CreateProcessAsUser 到 ImpersonateLoggedOnUser 和 DuplicateHandle 的逻辑工作流步骤都是 运行 作为用户的命令?
Logical workflow steps for CreateProcessAsUser to ImpersonateLoggedOnUser and DuplicateHandle all to run a command as the user?
来自
Windows C# Is there a way to create a new process with the Kerberos ticket of parent process?
我正在尝试将 Kerberos 凭据从一个进程复制到另一个进程以调用远程命令。 Steve 提供了很大的帮助,但我对如何创建子进程、使用正确的凭证句柄加载它和模拟,然后获取相同的子进程以执行自调用以来的实际命令感到有点困惑to DuplicateHandles 要求子进程先存在。
我的问题是,如何让子进程执行我最初打算让它作为 CreateProcessAsUser 模拟执行的命令?
到目前为止的代码:
var CurrentIdentity = ((WindowsIdentity)User.Identity).Token;
IntPtr parentHandle = IntPtr.Zero;
CloneParentProcessToken.QuerySecurityContextToken(ref CurrentIdentity, out parentHandle);
IntPtr parentProcessHandle = Process.GetCurrentProcess().Handle;
currentUser = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
//Create Child Process as User
IntPtr childProcessHandle = CreateProcessAsUser();
IntPtr lpTargetHandle = IntPtr.Zero;
//Duplicate parent security handle into child
if (CloneParentProcessToken.DuplicateHandle(parentProcessHandle, parentHandle, childProcessHandle, out lpTargetHandle,
ProcessUtility.TOKEN_IMPERSONATE, true, (uint)0x00000002))
{
int childHandleProcessID = CloneParentProcessToken.GetProcessId(lpTargetHandle);
IntPtr newChildProcess = ProcessUtility.OpenProcess(ProcessUtility.ProcessAccessFlags.All, true, childHandleProcessID);
IntPtr newProcessAccessTokenHandle = IntPtr.Zero;
if (ProcessUtility.OpenProcessToken(newChildProcess, ProcessUtility.TOKEN_IMPERSONATE, out newProcessAccessTokenHandle))
{
//Impersonate the user in the new child process
if (CloneParentProcessToken.ImpersonateLoggedOnUser(newProcessAccessTokenHandle))
{
//newChildProcess is pointer to child process with token and impersonation
Process child = Process.GetProcessById(childHandleProcessID);
//Have child process execute???
}
}
since the call to DuplicateHandles requires the child process to exist
first.
您可以将hTargetProcessHandle设置为当前进程,将bInheritHandle设置为true,这样重复句柄可以被目标进程创建的新进程继承。
然后通过IPC将新的token传递给子进程。
来自
Windows C# Is there a way to create a new process with the Kerberos ticket of parent process?
我正在尝试将 Kerberos 凭据从一个进程复制到另一个进程以调用远程命令。 Steve 提供了很大的帮助,但我对如何创建子进程、使用正确的凭证句柄加载它和模拟,然后获取相同的子进程以执行自调用以来的实际命令感到有点困惑to DuplicateHandles 要求子进程先存在。
我的问题是,如何让子进程执行我最初打算让它作为 CreateProcessAsUser 模拟执行的命令?
到目前为止的代码:
var CurrentIdentity = ((WindowsIdentity)User.Identity).Token;
IntPtr parentHandle = IntPtr.Zero;
CloneParentProcessToken.QuerySecurityContextToken(ref CurrentIdentity, out parentHandle);
IntPtr parentProcessHandle = Process.GetCurrentProcess().Handle;
currentUser = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
//Create Child Process as User
IntPtr childProcessHandle = CreateProcessAsUser();
IntPtr lpTargetHandle = IntPtr.Zero;
//Duplicate parent security handle into child
if (CloneParentProcessToken.DuplicateHandle(parentProcessHandle, parentHandle, childProcessHandle, out lpTargetHandle,
ProcessUtility.TOKEN_IMPERSONATE, true, (uint)0x00000002))
{
int childHandleProcessID = CloneParentProcessToken.GetProcessId(lpTargetHandle);
IntPtr newChildProcess = ProcessUtility.OpenProcess(ProcessUtility.ProcessAccessFlags.All, true, childHandleProcessID);
IntPtr newProcessAccessTokenHandle = IntPtr.Zero;
if (ProcessUtility.OpenProcessToken(newChildProcess, ProcessUtility.TOKEN_IMPERSONATE, out newProcessAccessTokenHandle))
{
//Impersonate the user in the new child process
if (CloneParentProcessToken.ImpersonateLoggedOnUser(newProcessAccessTokenHandle))
{
//newChildProcess is pointer to child process with token and impersonation
Process child = Process.GetProcessById(childHandleProcessID);
//Have child process execute???
}
}
since the call to DuplicateHandles requires the child process to exist first.
您可以将hTargetProcessHandle设置为当前进程,将bInheritHandle设置为true,这样重复句柄可以被目标进程创建的新进程继承。
然后通过IPC将新的token传递给子进程。