Re: Problem with CoSetProxyBlanket and WMI/WBEM, please help!!

From: elazar (elazar_at_thebroadfamily.com)
Date: 08/08/04

  • Next message: DavidB: "Is it right to free stuff in a Variant passed with VT_BYREF?" 
    Date: 7 Aug 2004 18:55:04 -0700

    Then how would I set security on the WMBEM locator interface?

    "Alexander Nickolov" <agnickolov@mvps.org> wrote in message news:<#YnjMN9eEHA.2544@TK2MSFTNGP10.phx.gbl>...
    > CoSetProxyBlanket only works on standard proxies, not
    > on direct pointers (nor custom marshaled objects). Since
    > AFAIK WMI is in-proc, unless you have an incompatible
    > apartment type (which would not be possible if its threading
    > model is both), you can't set a security blanket on it.
    >
    > --
    > =====================================
    > Alexander Nickolov
    > Microsoft MVP [VC], MCSD
    > email: agnickolov@mvps.org
    > MVP VC FAQ: http://www.mvps.org/vcfaq
    > =====================================
    >
    > "elazar" <elazar@thebroadfamily.com> wrote in message
    > news:8546fcb7.0408052001.2847506d@posting.google.com...
    > > Hi,
    > > I am trying to use CoSetProxyBlanket with WMI's scripting interface
    > > and the call keeps returning with E_INVALIDINTERFACE(80004002). Heres
    > > my scenario, I am a domain reseller, and I am handling DNS for my
    > > customers. I want to give them access to their DNS records, and the
    > > only way to do this is through WMI. I don't want to give the
    > > IWAM_Computer account access to WMI because of security reasons. So
    > > what I want to do is write a component to act as proxy between IIS and
    > > WMI that will connect to WMI using different credentials. I copied the
    > > code from Microsofts site that shows you how to use CoSetProxyBlanket
    > > in Visual Basic(my preferred language), and it keeps failing. Heres
    > > the code:
    > >
    > > ----------------------------------------------
    > > 249636 - How To Use the CoSetProxyBlanket Function in Visual Basic
    > > http://support.microsoft.com/default.aspx?scid=kb;EN-US;249636
    > > ----------------------------------------------
    > > Option Explicit
    > >
    > > ' Authentication service provider constants
    > > ' the default should be used.
    > > Public Const RPC_C_AUTHN_NONE As Long = 0
    > > Public Const RPC_C_AUTHN_WINNT As Long = 10
    > > Public Const RPC_C_AUTHN_DEFAULT As Long = &HFFFFFFFF
    > >
    > > ' Authorization Services
    > > Public Const RPC_C_AUTHZ_NONE As Long = 0
    > > Public Const RPC_C_AUTHZ_NAME As Long = 1
    > > Public Const RPC_C_AUTHZ_DCE As Long = 2
    > > Public Const RPC_C_AUTHZ_DEFAULT As Long = &HFFFFFFFF
    > >
    > > ' Authentication level constants
    > > Public Const RPC_C_AUTHN_LEVEL_DEFAULT As Long = 0
    > > Public Const RPC_C_AUTHN_LEVEL_NONE As Long = 1
    > > Public Const RPC_C_AUTHN_LEVEL_CONNECT As Long = 2
    > > Public Const RPC_C_AUTHN_LEVEL_CALL As Long = 3
    > > Public Const RPC_C_AUTHN_LEVEL_PKT As Long = 4
    > > Public Const RPC_C_AUTHN_LEVEL_PKT_INTEGRITY As Long = 5
    > > Public Const RPC_C_AUTHN_LEVEL_PKT_PRIVACY As Long = 6
    > >
    > > ' Impersonation level constants
    > > Public Const RPC_C_IMP_LEVEL_ANONYMOUS As Long = 1
    > > Public Const RPC_C_IMP_LEVEL_IDENTIFY As Long = 2
    > > Public Const RPC_C_IMP_LEVEL_IMPERSONATE As Long = 3
    > > Public Const RPC_C_IMP_LEVEL_DELEGATE As Long = 4
    > >
    > > ' Constants for the capabilities
    > > Public Const API_NULL As Long = 0
    > > Public Const S_OK As Long = 0
    > > Public Const EOAC_NONE As Long = &H0
    > > Public Const EOAC_MUTUAL_AUTH As Long = &H1
    > > Public Const EOAC_CLOAKING As Long = &H10
    > > Public Const EOAC_SECURE_REFS As Long = &H2
    > > Public Const EOAC_ACCESS_CONTROL As Long = &H4
    > > Public Const EOAC_APPID As Long = &H8
    > >
    > > ' Function Declaration
    > > Public Declare Function CoSetProxyBlanket Lib "OLE32.DLL" ( _
    > > ByVal pSD As Object, _
    > > ByVal dwAuthnSvc As Long, _
    > > ByVal dwAuthzSvc As Long, _
    > > ByVal pServerPrincName As Long, _
    > > ByVal dwAuthnlevel As Long, _
    > > ByVal dwImpLevel As Long, _
    > > ByVal pAuthInfo As Long, _
    > > ByVal dwCapabilities As Long _
    > > ) As Long
    > >
    > > 'the object is institiated this way(not with the 'New' statement)
    > > so that security can be set before the object is created.
    > >
    > > Dim MyObj As MyLib.MyClass 'substitute MyLib.MyClass with
    > > WBEMScripting.SWBEMLocator
    > >
    > > Dim MyUnk As stdole.IUnknown
    > > Dim hr As Long
    > >
    > > ' instantiate object requesting IUnknown interface
    > > Set MyUnk = New MyLib.MyClass
    > >
    > > ' setting security on IUnknown
    > > hr = CoSetProxyBlanket(MyUnk, _
    > > RPC_C_AUTHN_WINNT, _
    > > RPC_C_AUTHZ_DEFAULT, _
    > > ByVal API_NULL, _
    > > RPC_C_AUTHN_LEVEL_NONE, _
    > > RPC_C_IMP_LEVEL_IDENTIFY, _
    > > API_NULL, _
    > > EOAC_NONE)
    > >
    > > If (S_OK <> hr) Then
    > > MsgBox "CoSetProxyBlanket on IUnknown failed with error code:
    > > " _
    > > & hr & " 0x", vbCritical, "CoSetProxyBlanket Failure"
    > > Exit Sub ' or Exit Function
    > > End If
    > >
    > > ' Quering for the default interface
    > > Set MyObj = MyUnk
    > >
    > > ' setting security on the default interface
    > > hr = CoSetProxyBlanket(MyObj, _
    > > RPC_C_AUTHN_WINNT, _
    > > RPC_C_AUTHZ_DEFAULT, _
    > > ByVal API_NULL, _
    > > RPC_C_AUTHN_LEVEL_NONE, _
    > > RPC_C_IMP_LEVEL_IDENTIFY, _
    > > API_NULL, _
    > > EOAC_NONE)
    > >
    > > If (S_OK <> hr) Then
    > > MsgBox "CoSetProxyBlanket failed with error code: " & hr & "
    > > 0x" _
    > > , vbCritical, "CoSetProxyBlanket Failure"
    > > Exit Sub ' or Exit Function
    > > End If
    > >
    > > ' you can now call methods in your object
    > > MyObj.MyMethod
    > > --------------------------------------------------------------------------
    > -----
    > > I think its failing because no interface is created until the
    > > ConnectServer(method of SWBEMLocator class) function is called, but I
    > > don't know for sure. If anyone can enlighten me on this, it would be
    > > much appreciated. If you post any code, please try to do it in Visual
    > > Basic as that is my stronger language(I can understand VC++ too, but
    > > not as well). You can e-mail me or post a reply.
    > >
    > > Thanks,
    > > Elazar

  • Next message: DavidB: "Is it right to free stuff in a Variant passed with VT_BYREF?"

    Relevant Pages

    • Re: Problem with CoSetProxyBlanket and WMI/WBEM, please help!!
      ... CoSetProxyBlanket only works on standard proxies, ... AFAIK WMI is in-proc, ... > I am trying to use CoSetProxyBlanket with WMI's scripting interface ... > IWAM_Computer account access to WMI because of security reasons. ...
      (microsoft.public.win32.programmer.ole)
    • Re: NAV 2004 update now works with SP2 an FYI
      ... Have up-to-date Norton AV 2004 and LiveUpdate, with WMI ... will not interface with Security Center. ... Security Center option of monitoring AV status myself. ...
      (microsoft.public.windowsxp.general)
    • Re: Interface function and TPersistent
      ... that all these different applications are running - they will still be ... controlling such things as login and security. ... actually open a form of the required class and what they can do within it ... create an interface for each and every one and pass this through and have ...
      (alt.comp.lang.borland-delphi)
    • Re: remote control program
      ... The security of the interface has nothing to do with SSL. ... the security of your online banking technology also has nothing to do with SSL. ... If the technology was not properly assessed by a qualified security team then I wouldn't trust it. ... for remote work to the same location who complains about jitter and delay ...
      (Security-Basics)
    • Re: RMA Datashare Poll
      ... and speed is mediocre but it's nearly a universal protocol ... > and there's a client for every OS in existence. ... > 2) Web based interface - A cgi style upload/download interface with ... and can be run through https for heightened security. ...
      (rec.martial-arts)