta.

(in reply to bdavison)
Post #: 11
RE: Problems using signcode and user profiles. - Jun. 21, '06, 10:05:29 PM   
bdavison

 

Posts: 15
Joined: May 18, '06,
Status: offline
Okay, my bad.
It turns out that the environment variable SYSTEMDRIVE=C: is required by sign code.
I should have followed your directions more thoroughly earlier on.

Thanks for your help Rodney, much appreciated.
Bernie.

(in reply to Rodney)
Post #: 12
Page:   [1]
All Forums >> [SFU / Interix / SUA Technology] >> Windows Server 2003 R2 SUA >> Problems using signcode and user profiles. Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Search All Forums -

Advanced search


SPONSORS



Forum Software © ASPPlayground.NET Advanced Edition 2.5 ANSI

0.047