local with coinitializesecurity.cpp

经验交流,从网上下载的好东西望大家分享

// local.cpp
#define _WIN32_DCOM
#include <windows.h>
#include <stdio.h>
#include <conio.h>
#include <iaccess.h>   // IAccessControl
#include <iostream.h>  // For cout
#include "registry.h"  // For registry functions
#include "Component CoInitializeSecurity\component.h" // Generated by MIDL

const IID IID_IAccessControl =
{0xEEDD23E0,0x8410,0x11CE,{0xA1,0xC3,0x08,0x00,0x2B,0x2B,0x8D,0x8F}};

long g_cComponents = 0;
long g_cServerLocks = 0;
HANDLE g_hEvent;

class CInsideCOM : public ISum
{
public:
	// IUnknown
	ULONG __stdcall AddRef();
	ULONG __stdcall Release();
	HRESULT __stdcall QueryInterface(REFIID riid, void** ppv);

	// ISum
	HRESULT __stdcall Sum(int x, int y, int* retval);

	CInsideCOM() : m_cRef(1) { g_cComponents++; }
	~CInsideCOM() { cout << "Component: CInsideCOM::~CInsideCOM()" << endl, g_cComponents--; }

private:
	ULONG m_cRef;
};

ULONG CInsideCOM::AddRef()
{
	cout << "Component: CInsideCOM::AddRef() m_cRef = " << m_cRef + 1 << endl;
	return ++m_cRef;
}

ULONG CInsideCOM::Release()
{
	cout << "Component: CInsideCOM::Release() m_cRef = " << m_cRef - 1 << endl;
	if(--m_cRef != 0)
		return m_cRef;
	SetEvent(g_hEvent);	// ADD THIS!!!
	delete this;
	return 0;
}

HRESULT CInsideCOM::QueryInterface(REFIID riid, void** ppv)
{
	if(riid == IID_IUnknown)
	{
		cout << "Component: CInsideCOM::QueryInterface() for IUnknown returning " << this << endl;
		*ppv = reinterpret_cast<IUnknown*>(this);
	}
	else if(riid == IID_ISum)
	{
		cout << "Component: CInsideCOM::QueryInterface() for ISum returning " << this << endl;
		*ppv = (ISum*)this;
	}
	else 
	{
		*ppv = NULL;
		return E_NOINTERFACE;
	}
	AddRef();
	return S_OK;
}

HRESULT CInsideCOM::Sum(int x, int y, int* retval)
{
	HRESULT hr;
	IServerSecurity* pServerSecurity;
	hr = CoGetCallContext(IID_IServerSecurity, (void**)&pServerSecurity);
	if(FAILED(hr))
		cout << "CoGetCallContext failed" << endl;


	DWORD AuthnSvc;
	DWORD AuthzSvc;
	OLECHAR* ServerPrincNam;
	DWORD AuthnLevel;
	RPC_AUTHZ_HANDLE Privs;
	DWORD Capabilities;

//	AuthzSvc is ignored when using the RPC_C_AUTHN_WINNT authentication service.
//                             RPC_C_AUTHN_WINNT, ignored,    Administrator, RPC_C_AUTHN_LEVEL_PKT, Thing4\Administrator, EOAC_NONE
	hr = pServerSecurity->QueryBlanket(&AuthnSvc, &AuthzSvc, &ServerPrincNam, &AuthnLevel, NULL, &Privs, &Capabilities);
//                                                                       impersonation level is never returned

	if(FAILED(hr))
		cout << "QueryBlanket failed" << endl;

	pServerSecurity->Release();

	switch(AuthnSvc)
	{
	case RPC_C_AUTHN_NONE:
		cout << "RPC_C_AUTHN_NONE ";
		break;
	case RPC_C_AUTHN_DCE_PRIVATE:
		cout << "RPC_C_AUTHN_DCE_PRIVATE ";
		break;
	case RPC_C_AUTHN_DCE_PUBLIC:
		cout << "RPC_C_AUTHN_DCE_PUBLIC ";
		break;
	case RPC_C_AUTHN_WINNT:
		cout << "RPC_C_AUTHN_WINNT ";
		break;
	case RPC_C_AUTHN_DEFAULT:
		cout << "RPC_C_AUTHN_DEFAULT ";
		break;
	}

	switch(AuthzSvc)
	{
	case RPC_C_AUTHZ_NONE:
		cout << "RPC_C_AUTHZ_NONE ";
		break;
	case RPC_C_AUTHZ_NAME:
		cout << "RPC_C_AUTHZ_NAME ";
		break;
	case RPC_C_AUTHZ_DCE:
		cout << "RPC_C_AUTHZ_DCE ";
		break;
	}

	wprintf(L"ServerPrincNam %s\n", ServerPrincNam);

	switch(AuthnLevel)
	{
	case RPC_C_AUTHN_LEVEL_NONE:
		cout << "RPC_C_AUTHN_LEVEL_NONE ";
		break;
	case RPC_C_AUTHN_LEVEL_CONNECT:
		cout << "RPC_C_AUTHN_LEVEL_CONNECT ";
		break;
	case RPC_C_AUTHN_LEVEL_CALL:
		cout << "RPC_C_AUTHN_LEVEL_CALL ";
		break;
	case RPC_C_AUTHN_LEVEL_PKT:
		cout << "RPC_C_AUTHN_LEVEL_PKT ";
		break;
	case RPC_C_AUTHN_LEVEL_PKT_INTEGRITY:
		cout << "RPC_C_AUTHN_LEVEL_PKT_INTEGRITY ";
		break;
	case RPC_C_AUTHN_LEVEL_PKT_PRIVACY:
		cout << "RPC_C_AUTHN_LEVEL_PKT_PRIVACY ";
		break;
	}

	wprintf(L"Privs %s\n", Privs);

	if(Capabilities == EOAC_NONE)
		cout << "EOAC_NONE" << endl;

	CoTaskMemFree(ServerPrincNam);

	cout << "Component: CInsideCOM::Sum() " << x << " + " << y << " = " << x + y << endl;
	*retval = x + y;

//	_getch();
	return S_OK;
}

class CFactory : public IClassFactory
{
public:
	// IUnknown
	ULONG __stdcall AddRef();
	ULONG __stdcall Release();
	HRESULT __stdcall QueryInterface(REFIID riid, void** ppv);

	// IClassFactory
	HRESULT __stdcall CreateInstance(IUnknown *pUnknownOuter, REFIID riid, void** ppv);
	HRESULT __stdcall LockServer(BOOL bLock);

	CFactory() : m_cRef(1) { }
	~CFactory() { }

private:
	ULONG m_cRef;
};

ULONG CFactory::AddRef()
{
	cout << "Component: CFactory::AddRef() m_cRef = " << m_cRef + 1 << endl;
	return ++m_cRef;
}

ULONG CFactory::Release()
{
	cout << "Component: CFactory::Release() m_cRef = " << m_cRef - 1 << endl;
	if(--m_cRef != 0)
		return m_cRef;
	delete this;
	return 0;
}

HRESULT CFactory::QueryInterface(REFIID riid, void** ppv)
{
	if((riid == IID_IUnknown) || (riid == IID_IClassFactory))
	{
		cout << "Component: CFactory::QueryInteface() for IUnknown or IClassFactory " << this << endl;
		*ppv = (IClassFactory*)this;
	}
	else
	{
		*ppv = NULL;
		return E_NOINTERFACE;
	}
	AddRef();
	return S_OK;
}

HRESULT CFactory::CreateInstance(IUnknown *pUnknownOuter, REFIID riid, void** ppv)
{
	if(pUnknownOuter != NULL)
		return CLASS_E_NOAGGREGATION;

	CInsideCOM *pInsideCOM = new CInsideCOM;
	cout << "Component: CFactory::CreateInstance() " << pInsideCOM << endl;

	if(pInsideCOM == NULL)
		return E_OUTOFMEMORY;

	// QueryInterface probably for IID_IUNKNOWN
	HRESULT hr = pInsideCOM->QueryInterface(riid, ppv);
	pInsideCOM->Release();
	return hr;
}

HRESULT CFactory::LockServer(BOOL bLock)
{
	if(bLock)
		g_cServerLocks++;
	else
		g_cServerLocks--;
	return S_OK;
}

void RegisterComponent()
{
	ITypeLib* pTypeLib;
	LoadTypeLibEx(L"Component CoInitializeSecurity.exe", REGKIND_DEFAULT, &pTypeLib);
	pTypeLib->Release();
	RegisterServer("Component CoInitializeSecurity.exe", CLSID_InsideCOM, "Inside COM Sample #1", "Component.InsideCOM", "Component.InsideCOM.1", NULL);
}

void CommandLineParameters(int argc, char** argv)
{
	RegisterComponent();
	if(argc < 2)
	{
		cout << "No parameter, but registered anyway" << endl;
		exit(false);
	}
	char* szToken = strtok(argv[1], "-/"); 
	if(_stricmp(szToken, "RegServer") == 0)
	{
		RegisterComponent();
		cout << "RegServer" << endl;
		exit(true);
	}
	if(_stricmp(szToken, "UnregServer") == 0)
	{
		UnRegisterTypeLib(LIBID_Component, 1, 0, LANG_NEUTRAL, SYS_WIN32);
		UnregisterServer(CLSID_InsideCOM, "Component.InsideCOM", "Component.InsideCOM.1");
		cout << "UnregServer" << endl;
		exit(true);
	}
	if(_stricmp(szToken, "Embedding") != 0)
	{
		cout << "Invalid parameter" << endl;
		exit(false);
	}
}

void main(int argc, char** argv)
{
	HRESULT hr;
	CommandLineParameters(argc, argv);

	cout << "Component: CoInitializeEx()" << endl;
	hr = CoInitializeEx(NULL, COINIT_MULTITHREADED);
	if(FAILED(hr))
		cout << "CoInitializeEx Failed" << endl;

    // Create an COM access control object and get its IAccessControl interface
    cout << "Creating an instance of CLSID_COMAccessControl" << endl;
    IAccessControl* pAccessControl = NULL;     
    hr = CoCreateInstance(CLSID_DCOMAccessControl, NULL, CLSCTX_INPROC_SERVER,
		IID_IAccessControl, (void**)&pAccessControl);
    if(FAILED(hr))
		cout << "Couldn't create COM access control object" << endl;

    // Setup the property list. We use the NULL property because we are
    // trying to adjust the security of the object itself
    ACTRL_ACCESSW access;
    ACTRL_PROPERTY_ENTRYW propEntry;
    access.cEntries = 1;
    access.pPropertyAccessList = &propEntry;
    
    ACTRL_ACCESS_ENTRY_LISTW entryList;
    propEntry.lpProperty = NULL;
    propEntry.pAccessEntryList = &entryList;
    propEntry.fListFlags = 0;

    // Setup the access control list for the default property
    ACTRL_ACCESS_ENTRYW entry;
    entryList.cEntries = 1;
    entryList.pAccessList = &entry;

    // Setup the access control entry
    entry.fAccessFlags = ACTRL_ACCESS_ALLOWED;
    entry.Access = COM_RIGHTS_EXECUTE;
    entry.ProvSpecificAccess = 0;
    entry.Inheritance = NO_INHERITANCE;
    entry.lpInheritProperty = NULL;

    // NT requires the system account to have access (for launching)
    entry.Trustee.pMultipleTrustee = NULL;
    entry.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
    entry.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
    entry.Trustee.TrusteeType = TRUSTEE_IS_USER;
    entry.Trustee.ptstrName = L"NT Authority\\System";

    cout << "Setting access rights: Allow access to NT Authority\\System" << endl;
    hr = pAccessControl->SetAccessRights(&access);
    if(FAILED(hr))
		cout << "Couldn't set access" << endl;

    // Deny access to a user
    entry.fAccessFlags = ACTRL_ACCESS_DENIED;
    entry.Trustee.TrusteeType = TRUSTEE_IS_USER;
    entry.Trustee.ptstrName = L"Domain\\User";

    wprintf(L"Setting access rights: Deny access to %s\n",  entry.Trustee.ptstrName);
    hr = pAccessControl->GrantAccessRights(&access);
    if(FAILED(hr))
		cout << "Couldn't deny access" << endl;

    // Grant access to everyone
    entry.fAccessFlags = ACTRL_ACCESS_ALLOWED;
    entry.Trustee.TrusteeType = TRUSTEE_IS_GROUP;
    entry.Trustee.ptstrName = L"*";

    cout << "Setting access rights: Allow access to *" << endl;
    hr = pAccessControl->GrantAccessRights(&access);
    if(FAILED(hr))
		cout << "Couldn't allow access" << endl;

	hr = CoInitializeSecurity(pAccessControl, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_CONNECT, RPC_C_IMP_LEVEL_IDENTIFY, 
		NULL, EOAC_ACCESS_CONTROL, NULL);
	if(FAILED(hr))
	{
		printf("CoInitializeSecurity Failed = %0x\n", hr);
		_getch();
	}

    pAccessControl->Release();

	IClassFactory *pClassFactory = new CFactory();

	cout << "Component: CoRegisterClassObject()" << endl;
	DWORD dwRegister;
	CoRegisterClassObject(CLSID_InsideCOM, pClassFactory, CLSCTX_LOCAL_SERVER, REGCLS_MULTIPLEUSE, &dwRegister);

	g_hEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
	WaitForSingleObject(g_hEvent, INFINITE);

	CoRevokeClassObject(dwRegister);
	pClassFactory->Release();
	CoUninitialize();
}