ThunderClap, Vol. 2, No. 3: COM+ Security Call Context

Thunderclap, the Newsletter of Rolling Thunder Computing

Volume 2, Number 3 Spring 2000

In this issue:
About Thunderclap
Subscription Information
Feature Article: Call Context Makes Detailed Security Information Available to COM+ Apps
New Book: The Essence of COM, Third Edition
Blatant Self Promotion: New Training Class in XML 
New Feature: The Internet Chuckle

Contest with Prizes: A Geek's Appreciation of Rudyard Kipling, and Geeky Limericks 
Results of Last Contest: CCT's (Clever Compound TLA's)


About Thunderclap

This is the sixth issue of my (more or less) quarterly newsletters. Each will bring you a technical article on COM or COM+ development, which I hope you will find useful. Each will also bring you a contest, allowing you to show off your intelligence and creativity to win prizes, which I hope you will find funny (although some readers have reported the reverse.) In between you will find my own blatant self promotional material, telling you about the latest ways I've come up with to separate you from your money. (I could have said "carefully selected products and services that we feel might interest you", or other mealy-mouthed horsepuckey. You want the truth or you want me to waste my time and yours dressing it up?)

I'd like to hear what you think about this newsletter and what types of articles you'd like to see in the future. Would you prefer technical programming articles, such as the one in this current issue? Future topics on this track might be, "What the Heck Is the Free-Threaded Marshaler, Anyway?" or "Our Friend, the Causality ID". Or would you prefer higher-level conceptual articles, like "With All the Fuss About COM+, What's In It For Me Today?" Send your e-mail comments to newsletter@rollthunder.com.

This newsletter may be freely redistributed, provided that it is sent in its entirety. If you enjoyed it, can I ask you to please forward it to a friend who might also enjoy it? The subscription roll has grown to over 1500 for this issue.


Subscription Information

Thunderclap is free, and is distributed via e-mail only. We never rent, sell or give away our mailing list. Subscription and unsubscription are handled by a human operator reading e-mail messages. To subscribe or unsubscribe, jump to the Rolling Thunder Web site and fill in the subscription form.


Feature Article: Call Context Makes Detailed Security Information Available to COM+ Apps

(This article assumes a conceptual familiarity with COM+)

The declarative role-based security of COM+ is very cool. Just click a button  in the administrative tool, and hey, presto, doctors can create this object or call this method, and nurses can't. Programmatic security is fairly easy as well; simply call the method IObjectContext::IsCallerInRole( ), and it's very easy to write an app that allows doctors to prescribe morphine but nurses only to prescribe aspirin. Many programmers have no need to go any deeper. But if you do, COM+ provides much, MUCH more security information than this, in a manner that is much, MUCH easier to access than classic DCOM.

This is one of the reasons that I say the COM+ is a mature feature of the operating system. It's well known that it takes Microsoft three versions to get anything right (Windows itself is the classic example), and COM+ is version 3 of MTS. Cynicism (temporarily) aside, you can tell when a feature is ready for prime time when it makes simple things simple and complex things possible. Some developers never get the first part right (Unix). Some get it right, then throw it away (AT&T directory assistance, Front Page 2000). MTS started by making simple things simple, and now COM+ additionally enables complex security operations that never were possible before. And they are even relatively simple to do. 

In my book Understanding COM+, I wrote of an object's context as if it were monolithic and unchanging throughout an object's lifetime. Parts of it are, but other parts are not. The properties that don't change are generally called "object context", for lack of a more specific term. You might consider this a MINFU, the same term refers to the entire set of properties and also the subset that doesn't change. Examples of object context properties are an object's transaction and activity.  An object's total context (see what I mean? MINFU.)  also has other properties that can change from one call to the next, for example, the identity of the caller. These changeable properties are known as the "call context", which term makes a lot of sense, for once. The original IObjectContext interface confuses the issue by lumping per-object information, such as transaction, with per-call information, such as caller ID. 

COM+ provides an astounding amount of detailed security information for the use of apps that care about it. Since security information can vary from one call to another, it is part of the call context. You can obtain the call context via the API function CoGetCallContext( ).  VB programmers have a function called GetSecurityCallContext( ). These functions return the  ISecurityCallContext interface, which is automation compatible. It contains these methods:

get_Count 

Retrieves the number of properties in the security context collection.

get_Item 

Retrieves a specified property in the security call context collection.

Get__NewEnum 

Retrieves an iterator for the security call context collection.

IsCallerInRole 

Determines whether the direct caller is in the specified role.

IsSecurityEnabled 

Determines whether security is enabled for the object.

IsUserInRole 

Determines whether the specified user is in the specified role.

Obtaining and using this interface is quite easy, thus:

ISecurityCallContext *pCallCtx ;
CoGetCallContext (IID_ISecurityCallContext, (void **) &pCallCtx) ;

/*
Check to see if security is enabled or not.
*/

    VARIANT_BOOL bIsSecurityEnabled ;
    pCallCtx->IsSecurityEnabled (&bIsSecurityEnabled) ;

The interface contains not only the methods listed in the previous table, but also a collection of properties accessed through the get_Item( ) method. These properties are:  

NumCallers  The number of callers in the chain of calls from the base client down to the object.
MinAuthenticationLevel  The least secure authentication level of all callers in the chain.
Callers  Information about the identity of "upstream" callers, in the form of a SecurityCallers collection, described later in this article..
DirectCaller  The caller that called the object directly (with no intervening callers).
OriginalCaller  The caller who originated the chain of calls to the object. 

Accessing them is likewise easy. Thus:

/*
Check the security call context properties.
*/

    _variant_t numCallers ;
    pCallCtx->get_Item (_bstr_t ("NumCallers"), &numCallers ) ;

 

One of the most interesting things about the security information available through the call context is the ability to examine the identity of all the callers in the chain from base client to your object. For example, you can vary easily find out that George called Mary called Lee called Bob called your object, and decide to take action based on the identity of anyone in the chain. You get the callers collection by getting the item named "Callers" from the security call context object. That comes in the form of an IUnknown, which you must query for the ISecurityCallersCollection interface. This is a collection like any other, with no special methods or properties. In this example, I get the collection's count, the number of callers in the chain. Thus:

/*
Get the callers collection, which will allow us to examine everyone in the chain.
*/

   
_variant_t Callers ;
   pCallCtx->get_Item (_bstr_t("Callers"), &Callers) ;

   ISecurityCallersColl *pCallersColl ;
   ((IUnknown *) Callers)->QueryInterface (IID_ISecurityCallersColl, 
   
     (void **)&pCallersColl) ;

  
   pCallersColl->get_Count (&CallersCount) ;

 

What makes the collection interesting is the fact that each item in it is a SecurityIdentity object, a COM object that supports the ISecurityIdentityCollection interface. This is another one of these automation compatible interfaces, whose interesting information is stored in the form of properties. The properties of this interface are:

SID 

The security identifier for the caller.

AccountName 

The account name of the caller.

AuthenticationService 

The authentication service used, such as NTLMSSP, Kerberos, or SSL.

AuthenticationLevel 

The authentication level used, which represents the amount of protection used when communicating with the object.

ImpersonationLevel 

The level of impersonation set by the client, if impersonation was used. This level indicates the amount of authority given to the server by the client. 

In the following example, I loop through all the callers in the chain, getting the account name for each:

for (l = 0 ; l < CallersCount ; l++)
{

/*
For each caller in the chain, get the account name.
*/

   
ISecurityIdentityColl *pSecIdentColl ;
   pCallersColl->get_Item (l, &pSecIdentColl) ;

    _variant_t ThisAccountName ;
   pSecIdentColl->get_Item (_bstr_t ("AccountName"), &ThisAccountName) ;

}

You can feed the AccountName to the method ISecurityCallContext::IsUserInRole( ) to find out if any of the intervening callers belonged (or didn't belong) to the role that you wanted (or didn't want).  Or you can use the SID of anyone in the call chain that you care about if you want to do any really hairy NT security stuff, .  

I wrote a sample program that demonstrates some of these security features on the call context. You can download the sample code by clicking here. When you unpack it, you will find an installer program called "Install.MSI". Running this sample program should perform the COM+ application setup necessary for running the demo. I haven't had very good luck with the installer program, and its terrible error reporting has kept me from debugging it so far. If it doesn't work for you, simply use the Component Services snap-in to create a new COM+ server application, and install the component called "SecurityCallContextDll.Dll".  Add a few roles, as shown below. 

 

The run the client program "Project1.exe". It creates an object of the demo class and calls a method on it. The method simply examines the security call context information and returns it in the form of a string. It obtains information about the available roles by reading the COM+ catalog. The client app the displays the string in a message box.  When you first set it up, this should look something like this:

Note that, since security is not enabled, that any type of role membership checking returns TRUE. If you want to see how it works when role checking is enabled, check the "Enforce Access Checks for this Application" box on the "Security" tab of this application's property sheet. You will then need to set the security properties of the component to allow access to a role that includes your base client, thus:

When you do that, your message box should look something like this: 

Enjoy playing with your new security demo program. Give me a call if I can help you out. And as Red Green  would say, until next time, "Keep your stick on the ice."


New Book: The Essence of COM, Third Edition

by David S. Platt, President of Rolling Thunder Computing

Prentice Hall; ISBN: 0130165816

I've updated  my basic COM book and released a new edition, which should be on shelves by mid-May, available at your favorite geek book source. It reflects the way my understanding of COM has changed since I wrote the first edition five years ago (an eternity in computer terms).   The new edition contains two sections. The first deals with the bare guts of COM. The second shows how various development environments (VC, ATL, VB, and VJ) provide higher levels of abstraction that make COM code easier to write.  I've removed all the material dealing with the MFC, that platform being dead for COM development. The table of contents is:

1. Introduction, COM Object Clients

8. Persistent Objects

2. COM Object Servers

9. Monikers

3. Custom VTBL Interfaces

10. Asynchronous COM in Windows 2000

4. Automation and the IDispatch Interface

11. COM Support in Visual C++

5. Type Libraries

12. Active Template Library (ATL)

6. Threading

13. COM Support in Visual Basic

7. DCOM

14. COM Support in Visual Java

Blatant Self Promotion

New In-House Training Class on XML

You've probably been hearing an enormous amount of hype these days about XML. It sounds like a great idea, and it is indeed a beautiful solution to certain classes of problems.  I developed a training class on it in response to client demand, and I've booked it five times since February just by word of mouth. This three- or four-day training class covers the guts of XML, such as well-formed documents, validating documents with DTDs or schemas, programming XML using DOM and SAX, and transforming XML with XSL stylesheets. We look at the portions of XML that don't quite exist today (XLink and XPtr, XQL, and to some extent schemas) and discuss how we'd like to use them. Most important, we talk about how to use XML in real-life applications: the advantages and drawbacks, the places where it fits well, and the places where you'd be trying to bang a square peg into a round hole. Get your reservation in quickly, because this one looks hot. You can read all about the new XML class on Rolling Thunder Computing's web site, http://www.rollthunder.com.

In-House Training Class on COM+

Rolling Thunder Computing is pleased to announce its new in-house training class on COM+. This three or four day training class will cover all portions of COM+, including that catalog, security, synchronization and threading, transactions, queued components, events, in-memory database, and load balancing. You can read all about it on Rolling Thunder Computing's web site, http://www.rollthunder.com.

Never Mind Your Taxes! Public One-Day Class on COM+ in Silicon Valley on April 15

I'll be presenting a one-day class on COM+ on April 15, sponsored by the South Bay chapter of the ACM. It starts at 8:00 AM on April 15, at the Daly Science Center in Santa Clara University, Santa Clara CA. Full syllabus and registration information is at http://www.sfbayacm.org/pds.html


The Internet Chuckle

Everyone needs a good laugh, right?  We can't always depend on politicians to provide it, especially now that Bill Clinton's a lame duck and both major political parties have nominated the most boring candidates since Dukakis and Bush Senior. (Where's Dan Quayle when we need him to make fun of? Although Jackie Mason says that Hillary Clinton's Senate run is a joke that not even he can top.) In an effort to make more readers say, "Great, a new ThunderClap," I've added this new section, which will feature a link to an Internet site that tickled my warped sense of humor within the last quarter. 

This section will often refer to commercial vendors of products or services. Rolling Thunder Computing receives no benefit from these vendors in any way, shape, form, or manner; and would decline any if offered. The sole criterion for mention in this section is that I laughed at it, and that I think people as sick as I am would do so as well. If you know a good one, send me the URL at chuckle@rollthunder.com. If I use it, I'll send you a Rolling Thunder Computing coffee mug, which makes an excellent specimen container when your company implements mandatory drug testing. 

This month features Demotivators, at www.despair.com. You know all of those stupid motivational posters that you see on the wall at many companies? Like "Teamwork", "Perserverance", and "Sacrifice"? Does management really think that they inspire you and me to greater efforts on their behalf? That if they spend enough money on those, they don't need strategic planning, or stock options, or even more RAM in everyone's PC? Anyone who'd believe that probably believes in the Easter Bunny, or professional wrestling, or that you can write Java code once and run it anywhere. Demotivators are a line of posters that lampoons that idiot attitude. I've put one of my favorites below. Click on the poster to see the whole collection of them. 


New Contest with Prizes: Geeky Limericks

Most of modern poetry leaves me cold. Most of it is to me indistinguishable from  pompous, self-important prose, usually with a left-wing political bent, strewn with random carriage returns. It has no rhyme, no rhythm, just an author (usually with a private income, or he'd starve to death) who suffers from the fatal delusion that he or she has Something Important To Say. Maybe it's just my feeble mind that doesn't want to make the effort involved to parse the intentional dislocations. Don't know about you, but I've got other things to do with my brain cycles, such as they are. 

On the other hand, I love older poetry, especially Rudyard Kipling.  He's not politically correct these days (read his poem "The White Man's Burden" if you want to know why. In his defense, I'll say that he was a product of his times, as are we all.), but my grandparents gave me a copy of his Just So Stories, my parents used it to read me to sleep, and it was one of the first books I learned to read myself.  I later graduated to his poetry, which still sings to me as no one else ever has, before or since.  

What does this have to do with computer geekery, you ask? The incredible acceleration of technological innovation in the last few years brings to my mind Kipling's poem, "McAndrew's Hymn", published in 1894. Most of us think that modern times are different than a hundred years ago, but I'm astounded at how much of McAndrew's feelings resonate with me today. The title character is an old oceangoing Scottish engineer musing on the most brilliant technological accomplishment of his day, the marine steam engine. That was the beginning of the death of distance, a process that you and I, my fellow geeks, will complete ere we rest. You may think of Scotty on Star Trek as the prototypical Scottish engineer, but I think Gene Roddenberry based him on Kipling's McAndrew, who says:

I cannot get my sleep to-night; old bones are hard to please;
I'll stand the middle watch up here-alone wi' God an' these
My engines, after ninety days o' race an' rack an' strain
Through all the seas of all Thy world, slam-bangin' home again. 

Ten years ago, you and I were writing single-user apps like Solitaire and Calculator and Notepad. If they crashed, only one user wanted to kill us, and he wasn't usually too hard to dodge (usually another app would crash and he'd want to kill someone else instead). But now we're writing enterprise apps that manage hospitals, or credit card networks. The consequences of failure are multiplied enormously (think of two 747s ramming each other in midair, as opposed to a single-person ultralight plane crash).  We worry more now, because we have to. McAndrew had the same problem. Speaking of his passengers, he says: 

Maybe they steam from grace to wrath-to sin by folly led,- 
It isna mine to judge their path-their lives are on my head.  
Mine at the last-when all is done it all comes back to me,
The fault that leaves six thousand ton a log upon the sea.

I'm dating myself a little here, but remember your old 4.77 MHz PC XT?  AMD is shipping Gigahertz chips these days, with Intel hot on their heels. McAndrew's technology changed, too, faster than anyone had ever see before, or even imagined: 

Ten pound was all the pressure then - Eh! Eh! - a man wad drive; 
An' here, our workin' gauges give one hunder' fifty-five! 
We're creepin' on wi' each new rig - less weight an' larger power: 
There'll be the loco-boiler next an' thirty mile an hour! 

There's a thrill to development that nothing we've ever experienced can match. That's why we got into this crazy business, and that's why we stay. Read what McAndrew says. For "horsepower", substitute "megaflops", or whatever units you use.  For "first-class passenger," substitute "bone-head manager," or perhaps "VB programmer".  And tell me this is not how you feel when your system goes live:

Oh for a man to weld it then, in one trip-hammer strain, 
Till even first-class passengers could tell the meanin' plain! 
But no one cares except mysel' that serve an' understand 
My seven thousand horse-power here. Eh, Lord! They're grand-they're grand! 

But more than anything else, we geeks yearn for respect and appreciation. Remember the girls in high school? They flocked around the football players, most of whom (not all, Brian) were dumb as rocks. Your straight-A average was uncool (mine would have been if I'd had one), and even your chess championship trophy couldn't compete with a varsity letter. Even though you knew that in the long run, you'd make far more money than the high-school jocks (which, as my father pointed out at the time, is far more attractive to women), it still burned. McAndrew cried aloud for the same thing, only far more eloquently (my emphasis added):

Romance! Those first-class passengers they like it very well, 
Printed an' bound in little books; but why don't poets tell? 
I'm sick of all their quirks an' turns-the loves an' doves they dream- 
Lord, send a man like Robbie Burns to sing the Song o' Steam! 

And with that, I knew I had found the purpose of this section of my newsletter. Lord, send a man like Kipling to celebrate us geeks. To that goal, this portion of my newsletter is respectfully (well, sort of) dedicated. Read all of McAndrew's hymn, and tell me that it doesn't sing to you. 

We'll start with limericks, probably the most popular form of poetry in the world. They have rhyme and rhythm. They're usually funny. For example, the Isaac Asimov awarded first prize in a contest of his to the following one, whose author I can't find to acknowledge:

The bustard's an elegant fowl
With minimal reason to growl
He escapes what would be
Illegitimacy
By the grace of a fortunate vowel

Your entries must be computer-related (throughout, OK? Not just, "There once was a geek from Nantucket...") and original. This isn't a family newsletter, so they don't have to be clean or politically correct. Submitting more than one increases your chances of winning. First prize is $100, second prize $50. Winners will be announced in the next issue of Thunderclap, and the judge's decision (mine) is final. In the event of duplicate or similar entries, the earliest wins. All entries become property of Rolling Thunder Computing.  All authors will be identified by first and last names, but not by company. Authors names will be withheld if you so request. Submit your entries via e-mail to contest@rollthunder.com.

Results of Last Contest: CCT's (Clever Compound TLA's) 

The results of last issue's contest contain good news and bad news. The bad news is that only two guys sent in CCTs. I had a number submit their favorite TLAs, but that doesn't count. The good news is that both of them send in great work. 

First prize, $100, goes to Don Kranz, for 

TLA - TLA LDT ATT 
- TLA 
- - Three 
- - Letter 
- - Acronym 
- LDT 
- - Loosely 
- - Disguising 
- - TLA 
- - - Thirteen 
- - - Letter 
- - - Acronym 
- ATT 
- - As 
- - Three 
- - TLA 
- - - Three 
- - - Letter 
- - - Acronyms 

So the full acronym is "Three Letter Acronym Loosely Disguising Thirteen Letter Acronym As Three Three Letter Acronyms". Don also submitted: 

BAD (BIG ASS DLL) 

- BIG - - Binary - - Implementation - - Gargantuan 
- ASS - - Actually - - Several - - Systems 
- DLL - - Dynamic - - Link - - Library 

Second prize goes to Richard Blundell, for submitting a CCT that is infinitely deep but not recursive, sort of like an irrational number:

SDK,  which stands for SDK Development Kit, some software that helps you build Software Development Kits, but of course, the SDK could be Software or SDK. A frameworks for building SDK Development Kits would also be an SDK, which would be an SDK Development Kit Development Kit, and so forth.

Rich also submitted: 

AAA which stands for AAA AAA AAA
(there are, of course, 25 other simple variants of this one)

While we're on combinatorics, you could also have a saturated infinitely deep TLA along the lines of the following:

ABC which stands for ABC BCD CDE
which stands for ABC BCD CDE BCD CDE DEF CDE DEF EFG
which stands for ... (you get the idea)


Legal Notices

Thunderclap does not accept advertising; nor do we sell, rent, or give away our subscriber list. We will make every effort to keep the names of subscribers private; however, if served with a court order, we will sing like a whole flock of canaries. If this bothers you, don't subscribe.

Source code and binaries supplied via this newsletter are provided "as-is", with no warranty of functionality, reliability or suitability for any purpose.

This newsletter is Copyright © 2000 by Rolling Thunder Computing, Inc., Ipswich MA. It may be freely redistributed provided that it is redistributed in its entirety, and that absolutely no changes are made in any way, including the removal of these legal notices.

Thunderclap is a registered trademark ® of Rolling Thunder Computing, Inc., Ipswich MA. All other trademarks are owned by their respective companies.