CreateProcessAsUser 在我的实验中无法正常工作

发布于 2024-07-09 14:49:51 字数 2330 浏览 11 评论 0原文

我正在尝试执行以下操作： 1. 我以管理员帐户登录运行 VS.NET 2005 的 XP SP2 计算机 2.这台机器还有另一个账户user1，是guest账户 3.我正在以管理员身份运行一个程序，我想从这个程序启动一个notepad.exe进程，该进程将在user1安全上下文下运行 4.我特别想使用CreateProcessasUser来执行此操作..

这是代码片段，它将解释我一直在尝试的内容..

const string GRANTED_ALL = "10000000";

const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_LOGON_BATCH = 4;
const int LOGON32_LOGON_SERVICE = 5;
const int LOGON32_LOGON_UNLOCK = 7;
const int LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
const int LOGON32_LOGON_NEW_CREDENTIALS = 9;

const int LOGON32_PROVIDER_DEFAULT = 0;
static IntPtr hToken = IntPtr.Zero;
static IntPtr hTokenDuplicate = IntPtr.Zero;

static void Main(string[] args)
{
    int last_error = 0;
    if(LogonUser("user1",null,"#welcome123",
        LOGON32_LOGON_INTERACTIVE, 
        LOGON32_PROVIDER_DEFAULT, out hToken))
    {
        last_error = Marshal.GetLastWin32Error();
        PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
        STARTUPINFO si = new STARTUPINFO();
        SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES();
        last_error = 0;
        last_error = Marshal.GetLastWin32Error();
        if(DuplicateTokenEx(hToken,UInt32.Parse(GRANTED_ALL,System.Globalization.NumberStyles.HexNumber),
            ref sa,SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation,
            TOKEN_TYPE.TokenPrimary,out hTokenDuplicate))
        {
            last_error = 0;
            last_error = Marshal.GetLastWin32Error();

            CreateProcessAsUser(hTokenDuplicate, "d:\\san\\notepad.exe", null,
            ref sa, ref sa, false, 0, IntPtr.Zero, "d:\\san", ref si, out pi);

            last_error = 0;
            last_error = Marshal.GetLastWin32Error();

        }
    }

    last_error = 0;
    last_error = Marshal.GetLastWin32Error();


    if (hToken != IntPtr.Zero) CloseHandle(hToken);
    if (hTokenDuplicate != IntPtr.Zero) CloseHandle(hTokenDuplicate);

}

由于某种原因，这不起作用.. DuplicateTokenEx 函数返回错误代码 1305，我似乎无法弄清楚为什么......

我还使用了 DuplicateToken，而不是 DuplicateTokenEx，现在 CreateProcessAsUser 返回错误代码 1308。

有人可以阐明这个问题吗？这似乎是一件显然非常简单的事情，但就是无法正确解决。 [请注意，我特别想要LogonUser，然后DuplicateToken，然后CreateProcessAsUSer]

原文

I am trying to do the following:
1. I am logged in as Administrator account in my XP with SP2 machine running VS.NET 2005
2. This machine also has another account user1 which is a guest account
3. I am running a program as Administrator, from this program i want to launch a notepad.exe process which will be running under the user1 security context
4. I specifically want to use CreateProcessasUser to do this..

This is the code snipper which will explain what i have been trying..

const string GRANTED_ALL = "10000000";

const int LOGON32_LOGON_INTERACTIVE = 2;
const int LOGON32_LOGON_NETWORK = 3;
const int LOGON32_LOGON_BATCH = 4;
const int LOGON32_LOGON_SERVICE = 5;
const int LOGON32_LOGON_UNLOCK = 7;
const int LOGON32_LOGON_NETWORK_CLEARTEXT = 8;
const int LOGON32_LOGON_NEW_CREDENTIALS = 9;

const int LOGON32_PROVIDER_DEFAULT = 0;
static IntPtr hToken = IntPtr.Zero;
static IntPtr hTokenDuplicate = IntPtr.Zero;

static void Main(string[] args)
{
    int last_error = 0;
    if(LogonUser("user1",null,"#welcome123",
        LOGON32_LOGON_INTERACTIVE, 
        LOGON32_PROVIDER_DEFAULT, out hToken))
    {
        last_error = Marshal.GetLastWin32Error();
        PROCESS_INFORMATION pi = new PROCESS_INFORMATION();
        STARTUPINFO si = new STARTUPINFO();
        SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES();
        last_error = 0;
        last_error = Marshal.GetLastWin32Error();
        if(DuplicateTokenEx(hToken,UInt32.Parse(GRANTED_ALL,System.Globalization.NumberStyles.HexNumber),
            ref sa,SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation,
            TOKEN_TYPE.TokenPrimary,out hTokenDuplicate))
        {
            last_error = 0;
            last_error = Marshal.GetLastWin32Error();

            CreateProcessAsUser(hTokenDuplicate, "d:\\san\\notepad.exe", null,
            ref sa, ref sa, false, 0, IntPtr.Zero, "d:\\san", ref si, out pi);

            last_error = 0;
            last_error = Marshal.GetLastWin32Error();

        }
    }

    last_error = 0;
    last_error = Marshal.GetLastWin32Error();


    if (hToken != IntPtr.Zero) CloseHandle(hToken);
    if (hTokenDuplicate != IntPtr.Zero) CloseHandle(hTokenDuplicate);

}

For some reason this is not working..
The DuplicateTokenEx function is returning as error code of 1305 and i cant seem to figure out why..

Instead of DuplicateTokenEx i also used the DuplicateToken, now the CreateProcessAsUser is returning an error code of 1308.

Could someone please throw light on this issue.. This appears to be an apparently very simple thing, but just cant get it right..
[Please note that I specifically want to LogonUser and then DuplicateToken and then CreateProcessAsUSer]

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

海之角 2024-07-16 14:49:51

请参阅CreateProcessAsUser() 窗口工作站和桌面。

但我建议以托管方式进行：

...
using System.Diagnostics;
using System.Security;
...
...
string progPath = @"c:\WINNT\notepad.exe";
ProcessStartInfo startInfo = new ProcessStartInfo(progPath);
startInfo.WindowStyle = ProcessWindowStyle.Normal;
startInfo.UseShellExecute = false;
startInfo.UserName = "SomeUser";
SecureString password = new SecureString();

#region setting password
password.AppendChar('p');
password.AppendChar('a');
...
#endregion

startInfo.Password = password;
Process.Start(startInfo);
...
...

See CreateProcessAsUser() windowstations and desktops.

But I suggest to do it in managed way:

...
using System.Diagnostics;
using System.Security;
...
...
string progPath = @"c:\WINNT\notepad.exe";
ProcessStartInfo startInfo = new ProcessStartInfo(progPath);
startInfo.WindowStyle = ProcessWindowStyle.Normal;
startInfo.UseShellExecute = false;
startInfo.UserName = "SomeUser";
SecureString password = new SecureString();

#region setting password
password.AppendChar('p');
password.AppendChar('a');
...
#endregion

startInfo.Password = password;
Process.Start(startInfo);
...
...

回复收藏 0 原文

~没有更多了~