php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #63527 DCOM does not work with Username, Password parameter
Submitted: 2012-11-15 13:06 UTC Modified: 2020-07-10 13:51 UTC
Votes:5
Avg. Score:4.8 ± 0.4
Reproduced:5 of 5 (100.0%)
Same Version:1 (20.0%)
Same OS:4 (80.0%)
From: friedrich dot grosse at gmail dot com Assigned: cmb (profile)
Status: Closed Package: COM related
PHP Version: 5.4.8 OS: Windows Server 2008 R2
Private report: No CVE-ID: None
 [2012-11-15 13:06 UTC] friedrich dot grosse at gmail dot com
Description:
------------
I try to instantiate a DCOM object on a remote machine (Windows Server 2008 R2) 
in another 
domain using the Username and Password parameters of the COM class constructor 
[1]
I did also figure out that there is a Domain parameter which is not mentioned in 
the manual at 
[1].

However I can not authenticate at the remote machine.
The event log there indicates that only the first character of the Logon 
Accounts Username has 
been transmitted to the DCOM Server.
The Domain parameter has been received completely.

I am not familiar with PHP internals but I did a quick look in the source code 
and would guess 
that the issue can be traced back to [2].

The user_name and user_name_len are already parsed some lines above.
Why is php_com_string_to_olestring called with a -1 as second parameter which 
leads to 
determining the length of the username again?

Maybe giving user_name_len instead of -1 could fix this issue?


[1] http://de1.php.net/manual/de/class.com.php
[2] https://github.com/php/php-src/blob/master/ext/com_dotnet/com_com.c#L131

Test script:
---------------
try {
  $DCOMserverInfo = array(
      'Server' => "Server.com",
      'Username' => "Admin",
      'Domain' => "Testdomain.com",
      'Password' => "password"
  );
  /** You may change the COM module name to word.application or whatever COM enabled app is installed on the target machine. **/
  $comObj = new COM("word.application", $DCOMserverInfo);
  echo "Everything works fine";
}
catch (Exception $exception) {
  echo exception->getMessage();
}

Expected result:
----------------
Everything works fine

Actual result:
--------------
Failed to create COM object `word.application': Access is denied.

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-11-15 13:17 UTC] friedrich dot grosse at gmail dot com
Here are some information copied from the security event log of the target 
machine. Note that the username is just 'A' and not the wanted 'Admin':

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		A
	Account Domain:		Testdomain.com
 [2015-06-05 18:52 UTC] bradley at scrapcode dot com
I can verify Friedrich's suggested fix is correct.
(Changing -1 to user_name_len on line 131)
 [2020-07-10 13:49 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: Fix #63527: DCOM does not work with Username, Password parameter
On GitHub:  https://github.com/php/php-src/pull/5835
Patch:      https://github.com/php/php-src/pull/5835.patch
 [2020-07-10 13:51 UTC] cmb@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: cmb
 [2020-07-20 12:46 UTC] cmb@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=b2e3fd1e691b1dc82aaaf4150461db97bd5acf4a
Log: Fix #63527: DCOM does not work with Username, Password parameter
 [2020-07-20 12:46 UTC] cmb@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 15:01:30 2024 UTC