Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

CoInitializeSecurity and pAuthList

22 views
Skip to first unread message

Christian Wimmer

unread,
Jan 6, 2010, 3:48:08 PM1/6/10
to
Hi

I wonder what the parameter pAuthList in CoInitializeSecurity does.
Imho it sets some default authentication identities to be used by all
subsequent COM calls. So if I define an identity for WinNT and
Kerberos services shouldn't they be used automatically by COM? I mean
by impersonating the call automatically?

However, in tests I could not make it work at all (WinVista).

I used this code from
http://www.codeguru.cn/vc&mfc/apracticalguideusingvisualcandatl/93.htm
...

// Auth Identity structure <br/>
SEC_WINNT_AUTH_IDENTITY_W authidentity; <br/>
ZeroMemory( &authidentity, sizeof(authidentity) ); <br/>
<br/>
authidentity.User = L"pvguest"; <br/>
authidentity.UserLength = wcslen( authidentity.User ); <br/>
authidentity.Domain = L"pvhome"; <br/>
authidentity.DomainLength = wcslen( authidentity.Domain ); <br/>
authidentity.Password = L"mypassword"; <br/>
authidentity.PasswordLength = wcslen( authidentity.Password ); <br/>
authidentity.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; <br/>
<br/>
SOLE_AUTHENTICATION_INFO authInfo[2]; <br/>
ZeroMemory( authInfo, sizeof( authInfo ) ); <br/>
<br/>
// Kerberos Settings <br/>
authInfo[0].dwAuthnSvc = RPC_C_AUTHN_GSS_KERBEROS ; <br/>
authInfo[0].dwAuthzSvc = RPC_C_AUTHZ_NONE; <br/>
authInfo[0].pAuthInfo = &authidentity; <br/>
<br/>
// NTLM Settings <br/>
authInfo[1].dwAuthnSvc = RPC_C_AUTHN_WINNT; <br/>
authInfo[1].dwAuthzSvc = RPC_C_AUTHZ_NONE; <br/>
authInfo[1].pAuthInfo = &authidentity; <br/>
<br/>
SOLE_AUTHENTICATION_LIST authList; <br/>
<br/>
authList.cAuthInfo = 2; <br/>
authList.aAuthInfo = authInfo; <br/>
<br/>
HRESULT hr = ::CoInitializeSecurity(<br/>
NULL, // Security descriptor <br/>
-1, // Count of entries in asAuthSvc
<br/>
NULL, // asAuthSvc array <br/>
NULL, // Reserved for future use <br/>
RPC_C_AUTHN_LEVEL_DEFAULT, // Authentication level <br/>
RPC_C_IMP_LEVEL_IMPERSONATE, // Impersonation level <br/>
&authList, // Authentication Information <br/>
EOAC_NONE, // Additional capabilities <br/>
NULL // Reserved <br/>
); <br/>


... but any later calls aren't called with the given identity.

1. I also used CoSetProxyBlanket to set an specific authentication
service (WinNT or Kerberos) for the interface but with a NULL value
for pAuthInfo.
2. I also set the dynamic cloaking value EOAC_DYNAMIC_CLOAKING. No
luck.

So am I wrong or do I sth. wrong here?


I also have read some references. But they didn't help much.

Cloaking:

1. http://msdn.microsoft.com/en-us/library/ms683778%28VS.85%29.aspx
2. http://msdn.microsoft.com/en-us/library/cc246058%28PROT.10%29.aspx
3. http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsCoInitializeSecurity.html

CoInitializeSecurity and pAuthInfo

1. http://www.codeguru.cn/vc&mfc/apracticalguideusingvisualcandatl/93.htm

Getting security blanket (server side)

1. http://www.codeguru.cn/vc&mfc/apracticalguideusingvisualcandatl/92.htm

THX
Christian Wimmer


PS.
Is this the right forum to post such a question? Or are there any
other and better places?

0 new messages