C# CreateProcessAsUser以ImpersonalLoggeDonUser和DuplicateHandle all作为用户运行命令的逻辑工作流步骤?
来自 我正在尝试将Kerberos凭据从一个进程复制到另一个进程以调用远程命令。Steve帮了我很大的忙,但我对如何创建一个子进程、使用正确的凭证句柄加载它以及模拟,然后获取同一个子进程以执行实际命令有点困惑,因为对DuplicateHandles的调用要求首先存在子进程 我的问题是,如何让子进程执行我最初打算让它作为CreateProcessAsUser与模拟一起执行的命令 迄今为止的代码:C# CreateProcessAsUser以ImpersonalLoggeDonUser和DuplicateHandle all作为用户运行命令的逻辑工作流步骤?,c#,winapi,kerberos,sspi,C#,Winapi,Kerberos,Sspi,来自 我正在尝试将Kerberos凭据从一个进程复制到另一个进程以调用远程命令。Steve帮了我很大的忙,但我对如何创建一个子进程、使用正确的凭证句柄加载它以及模拟,然后获取同一个子进程以执行实际命令有点困惑,因为对DuplicateHandles的调用要求首先存在子进程 我的问题是,如何让子进程执行我最初打算让它作为CreateProcessAsUser与模拟一起执行的命令 迄今为止的代码: var CurrentIdentity = ((WindowsIdentity)User.Iden
var CurrentIdentity = ((WindowsIdentity)User.Identity).Token;
IntPtr parentHandle = IntPtr.Zero;
CloneParentProcessToken.QuerySecurityContextToken(ref CurrentIdentity, out parentHandle);
IntPtr parentProcessHandle = Process.GetCurrentProcess().Handle;
currentUser = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
//Create Child Process as User
IntPtr childProcessHandle = CreateProcessAsUser();
IntPtr lpTargetHandle = IntPtr.Zero;
//Duplicate parent security handle into child
if (CloneParentProcessToken.DuplicateHandle(parentProcessHandle, parentHandle, childProcessHandle, out lpTargetHandle,
ProcessUtility.TOKEN_IMPERSONATE, true, (uint)0x00000002))
{
int childHandleProcessID = CloneParentProcessToken.GetProcessId(lpTargetHandle);
IntPtr newChildProcess = ProcessUtility.OpenProcess(ProcessUtility.ProcessAccessFlags.All, true, childHandleProcessID);
IntPtr newProcessAccessTokenHandle = IntPtr.Zero;
if (ProcessUtility.OpenProcessToken(newChildProcess, ProcessUtility.TOKEN_IMPERSONATE, out newProcessAccessTokenHandle))
{
//Impersonate the user in the new child process
if (CloneParentProcessToken.ImpersonateLoggedOnUser(newProcessAccessTokenHandle))
{
//newChildProcess is pointer to child process with token and impersonation
Process child = Process.GetProcessById(childHandleProcessID);
//Have child process execute???
}
}
因为对DuplicateHandles的调用要求子进程存在
首先
您可以将hTargetProcessHandle
设置为当前进程,将bInheritHandle
设置为true,以便目标进程创建的新进程可以继承重复的句柄。
然后通过IPC将新令牌传递给子进程。谢谢@Drake Wu-MSFT。您知道如何从WindowsIdentity获取QuerySecurityTokenCkntext所需的phContext吗?