4

I'm trying to write a C++ wrapper for an out-of-process COM server (on another machine). I'm hoping to hide all the COM-related nastiness from users of the class.

The security requirements force me to call CoSetSecurityBlanket on the server proxy. That is:

CoCreateInstance(CLSID_OutOfProcServer, &proxy);
CoSetProxyBlanket(proxy);

(I've left out lots of parameters). In addition, I must specify credentials in this call since the server requires a local account.

Now here's the problem. This server has lots of methods that return interfaces, and each of these interfaces is a brand new proxy on my side. Thus, I have to call CoSetProxyBlanket() each time I get one. Here's what I want to accomplish:

  1. Have my wrapper hide the CoSetProxyBlanket calls (easy enough)
  2. Avoid storing the credentials in memory (devilishly difficult!)

So far, I've tried copying the blanket from one object to another using CoQueryProxyBlanket and CoSetProxyBlanket. This doesn't work because I can't recover the credentials (unless I store them in memory—which I'd like to avoid).

What's really frustrating is that I have an authenticated connection to the server. It seems like I should be able to copy its security context into the new proxy. (Or at least tell COM to do this for me when it creates the new proxy.) Is there any way to do this or am I stuck storing the credentials?

Peter Ruderman
  • 12,241
  • 1
  • 36
  • 58

1 Answers1

0

Try this:

  1. Obtain impersonation token by calling LogonUser() and store this token instead of credentials
  2. ImpersonateLoggedOnUser() with the token
  3. Set proxy blanket with authinfo set to NULL
  4. RevertToSelf()

I haven't tried this, just suggesting an idea...

ab34256
  • 1
  • 1
    Thanks for the suggestion, but it doesn't help unfortunately. Remember that this is a local account on a remote machine, so I can't use LogonUser to obtain an impersonation token. – Peter Ruderman May 15 '13 at 20:25