Logical workflow steps for CreateProcessAsUser to ImpersonateLoggedOnUser and DuplicateHandle all to run a command as the user?

Question

Logical workflow steps for CreateProcessAsUser to ImpersonateLoggedOnUser and DuplicateHandle all to run a command as the user?

Coming from

Windows C# Is there a way to create a new process with the Kerberos ticket of parent process?

support kerberos constrained delegation using SSPI for multiprocess

I'm trying to copy Kerberos credentials from one process to another to invoke a remote command. Steve has been very helpful, but I'm a little confused on how to create a child process, load it up with the proper credential handles, and impersonation, then get a hold of the same child process to execute the actual command since the call to DuplicateHandles requires the child process to exist first.

My question is, how do I get the Child Process to execute the command I initially intended for it to do as CreateProcessAsUser with impersonation?

Code so far:

var CurrentIdentity = ((WindowsIdentity)User.Identity).Token;

IntPtr parentHandle = IntPtr.Zero;

CloneParentProcessToken.QuerySecurityContextToken(ref CurrentIdentity, out parentHandle);
IntPtr parentProcessHandle = Process.GetCurrentProcess().Handle;

currentUser = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

//Create Child Process as User
IntPtr childProcessHandle = CreateProcessAsUser();

IntPtr lpTargetHandle = IntPtr.Zero;

//Duplicate parent security handle into child
if (CloneParentProcessToken.DuplicateHandle(parentProcessHandle, parentHandle, childProcessHandle, out lpTargetHandle,
    ProcessUtility.TOKEN_IMPERSONATE, true, (uint)0x00000002))
{
    int childHandleProcessID = CloneParentProcessToken.GetProcessId(lpTargetHandle);

    IntPtr newChildProcess = ProcessUtility.OpenProcess(ProcessUtility.ProcessAccessFlags.All, true, childHandleProcessID);
    IntPtr newProcessAccessTokenHandle = IntPtr.Zero;
    if (ProcessUtility.OpenProcessToken(newChildProcess, ProcessUtility.TOKEN_IMPERSONATE, out newProcessAccessTokenHandle))
    {
        //Impersonate the user in the new child process
        if (CloneParentProcessToken.ImpersonateLoggedOnUser(newProcessAccessTokenHandle))
        {
            //newChildProcess is pointer to child process with token and impersonation
            Process child = Process.GetProcessById(childHandleProcessID);

            //Have child process execute???
        }
    }

c#

winapi

kerberos

sspi

asked on Stack Overflow Aug 8, 2019 by

jangooni • edited Aug 8, 2019 by

Remy Lebeau

1 Answer

since the call to DuplicateHandles requires the child process to exist first.

You could set hTargetProcessHandle as current process, and bInheritHandle as true, so that the duplicate handle can be inherited by new processes created by the target process. Then pass the new token to child process through IPC.

answered on Stack Overflow Aug 9, 2019 by

Drake Wu

User contributions licensed under CC BY-SA 3.0