当前位置：文江博客话题详情

在不在同一域的 2 个受保护源之间复制文件

发布于 2024-12-12 04:56:00 字数 2708 浏览 0 评论 0原文

我有一个正在升级的小型部署工具。该工具从构建框中获取代码版本，更新 SVN，然后将其放置在 X 服务器上（部署将部署安装的特定部分移动到堆栈中的不同服务器）。

现在发生的情况是，当它在我们的构建箱之外的任何其他设备上运行时，由于安全原因，它将无法工作。

我们的构建框是内部的并且在我们自己的域内。我们要复制到的服务器位于高安全域中。我使用了此处解释的技术：访问密码C# 中的 Windows 中受保护的网络驱动器？用于访问这些域驱动器上的文件/数据，因此我不需要映射它。

但这是问题所在。

构建框 - 域 A

部署服务器 - 域 B 部署服务器 2 - 域 B

我的盒子可以完全控制我们的构建盒子，因为开发人员以管理员身份运行，并且它位于我们的域中。但是，一旦我模拟登录进入域 B，我就无法访问我的域 A 构建框。

这是一个内部实用程序，任何帮助将不胜感激。

*如果这方面有大量工作而不是复制，我可以打开新线程并运行命令行来从每台服务器上的 SVN 获取这些文件，因为这是一种可能而不是复制。我们将所有部署安装文件保存在 SVN 中。

IntPtr token;
if (!Security.Access.LogonUser("ChuckNorris", "a_small_bunny[0]", "OfficeSpace", Security.Enums.LogonType.NewCredentials, Security.Enums.LogonProvider.Default, out token))
{
    throw new Win32Exception();
}

try
{
    IntPtr dToken;
    if (!Security.Access.DuplicateToken(token, Security.Enums.SecurityImpersonationLevel.Impersonation, out dToken))
        throw new Win32Exception();

    try
    {
        using (WindowsImpersonationContext iContext = new WindowsIdentity(dToken).Impersonate())
        {
            Directory.CreateDirectory(destDir); //Works Here as I have impersonation

            // copy each file to destination
     //This will bomb as my user is now linked to the prod domain.
            foreach (string file in Directory.GetFiles(srcDir))
            {
                // update property bag
                UpdatePropertyBag(
                    propertyBag,
                    PropertyBag.Step,
                    "Copying [" + file + "] to [" + destDir + "]");

                // copy each file
                File.Copy(file, CombinePath(destDir, Path.GetFileName(file)));
            }

            // deal with each file/folder
            foreach (string dir in Directory.GetDirectories(srcDir))
            {
                // copy each subdirectory
                CopyDirectory(propertyBag, srcDir, destDir, Path.GetFileName(dir));
            }

            iContext.Undo();
        }
    }
    catch (Exception ex)
    {
    }
    finally
    {
        if (dToken != IntPtr.Zero)
        {
            if (!Security.Access.CloseHandle(dToken))
            {
                // Uncomment if you need to know this case.
                ////throw new Win32Exception();
            }
        }
    }
}
catch (Exception ex)
{
}
finally
{
    if (token != IntPtr.Zero)
    {
        if (!Security.Access.CloseHandle(token))
        {
            // Uncomment if you need to know this case.
            ////throw new Win32Exception();
        }
    }
}

原文

I have a small deploy tool that I'm upgrading. The tool takes a version of code from the build box, updates SVN, and then plops it on X servers (A deploy moves specific parts of the deploy installs to different servers within the stack).

What is happening now is when it's ran on anything other than our build box, it will not work due to securities.

Our build box is internal and on our own domain. The servers we're copying to are on a high security domain. I have used the techniques explained here: Accessing Password Protected Network Drives in Windows in C#? for accessing files / data on those domain drives so i don't need to map it.

But here's the catch.

Build box - Domain A

Deploy Server - Domain B
Deploy Server 2 - Domain B

My box has complete control over our Build Box because the dev's run as administrators, and it is on our domain. However, once I impersonate my login so I'm on Domain B, I can't access my Domain A build box.

This is an internal utility, and any help would be appreciated.

*If there's extensive work on this instead of copying I can open new threads and run a command line to get these files from SVN on each server as that is a possibility instead of copying. We keep all deploy install files in SVN.

IntPtr token;
if (!Security.Access.LogonUser("ChuckNorris", "a_small_bunny[0]", "OfficeSpace", Security.Enums.LogonType.NewCredentials, Security.Enums.LogonProvider.Default, out token))
{
    throw new Win32Exception();
}

try
{
    IntPtr dToken;
    if (!Security.Access.DuplicateToken(token, Security.Enums.SecurityImpersonationLevel.Impersonation, out dToken))
        throw new Win32Exception();

    try
    {
        using (WindowsImpersonationContext iContext = new WindowsIdentity(dToken).Impersonate())
        {
            Directory.CreateDirectory(destDir); //Works Here as I have impersonation

            // copy each file to destination
     //This will bomb as my user is now linked to the prod domain.
            foreach (string file in Directory.GetFiles(srcDir))
            {
                // update property bag
                UpdatePropertyBag(
                    propertyBag,
                    PropertyBag.Step,
                    "Copying [" + file + "] to [" + destDir + "]");

                // copy each file
                File.Copy(file, CombinePath(destDir, Path.GetFileName(file)));
            }

            // deal with each file/folder
            foreach (string dir in Directory.GetDirectories(srcDir))
            {
                // copy each subdirectory
                CopyDirectory(propertyBag, srcDir, destDir, Path.GetFileName(dir));
            }

            iContext.Undo();
        }
    }
    catch (Exception ex)
    {
    }
    finally
    {
        if (dToken != IntPtr.Zero)
        {
            if (!Security.Access.CloseHandle(dToken))
            {
                // Uncomment if you need to know this case.
                ////throw new Win32Exception();
            }
        }
    }
}
catch (Exception ex)
{
}
finally
{
    if (token != IntPtr.Zero)
    {
        if (!Security.Access.CloseHandle(token))
        {
            // Uncomment if you need to know this case.
            ////throw new Win32Exception();
        }
    }
}

分享到QQ

分享到微博