Document revision date: 15 July 2002

A COM application can have several registry keys associated with it. You must be sure to change all keys associated with the application. An application usually registers the following keys:

HKEY_CLASSES_ROOT\CLSID\{guid} and subkeys
HKEY_CLASSES_ROOT\APPID\{guid}
HKEY_CLASSES_ROOT\APPID\filename
HKEY_CLASSES_ROOT\TYPELIB\{typelib guid}
HKEY_CLASSES_ROOT\INTERFACES\{interface guid(s)} and subkeys
HKEY_CLASSES_ROOT\name and subkeys
HKEY_CLASSES_ROOT\version independent name and subkeys

COM Version 1.2 for OpenVMS includes an option that allows you to run the software in an unauthenticated environment in which NTLM support is not utilized. If you enable this option, only OpenVMS security semantics are used to control COM applications' access to resources. This is essentially the same behavior as in COM Version 1.0 for OpenVMS.

For a list of security differences between an unauthenticated implementation and an authenticated implementation of COM for OpenVMS, see Table 1-1.

The following sections describe tasks you must complete in order to run COM for OpenVMS in an unauthenticated environment.

E.1 Installing COM V1.2 for OpenVMS to Run in Unauthenticated Mode

If you are installing COM for OpenVMS for the first time, or if you are upgrading from an earlier version, perform the following steps:

• Follow the installation and upgrade procedures described in Chapter 4.
  (Note: You can skip the steps relating to the installation, configuration, and startup of Compaq Advanced Server for OpenVMS.)
• Follow the configuration procedures in Section E.2 to configure COM for OpenVMS in unauthenticated mode.

The ACME Server process is started automatically by RPC, but it is not required if you are in unauthenticated mode. To cause the ACME Server process to not start when the system reboots, edit the SYLOGICALS.COM file as follows:

$ DEFINE ACME$TO_BE_STARTED FALSE ! ACME Server

E.2 Configuring COM V1.2 for OpenVMS to Run in Unauthenticated Mode

The following section describes how to configure COM Version 1.2 for OpenVMS to run in an unauthenticated environment.

Define DCOM$UNAUTHENTICATED to be Y or YES systemwide. If this logical is undefined or defined as any other value, COM V1.2 for OpenVMS will run in the usual authenticated mode utilizing NTLM security.

To cause COM for OpenVMS to start automatically in unauthenticated mode when the system boots, edit the SYLOGICALS.COM file and add the following line:

$ DEFINE/SYSTEM DCOM$UNAUTHENTICATED YES

E.2.2 Populate the OpenVMS Registry

Use option 3 in the DCOM$SETUP utility to populate the OpenVMS Registry. (See Section 6.2 for more information.)

Create the OpenVMS DCOM$GUEST account using option 7 in the DCOM$SETUP utility. (See Section 6.2 for more information.)

E.2.4 Create the DCOM$RPCSS Account

Create the OpenVMS DCOM$RPCSS account using option 8 in the DCOM$SETUP utility. (See Section 6.2 for more information.)

E.3 Configuring Windows NT to Interoperate with Unauthenticated COM

For COM objects to interoperate correctly between unauthenticated COM V1.2 for OpenVMS systems and Windows NT, perform the steps described in the following sections. This will configure the COM objects to run without security enabled on the Windows NT system.

E.3.1 Setting the Windows NT Systemwide Authentication Level

On Windows NT systems, set the systemwide authentication level using this procedure:

1. Run DCOMCNFG on the Windows NT system.
2. Select the Default Properties tab.
3. Set the Default Authentication Level to None.

After a COM application has been registered, check the security properties for that application to ensure that an unauthenticated user can activate the image.

To do this, perform the following steps:

1. Run DCOMCNFG on the Windows NT system.
2. Select the application by name.
3. Click the Properties button.
4. Click the Security tab.

Set the access permissions (registry value AccessPermission) so that user Everyone is allowed access (Allow access).

Set the launch permissions (registry value LaunchPermission) so that user Everyone is allowed access (Allow access).

Set the configuration permissions so that user Everyone is allowed at least Read access to the Registry values.

E.3.3 Setting the Windows NT Application Security Identity

After you set security permissions, you must set the identity of the account to run the application. To do this, click the Identity tab, and select The interactive user.

E.4 Expected Failures from CLIENTAUTH Sample Program

While you are running COM Version 1.2 for OpenVMS in unauthenticated mode, the Cross-Domain Security example (CLIENTAUTH) does not work because it requires NTLM authentication to be enabled.

E.5 Converting from Unauthenticated Mode to Authenticated Mode

If you performed the steps in this appendix to run COM Version 1.2 for OpenVMS in unauthenticated mode and you want to return to authenticated mode, perform the following steps.

1. Log in to the SYSTEM account.
2. Stop the COM server. Use option 5 in the DCOM$SETUP utility. (See Section 6.2 for more information.)
3. Edit SYLOGICALS.COM with the following changes:
   • Undefine the DCOM$UNAUTHENTICATED logical by entering:

     $ DEFINE/SYSTEM DCOM$UNAUTHENTICATED NO

   • Comment the following line, as shown:

     $! DEFINE ACME$TO_BE_STARTED FALSE ! ACME Server

4. Enter the following command:

   $ DEFINE/SYSTEM DCOM$UNAUTHENTICATED NO

5. Install, configure, and start Compaq Advanced Server for OpenVMS, if it is not already present.
6. Repopulate the OpenVMS Registry.
   To do this, use option 3 in the DCOM$SETUP utility. (See Section 6.2 for more information.)
7. Add the DCOM$RPCSS account to include the Compaq Advanced Server for OpenVMS account and hostmap. Use option 8 in the DCOM$SETUP utility. (See Section 6.2 for more information.)
8. Reset your Windows NT system default values and application settings to the values that were set before you followed the procedure in Section E.3.
9. Start the COM server. Use option 4 in the DCOM$SETUP utility. (See Section 6.2 for more information.)
10. Update or add network accounts. (See Section 5.1 for more information.)

This appendix contains a list of implementation differences between COM for OpenVMS and Microsoft COM as well as a list of APIs and interfaces provided in this release of COM for OpenVMS.

F.1 Differences between COM for OpenVMS and Microsoft COM

The following sections list important implementation differences between COM for OpenVMS and Microsoft's COM.

F.1.1 Service Control Manager (SCM)

OpenVMS does not provide an equivalent to the Windows NT Service Control Manager. As a result, applications that depend on Server services (such as stop, start, pause, and resume) rely on the OpenVMS features that provide similar functionality (if the features are available).

For example, you would use the OpenVMS site-specific startup and shutdown command procedures to implement automatic starting of services at system startup and automatic shutdown of services at system shutdown. Service APIs such as RegisterServiceCtrlHandler , ChangeServiceConfig , and so on, are not provided on OpenVMS.

F.1.2 Server Application Stack Size

In COM for OpenVMS, server application functions run in the context of server threads. As a result, server functions have a limited stack space of 48 KB. If you require additional space for local variables or structures, you should allocate dynamic memory for local variables or structures.

F.1.3 Use of the "char" Datatype

OpenVMS and Windows NT translate the IDL base data type "char" differently.

OpenVMS translates the data type as MIDL_CHAR, which is defined to be CHAR, and further defined to be "char." The OpenVMS compiler by default takes this to be equivalent to "unsigned char;" in most cases they can be used interchangeably. The two are not the same---C++ treats them as different data types you specify them in class member definitions.

Windows NT translates the data type directly as "unsigned char." This causes conflicts with Visual C++, which treats the "char" datatype as equivalent to "signed char." As in OpenVMS, "char" is not the same as "signed char" in class member definitions.

There are two workarounds to this mismatch:

• Use the data type "CHAR" instead of "char" in the IDL file and all member definitions. This is the most portable solution; you can expect this to work on other systems (such as UNIX) as well.
• Conditionally compile the method definitions so that OpenVMS sees the object methods defined as "char" and Windows NT sees the methods defined as "unsigned char."

The MIDL compiler supplied with COM for OpenVMS is based on Microsoft's MIDL compiler V3.00.44.

F.1.4.1 The OpenVMS MIDL Compiler

The OpenVMS MIDL compiler is identical to the Microsoft Interface Definition Language (MIDL) compiler V3.00.44 except for the following:

1. The Microsoft MIDL implementation supports several optimization levels. The OpenVMS MIDL implementation supports only -Oicf . Do not use any other optimization level.
2. The /cpp_cmd and /cpp_opt switches are not fully functional in the OpenVMS MIDL implementation.
3. On a Windows NT system, Microsoft MIDL commands, switches, and qualifiers are case sensitive. The OpenVMS MIDL compiler is not case sensitive; all commands, switches, and qualifiers passed to the OpenVMS MIDL compiler are lowercase. As a result, the Microsoft MIDL switches /I and /i are equivalent on OpenVMS.
4. MIDL-generated files are platform specific.
   You must run MIDL on both platforms. The MIDL output files generated on one platform (OpenVMS or Windows NT) cannot be copied and used on the other platform.
5. MIDL -w switch
   The Microsoft MIDL compiler allows you to specify either -w or -warn to limit the level of warnings generated by the compiler. The OpenVMS MIDL compiler supports only the -w switch.

Use the Application Security Submenu options 5 and 6 to change the OpenVMS Registry key permissions of some keys associated with an application. Option 5 and 6 affect the security settings of the following keys:

HKEY_CLASSES_ROOT\APPID\{guid}
HKEY_CLASSES_ROOT\CLSID\{guid} and subkeys

On Windows NT systems, the security settings of the subkeys under HKEY_CLASSES_ROOT\CLSID\{guid} are changed only if the existing security settings match the original settings of HKEY_CLASSES_ROOT\APPID\{guid} .

On OpenVMS systems, the settings of the subkeys are changed even if the existing settings do not match the original settings of HKEY_CLASSES_ROOT\APPID\{guid} .

Options 5 and 6 do not change the settings of all keys associated with an application. For example, options 5 and 6 do not affect the following keys:

HKEY_CLASSES_ROOT\APPID\filename
HKEY_CLASSES_ROOT\TYPELIB\{typelib guid}
HKEY_CLASSES_ROOT\INTERFACES\{interface guid(s)} and subkeys.
HKEY_CLASSES_ROOT\name and subkeys
HKEY_CLASSES_ROOT\version independent name and subkeys

To change the security settings of these keys, use the following procedure:

1. From a Windows NT system, start RegEdt32.
2. From the Registry menu, choose Select Computer and connect to the OpenVMS system that contains the OpenVMS Registry.
3. Select the key associated with the application you want to change.
4. From the Security menu, choose Permissions... and grant the user Full Control.
5. Repeat the last two steps for each registry key associated with the application (see the list of keys described earlier in this section).

APIs that require security support are not supported in COM Version 1.0 for OpenVMS.

The APIs supported in this release are as follows:

BindMoniker BstrFromVector CLSIDFromProgID CLSIDFromString CoAddRefServerProcess CoCopyProxy CoCreateErrorInfo CoCreateFreeThreadedMarshaler CoCreateGuid CoCreateInstance CoCreateInstanceEx CoDisconnectObject CoDosDateTimeToFileTime CoFileTimeNow CoFileTimeToDosDateTime CoFreeAllLibraries CoFreeLibrary CoFreeUnusedLibraries CoGetCallContext CoGetClassObject CoGetCurrentProcess CoGetErrorInfo CoGetInstanceFromFile CoGetInstanceFromIStorage CoGetInterfaceAndReleaseStream CoGetMalloc CoGetMarshalSizeMax CoGetPSClsid CoGetStandardMarshal CoGetTreatAsClass CoImpersonateClient CoInitialize CoInitializeEx CoInitializeSecurity CoIsHandlerConnected CoLoadLibrary CoLockObjectExternal CoMarshalInterface CoQueryAuthenticationServices CoQueryClientBlanket CoQueryProxyBlanket CoRegisterChannelHook CoRegisterClassObject CoRegisterMallocSpy CoRegisterMessageFilter CoRegisterPSClsid CoReleaseMarshalData CoReleaseServerProcess CoResumeClassObjects CoRevertToSelf CoRevokeClassObject CoRevokeMallocSpy CoSetErrorInfo CoSetProxyBlanket CoSuspendClassObjects CoTaskMemAlloc CoTaskMemFree CoTaskMemRealloc CoTreatAsClass CoUninitialize CoUnmarshalInterface CreateAntiMoniker CreateBindCtx CreateClassMoniker CreateDataAdviseHolder CreateDispTypeInfo CreateErrorInfo CreateGenericComposite CreateILockBytesOnHGlobal CreateItemMoniker CreatePointerMoniker CreateStdDispatch CreateStreamOnHGlobal CreateTypeLib DispGetIDsOfNames DispGetParam DispInvoke DllCanUnloadNow DllGetClassObject DllGetClassObject DllMain DllRegisterServer DllUnregisterServer DosDateTimeToVariantTime FreePropVariantArray GetActiveObject GetAltMonthNames GetClassFile GetConvertStg GetErrorInfo GetHGlobalFromILockBytes GetHGlobalFromStream GetRunningObjectTable IIDFromString IsEqualCLSID IsEqualGUID IsEqualIID IsValidIid IsValidInterface IsValidPtrIn IsValidPtrOut LHashValOfName LHashValOfNameSys LoadRegTypeLib LoadTypeLibEx MkParseDisplayName MonikerCommonPrefixWith MonikerRelativePathTo ProgIDFromCLSID PropStgNameToFmtId PropVariantClear PropVariantCopy QueryPathOfRegTypeLib ReadClassStg ReadClassStm ReadFmtUserTypeStg RegisterActiveObject RegisterTypeLib ReleaseStgMedium RevokeActiveObject SafeArrayAccessData SafeArrayAllocData SafeArrayAllocDescriptor SafeArrayCopy SafeArrayCopyData SafeArrayCreate SafeArrayCreateVector SafeArrayDestroy SafeArrayDestroyData SafeArrayDestroyDescriptor SafeArrayGetDim SafeArrayGetElement SafeArrayGetElemsize SafeArrayGetLBound SafeArrayGetUBound SafeArrayLock SafeArrayPtrOfIndex SafeArrayPutElement SafeArrayRedim SafeArrayUnaccessData SafeArrayUnlock SetConvertStg SetErrorInfo StgCreateDocfile StgCreateDocfileOnILockBytes StgCreatePropSetStg StgCreatePropStg StgIsStorageFile StgIsStorageILockBytes StgOpenPropStg StgOpenStorage StgOpenStorageOnILockBytes StgSetTimes StringFromCLSID StringFromGUID2 StringFromIID SysAllocString SysAllocStringByteLen SysAllocStringLen SysFreeString SysReAllocString SysReAllocStringLen SysStringByteLen SysStringLen SystemTimeToVariantTime UnRegisterTypeLib VarDateFromUdate VarNumFromParseNum VarParseNumFromStr VarUdateFromDate VariantChangeType VariantChangeTypeEx VariantClear VariantCopy VariantCopyInd VariantInit VariantTimeToDosDateTime VariantTimeToSystemTime VectorFromBstr WriteClassStg WriteClassStm WriteFmtUserTypeStg

F.3 Interfaces

The interfaces supported in this release are as follows:

IAdviseSink IBindCtx IClassActivator IClassFactory IConnectionPoint IConnectionPointContainer ICreateErrorInfo ICreateTypeInfo ICreateTypeLib IDataAdviseHolder IDataObject IDispatch IEnumCallBack IEnumConnectionPoints IEnumConnections IEnumFORMATETC IEnumMoniker IEnumOLEVerb IEnumSTATDATA IEnumSTATPROPSETSTG IEnumSTATSTG IEnumString IEnumUnknown IEnumVariant IErrorInfo IExternalConnection ILockBytes IMalloc IMallocSpy IMarshal IMessageFilter IMoniker IMultiQI IParseDisplayName IPersist IPersistFile IPersistStorage IPersistStream IPropertySetStorage IPropertyStorage IRootStorage IRunnableObject IRunningObjectTable IStdMarshalInfo IStorage IStream ISupportErrorInfo ITypeComp ITypeInfo ITypeInfo2 ITypeLib ITypeLib2 IUnknown

	privacy and legal statement
6539PRO_020.HTML