JwsclComSecurity.pas

Project JEDI Windows Security Code Library (JWSCL)

This unit provides classes and methods to support COM security initialization.

Remarks

The following issues happened to me:

Call to CreateComObject/CoCreateInstance fails with EOleSysError "Failed to start server". An out of process COM server (usually) uses the identity given by the caller's process token. However if you impersonate the current thread and then call CoCreateInstance or CreateComObject, the server is created using the given thread token. In some circumstances this may fail with an error "Failed to start server" and a Windows log event "Invalid parameter". This happened to me because I used LOGON32_LOGON_INTERACTIVE in a LogonUser call. Instead use LOGON32_LOGON_BATCH to solve this problem.
What is cAuthSvc in CoInitializeSecurity? cAuthSvc defines an array of by the server supported authentication services. It is an array of SOLE_AUTHENTICATION_SERVICE in where you define which authentication services your server supports. E.g. you can support e.g. RPC_C_AUTHN_GSS_KERBEROS and RPC_C_AUTHN_WINNT to allow users to be impersonated by the server. The dwAuthzSvc member is ignored by those two services. COM uses RPC_C_AUTHN_WINNT with all members left set to empty or 0. (WinVista)

Todo

CoCreateInstance and Integrity Levels http://msdn.microsoft.com/en-us/ms679687%28VS.85%29.aspx
Implement CoCreateInstanceEx with impersonation
impl. LegacySecureReferences (S390)
impl LegacyMutualAuthentication
add feature to read appido from HKEY_LOCAL_MACHINESOFTWAREClassesAppID, inst. HKCRK
add dllsurrogate to reg class
RunAs für Services usw (Vista kein pass, < : leeres pass)
Test dllsurrgotate with several com servers in dllhost.exe

Notes

The Original Code is JwsclCOM.pas.

The Initial Developer of the Original Code is Christian Wimmer.

Conditions

Here are some rules you should consider when using COM

You need to define an authentication service if you want to get information about the client. Using RPC_C_AUTHN_NONE will prevent you from calling ImpersonateClient or getting the client's context (CoGetClientContext).
If you set the member pPrincipalName only the client running with the principal's identity can get a class from the server. The client can impersonate before it creates the class (CreateComObject/CoCreateInstance). Use an empty string to allow everyone to use this service. a) For WinNT/Kerberos authentication level, the pPrincipalName cannot be a group. b) The supplied credentials in pAuthList of CoInitializeSecurity are not used, at least on my Win2008 Server.
Usually dwAuthnLevel (in CoInitializeSecurity) defines two different things for Client and Server. Server: It defines the lowest authentication level allowed to connect to the server. Lower levels are rejected. Client: It defines the authentication level wished to be used by the client. If it is higher than the auth level set by the server, the client's level is used. The higher the better. However, on my Win2008 and RPC_C_AUTHN_WINNT, the highest available level (RPC_C_AUTHN_LEVEL_PKT_PRIVACY) was used by default. Even if set a level too low in a call to CoInitializeSecurity, this high level was used. I could not make it smaller by setting a proxy on the interface. Only RPC_C_AUTHN_LEVEL_NONE turns off all authentication.

Author

Christian Wimmer

Classes

	Name	Description
	TJwAuthenticationInfo	TJwAuthenticationInfo wraps an array of authentication information to be used by TJwComProcessSecurity.Initialize
	TJwComClientSecurity	TJwComClientSecurity provides methods to set or get a proxy blanket on an interface.
	TJwComCustomSecurity	TJwComCustomSecurity is the base class for the JWSCL COM security implementation. Do not use it directly instead you can inherit from it to get access to the implementation.
	TJwComProcessSecurity	TJwComProcessSecurity provides wrapper methods for CoInitializeSecurity. They can be used by a COM server or client. Some of them are only for either servers or clients. For an application that is COM server and client, use the Initialize method with parameter SecurityData : PJwSecurityInitializationData.
	TJwComRegistrySecurity	TJwComRegistrySecurity provides functionality to retrieve COM related security information from registry. It allows to read machine wide security information. COM applications can read and write security related information with it.
	TJwComServerSecurity	The class TJwComServerSecurity provides functionality for a server to query client information, to impersonate and to do access checks.
	TJwComWinNTIdentity	TJwComWinNTIdentity wraps the WinAPI structure SEC_WINNT_AUTH_IDENTITY_EXW (Delphi TSecWinNTAuthIdentityExW ).
	TJwServerAccessControl	TJwServerAccessControl provides an implementation of IAccessControl, IPersist and IPersistStream.

Constants

Name	Description
AUTO_AUTHENTICATION_SERVICE	This is constant AUTO_AUTHENTICATION_SERVICE.
JwDefaultComSD	Used by TJwComProcessSecurity.CreateTightServerSecurityOptions to create a default SD class using SDDL from JwTightCOMSecuritySettings.
JwTightCOMSecuritySettings	Used by TJwComProcessSecurity.CreateTightServerSecurityOptions to set a tight security setting for a COM server. Allows SYSTEM and LocalAdministrator full access to the server. http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsCoInitializeSecurity.html Owner: Local Administrator Group: Builtin Administrators DACL: 1. ACE-Type: Allow AccessMask : 0x1FFFFFF (0000 000 1 11111111 1111111111111111) SID: Local System 2. ACE-Type: Allow AccessMask : 0x1FFFFFF (0000 000 1 11111111 1111111111111111) SID: Builtin Administrators acDisableActivateAsActivator Do not start the server as the activator so it will be spawn into the caller's logon session. acNoCustomMarshal Do not load unnecessary DLLs. acDynamicCloaking Use thread token on outgoing COM calls.
KEY_ACCESS_PERMISSION	TJwComRegistrySecurity
KEY_LAUNCH_PERMISSION	This is constant KEY_LAUNCH_PERMISSION.
MAX_SECURITY_DESCRIPTOR_SIZE	This is constant MAX_SECURITY_DESCRIPTOR_SIZE.

Enumerations

	Name	Description
	TJwPersistStreamType	Defines the used method to load from or save to a stream a security descriptor. See TJwServerAccessControl.PersistStreamType for more information
	TJwServerImpersonationType	This is record TJwServerImpersonationType.

Group

Files

Interfaces

	Name	Description
	IJwComServerSecurity	IJwComServerSecurity is implemented by TJwComServerSecurity. It is returned by TJwComServerSecurity.GetServerSecurity You can use Delphi's interface management to get information about a client and do impersonation without bothering about reverting or destroying the instance. For more information on the methods see the documentation of TJwComServerSecurity.

Records

	Name	Description
	TJwCOMSecuritySettings	TJwCOMSecuritySettings is used by JwTightCOMSecuritySettings to set default COM security settings.
	TJwSecurityInitializationData	TJwSecurityInitializationData is a variable record That contains either a security descriptor class, a pointer to an IAccessControl interface or a GUID. It is used by TJwComProcessSecurity.Initialize
	TMagicHeaderRecord	This is record TMagicHeaderRecord.
	TPtrPointer	This is record TPtrPointer.

Types

Name	Description
PJwSecurityInitializationData	A Pointer to TJwSecurityInitializationData.
TJwAuthenticationInfoList	A list of authentication information class instances.
TJwFacilityType	Possible values for a Facility value
TJwIsAccessAllowed	This method is a callback method used by property TJwServerAccessControl.OnIsAccessAllowed

Variables

Name	Description
JwIgnoreHostProcessesInServer	JwIgnoreHostProcessesInServer is evaluated by server versions of TJwComProcessSecurity.Initialize to determine whether the process should be checked for possible problems.
JwKnownComHostProcesses	JwKnownComHostProcesses defines an array of process names that are considered to host COM classes. These processes must not use CoInitializeSecurity (implemented by any of the Initialize methods of TJwComProcessSecurity).
SaveInitProc	WARNING: ONLY FOR DEMONSTRATION PURPOSES

Links

Classes, Constants, Enumerations, Files, Interfaces, Legend, Records, Types, Variables

License

The contents of this file are subject to the Mozilla Public License Version 1.1 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.mozilla.org/MPL/

Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License.

Alternatively, the contents of this file may be used under the terms of the GNU Lesser General Public License (the "LGPL License"), in which case the provisions of the LGPL License are applicable instead of those above. If you wish to allow use of your version of this file only under the terms of the LGPL License and not to allow others to use your version of this file under the MPL, indicate your decision by deleting the provisions above and replace them with the notice and other provisions required by the LGPL License. If you do not delete the provisions above, a recipient may use your version of this file under either the MPL or the LGPL License.

For more information about the LGPL: http://www.gnu.org/copyleft/lesser.html

Contents | Index | Home

What do you think about this topic? Send feedback!