Disguising the Server

Often, a client sends commands or requests through a pipe for the server to perform some action on its behalf. The client might, for example, ask the server to retrieve information from a file. Because the client and the server are different processes, they may also have different security clearances. A server might want to refuse to perform commands for which the client lacks adequate clearance. The server may temporarily assume the client’s security attributes before complying with a request and then restore its own attributes after responding, using these commands:

BOOL ImpersonateNamedPipeClient( HANDLE hNamedPipe );
BOOL RevertToSelf( void );

The impersonation command fails on anonymous pipes, and it will not allow the server to impersonate the client on remote machines. The command temporarily modifies the security context of the thread that calls it.

NOTE

A similar function, DdeImpersonateClient, allows servers conversing with DDE (Dynamic Data Exchange) clients to modify their own security context, too. DDE is discussed in Chapter 35.

The RevertToSelf command ends the masquerade and restores the original security context.

© 1998 SYBEX Inc. All rights reserved.