COM settings in OPC Classic client components: Difference between revisions
Line 11: | Line 11: | ||
* Without TurnOffCallSecurity (the default): dwAuthnLevel = Common authentication level (see below); dwImpLevel = RPC_C_IMP_LEVEL_IMPERSONATE (3); pSecDesc = CSecurityDescriptor::InitializeFromThreadToken()> | * Without TurnOffCallSecurity (the default): dwAuthnLevel = Common authentication level (see below); dwImpLevel = RPC_C_IMP_LEVEL_IMPERSONATE (3); pSecDesc = CSecurityDescriptor::InitializeFromThreadToken()> | ||
* With TurnOffCallSecurity: dwAuthnLevel = RPC_C_AUTHN_LEVEL_NONE (1); dwImpLevel = RPC_C_IMP_LEVEL_IMPERSONATE (3); pSecDesc = NULL | * With TurnOffCallSecurity: dwAuthnLevel = RPC_C_AUTHN_LEVEL_NONE (1); dwImpLevel = RPC_C_IMP_LEVEL_IMPERSONATE (3); pSecDesc = NULL | ||
(see [https://docs.microsoft.com/en-us/windows/win32/com/turning-off-call-security Turning Off Call Security]) | |||
'''CoSetProxyBlanket parameters''': dwAuthnLevel and dwImpLevel are the same as those used with CoInitializeSecurity. | '''CoSetProxyBlanket parameters''': dwAuthnLevel and dwImpLevel are the same as those used with CoInitializeSecurity. | ||
Line 17: | Line 18: | ||
* Without TurnOffActivationSecurity (the default): dwAuthnSvc = RPC_C_AUTHN_NONE; dwAuthzSvc = RPC_C_AUTHZ_NONE; pwszServerPrincName = NULL; dwAuthnLevel = RPC_C_AUTHN_LEVEL_NONE; dwImpersonationLevel = RPC_C_IMP_LEVEL_IMPERSONATE; pAuthIdentityData = NULL; dwCapabilities = EOAC_NONE; | * Without TurnOffActivationSecurity (the default): dwAuthnSvc = RPC_C_AUTHN_NONE; dwAuthzSvc = RPC_C_AUTHZ_NONE; pwszServerPrincName = NULL; dwAuthnLevel = RPC_C_AUTHN_LEVEL_NONE; dwImpersonationLevel = RPC_C_IMP_LEVEL_IMPERSONATE; pAuthIdentityData = NULL; dwCapabilities = EOAC_NONE; | ||
* With TurnOffActivationSecurity: NULL | * With TurnOffActivationSecurity: NULL | ||
(see [https://docs.microsoft.com/en-us/windows/win32/com/turning-off-activation-security | (see [https://docs.microsoft.com/en-us/windows/win32/com/turning-off-activation-security Turning Off Activation Security]) | ||
'''Common authentication level:''' | '''Common authentication level:''' |
Revision as of 18:54, 26 January 2022
This article describes the internal effects of the UseCustomSecurity, TurnOffCallSecurity, TurnOffActivationSecurity and EnsureDataIntegrity settings.
QuickOPC version 2022.1 and later
COM and proxy initialization:
- Without UseCustomSecurity: CoInitializeSecurity is not called. CoSetProxyBlanket is not called.
- With UseCustomSecurity (the default): CoInitializeSecurity is called. CoSetProxyBlanket is called (only in NativeClient).
CoInitializeSecurity parameters:
- Without TurnOffCallSecurity (the default): dwAuthnLevel = Common authentication level (see below); dwImpLevel = RPC_C_IMP_LEVEL_IMPERSONATE (3); pSecDesc = CSecurityDescriptor::InitializeFromThreadToken()>
- With TurnOffCallSecurity: dwAuthnLevel = RPC_C_AUTHN_LEVEL_NONE (1); dwImpLevel = RPC_C_IMP_LEVEL_IMPERSONATE (3); pSecDesc = NULL
(see Turning Off Call Security)
CoSetProxyBlanket parameters: dwAuthnLevel and dwImpLevel are the same as those used with CoInitializeSecurity.
COAUTHINFO* pAuthInfo in COSERVERINFO* passed to CoCreateInstanceEx (when machine name is not empty):
- Without TurnOffActivationSecurity (the default): dwAuthnSvc = RPC_C_AUTHN_NONE; dwAuthzSvc = RPC_C_AUTHZ_NONE; pwszServerPrincName = NULL; dwAuthnLevel = RPC_C_AUTHN_LEVEL_NONE; dwImpersonationLevel = RPC_C_IMP_LEVEL_IMPERSONATE; pAuthIdentityData = NULL; dwCapabilities = EOAC_NONE;
- With TurnOffActivationSecurity: NULL
(see Turning Off Activation Security)
Common authentication level:
- Without EnsureDataIntegrity (the default): RPC_C_AUTHN_LEVEL_CONNECT (2).
- With EnsureDataIntegrity: RPC_C_AUTHN_LEVEL_PKT_INTEGRITY (5). For KB5004442—Manage changes for Windows DCOM Server Security Feature Bypass (CVE-2021-26414).
QuickOPC versions up to 2021.3
The information only applies to NativeClient implementation. The NetApiClient implementation uses different settings, and they cannot be changed by the parameters described here.
COM and proxy initialization: CoInitializeSecurity is not called
- Without UseCustomSecurity: CoSetProxyBlanket is not called.
- With UseCustomSecurity (the default): CoSetProxyBlanket is called.
CoInitializeSecurity parameters:
- Without TurnOffCallSecurity (the default): dwAuthnLevel = Common authentication level (see below); dwImpLevel = RPC_C_IMP_LEVEL_IMPERSONATE (3); pSecDesc = CSecurityDescriptor::InitializeFromThreadToken()>
- With TurnOffCallSecurity: dwAuthnLevel = RPC_C_AUTHN_LEVEL_NONE (1); dwImpLevel = RPC_C_IMP_LEVEL_IMPERSONATE (3); pSecDesc = NULL
CoSetProxyBlanket parameters: dwAuthnLevel and dwImpLevel are the same as those used with CoInitializeSecurity.
COAUTHINFO* pAuthInfo in COSERVERINFO* passed to CoCreateInstanceEx (when machine name is not empty):
- Without TurnOffActivationSecurity (the default): dwAuthnSvc = RPC_C_AUTHN_NONE; dwAuthzSvc = RPC_C_AUTHZ_NONE; pwszServerPrincName = NULL; dwAuthnLevel = RPC_C_AUTHN_LEVEL_NONE; dwImpersonationLevel = RPC_C_IMP_LEVEL_IMPERSONATE; pAuthIdentityData = NULL; dwCapabilities = EOAC_NONE;
- With TurnOffActivationSecurity: NULL
Common authentication level: Always RPC_C_AUTHN_LEVEL_CONNECT (2).