尝试将DCOM与其他用户一起使用并且没有域 [英] Attempting to use DCOM with different user and no domain
问题描述
我们有一些旧代码(Visual C ++),这些代码使用DCOM进行客户端服务器连接.在新台币下一切正常.现在,我们正在尝试将此应用程序移植到Windows 7并遇到一些问题.
我们已经建立了服务器和客户端均为Windows 7的测试系统.如果我们登录客户端上的admin帐户(服务器上的帐户),则一切正常.如果我们登录到服务器上不存在的测试用户帐户,则我们的应用程序将无法运行.
我们尝试使用CoInitializeSecurity这样说不授权"
We have some legacy code (visual c++) that uses DCOM for client server connectivity. Under NT all works fine. We are now attempting to port this application to Windows 7 and are running into some issues.
We have set up test systems where both the server and client are Windows 7. If we log into the admin account on the client (which is an account on the server), all works fine. If we log into a test user account that does not exist on the server, our application does not work.
We have tried using CoInitializeSecurity to say "do not authorize" like this
hr= CoInitializeSecurity(NULL,-1,NULL,NULL, RPC_C_AUTHN_LEVEL_NONE,
RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL);
但这失败了.我们还尝试使用SOLE_AUTHENTICATION_INFO指定用户名和密码,但我们不是域,因此我不确定域信息中要输入什么内容来告诉它忽略域(以及我们当前使用服务器计算机名尝试该域也将失败).
我们正在尝试的可能吗?我们无法在服务器上创建重复的用户帐户-在我们的客户环境中不允许这样做,因此这不是一种选择.作为替代方案,我们可以将用户信息硬编码到应用程序中,但是我不确定如何使它起作用.
我为此添加了一条注释-我们需要使用VB6中填写的authinfo来调用CoInitialzeSecurity.有人有任何示例吗?
but this fails. We also have tried specifying the user and password using SOLE_AUTHENTICATION_INFO but we are not a domain, so I am not sure what to put in for the domain information to tell it to ignore the domain (and our current attempt of using the server computer name for the domain fails too).
Is what we are attempting possible? We cannot create duplicate user accounts on the server - it is not allowed in our customer environment, so that is not an option. We can hard-code the user info into the application as an alternative, but I am not sure how to make that work.
I have added a note to this - we need to make the call to CoInitialzeSecurity with the authinfo filled in in VB6. Anyone have any examples of this?
推荐答案
我发现我们的旧客户端应用程序(在VB6中)没有调用CoInitialzeSecurity.在XP中,这很好.在Windows 7中,安全性显然更加严格,我们现在必须从客户端调用它.下一个挑战是使VB6代码正常工作.
这是完成这项工作的代码.我已经剪裁了专门用于我们的应用程序的部分,但是这段代码可以使事情顺利进行.其中大部分已从其他网页复制而来,但是由于找不到调用CoInitializeSecurity及其附带的所有相关代码,因此我在此处发布了合并的代码.
I have discovered that our legacy client side application (in VB6) was not calling CoInitialzeSecurity. In XP this was fine. In Windows 7 the security is obviously tighter and we must now call this from our client. The next challenge was getting the VB6 code to work.
Here is the code that has made this work. I have trimmed out the bits that apply specifically to our application, but this code is what gets it going. Most of this has been copied from other web pages, but since I could not find a call to CoInitializeSecurity and all the associated code that goes with it, I am posting the consolidated code here.
' Authentication service provider constants
' the default should be used.
Private Const RPC_C_AUTHN_NONE As Long = 0
Private Const RPC_C_AUTHN_GSS_NEGOTIATE As Long = 9
Private Const RPC_C_AUTHN_GSS_KERBEROS As Long = 10
Private Const RPC_C_AUTHN_WINNT As Long = &HA
Private Const RPC_C_AUTHN_DEFAULT As Long = &HFFFFFFFF
' Authentication level constants
Private Const RPC_C_AUTHN_LEVEL_DEFAULT As Long = 0
Private Const RPC_C_AUTHN_LEVEL_NONE As Long = 1
Private Const RPC_C_AUTHN_LEVEL_CONNECT As Long = 2
Private Const RPC_C_AUTHN_LEVEL_CALL As Long = 3
Private Const RPC_C_AUTHN_LEVEL_PKT As Long = 4
Private Const RPC_C_AUTHN_LEVEL_PKT_INTEGRITY As Long = 5
Private Const RPC_C_AUTHN_LEVEL_PKT_PRIVACY As Long = 6
Private Const RPC_C_AUTHZ_NONE = 0
' Impersonation level constants
Private Const RPC_C_IMP_LEVEL_ANONYMOUS As Long = 1
Private Const RPC_C_IMP_LEVEL_IDENTIFY As Long = 2
Private Const RPC_C_IMP_LEVEL_IMPERSONATE As Long = 3
Private Const RPC_C_IMP_LEVEL_DELEGATE As Long = 4
' Constants for the capabilities
Private Const API_NULL As Long = 0
Private Const S_OK As Long = 0
Private Const EOAC_NONE As Long = &H0
Private Const EOAC_MUTUAL_AUTH As Long = &H1
Private Const EOAC_CLOAKING As Long = &H10
Private Const EOAC_SECURE_REFS As Long = &H2
Private Const EOAC_ACCESS_CONTROL As Long = &H4
Private Const EOAC_APPID As Long = &H8
Private Const SEC_WINNT_AUTH_IDENTITY_ANSI = &H1
Private Const SEC_WINNT_AUTH_IDENTITY_UNICODE = &H2
Private Type COAUTHINFO
dwAuthnSvc As Long
dwAuthzSvc As Long
pAuthIdentityData As Long '// Pointer to COAUTHIDENTITY
End Type
Private Type COAUTHLIST
dwAuthList As Long
pAuthList As Long '// Pointer to COAUTHINFO
End Type
Type COAUTHIDENTITY
User As String
UserLength As Long
Domain As String
DomainLength As Long
Password As String
PasswordLength As Long
Flags As Long
End Type
' Function Declaration
Private Declare Function CoInitializeSecurity Lib "OLE32.DLL" ( _
pSD As Any, _
ByVal cAuthSvc As Long, _
asAuthSvc As Long, _
pReserved1 As Any, _
ByVal dwAuthnLevel As Long, _
ByVal dwImpLevel As Long, _
ByVal pAuthInfo As Long, _
ByVal dwCapabilities As Long, _
pvReserved2 As Any _
) As Long
Private Declare Sub CopyMemory Lib "kernel32" _
Alias "RtlMoveMemory" (Destination As Any, _
Source As Any, ByVal Length As Long)
Private Declare Function GetProcessHeap Lib "kernel32" () As Long
Private Declare Function HeapAlloc Lib "kernel32" _
(ByVal hHeap As Long, ByVal dwFlags As Long, ByVal dwBytes As Long) As Long
Private Declare Function HeapFree Lib "kernel32" _
(ByVal hHeap As Long, ByVal dwFlags As Long, lpMem As Any) As Long
Private Declare Sub CopyMemoryWrite Lib "kernel32" Alias _
"RtlMoveMemory" (ByVal Destination As Long, _
Source As Any, ByVal Length As Long)
Private Declare Sub CopyMemoryRead Lib "kernel32" Alias _
"RtlMoveMemory" (Destination As Any, _
ByVal Source As Long, ByVal Length As Long)
Sub Main()
Dim AuthInfo As COAUTHINFO
Dim AuthIdentity As COAUTHIDENTITY
Dim AuthList As COAUTHLIST
Dim hr As Long
Dim Context As Long
Dim pAuthIdentity As Long
Dim pAuthInfo As Long
Dim pAuthList As Long
Dim hHeap As Long
Dim strUser As String
Dim strPassword As String
Dim strDomain As String
Dim lngHr As Long
Dim lngAuthn As Long
'// Get the process heap
hHeap = GetProcessHeap()
strUser = StrConv("UserName", vbUnicode)
strPassword = StrConv("Password", vbUnicode)
strDomain = ""
With AuthIdentity
.User = strUser
.UserLength = LenB(strUser)
.Password = strPassword
.PasswordLength = LenB(strPassword)
.Domain = strDomain
.DomainLength = LenB(strDomain)
.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE
End With
'// Allocate memory space for the pointer to the AuthIdentity Structure
pAuthIdentity = HeapAlloc(hHeap, _
0, _
Len(AuthIdentity))
'// Get pointer to the memory block we just allocated
CopyMemoryWrite pAuthIdentity, _
AuthIdentity, _
Len(AuthIdentity)
'// Get authority info for passing to server
With AuthInfo
.dwAuthnSvc = RPC_C_AUTHN_GSS_KERBEROS
.dwAuthzSvc = RPC_C_AUTHZ_NONE
.pAuthIdentityData = pAuthIdentity
End With
'// Get a pointer to the AuthInfo Structure
pAuthInfo = HeapAlloc(hHeap, _
0, _
Len(AuthInfo))
CopyMemoryWrite pAuthInfo, _
AuthInfo, _
Len(AuthInfo)
'// Get authority list for passing to server
With AuthList
.dwAuthList = 1
.pAuthList = pAuthInfo
End With
'// Get a pointer to the AuthList Structure
pAuthList = HeapAlloc(hHeap, _
0, _
Len(AuthList))
CopyMemoryWrite pAuthList, _
AuthList, _
Len(AuthList)
lngAuthn = RPC_C_AUTHN_DEFAULT
lngHr = CoInitializeSecurity(ByVal API_NULL, -1, _
ByVal API_NULL, ByVal API_NULL, _
RPC_C_AUTHN_LEVEL_NONE, RPC_C_IMP_LEVEL_IMPERSONATE, _
pAuthList, EOAC_NONE, ByVal API_NULL)
If (S_OK <> lngHr) Then
MsgBox "CoInitializeSecurity failed with error code: 0x" _
& Trim
(str
(Hex(lngHr))),vbCritical,_ " 退出 子 结束 如果 退出 子
(Hex(lngHr))), vbCritical, _ "Application Initialization Failure" Exit Sub End If Exit Sub
这篇关于尝试将DCOM与其他用户一起使用并且没有域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
