Essential COM
, CoInitializeSecurity, , . , , . : , . , , .
, IClientSecurity:
[local, object, uuid(0000013D-0000-0000-C000-000000000046)] interface IClientSecurity : IUnknown { // get security settings for interface proxy pProxy // pProxy HRESULT* QueryBlanket([in] IUnknown *pProxy, [out] DWORD *pAuthnSvc, [out] DWORD *pAuthzSvc, [out] OLECHAR **pServerPrincName, [out] DWORD *pAuthnLevel, [out] DWORD *pImpLevel, [out] void **pAuthInfo, [out] DWORD *pCapabilities ); // change security settings for interface proxy pProxy // pProxy HRESULT SetBlanket([in] IUnknown *pProxy, [in] DWORD AuthnSvc, [in] DWORD AuthzSvc, [in] OLECHAR *pServerPrincName, [in] DWORD AuthnLevel, [in] DWORD ImpLevel, [in] void *pAuthInfo, [in] DWORD Capabilities ); // duplicate an interface proxy // HRESULT CopyProxy([in] IUnknown *pProxy, [out] IUnknown **ppCopy ); } , SetBlanket QueryBlanket SOLE_AUTHENTICATION_SERVICE. Windows NT 4.0 RPC_C_AUTHN_WINNT, RPC_C_AUTHN_NONE .
. 6.1, . IClientSecurity::SetBlanket .
IClientSecurity::QueryBlanket . , , . IClientSecurity:: . , QueryInterface . , QueryInterface; .
IClientSecurity::SetBlanket IClientSecurity::QueryBlanket CoInitializeSecurity . (pAuthInfo) . . NTLM COAUTHIDENTITY:
typedef struct _COAUTHIDENTITY { OLECHAR *User; // user account name // ULONG UserLength; // wcslen(User) // OLECHAR *Domain; // Domain/Machine name // / ULONG DomainLength; // wcslen(Domain) // OLECHAR *Password; // cleartext password // ULONG PasswordLength; // wcslen(Password) // ULONG Flags; // must be SEC_WINNT_AUTH_IDENTITY_UNICODE // SEC_WINNT_AUTH_IDENTITY_UNICODE } COAUTHIDENTITY; COM , , 1. COAUTHIDENTITY , 2.
IClientSecurity::SetBlanket . :
HRESULT Encrypt(IApe *pApe) { IClientSecurity *pcs = 0; // ask proxy manager for IClientSecurity interface // IClientSecurity HRESULT hr = pApe->QueryInterface(IID_IClientSecurity, (void**)&pcs); if (SUCCEEDED(hr)) { hr = pcs->SetBlanket(pApe, RPC_C_AUTHN_WINNT, RPC_C_AUTHZ_NONE, 0, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_IMP_LEVEL_IDENTIFY, 0, EOAC_NONE); pcs->Release(); } return hr; } . :
HRESULT DupeAndEncrypt(IApe *pApe, IApe * &rpSecretApe) { rpSecretApe = 0; IClientSecurity *pcs = 0; // ask proxy manager for IClientSecurity interface // IClientSecurity HRESULT hr = pApe->QueryInterface(IID_IClientSecurity, (void**)&pcs); if (SUCCEEDED(hr)) { hr = pcs->CopyProxy(pApe, (IUnknown**)&rpSecretApe); if (SUCCEEDED(hr)) hr = pcs->SetBlanket (rpSecretApe, RPC_AUUTHN_WINNT, RPC_C_AUTHZ_NONE, 0, RPC_ _AUTHN_LEVEL_PKT_PRIVACY, RPC_C_IMP_LEVEL_IDENTIFY, 0, EOAC_NONE); pcs->Release(); } return hr; } COM API IClientSecurity, QueryInterface IClientSecurity :
// get security settings for interface proxy pProxy // pProxy HRESULT CoQueryProxyBlanket([in] IUnknown *pProxy, [out] DWORD *pAuthnSvc, [out] DWORD *pAuthzSvc, [out] OLECHAR **pServerPrincName, [out] DWORD *pAuthnLevel, [out] DWORD *pImpLevel, [out] void **pAuthInfo, [out] DWORD *Capabilities); // change security settings for interface proxy pProxy // pProxy HRESULT CoSetProxyBlanket([in] IUnknown *pProxy, [in] DWORD AuthnSvc, [in] DWORD AuthzSvc, [in] OLECHAR *pServerPrincName, [in] DWORD AuthnLevel, [in] DWORD ImpLevel, [in] void *pAuthInfo, [in] DWORD Capabilities); // duplicate an interface proxy // HRESULT CoCopyProxy([in] IUnknown *pProxy, [out] IUnknown **ppCopy);
, :
HRESULT DupeAndEncrypt(IApe *pApe, I *ArpSecretApe) { rpSecretApe = 0; HRESULT hr = Proxy(pApe, (IUnknown**)&rpSecretApe); if (SUCCEEDED(hr)) hr = CoSetProxyBlanket(rpSecretApe, RPC_C_AUTHN_WINNT, RPC_C_AUTHZ_NONE , 0, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_IMP_LEVEL_IDENTIFY, 0, EOAC_NONE); return hr; } , IClientSecurity QueryInterface. , .
, IClientSecurity , . , , ( , IMultiQI, IClientSecurity), IClientSecurity. IUnknown . IUnknown , . , . IRemUnknown, COM . , IRemUnknown IUnknown IClientSecurity::SetBlanket ( , , SetBlanket )3. , , , , IClientSecurity::SetBlanket - QueryInterface, AddRef Release. , , IUnknown . IUnknown , QueryInterface IID_IUnknown. , , :
void TurnOffAllSecurity(IApe *pApe) { IUnknown *pUnkProxyManager = 0; // get a pointer to the proxy manager // HRESULT hr = pApe->QueryInterface(IID_IUnknown, (void**)&pUnkProxyManager); assert(SUCCEEDED(hr)); // set blanket for proxy manager // hr = CoSetProxyBlanket(pUnkProxyManager, RPC_C_AUTHN_NONE, RPC_C_AUTHZ_NONE, , RPC_C_AUTHN_LEVEL_NONE, RPC_C_IMP_LEVEL_ANONYMOUS, 0, EOAC_NONE); assert(SUCCEEDED(hr)); // set blanket for interface proxy // hr = CoSetProxyBlanket(pApe, RPC_C_AUTHN_NONE, RPC_C_AUTHZ_NONE, 0, RPC_C_AUTHN_LEVEL_NONE, RPC_C_IMP_LEVEL_ANONYMOUS, 0, EOAC_NONE); assert(SUCCEEDED(hr)); // release temporary pointer to proxy manager // pUnkProxyManager->Release(); } , IClientSecurity::CopyProxy, COM.
ORPC- , COM (call context object), , , . COM , . COM API- CoGetCallContext, :
HRESULT CoGetCallContext ([in] REFIID riid, [out, iid_is(riid)] void **ppv);
Windows NT 4.0 , , IServerSecurity:
[local, object, uuid(0000013E-0000-0000-C000-000000000046)] interface IServerSecurity : IUnknown { // get caller's security settings // HRESULT QueryBlanket( [out] DWORD *pAuthnSvc, // authentication pkg // [out] DWORD *pAuthzSvc, // authorization pkg // [out] OLECHAR **pServerName, // server principal // [out] DWORD *pAuthnLevel, // authentication level // [out] DWORD *pImpLevel, // impersonation level // [out] void *pPrivs, // client principal // [out] DWORD *pCaps // EOAC flags // EOAC ); // start running with credentials of caller // HRESULT ImpersonateClent(void); // stop running with credentials of caller // HRESULT RevertToSelf(void); // test for Impersonation // BOOL IsImpersonating(void); } IServerSecurity::QueryBlanket , ORPC- ( SSP ). IClientSecurity::QueryBlanket, IServerSecurity::QueryBlanket . , , :
STDMETHODIMP Gorilla::SwingFromTree(/*(in]*/ long nTreeID) { // get current call context // IServerSecurity *pss = 0; HRESULT hr = CoGetCallContext(IID_IServerSecurity, (void**)&pss); DWORD dwAuthnLevel; if (SUCCEEDED(hr)) { // get authentication level of current call // hr = pss->QueryBlanket(0, 0, 0, &dwAuthnLevel, 0, 0, 0); pss->Release(); } // verify proper authentication level // if (FAILED(hr) || dwAuthnLevel != RPC_C_AUTHN_LEVEL_PKT_PRIVACY) hr = APE_E_NOPUBLICTREE; else hr = this->ActuallySwingFromTree(nTreeID); return hr; } IClientSecurity, IServerSecurity API- . IServerSecurity
STDMETHODIMP Gorilla::SwingFromTree(/*[in]*/ long nTreeID) { DWORD dwAuthnLevel; // get authentication level of current call // HRESULT hr = CoQueryClientBlanket(0, 0, 0, &dwAuthnLevel, 0, 0, 0); // verify proper authentication level // if (FAILED(hr) || dwAuthnLevel != RPC_C_AUTHN_LEVEL_ _PRIVACY) hr = _ _NOPUBLICTREE; else hr = this->ActuallySwingFromTree(nTreeID); return hr; } , .
IServerSecurity::QueryBlanket pPrivs. , IClientSecurity::SetBlanket, . NTLM
Authority\AccountName
API- CoQueryClientBlanket:
STDMETHODIMP Gorilla::EatBanana() { OLECHAR *pwszClientPrincipal = 0; // get security identifier of caller // HRESULT hr = CoQueryClientBlanket(0, 0, 0, 0, 0, (void**)&pwszClientPrincipal, 0); // log user name // if (SUCCEEDED(hr)) { this->LogCallerIDToFile(pwszClientPrincipal); hr = this->ActuallyEatBanana(); } return hr; } CoQueryClientBlanket :
- RPC_C_IMP_LEVEL_IDENTIFY ( ) ;
- RPC_C_AUTHN_LEVEL_CONNECT ( ) .
COAUTHIDENTITY, .
, , IClientSecurity, , . , API- , , IClientSecurity. , SERVERINFO:
typedef struct _COSERVERINFO { DWORD dwReserved1; LPWSTR pwszName; COAUTHINFO * pAuthInfo; DWORD * dwReserved2; } COSERVERINFO; , pwszName , - . , pAuthInfo, , , . COAUTHINFO, :
typedef struct _COAUTHINFO { DWORD dwAuthnSvc; DWORD dwAuthzSvc; LPWSTR pwszServerPrincName; DWORD dwAuthnLevel; DWORD dwImpersonationLevel; COAUTHIDENTITY * pAuthIdentityData; DWORD dwCapabilities; } COAUTHINFO; IClientSecurity::Set lanket, 4.
, COAUTHINFO, SCM (RPC_C_AUTHN_LEVEL_PKT_PRIVACY):
void CreateSecretChimp(IApe *&rpApe) { rpApe = 0; // create a COAUTHINFO that specifies privacy // COAUTHINFO, COAUTHINFO cai = { RPC_C_AUTHN_WINNT, RPC_C_AUTHZ_NONE, 0, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_IMP_LEVEL_IDENTIFY, 0, 0 }; // issue an activation call using the COAUTHINFO // COAUTHINFO COSERVERINFO csi = { 0, 0, &cai, 0 }; IApeClass *pac = 0; hr = CoGetClassObject(CLSID_Chimp, CLSCTX_ALL, &csi, IID_IApeClass, (void**)&pac); assert(SUCCEEDED(hr)); // the activation call occurred with encryption, // but is using automatic security settings // , // hr = pac->CreateApe(&rpApe); pac->Release(); return hr; } , , COAUTHINFO , IApeClass , CoInitializeSecurity. , IApeClass::CreateApe , , COAUTHINFO. Chimp, , IApeClass I :
// encrypt calls on IApeClass reference // IApeClass CoSetProxyBlanket(pac, RPC_C_AUTHN_WINNT, RPC_C_AUTHZ_NONE, , RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_IMP_LEVEL_ANONYMOUS, 0, EOAC_NONE); // issue call to create object // pac->CreateApe(&rpApe); // encrypt calls on IApe reference // IApe CoSetProxyBlanket(rpApe, RPC_C_AUTHN_WINNT, RPC_C_AUTHZ_NONE, 0, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_IMP_LEVEL_ANONYMOUS, 0, EOAC_NONE);
COAUTHIDENTITY , . , , . , IClientSecurity::SetBlanket IUnknown .
1 , COAUTHIDENTITY . .
2 Windows NT 5.0 (delegation-level impersonation) , . .
3 . - , InitializeSecurity, IRemUnknown::RemAddRef, IRemUnknown::RemRelease , , IClientSecurity::SetBlanket. - , Windows NT 4.0 Service Pack 4 IRemUnknown::RemAddRef, IRemUnknown::RemRelease , , .
4 , SCM (Service Control Manager ) , . SCM Windows NT 4.0 NTLM. Windows NT 5.0 .
