每个线程在 Win32 中模拟吗?
Is impersonation in Win32 per thread?
调用 ImpersonateSecurityContext on the server impersonating the client on the calling thread or for the entire process. The documentation 在这件事上有点含糊,因为它指出 "The function creates an impersonation token and allows the thread or process to run with the impersonation context".
我假设模拟只是针对调用线程,其他任何事情都会很奇怪,但我想确定一下。
根据 MSDN:
Impersonation is the ability of a thread to execute using different security information than the process that owns the thread. Typically, a thread in a server application impersonates a client. This allows the server thread to act on behalf of that client to access objects on the server or validate access to the client's own objects.
The Microsoft Windows API provides the following functions to begin an impersonation:
...
- A security package or application server can call the ImpersonateSecurityContext function to impersonate a client.
所以模拟是在每个线程的基础上完成的。
模拟可用于生成一个新进程作为模拟用户(通过使用 DuplicateTokenEx() and CreateProcessAsUser()),但模拟永远不会调用 process 运行模拟用户,仅调用 thread.
在可以同时连接多个客户端的服务器上下文中,如果在进程范围的基础上应用客户端模拟,那将是非常危险的。
调用 ImpersonateSecurityContext on the server impersonating the client on the calling thread or for the entire process. The documentation 在这件事上有点含糊,因为它指出 "The function creates an impersonation token and allows the thread or process to run with the impersonation context".
我假设模拟只是针对调用线程,其他任何事情都会很奇怪,但我想确定一下。
根据 MSDN:
Impersonation is the ability of a thread to execute using different security information than the process that owns the thread. Typically, a thread in a server application impersonates a client. This allows the server thread to act on behalf of that client to access objects on the server or validate access to the client's own objects.
The Microsoft Windows API provides the following functions to begin an impersonation:
...
- A security package or application server can call theImpersonateSecurityContextfunction to impersonate a client.
所以模拟是在每个线程的基础上完成的。
模拟可用于生成一个新进程作为模拟用户(通过使用 DuplicateTokenEx() and CreateProcessAsUser()),但模拟永远不会调用 process 运行模拟用户,仅调用 thread.
在可以同时连接多个客户端的服务器上下文中,如果在进程范围的基础上应用客户端模拟,那将是非常危险的。