3.1.4 Message Processing Events and Sequencing Rules

  • Article

The server MUST accept multiple parallel invocations from different clients running under different security principals that the server impersonates. On each interface, the server MUST support multiple outstanding calls.

The errors returned by the server are not actionable unless explicitly specified in this section. The server MUST perform an access check against all operations and ensure secure access to the results. If the access check fails, the server MUST return WBEM_E_ACCESS_DENIED.

If the impersonation level is not RPC_C_IMPL_LEVEL_IMPERSONATE or RPC_C_IMPL_LEVEL_DELEGATE, the server MUST return WBEM_E_ACCESS_DENIED.

The methods MUST be secured by using access rights as specified in section 5.2.

The server MUST treat characters as Unicode characters and represent them in 16 bits. This is contrary to the requirement of [DMTF-DSP0004] where the string data type is interpreted as a UCS character.

The server MAY support ordered array types, as specified in the requirement of [DMTF-DSP0004].<18>

If the server detects that the IWbemClassObject that is sent by the client does not conform to [MS-WMIO] encoding, as specified in section 2.2.4, the server MUST return an HRESULT that has the S (severity) bit set as specified in [MS-ERREF]. The exact code is implementation-dependent.

If the server is expected to set the value of the output parameter, but the output parameter is set to NULL upon input, the server SHOULD return an error to indicate failure. In this case, the server cannot modify the output parameter.

For all methods, the server MUST enforce that the DCOM security level is at least at the RPC_C_AUTHN_LEVEL_CONNECT level, and SHOULD be RPC_C_AUTHN_LEVEL_PKT_INTEGRITY; the server MUST also evaluate the security principal rights to open a CIM namespace.<19> The server MUST fail the operation if the security requirements are not met.

For all IwbemServices methods, the server MUST verify that the client has been granted the access rights specified in the method description, by testing that those rights are included in GrantedAccess.

For all methods, if the server cannot find the NamespaceConnection associated with IWbemServices in the NamespaceConnectionTable (either because the table no longer contains a row for the namespace or because the NamespaceConnection was replaced during IWbemBackupRestore::Restore), the server MUST return WBEM_E_INVALID_NAMESPACE.

For all methods that create, query, update, or delete the CIM instances, the server MUST obtain InstanceProviderId for the given class from the ClassTable.

If InstanceProviderId is NULL, the server MUST forward the request to the CIM database. If InstanceProviderId is not NULL, and if the IWbemContext object is passed to the server, WMI MUST obtain the ProviderArchitecture from the IWbemContext object, and use the following algorithm to locate the correct provider.

  • If ProviderArchitecture is not present or if IWbemContext object is not passed, then the server MUST find the ProviderEntryPoint corresponding to InstanceProviderId in the ProviderTable.

  • If ProviderArchitecture is present:

    • If its value is neither 32 nor 64, the server MUST return WBEM_E_INVALID_PARAMETER.

    • If RequiredArchitecture is present and is set to TRUE, the server MUST find the ProviderEntryPoint in ProviderTable corresponding to ProviderArchitecture and InstanceProviderId.

    • If RequiredArchitecture is not present or set to FALSE, the server MUST find the ProviderEntryPoint in ProviderTable corresponding to ProviderArchitecture and InstanceProviderId. If there is no ProviderEntryPoint found, the server MUST find ProviderEntryPoint for the given InstanceProviderId ignoring the ProviderArchitecture.

If the server cannot find ProviderEntryPoint, it MUST return WBEM_E_PROVIDER_LOAD_FAILURE. If the ProviderEntryPoint is found, the server MUST use the abstract interface defined in 3.1.4.17 to communicate with the provider.

For all methods that create, query, update, or delete the CIM class where InstanceProviderId is not zero, the server MUST go through each of the WQL queries in ResultSetQueries and evaluate the WHERE clause. If the expression evaluates to TRUE for the given CIM class (that is, the provider supports the CIM class), then the server MUST proceed with the rest of the processing for the method as specified in the method-specific processing rules in 3.1.4. If FALSE, the server MUST return WBEM_E_PROVIDER_NOT_CAPABLE.

For all methods that query, update, or delete the CIM classes, the server MUST obtain InstanceProviderId for the given class from the ClassTable. If InstanceProviderId is not NULL, and if the IWbemContext object is passed to the server, the server MUST obtain the ProviderArchitecture from IWbemContext object. The same algorithm is used as for CIM instances.

For all methods that query, update, or delete the CIM instances, the server MAY allow the static properties to be modified, contrary to [DMTF-DSP0004] requirements.<20>

If the server cannot find ProviderEntryPoint, it MUST return WBEM_E_PROVIDER_LOAD_FAILURE. If the ProviderEntryPoint is found, the server MUST use the abstract interface defined in section 3.1.4.17to communicate with the provider.

For all methods where the request is sent to the provider, the provider MAY choose to perform additional authentication or authorization, or perform the operations within the context of security principal in which ProviderEntryPoint was called<21>

Specific rules related to creation, deletion, navigation, and persistence of the namespaces are covered as part of section 3.1.4.18.

The server SHOULD fail the operation and return WBEM_E_ACCESS_DENIED if the namespace has the RequiresEncryption flag set and if the DCOM security level is lower than RPC_C_AUTHN_LEVEL_PKT_PRIVACY.<22>

The server MAY return WBEM_E_QUOTA_VIOLATION if the number of active IWbemServices objects is more than an implementation-defined limit for a given namespace.<23>

The server MUST fail the operation and return CO_E_SERVER_STOPPING if the RestoreInProgress flag is set to True.

The server MUST fail the operation and return WBEM_E_SHUTTING_DOWN if the IsServerShuttingDown flag is set to True.

If either of the BackupInProgress or IsServerPaused flags are set to True, the server MUST buffer the request (unless the request exceeds MaxRequestLimit as described in section 3.1.4.3) until both the BackupInProgress and IsServerPaused flags are set to False before performing the operation.

For all methods that update the CIM class, if CIM class on the server had abstract qualifier set to true, while its parent class does not have abstract qualifier set to false, the server MUST return WBEM_E_CANNOT_BE_ABSTRACT.

For all methods that update CIM instance, if a CIM instance with amended qualifier set to true is being updated without WBEM_FLAG_USE_AMENDED_QUALIFIERS flag, the server MUST return WBEM_E_AMENDED_OBJECT.

When an IWbemContext object is passed to an IWbemServices method, the following optional parameters could be present:

  • If __MI_DESTINATIONOPTIONS_DATA_LOCALE is present:

    • The WMI server SHOULD<24> indicate to the WMI v2 provider to use this locale to format the culture-specific information such as date/time format; otherwise, it MUST indicate the first ClientPreferredLocale.

  • If __MI_DESTINATIONOPTIONS_UI_LOCALE is present:

    • The WMI Server SHOULD<25> indicate to the WMI v2 provider to use this locale to determine the display language for human-readable strings; otherwise, it MUST indicate the first ClientPreferredLocale.

  • If __CorrelationId is present:

    • The WMI Server SHOULD<26> store this value and use as part of internal logging.

    • The WMI server SHOULD pass this to the provider as part of IWbemContext, and the provider can use this value as part of its own logging.