IAzClientContext AccessCheck returns 0x80070057 (The parameter is incorrect.)

From: Denis (dtkng_at_hotmail.com)
Date: 06/07/04

Next message: Richard Ward: "Re: Adding a Privilege via LsaAddAccountRights()"
Previous message: Claes Svensson: "Re: Patch to advapi32"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 7 Jun 2004 14:23:56 -0700

Hi,

I have been trying to use (in C++) the MS Authorization Manager API
to create an authorization store (an xml file), and then to verify
client access on a particular operation.

So far, I have created the store (roles, tasks (without any
bizrules), and operations) successfully. I have also successfully
called InitializeClientContextFromName to create a client context from
the client's domain and name. However, when I called AccessCheck, I
got 0x80070057 (the parameter is incorrect) error.

I followed the example on
"http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/verifying_client_access_to_a_requested_resource_in_c__.asp"
exactly, and still got the same error.

However, when I use VB to access and verify the store, I got no
error. It returns me the correct result.

I suspect it's the 3rd parameter (operation id array) that I passed
to VC API is invalid, but couldn't figure out why and how to solve it.

Can someone help me to take a look of the following code? Thanks.

Here is the code:

IAzAuthorizationStore* pStore = NULL;
IAzApplication* pApp = NULL;
IAzClientContext* pClientContext = NULL;
IAzOperation* pOperation = NULL;
BSTR storeName = NULL;
BSTR appName = NULL;
BSTR operationName = NULL;
BSTR objectName = NULL;
LONG operationID;
HRESULT hr;
VARIANT varOperationIdArray;
VARIANT varOperationId;
VARIANT varResultsArray;
VARIANT varResult;

VARIANT myVar;
VariantInit(&myVar);//.vt) = VT_NULL;

// Create the AzAuthorizationStore object.
hr = CoCreateInstance(
         __uuidof(AzAuthorizationStore)
/*"b2bcff59-a757-4b0b-a1bc-ea69981da69e"*/,
         NULL,
         CLSCTX_ALL,
         __uuidof(IAzAuthorizationStore)/*"edbd9ca9-9b82-4f6a-9e8b-98301e450f14"*/,
         (void**)&pStore);
if (!(SUCCEEDED(hr)))
        return 0;

// Allocate a string for the policy store.
if(!(storeName = SysAllocString(L"msxml://c:\\myStore.xml")))
return 0;

// Initialize the store.
hr = pStore->Initialize(0, storeName, myVar);
if (!(SUCCEEDED(hr)))
return 0;

// Create an application object.
if (!(appName = SysAllocString(L"App1")))
return 0;
hr = pStore->OpenApplication(appName, myVar, &pApp);
if (!(SUCCEEDED(hr)))
return 0;

CString domainName ( "testdomain" );
BSTR bsDomainName = domainName.AllocSysString();
CString memberName ( "testmember" );
BSTR bsMemberName = memberName.AllocSysString();

hr = pApp->InitializeClientContextFromName ( bsMemberName,
bsDomainName,
myVar, &pClientContext );
if (!(SUCCEEDED(hr)))
return 0;

if (!(operationName = SysAllocString(L"op1")))
return 0;

hr = pApp->OpenOperation(operationName, myVar, &pOperation);
if (!(SUCCEEDED(hr)))
return 0;

hr = pOperation->get_OperationID(&operationID);
if(!(SUCCEEDED(hr)))
return 0;

varOperationIdArray.parray = SafeArrayCreateVector(VT_VARIANT, 0, 1);
varOperationIdArray.vt = VT_ARRAY | VT_VARIANT;

LONG* index = new LONG[1];
index[0] = 0;

varOperationId.vt = VT_I4;
varOperationId.lVal = operationID;

hr = SafeArrayPutElement(varOperationIdArray.parray, index,
&varOperationId);
if(!(SUCCEEDED(hr)))
return 0;

if(!(objectName = SysAllocString(L"Op1"))) // used for audit
return 0;

hr = pClientContext->AccessCheck(
        objectName,
        myVar,
        varOperationIdArray,
        myVar, // use default application scope
        myVar,
        myVar,
        myVar,
        myVar,
        &varResultsArray);

if ( FAILED(hr) )
{
printf ( "Failed (0x%x) to Perform Access Check on Operation (name:
Op1) "
"for Member (%s\\%s).\n", hr, domainName, memberName );
}

hr = SafeArrayGetElement(varResultsArray.parray, index, &varResult);
if (!(SUCCEEDED(hr)))
return 0;

if (varResult.lVal == 0)
printf("Access granted.\n");
else
printf("Access denied.\n");

Denis

Next message: Richard Ward: "Re: Adding a Privilege via LsaAddAccountRights()"
Previous message: Claes Svensson: "Re: Patch to advapi32"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

IAzClientContext AccessCheck returns 0x80070057
... So far, I have created the store (roles, tasks (without any ... BSTR storeName = NULL; ... LONG operationID; ... VARIANT varOperationIdArray; ...
(microsoft.public.platformsdk.security)
Re: textbox value from a combobox in a continuous form
... There's a couple of issues here: what you store, and what you display. ... could there ever be a case where the OperationDesc should *not* match the OperationID? ... Unless there is a valid reason why it should not match, you must not store the OperationDesc in your table. ... txtOperationDesc from the first entry also changes to that of the 2nd entry. ...
(microsoft.public.access.forms)
Re: Thread-safety and STL
... >something to do with the visibilty of the BSTR. ... It has to do with the fact that those containers store CStrings, ...
(microsoft.public.vc.mfc)