From: Le Chaud Lapin on
Hi All,

[This is repost from an IIS newsgroup since no response was received
there. Again, while I do research in distributed systems, access
control models, etc., I have never taken the time to study that of
Window's, which occasionally I regret. As such, even a terse answer
will be appreciated.]

In my distributed system, I normally have an application, Client.exe,
that must talk to Server.exe, via named
shared memory.

In my system, there is a one-to-one correlation between a "user" on a
Windows machine and a Client.exe/Server.exe pair. For example, for 7
logged-in users, there would be 7 client.exe/server.exe pairs. My
shared memory, and all other named kernel objects, are created with
the omission of "\\global", so as to take advantage of automatic
disambiguation provided by the kernel naming model.

It turns out that, in some cases, Client.exe is actually Client.dll
running as an ISAPI DLL.

My goal is to find the technically correct/clean method for having
Client.dll talk to Server.exe while taking into account the potential
plurality of logins and web servers running on the same machine. Think
large hosting company with web farm with 10 customers per physical
machine.

Obviously, running Server.exe under a normal login while letting ISAPI
load Client.DLL will cause Client.dll to reference objects in the
kernel space different from those referenced by Server.exe if
Server.exe is not launched in context of Client.exe's account [this is
where I get lost].

My guess is that adding some code into Client.dll to launch Server.exe
via CreateProcess from Clien.dll will, at least, allow Client.DLL to
share same namespace as Server.exe.

Questions:

1. Will the CreateProcess method work?
2. If so, is there a command line launch opportunity from within the
context of Client.DLL that can be exploited under IIS? I would rather
not put code in Client.DLL just
to launch the companion Server.exe.
3. What login/account/security/etc. model do hosting providers use to
allow, say, 10 customers to share one IIS instance?
4. What happens when each of 10 web sites uses an ISAPI DLL to invoke
CreateMutex("SomeName")? What elements will I have to allow
disambiguation? I've seen things like SID/Group/etc.

TIA,

-Le Chaud Lapin-
From: Leo Davidson on
On Apr 28, 6:19 am, Le Chaud Lapin <jaibudu...(a)gmail.com> wrote:

> In my system, there is a one-to-one correlation between a "user" on a
> Windows machine and a Client.exe/Server.exe pair. For example, for 7
> logged-in users, there would be 7 client.exe/server.exe pairs.

Have you considered making the Server.exe a "SingleUse" COM server?

You can write one of those and let COM take care of starting &
stopping each Server.exe instance for you. For each user, a Client.
(exe|dll) would create a single instance of the server's interface/
class and then hold on to and use that interface reference whenever it
needs to talk to the server. By default, COM will start the server in
the same context as the client code. (But you can change it to run
under different accounts if needed.)

From a quick search, (some versions of?) VB seem to have explicit
support for writing SingleUse COM servers (set "Instancing" to
"SingleUse" in the project somewhere). Can't say I've ever used it
though. If you're using something like C++, have a look at the
REGCLS_SINGLEUSE argument you can pass to CoRegisterClassObject.

I don't know how the ISS stuff works so can't help there.
From: Le Chaud Lapin on
On Apr 28, 3:47 am, Leo Davidson <leonudeldavid...(a)googlemail.com>
wrote:
> On Apr 28, 6:19 am, Le Chaud Lapin <jaibudu...(a)gmail.com> wrote:
>
> > In my system, there is a one-to-one correlation between a "user" on a
> > Windows machine and a Client.exe/Server.exe pair. For example, for 7
> > logged-in users, there would be 7 client.exe/server.exe pairs.
>
> Have you considered making the Server.exe a "SingleUse" COM server?
>
> You can write one of those and let COM take care of starting &
> stopping each Server.exe instance for you. For each user, a Client.
> (exe|dll) would create a single instance of the server's interface/
> class and then hold on to and use that interface reference whenever it
> needs to talk to the server. By default, COM will start the server in
> the same context as the client code. (But you can change it to run
> under different accounts if needed.)

This last part.."By default, COM will start the server in the same
context" is most intriguing.

The problem is that I do not have a clear understanding of the
primitives for contextual separation in Windows:

1. user
2. login
3. SID
4. session
5. Window station
6. etc.

I have strong suspicion that, whatever COM does to start a server in
same context as client code, I could do the same thing myself, using
something like CreateProcessAsUser. The problem is that I don't know
what to write because I do not understand the model. Where can I find
a concise summary of what these things are? MSDN?

Thanks for your response,

-Le Chaud Lapin-
From: Leo Davidson on
On May 1, 4:11 pm, Le Chaud Lapin <jaibudu...(a)gmail.com> wrote:


> I have strong suspicion that, whatever COM does to start a server in
> same context as client code, I could do the same thing myself, using
> something like CreateProcessAsUser.

You don't need to do anything special to start a process in the same
context as the code that is starting it. Just use CreateProcess.
Things inherit the existing context by default and you only have to do
complex things if you want to start a process as a different user.

What I can't say is whether or not your client code is running in the
context you want your server code to run in. I don't know enough about
ISS or what you're doing to answer that, sorry.