| Essential COM

Windows NT (access token), . , NT (SID), , , , ( , , ). ( , , , ), NT (SRM Security Reference Monitor) ( ) .

ORPC- , COM RPC- ( , ), , ( , STA). , . , , , , . , , ; , . Windows NT . , . , . , COM ORPC- , . , , .

, , ORPC- . API- CoGetCallContext. IServerSecurity:

 [local, object, uuid(0000013E-0000-0000-C000-000000000046)] interface IServerSecurity : IUnknown {       // get caller's security settings       //           HRESULT     QueryBlanket(       [out] DWORD *pAuthnSvc, // authentication pkg                               //          [out] DWORD *pAuthzSvc, // authorization pkg                                //          [out] OLECHAR **pServerName, // server principal                                    //          [out] DWORD *pAuthnLevel,    // authentication level                                    //          [out] DWORD *pImpLevel,      // impersonation level                                    //            [out] void **pPrivs,         // client principal                                    //          [out] DWORD *pCaps           // EOAC flags                                    //   EOAC );       // start running with credentials of caller       //                HRESULT ImpersonateClient(void);       // stop running with credentials of caller       //                HRESULT RevertToSelf(void);       // test for impersonation       //          BOOL IsImpersonating(void); }

QueryBlanket. . ImpersonateClient , , . IServerSecurity::ImpersonateClient, , . RevertToSelf , . , COM . , IServerSecurity::IsImpersonating , : . QueryBlanket, IServerSecurity , CoGetCallContext :

 HRESULT CoImpersonateClient(void); HRESULT CoRevertToSelf(void);

, IServerSecurity, CoGetCallContext , IServerSecurity.

 STDMETHODIMP MyClass::ReadWrite(DWORD dwNew, DWORD *pdw0ld) {       // execute using server's token to let anyone read the value       //          ,        //              ULONG cb;     HANDLE hfile = CreateFile("C:\\file1.bin", GENERIC_READ,                               0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);     if (hfile == INVALID_HANDLE_VALUE)         return MAKE_HRESULT(SEVERITY_ERROR, FACILITY_WIN32, GetLastError());     ReadFile(hfile, pdwOld, sizeof(DWORD), &cb, 0);     CloseHandle(hfile);       // get call context object       //            IServerSecurlty *pss = 0;     HRESULT hr = CoGetCallContext(IID_IServerSecurity, (void**)&pss);     if (FAILED(hr)) return hr;       // set thread token to use caller's credentials       //                //          hr = pss->ImpersonateClient();     assert(SUCCEEDED(hr));       // execute using client's token to let only users that can       // write to the file change the value       //          ,        //              ,       //                hfile = CreateFile("C:\\file2.bin",                        GENERIC_READ | GENERIC_WRITE, 0, 0,                        OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);     if (hfile == INVALID_HANDLE_VALUE)         hr = MAKE_HRESULT(SEVERITY_ERROR, FACILITY_WIN32, GetLastError());     else {         WriteFile(hfile, &dwNew, sizeof(DWORD), &cb, 0);         CloseHandle(hfile);     }       // restore thread to use process-level token       //                pss->RevertToSelf();       // release call context       //          pss->Release();     return hr; }

, CreateFile , . / , CreateFile , .

, IServerSecurity::ImpersonateClient , , , . , (RPC_C_IMP_LEVEL_ANONYMOUS, RPC_C_IMP_LEVEL_IDENTIFY, RPC_C_IMP_LEVEL_IMPERSONATE RPC_C_IMP_LEVEL_DELEGATE). COM , CoInitializeSecurity; IClientSecurity::SetBlanket. IServerSecurity::ImpersonateClient, , , . , RPC_C_IMP_LEVEL_IDENTIFY, . , , API- Win32 OpenThreadToken GetTokenInformation ( , ID , ) (impersonation token). , RPC_C_IMP_LEVEL_DELEGATE, , . , COM- . , NTLM RPC_C_IMP_LEVEL_DELEGATE, Windows NT 4.0 .

, . , , . SCM , , RunAs AppID. AppID RunAs, , . " " , SCM , . " " ("As Activator"), , . " " . - , " ", COM , , REGCLS_MULTIPLEUSE CoRegisterClassObject. . - , , RPC_C_IMP_LEVEL_IMPERSONATE, , ¹.

. , RunAs AppID:

 [HKCR\AppID\{27EE6A4D-DF65-11d0-8C5F-0080C73925BA}] RunAs="DomainX\UserY"

, SCM (login token) . . - , (LSA Local Security Authority). - , " " ("Logon as a batch job"). RunAs DCOMCNFG.EXE ².

(spoofing, ) CoRegisterClassObject , AppID . AppID RunAs, COM , , . RunAs AppID , CoRegister lassObject HRESULT CO_E_WRONG_SERVER_IDENTITY. COM , .

, AppID RunAs, SCM window- (window station)³. , , , , (clipboard). , , (naive) COM , ⁴. , (logged on) . window- (desktop) API- COM, . , , , , , (hardware messages) . , , / , API- Win32 MessageBox MB_SERVICE_NOTIFICATION, , - , .

, Win32 API window- . , window- , , . , , window- , COM RunAs "Interactive User" (" "):

 [HKCR\AppID\{27EE6A4D-DF65-11d0-8C5F-0080C73925BA}] RunAs="Interactive User"

COM window- , . COM . , . , . - , , - , E_ACCESSDENIED. , , , , . , , , . ⁵.

window- NT. , LocalService SCM NT Service Control Manager CreateProcess CreateProcessAsUser. NT COM , , NT. COM RunAs, , CoRegisterClassObject. LocalService , NT. SYSTEM, window- , window- , NT SYSTEM ( , NT). NT , NT Service Control Manager NT window- , .

COM NT , NT SYSTEM. , . , , (trusted computing base) , . , SYSTEM , , COM. SYSTEM , . , NT Win32, COM, .

¹ , , , RPC_C_IMP_LEVEL_IMPERSONATE , CoInitializeSecurity, , COAUTHINFO.

² . DCOMPERM SDK Win32, (Mike Nelson).

³ AppID RunAs ( " "), SCM window- ( window- , ). , , .

⁴ . , SCM RunAs, window- . Windows NT 4.0 14 . , 14 ( ) RunAs . Q171890 Microsoft (Microsoft Knowledge Base) , .

⁵ , RPC_E_WRONG_SERVER_IDENTITY .