Discussion:
Can't get Internetgetcookie to work on Vista
(too old to reply)
Svercek
2008-10-29 05:02:01 UTC
Permalink
I am trying to read cookies on the client side from a domain using
InternetGetCookies, works great except on Vista. I understand the the cookie
is stored in the low area (in fact I see it stored there) and the application
I am running is at a higher security level and therefore seems unable to read
the cookie.

The only solution I have seen is for the higher app to start a lower app,
the lower app reads the cookie and writes the data to a text file stored
where the higher app can read it. Seems kinda convoluted (not to mention a
lot of work) to me.

There has to be a better way. Any advise is appreciated.
--
John C. Svercek
Dan Mitchell
2008-10-31 23:41:59 UTC
Permalink
Post by Svercek
The only solution I have seen is for the higher app to start a lower
app, the lower app reads the cookie and writes the data to a text file
stored where the higher app can read it. Seems kinda convoluted (not
to mention a lot of work) to me.
Nope, that's what you have to do. I did this a while ago, and while
it's a big pain, it does work. A (possibly) easier way to communicate
between the new low-integrity process and the parent one is via named
pipes, but you'll have to make the named pipe accessible from the bottom
process. (because the slave process really has _very little access_ so
your parent process will have to create low-integrity-accessible file
somehow, so it may as well be a named pipe to avoid filesystem issues)

http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/ietechcol/dnwebgen/protectedmode.asp

has code to do the launching; named pipe fiddling is below, and you'll
need a vista-aware platform SDK for some of this stuff.

PSECURITY_DESCRIPTOR pSD;
ConvertStringSecurityDescriptorToSecurityDescriptorA(
LOW_INTEGRITY_SDDL_SACL,
SDDL_REVISION_1,
&pSD,
NULL);

SECURITY_ATTRIBUTES sa; // Security attributes.
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = pSD;
sa.bInheritHandle = TRUE;

// Create a named pipe for it to write return stuff to.

CAtlString csPipePath = _T("\\\\.\\pipe\\") + csPipeName;

hp = CreateNamedPipe(csPipePath,
PIPE_ACCESS_DUPLEX,
PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT,
1, // number of pipes that can exist
1024, // output buffer
1024, // input buffer
2500, // timeout, though this doesn't do what we want
&sa); // security attributes


In the slave process, you can just do:

FILE * fp = fopen("\\\\.\\pipe\\CookiePipe", "w");

if (fp != 0)
{
fprintf(fp, csCookieWithDate);
fputc(0, fp);
fputc(0, fp);
fclose(fp);
}

and then call ReadFile on hp in your parent.


-- dan

Loading...