book

Learning DCOM

Name: Learning DCOM
Author: Thuan L. Thai
ISBN: 9781565925816

by Thuan L. Thai

April 1999

Intermediate to advanced

502 pages

15h 5m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Learning DCOM
Dedication
A Note Regarding Supplemental Files
Preface
Scope of This Book
Some Assumptions About the Reader
Accompanying Source Code
FTPFTPMAIL
Conventions
Related Sources of Information
Specifications and ReferencesThe ClassicsKnowledge Base ArticlesTechnical ArticlesOther Related Documentation
Acknowledgments

1. Distributed Computing
Dumb Terminals
Client/Server Computing
Distributed Computing Using RPC
Distributed Objects
Distributed Components
2. Distributed COM Overview
COM
The Object-Oriented ModelEncapsulationInheritancePolymorphismThe Client/Server Model
Distributed COM
COM Facilities and Services
Location TransparencyDynamic and Remote Object ActivationSecurityInterfacesLifetime Support and Dynamic DiscoveryBinary InteroperabilityConnection ManagementConcurrency ManagementReuseInterface RepositoryImplementation RepositoryStatic InvocationDynamic InvocationEvents
Applying COM
3. Objects
Interfaces
IUnknownMicrosoft Interface Definition LanguageMIDL basicsDefining a custom interface using MIDLExamining the attributes of IUnknownArrays and strings as interface method parametersCustom types as interface method parametersAdding more custom interfacesDefining a type libraryPublished interfaces must never changeReturn ValuesHRESULTCustom HRESULTsData TypesBase data typesAutomation compatible typesInterface Marshalers: Proxy and StubThe Binary LayoutDispatch and Dual InterfacesAn Interface Recap
Objects
Implementing InterfacesIUnknown RulesIdentity rulesExistence rulesImplementing COM ObjectsCOM object definition using the nested classes techniqueCOM object definition using the multiple inheritance techniqueImplementing IUnknown methodsImplementing other interface methods
Class Factories
Standard FactoriesCustom Factories
4. Components
Servers
Server TypesOut-of-process serversIn-process serversInitialization and TerminationOut-of-process serversIn-process serversDynamic Activation SupportOut-of-process serversIn-process serversComponent LifetimeOut-of-process serversIn-process serversImplementation RegistrationOut-of-process serversIn-process serversRegistering interface marshalers
Clients
Initialization and TerminationCreating an ObjectCoCreateInstanceCoCreateInstanceExCoGetClassObjectClass monikersInitializing an ObjectUsing an ObjectDeleting an ObjectIn- and Out-of-Process Issues
Object Orientation
EncapsulationPolymorphismReuseContainmentAggregationUsing objects that support aggregationDeveloping objects that support aggregation
5. Infrastructure
Memory
Simple Data Types and Top-Level PointersSecondary and Embedded PointersCOM API functions for distributed memory managementManaging embedded pointersCharacter PointersAutomation Data TypesMemory management for a BSTRMemory management for a SAFEARRAY
Transparency
Structure of a Marshaled Interface ReferenceActivationStandard MarshalingMore on activationRemote invocationCustom MarshalingThe object’s responsibilityThe custom proxy’s responsibilityHandler MarshalingAutomation MarshalingRemote Connection Management
Concurrency
Single-Threaded ApartmentBasic requirementsSynchronizationOther issuesSharing Interface Pointers Among ApartmentsMultithreaded ApartmentBasic requirementsSynchronizationOther issuesOut-of-Process Server ConsiderationsIn-Process Server ConsiderationsThreadingModel=“” (default)ThreadingModel=“Apartment”ThreadingModel=“Free”ThreadingModel=“Both”Free-Threaded MarshalerPerformance
Security
Configurable SecurityMachine-wide securityApplication-wide securityApplication identityProgrammable SecurityGeneral application-wide security on both the client and server sideAccess security on the server sideActivation security on the client sideCall-level security on the client sideUsing the security context on the server side
6. Building Components with ATL
Creating a Component
Adding an Object
The Generated Code
Generated InterfaceGenerated Implementation
Common Responsibilities
Implementing Interface MethodsAdding a Custom InterfaceAdding Another Dual Interface
Finishing Up
7. Using COM Objects
Simple Client
Initializing and Uninitializing COMCreating the User Interface
The COleDispatchDriver Technique
Creating an Interface Wrapper ClassThe COleDispatchDriver ClassUsing COM Interfaces with Generated Wrappers
The #import Technique
The #import StatementUsing COM Interfaces with Smart PointersNative C++ Compiler FeaturesMore on smart pointersException handling
The Manual Technique
Remote Activation API FunctionsUsing COM Interfaces Manually
The Reusable echnique
The RemotePtr ClassUsing the RemotePtr Class
Review
8. COM in Cyberspace
ATL ActiveX Controls
Creating the ProjectAdding an ActiveX ControlMerging the Proxy/Stub CodeAdding PropertiesAdding MethodsStep 1: Merging the proxy/stub code for external (remote) interfacesStep 2: Reusing the RemotePtr classStep 3: Coding the OcrImage method
Web-Enabled Clients
Control ButtonsServer Name and Image LocationWang Image Edit ActiveX ControlOCR ResultsATLCyberOcr ActiveX ControlComplete HTML and VBScript Source CodeProblems with COM over the InternetProblems with securityProblems with firewalls or proxy servers
MFC Composites
Creating an MFC ActiveX Control ProjectUnderstanding the generated codeCreating the user interfaceUsing an ActiveX control within an ActiveX controlImplementing the ActiveX Control: CMFCCyberServerCtrlCMFCCyberServerCtrl::OnCreateCMFCCyberServerCtrl::OnDrawImplementing CImagingWindowCImagingWindow::OnCreateCImagingWindow::OnSizeHandling command messages
ATL Composites
Creating the ProjectAdding a Composite ControlCreating the User InterfacePutting common controls onto the compositePutting ActiveX controls onto the compositeTesting the user interfaceImplementationImporting the embedded ActiveX controlAdding command handlers in ATLTesting the final product
ActiveX Control Properties
Playing with Property PagesStep 1: Creating the applicationStep 2: Adding the two viewsStep 3: Adding a splitter windowStep 4: Putting the two ActiveX controls on their appropriate viewsStep 5: Showing the property pagesAdding a Property to CMFCCyberServerCtrl
9. Applying Security
Server-Side COM Security
Creating the Project and a COM ObjectImplementing the SecureOcrImage MethodValidating the Invocation
Access Token
Constructor and DestructorGetting the Access TokenGetting User InformationGetting Group Information
Audit Trail
Creating Message FilesCreating a message file for your componentCompiling a message fileUpdating the Registry with Event Source InformationLogging Messages
Administrative Alert
Administrative Alert SetupGenerating an Administrative Alert
Client-Side Security
Setting the Authentication IdentitySetting the Process-Wide SecurityMerging Proxy/Stub Code into a Client EXE ComponentUsing Activation SecurityUsing Call SecurityHandling ErrorsTesting and Understanding COM SecurityTest Scenario I—Observing call-level security and logged eventsTest Scenario II—Observing administrative alertsTest Scenario III—Observing activation security
10. Connecting Objects
Object Reference
Referrers
Creating the ChatBroker ComponentAdding a Broker COM ObjectThe IRegisterChatServer interfaceThe IDiscussions interfaceCaching a List of DiscussionsCChatDiscussionList::AddDiscussionCChatDiscussionList::RemoveDiscussionCChatDiscussionList::GetDiscussionListCChatDiscussionList::GetChatServerCChatDiscussionList::GetSizeChatBroker’s special condition for component lifetime managementImplementing the Interface MethodsMerging Proxy/Stub Code into a Server EXE Component
Connection Points
Event Sources
Creating an Event Source ObjectAdding a Connection PointStep 1: Define a callback interface using MIDLStep 2: Implement a connection point objectStep 3: Add a connection point to the event source objectReceiving and Disseminating a Chat MessageThe Responsibility of the ChatServer ApplicationHandling of command-line optionsRegistering interface marshalersOpening and closing the discussionRunning the ChatServer
Event Sinks
Creating the ChatClient ProjectCreating the user interface and adding command handlersMerging proxy/stub code into a project without an IDL FileConnecting to and Disconnecting from a ChatBrokerJoining and Leaving a Chat DiscussionSending a Chat MessageReceiving Chat Messages
Performance Impact of Connection Points
Security Impact of the OBJREF
A. Debugging Techniques
Using the FormatMessage Function
Using the _com_error Class
Breaking into the Server
B. Performance
Performance Results for ThreadingModel=“”
Performance Results for ThreadingModel=“Apartment”
Performance Results for ThreadingModel=“Free”
Performance Results for ThreadingModel=“Both”
C. New COM Features and COM+
Endpoint Configuration
Nonblocking Calls
COM+
Runtime that Simplifies Component Development and UsageHide nonbusiness logic complexitiesSimplify component development and usageServices that Support Large-Scale Enterprise Needs
D. Hello, Universe!
Client/Server Protocol = COM Interface
Client Component
Server Component
The main( ) routineThe Class FactoryThe COM Object
Comforting Words
Index
Colophon
Copyright

Content preview from Learning DCOM

Access Token

In Windows NT, an access token is an important security element that identifies not only a specific user, but much more information. A few important elements of an access token include a user’s access privileges, security identifier (SID), and group SIDs, which represent the groups in which the user belongs. If you have a specific user’s access token and the appropriate access rights, you can know pretty much everything about the user.

In the previous section, the ValidateCall function instantiated a CImpersonatedUser C++ class and invoked the ObtainAccessToken method to obtain the remote user’s access token. Because the CImpersonatedUser class encapsulates an access token, we will be able to inquire for the following client security information. Due to the way NTLM works, we can obtain all this information on the server side without knowing the client’s password.

Security identifier (SID)—Unique identifier that identifies a specific user. Each user account is automatically assigned a SID on Windows NT when the account is created. Even if you delete and create a brand new account with the same name as the previous account, you will not get the same SID; instead, NT assigns a new and unique SID each time.
User name.
Domain name.
SIDs of the groups in which the user belongs.
Names of the groups in which the user belongs.

As shown in the following code, the CImpersonatedUser class is straightforward, so let’s briefly introduce the bolded member functions of this class, as we’ll ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781449307011Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Learning DCOM

by Thuan L. Thai

Access Token

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.