IWbemServices :: Release()时的Audit Failure事件

时间:2015-02-25 12:41:08

标签: events wmi release audit

我有这个WMI客户端的代码。它连接良好,工作正常。但... 

const wchar_t server[] = L"MyServer";
const wchar_t login[] = L"User";
const wchar_t password[] = L"Password";
const wchar_t domain[] = L"";

HRESULT hr = NULL;

// COM
hr = CoInitializeEx(0, COINIT_MULTITHREADED);
if (FAILED(hr))
{
    cout << "Failed to initialize COM library. "
        << "Error code = 0x"
        << hex << hr << endl;
    return;
}

// Security
SEC_WINNT_AUTH_IDENTITY_W authIdentity;
SecureZeroMemory(&authIdentity, sizeof(authIdentity));
authIdentity.User = (USHORT*)login;
authIdentity.UserLength = wcslen(login);
authIdentity.Password = (USHORT*)password;
authIdentity.PasswordLength = wcslen(password);
authIdentity.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;

SOLE_AUTHENTICATION_INFO authninfo[1];
SecureZeroMemory(authninfo, sizeof(SOLE_AUTHENTICATION_INFO));

// NTLM Settings
authninfo[0].dwAuthnSvc = RPC_C_AUTHN_WINNT;
authninfo[0].dwAuthzSvc = RPC_C_AUTHZ_NONE;
authninfo[0].pAuthInfo = &authIdentity;

SOLE_AUTHENTICATION_LIST authentlist;
authentlist.cAuthInfo = sizeof(authninfo) / sizeof(SOLE_AUTHENTICATION_INFO);
authentlist.aAuthInfo = authninfo;

hr = CoInitializeSecurity(
    NULL,
    -1,
    NULL,
    NULL,
    RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
    RPC_C_IMP_LEVEL_IMPERSONATE,
    &authentlist,
    EOAC_NONE, 
    NULL);

if (FAILED(hr))
{
    cout << "Failed to initialize security. Error code = 0x"
        << hex << hr << endl;
    CoUninitialize();
    return;
}

// Locator
IWbemLocator *locator = NULL;
hr = CoCreateInstance(
    CLSID_WbemLocator,
    0,
    CLSCTX_INPROC_SERVER,
    IID_IWbemLocator, (LPVOID *)&locator);

if (FAILED(hr))
{
    cout << "Failed to create IWbemLocator object. "
        << "Error code = 0x"
        << hex << hr << endl;
    CoUninitialize();
    return;
}

// Service
std::wstring networkResource = L"\\\\" + std::wstring(server) + L"\\root\\cimv2";
IWbemServices* service;
hr = locator->ConnectServer(
    _bstr_t(networkResource.c_str()),
    _bstr_t(login),
    _bstr_t(password),
    _bstr_t(L"MS_409"),
    WBEM_FLAG_CONNECT_USE_MAX_WAIT,
    _bstr_t(domain),
    NULL,
    &service);

if (FAILED(hr))
{
    cout << "Could not connect. Error code = 0x"
        << hex << hr << endl;
    locator->Release();
    CoUninitialize();
    return;
}

hr = CoSetProxyBlanket(
    service, 
    RPC_C_AUTHN_WINNT,
    RPC_C_AUTHZ_NONE,
    COLE_DEFAULT_PRINCIPAL,
    RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
    RPC_C_IMP_LEVEL_IMPERSONATE,
    reinterpret_cast<RPC_AUTH_IDENTITY_HANDLE>(&authIdentity),
    EOAC_NONE
    );

if (FAILED(hr))
{
    cout << "Could not set proxy blanket. Error code = 0x"
        << hex << hr << endl;
    service->Release();
    locator->Release();
    CoUninitialize();
    return;
}


// Do something...

断开连接时出现问题:on service-&gt; Release()调用目标计算机上的安全事件日志中发生的2 Audit Failure事件。它看起来像尝试登录但使用本地帐户,而不是远程。 

service->Release();
locator->Release();

CoUninitialize();

Here是错误的描述(0xC0000064)

如何解决这个问题以及原因是什么?我花了很多时间却不知道...... 提前谢谢!

1 个答案:

答案 0 :(得分:0)

我通过MSDN上的评论找到了答案: Comments of CoSetProxyBlanket function description

这是完整的描述: Setting Security on a Remote IUnknown Interface

您必须从IWbemServices实例创建IUnknown接口并为其设置安全性:

IUnknown* pUnk = NULL;
service->QueryInterface(IID_IUnknown, (void**) &pUnk);

hr = CoSetProxyBlanket(
        pUnk, 
        RPC_C_AUTHN_WINNT, 
        RPC_C_AUTHZ_NONE, 
        COLE_DEFAULT_PRINCIPAL, 
        RPC_C_AUTHN_LEVEL_PKT_PRIVACY, 
        RPC_C_IMP_LEVEL_IMPERSONATE, 
        reinterpret_cast<RPC_AUTH_IDENTITY_HANDLE>(&authIdentity),
        EOAC_NONE
        );

if (FAILED(hr))
{
    cout << "Count not set proxy blanket. Error code = 0x"
        << hex << hr << endl;
    pUnk->Release();
    service->Release();
    locator->Release();
    CoUninitialize();
    return;
}

// Now you can do what you want...
相关问题
最新问题