WMI--Windows API--CoInitializeSecurity

原文来自MSDN Library for Visual Studio 2008 SP1，翻译部分仅为个人观点，想要看更多信息请看MSDN，如有版权问题请联系QQ 643166601，邮件643166601@qq.com

 

COM
CoInitializeSecurity
See Also  
Registers security and sets the default security values for the process.
进程的注册安全并且设置默认安全值。
This function is called exactly once per process, either explicitly or implicitly.
这个函数被每个进程精确地的调用一次，不是显式的就是隐式的

It can be called by the client, server, or both.
它可以由客户端，服务端，或都调用
For legacy applications and other applications that do not explicitly call CoInitializeSecurity, COM calls this function implicitly with values from the registry.
对于遗留应用程序和其它应用程序不是显示调用CoInitializeSecurity，COM隐式调用这个函数从注册表中。
If you set processwide security using the registry and then call CoInitializeSecurity, the AppID registry values will be ignored and the CoInitializeSecurity values will be used.
如果你设置进程范围安全使用注册表然后调用CoInitializeSecurity，这个AppID注册表值将被忽略并且CoInitializeSecurity将被使用。
  Copy Code
HRESULT CoInitializeSecurity(
  PSECURITY_DESCRIPTOR pVoid,
  LONG cAuthSvc,
  SOLE_AUTHENTICATION_SERVICE * asAuthSvc,
  void * pReserved1,
  DWORD dwAuthnLevel,
  DWORD dwImpLevel,
  SOLE_AUTHENTICATION_LIST * pAuthList,
  DWORD dwCapabilities,
  void * pReserved3
);
 

Parameters
pVoid

[in] Defines the access permissions that a server will use to receive calls.
[in] 定义访问权限，一个服务器将使用去接收调用。
This parameter is used by COM only when a server calls CoInitializeSecurity.
只有当服务器调用CoInitializeSecurity时这个参数才被COM使用。
Its value can be NULL or a pointer to one of three types: an AppID, an IAccessControl object, or a Win32 SECURITY_DESCRIPTOR.
它的值可以是NULL或一个指向三种类型之一：AppID，IAccessControl对象或Win32 SECURITY_DESCRIPTOR。
See the Remarks section for more information.
更多信息请看备注部分。
Remarks
cAuthSvc

[in] Count of entries in asAuthSvc.
在asAuthSvc中的数量。
This parameter is used by COM only when a server calls CoInitializeSecurity.
只有当服务器调用CoInitializeSecurity这个参数将被COM调用。
If this parameter is 0, no authentication services will be registered and the server cannot receive secure calls.
如果这个参数是0，没有身份验证服务将被注册和服务器不能接收安全掉用。
A value of -1 tells COM to choose which authentication services to register, and if this is the case, the asAuthSvc parameter must be NULL.
值-1告诉COM去选择哪一个身份验证服务去注册，如果是这样，这个asAuthSvc参数必须是NULL。
However, SChannel will never be chosen as an authentication service if this parameter is -1.
然而，如果参数是-1，则SChannel(安全通道)将永远不会选择身份验证服务。
asAuthSvc

[in] Array of authentication services that a server is willing to use to receive a call.
[in] 身份验证服务数组是服务器将被使用去接收一个调用。
This parameter is used by COM only when a server calls CoInitializeSecurity.
只有当服务器调用CoInitializeSecurity这个参数将被COM调用。
For more information, see SOLE_AUTHENTICATION_SERVICE.
更多信息，请看SOLE_AUTHENTICATION_SERVICE。
pReserved1

[in] Reserved for future use; this value must be NULL.
[in] 将来使用被保留；这个值必须是NULL。
dwAuthnLevel

[in] The default authentication level for the process.
[in] 这个进程的默认身份验证等级。
Both servers and clients use this parameter when they call CoInitializeSecurity.
服务器和客户端当他们都调用CoInitializeSecurity使用这个参数。
COM will fail calls that arrive with a lower authentication level.
COM将在到低级别的身份验证时调用失败。
By default, all proxies will use at least this authentication level.
默认情况下，所有代理将使用至少这个身份验证等级。
This value should contain one of the flags from the RPC_C_AUTHN_LEVEL_xxx enumeration.
这个值将包含一个来自RPC_C_AUTHN_LEVEL_xxx枚举的flags。
By default, all calls to IUnknown are made at this level.
默认情况下，所有调用去IUnknown这个级别。
dwImpLevel

[in] The default impersonation level for proxies.
[in] 这个默认实现代理级别。
The value of this parameter is used only when the process is a client.
只有当进程是一个客户端时这个参数的值将被使用。
It should be a value from the RPC_C_IMP_LEVEL_xxx enumeration.
它将是一个来自RPC_C_IMP_LEVEL_xxx枚举的值。
Outgoing calls from the client always use the impersonation level as specified. (It is not negotiated.)
从客户端总是对人友好的调用使用指定的模拟级别。(它不是被协商的)
Incoming calls to the client can be at any impersonation level.
进来调用的客户端可以在任何模拟级别。
By default, all IUnknown calls are made with this impersonation level, so even security-aware applications should set this level carefully.
默认情况下，所有IUnknown调用是使用这个模拟级别的，因此安全意识应用程序应该仔细设置这个级别。
To determine which impersonation levels each authentication service supports, see the description of the authentication services in COM and Security Packages.
去决定哪一个模拟级别每个身份认证服务支持，请看身份验证服务在COM and Security Packages中。
For more information about impersonation levels, see Impersonation.
更多关于模拟级别，请看Impersonation。
Note: 
Except for RPC_C_AUTHN_LEVEL_DEFAULT, all other default security constants (such as RPC_C_IMP_LEVEL_DEFAULT) are invalid for use as CoInitializeSecurity parameters.
除了RPC_C_AUTHN_LEVEL_DEFAULT，所有其它默认安全常量(像RPC_C_IMP_LEVEL_DEFAULT)是作为CoInitializeSecurity的参数是无效的。
These other default constants are defined as placeholders for proxy blanket negotiated settings.
这些其它的默认常量被定义作为代理接口协商设置的占位符。

pAuthList

[in] This value must be NULL on Windows NT 4. On Windows 2000, this parameter is a pointer to a SOLE_AUTHENTICATION_LIST, which is an array of SOLE_AUTHENTICATION_INFO structures.
[in] 在Windows NT 4. On Windows 2000上这个参数必须是NULL，这个参数是指向一个SOLE_AUTHENTICATION_LIST，它是一个SOLE_AUTHENTICATION_INFO结构体数组。
This list indicates the information for each authentication service that a client can use to call a server.
这个list指示每个身份验证服务，它是客户端可以使用去调用服务端。
This parameter is used by COM only when a client calls CoInitializeSecurity.
只有当客户端调用CoInitializeSecurity这个参数时将被COM使用。
For more information, see SOLE_AUTHENTICATION_INFO.
更多信息，请看SOLE_AUTHENTICATION_INFO。
dwCapabilities

[in] Additional capabilities of the client or server, specified by setting one or more EOLE_AUTHENTICATION_CAPABILITIES flags.
[in]附加功能的客户端或服务端，通过设置指定一个或多个EOLE_AUTHENTICATION_CAPABILITIES flags。
Some of these flags cannot be set simultaneously, and some cannot be set when particular authentication services are being used.
这些flag同时地不能设置，当特别的身份验证服务正在使用时，一些不能被设置。
For more information about these flags, see the EOLE_AUTHENTICATION_CAPABILITIES enumeration and the Remarks section.
更多信息关于这些flags，请看EOLE_AUTHENTICATION_CAPABILITIES枚举和备注部分。
pReserved3

[in] Reserved for future use; it must be set to NULL.
[in] 将来使用被保留；它必须是NULL。
Return Values
This function supports the standard return value E_INVALIDARG, as well as the following:
除了以下的，这个函数支持标准的返回值是E_INVALIDARG。
S_OK

Indicates success.
指示成功。
RPC_E_TOO_LATE

CoInitializeSecurity has already been called.
CoInitializeSecurity已经被调用过了。
RPC_E_NO_GOOD_SECURITY_PACKAGES

asAuthSvc was not NULL, and none of the authentication services in the list could be registered.
asAuthSvc 不是NULL,并且在list中没有身份验证服务可以注册。
Check the results saved in asAuthSvc for authentication service–specific error codes.
检查这个结果asAuthSvc中保存的身份验证服务指定错误代码。
E_OUT_OF_MEMORY

Out of memory.
内存不足。
Remarks
The CoInitializeSecurity function initializes the security layer and sets the specified values as the security default.
这个CoInitializeSecurity函数初始化安全层和设置指定的值作为安全默认值。
If a process does not call CoInitializeSecurity, COM calls it automatically the first time an interface is marshaled or unmarshaled, registering the system default security.
如果一个进程没有调用CoInitializeSecurity，COM自动地调用它在第一次接口编组或解组，注册系统默认安全性。
No default security packages are registered until then.
到那时没有默认的安全包被注册。
CoInitializeSecurity can be used to override both machine-wide access permissions and application-specific access permissions, but not to override the machine-wide restriction policy.
CoInitializeSecurity可以覆写使用在机器范围访问权限和应用程序指定访问权限，但是不能覆写机器范围限制策略。
If pVoid points to an AppID, the EOAC_APPID flag must be set in dwCapabilities and, when the EOAC_APPID flag is set, all other parameters to CoInitializeSecurity are ignored.
如果pVoid指向一个AppID，这个dwCapabilities必须设置为EOAC_APPID flag并且当EOAC_APPID flag设置时CoInitializeSecurity所有其他参数将被忽略。
CoInitializeSecurity looks for the authentication level under the AppID key in the registry and uses it to determine the default security.
CoInitializeSecurity在注册表中AppID项下寻找身份验证等级并且使用它确定默认的安全。
Before Windows NT 4 SP 4, CoInitializeSecurity returned an error if it did not find the specified AppID in the registry.
在Windows NT 4 SP 4之前，CoInitializeSecurity如果在注册表中没有找到指定的AppID返回一个错误。
For more information about how the AppID key is used to set security, see Setting Processwide Security Through the Registry.
更多信息关于如何使用AppID去设置安全，请看Setting Processwide Security Through the Registry。
If pVoid is a pointer to an IAccessControl object, the EOAC_ACCESS_CONTROL flag must be set and dwAuthnLevel cannot be none.
如果pVoid指向一个IAccessControl对象，必须设置EOAC_ACCESS_CONTROL flag并且dwAuthnLevel不能为没有。
The IAccessControl object is used to determine who can call the process.
使用这个IAccessControl对象决等谁能调用这个进程。
DCOM will AddRef the IAccessControl and will Release it when CoUninitialize is called.
当调用CoUninitialize时，DCOM将AddRef的IAccessControl并且Release它。
The state of the IAccessControl object should not be changed.
IAccessControl对象的状态应该不能改变。
If pVoid is a pointer to a Win32 SECURITY_DESCRIPTOR, neither the EOAC_APPID nor the EOAC_ACCESS_CONTROL flag can be set in dwCapabilities.
如果pVoid是指向一个Win32 SECURITY_DESCRIPTOR，既不是EOAC_APPID也不是EOAC_ACCESS_CONTROL flag可以在dwCapabilities中设置。
The owner and group of the SECURITY_DESCRIPTOR must be set, and until DCOM supports auditing, the system ACL must be NULL.
这个SECURITY_DESCRIPTOR的所有者和组必须设置，并且直到DCOM支持审计时系统的ACL必须是NULL。
The access-control entries (ACEs) in the discretionary ACL (DACL) of the SECURITY_DESCRIPTOR are used to find out which callers are permitted to connect to the process's objects.
在使用SECURITY_DESCRIPTOR的任意ACL(DACL)中访问控制入口(ACEs)中找出允许调用者连接到的进程对象。
A DACL with no ACEs allows no access, while a NULL DACL will allow calls from anyone.
一个DACL没有ACEs允许不能访问，然而一个空的DACL将允许任何人访问。
For more information on ACLs and ACEs, see Access Control Model.
ACL和ACEs更多信息，请看Access Control Model
Applications should call AccessCheck (not IsValidSecurityDescriptor) to ensure that their SECURITY_DESCRIPTOR is correctly formed prior to calling CoInitializeSecurity.
应用程序应该调用AccessCheck(不是IsValidSecurityDescriptor)去确保他们的SECURITY_DESCRIPTOR是正确格式在调用CoInitializeSecurity之前。
Note: 
The SECURITY_DESCRIPTOR must be in absolute format.
这个SECURITY_DESCRIPTOR必须是绝对的格式。

If pVoid is NULL, the flags in dwCapabilities determine how CoInitializeSecurity defines the access permissions that a server will use, as follows:
如果pVoid是NULL，在dwCapabilities中的flags决定如何CoInitializeSecurity定义访问权限，将使用服务器作为以下：
If the EOAC_APPID flag is set, CoInitializeSecurity will look up the application's .exe name in the registry and use the AppID stored there.
如果设置EOAC_APPID flag，CoInitializeSecurity将在注册表中查找应用程序.exe并且使用那里存储的AppID。
If the EOAC_ACCESS_CONTROL flag is set, CoInitializeSecurity will return an error.
如果设置EOAC_ACCESS_CONTROL flag ，CoInitializeSecurity将返回一个错误。
If neither the EOAC_APPID flag nor the EOAC_ACCESS_CONTROL flag is set, CoInitializeSecurity will construct a SECURITY_DESCRIPTOR that allows calls from anyone.
如果即没有设置EOAC_APPID flag也没有设置EOAC_ACCESS_CONTROL flag，CoInitializeSecurity将构造一个SECURITY_DESCRIPTOR运行任何人调用。
The CoInitializeSecurity function returns an error if both the EOAC_APPID and EOAC_ACCESS_CONTROL flags are set in dwCapabilities.
如果EOAC_APPID和EOAC_ACCESS_CONTROL flags都在dwCapabilities中设置，这个CoInitializeSecurity函数返回一个错误。
Requirements
For an explanation of the requirement values, see Requirements (COM).

Windows NT/2000/XP: Requires Windows NT 4.0 or later.

Windows 95/98: Requires Windows 95 or later. Available as a redistributable for Windows 95.

Header: Declared in objbase.h.

Library: Use ole32.lib.

See Also
Reference
CoSetProxyBlanket

Concepts
Security in COM
Setting Processwide Security with CoInitializeSecurity
LaunchPermission
AccessPermission

Send comments about this topic to Microsoft.