EOLE_AUTHENTICATION_CAPABILITIES Enumeration |
Specifies various capabilities when initializing COM security.
Namespace:
ShellBoost.Core.Utilities
Assembly:
ShellBoost.Core (in ShellBoost.Core.dll) Version: 1.8.3.0
Syntax [FlagsAttribute]
public enum EOLE_AUTHENTICATION_CAPABILITIES
Members
| Member name | Value | Description |
---|
| EOAC_NONE | 0 |
Indicates that no capability flags are set.
|
| EOAC_MUTUAL_AUTH | 1 |
If this flag is specified, it will be ignored.
Support for mutual authentication is automatically provided by some authentication services.
|
| EOAC_STATIC_CLOAKING | 32 |
Sets static cloaking. When this flag is set, DCOM uses the thread token (if present) when determining the client's identity.
|
| EOAC_DYNAMIC_CLOAKING | 64 |
Sets dynamic cloaking. When this flag is set, DCOM uses the thread token (if present) when determining the client's identity.
|
| EOAC_ANY_AUTHORITY | 128 |
This flag is obsolete.
|
| EOAC_MAKE_FULLSIC | 256 |
Causes DCOM to send Schannel server principal names in fullsic format to clients as part of the default security negotiation. The name is extracted from the server certificate.
|
| EOAC_DEFAULT | 2048 |
Tells DCOM to use the valid capabilities from the call to CoInitializeSecurity. If CoInitializeSecurity was not called, EOAC_NONE will be used for the capabilities flag.
|
| EOAC_SECURE_REFS | 2 |
Authenticates distributed reference count calls to prevent malicious users from releasing objects that are still being used.
If this flag is set, which can be done only in a call to CoInitializeSecurity by the client, the authentication level (in dwAuthnLevel) cannot be set to none.
|
| EOAC_ACCESS_CONTROL | 4 |
Indicates that the pSecDesc parameter to CoInitializeSecurity is a pointer to an IAccessControl interface on an access control object.
When DCOM makes security checks, it calls IAccessControl::IsAccessAllowed. This flag is set only by the server.
|
| EOAC_APPID | 8 |
Indicates that the pSecDesc parameter to CoInitializeSecurity is a pointer to a GUID that is an AppID. The CoInitializeSecurity function looks up the AppID in the registry and reads the security settings from there. If this flag is set, all other parameters to CoInitializeSecurity are ignored and must be zero. Only the server can set this flag.
|
| EOAC_DYNAMIC | 16 |
Reserved.
|
| EOAC_REQUIRE_FULLSIC | 512 |
Causes DCOM to fail CoSetProxyBlanket calls where an Schannel principal name is specified in any format other than fullsic. This flag is currently for clients only.
|
| EOAC_AUTO_IMPERSONATE | 1024 |
Reserved.
|
| EOAC_DISABLE_AAA | 4096 |
Causes any activation where a server process would be launched under the caller's identity (activate-as-activator) to fail with E_ACCESSDENIED.
This value, which can be specified only in a call to CoInitializeSecurity by the client, allows an application that runs under a privileged account (such as LocalSystem) to help prevent its identity from being used to launch untrusted components.
|
| EOAC_NO_CUSTOM_MARSHAL | 8192 |
Specifying this flag helps protect server security when using DCOM or COM+.
It reduces the chances of executing arbitrary DLLs because it allows the marshaling of only CLSIDs that are implemented in Ole32.dll, ComAdmin.dll, ComSvcs.dll, or Es.dll, or that implement the CATID_MARSHALER category ID.
Any service that is critical to system operation should set this flag.
|
| EOAC_RESERVED1 | 16384 |
Reserved.
|
See Also