Re: Help needed for COM security on .Net

From: Willy Denoyette [MVP] (willy.denoyette@pandora.be)
Date: 11/21/02 

From: "Willy Denoyette [MVP]" <willy.denoyette@pandora.be>
Date: Thu, 21 Nov 2002 20:12:19 +0100

Please don't cross-post to non relevant non existing NG's, your problem is not realated to .NET (development environment).

"SSS" <shwetshri@yahoo.com> wrote in message news:12ad2e10.0211210452.6fcd758f@posting.google.com...
> Hi,
>
> Need help for DCOM security related problem.
>
> I am having a problem in DCOM setup on .Net.
> The code is built on Win2K with VC++ 6.0. On Win2K it works fine, but
> when I run it on .Net it fails in CoRegisterClassObject().
>
> Any help on this will be great!
> Thanks in advance,
> -S.
>
> Here is the code snippet:
>
> SECURITY_DESCRIPTOR g_sd;
>
> hr = CoInitializeEx(NULL, COINIT_MULTITHREADED);
> if (FAILED(hr))
> {
> //log error
> return;
> }
> AllocateAndInitializeSid(&adminAuth, 2,
> SECURITY_BUILTIN_DOMAIN_RID,
> DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0,
> &pAdminSid);
>
> if(!InitializeAcl(pAcl, aclSize, ACL_REVISION))
> {
> //log error
> return;
> }
>
> if (!AddAccessAllowedAce(pAcl,
> ACL_REVISION,
> COM_RIGHTS_EXECUTE,
> pAdminSid))
> {
> //log error
> return;
> }
>
> // Add the ACL to the SD
> if (!InitializeSecurityDescriptor(&g_sd,
> SECURITY_DESCRIPTOR_REVISION))
> {
> //log error
> return;
> }
> if(!SetSecurityDescriptorDacl(&g_sd, TRUE, pAcl, FALSE))
> {
> //log error
> return;
> }
>
> // Init the SD's OwnerSid and GroupSid
> if (!ImpersonateSelf(SecurityImpersonation))
> {
> //log error
> return;
> }
> // open the token to get the user and group for the new SD
> if (!OpenThreadToken (GetCurrentThread(), TOKEN_QUERY, TRUE,
> &hToken))
> {
> //log error
> return;
> }
>
> // set the SD owner
> if (!GetUserSidFromToken(hToken, &psidUser))
> {
> return;
> }
> if (!SetSecurityDescriptorOwner(&g_sd, psidUser, FALSE))
> {
> //log error
> return;
> }
>
> // set the SD group
> if (!GetGroupSidFromToken(hToken, &psidGroup))
> {
> return;
> }
> if (!SetSecurityDescriptorGroup(&g_sd, psidGroup, FALSE))
> {
> //log error
> return;
> }
>
> if (!CoInitializeSecurity(&g_sd, -1, NULL, NULL,
> RPC_C_AUTHN_LEVEL_CONNECT,
> RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE,
> NULL))
> {
> //log error
> return;
> }
> hr = CoRegisterClassObject(CLSID_SimpleObject, &classFactory,
> CLSCTX_SERVER, REGCLS_MULTIPLEUSE, &dwRegister);
> if (FAILED(hr))
> {
> g_isDCOMSupported = FALSE;
> //log error
> CoUninitialize();
> return;
> }
> else
> {
> g_isDCOMSupported = TRUE;
> }