windows 使用 advapi32.dll:LogonUserA() 模拟远程机器的本地用户
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1035116/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using advapi32.dll:LogonUserA() to impersonate a remote machine's local user
提问by JCCyC
I need to be able to run RegLoadKey() on a remote machine, and it may be that my machine and the remote machine are not in the same domain. If they are, the below code works OK and I can impersonate a user that has admin privileges on the machine. Otherwise, if we're talking about local users, according to this discussion I found...
我需要能够在远程机器上运行 RegLoadKey(),可能是我的机器和远程机器不在同一个域中。如果是,下面的代码可以正常工作,我可以模拟在机器上具有管理员权限的用户。否则,如果我们谈论的是本地用户,根据这个讨论,我发现......
http://www.eggheadcafe.com/conversation.aspx?messageid=34224301&threadid=34224226
http://www.eggheadcafe.com/conversation.aspx?messageid=34224301&threadid=34224226
...There has to be a local user on my machine with the same username and password. Ugh. Is there a way around that?
...我的机器上必须有一个具有相同用户名和密码的本地用户。啊。有没有办法解决这个问题?
using System.Runtime.InteropServices;
using System.Security.Principal;
[DllImport("advapi32.dll")]
public static extern int LogonUserA(String lpszUserName, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern int DuplicateToken(IntPtr hToken, int impersonationLevel, ref IntPtr hNewToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool RevertToSelf();
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
public const int LOGON32_LOGON_INTERACTIVE = 2;
public const int LOGON32_PROVIDER_DEFAULT = 0;
public WindowsImpersonationContext WearDrag(string Username, string Password, string DomainOrMachine)
{
WindowsImpersonationContext impersonationContext;
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if (RevertToSelf())
{
if (LogonUserA(Username, DomainOrMachine, Password,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
impersonationContext = tempWindowsIdentity.Impersonate();
if (impersonationContext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
return impersonationContext;
}
}
}
}
if (token != IntPtr.Zero)
CloseHandle(token);
if (tokenDuplicate != IntPtr.Zero)
CloseHandle(tokenDuplicate);
return null;
}
回答by Otávio Décio
Here's what I have been using without having to define a local user:
这是我一直在使用而无需定义本地用户的内容:
const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
const int LOGON32_PROVIDER_DEFAULT = 0;
bool isSuccess = LogonUser(username, domain, password,
LOGON32_LOGON_NEW_CREDENTIALS,
LOGON32_PROVIDER_DEFAULT, ref token);
After that:
在那之后:
WindowsIdentity newIdentity = new WindowsIdentity(token);
WindowsImpersonationContext impersonatedUser = newIdentity.Impersonate();
I don't duplicate the handle though.
不过我不复制句柄。
Another observation - I don't use LogonUserA, I simply use LogonUser.
另一个观察 - 我不使用 LogonUserA,我只是使用 LogonUser。
