具有提升权限的 CreateProcessAsUser [英] CreateProcessAsUser with elevated privileges
本文介绍了具有提升权限的 CreateProcessAsUser的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的服务在本地系统权限下运行,需要在用户会话中启动具有管理员权限的应用程序.
My service is running under local system permissions, and needs to start an application with administrator permissions in the user session.
我得到的是:
WTSGetActiveConsoleSessionID()WTSQueryUserToken用于会话 IDCreateProcessAsUser
WTSGetActiveConsoleSessionID()WTSQueryUserTokenfor session IDCreateProcessAsUser
问题是我需要以管理员身份运行进程(第 3 步),而不需要向用户询问管理员密码.
The problem is I need to run the process (Step 3) as an administrator, without asking the user for the administrator's password.
在 Linux 系统上,我会简单地执行su",但要在 Windows 系统上实现这一点?
On Linux systems I would simply do a "su ", but to achieve this on a Windows system?
推荐答案
我终于找到了解决方案:
I've finally found the solution to manage this:
public void launchProcessInUserSession(String process) throws WindowsAPIException {
final DWORD interactiveSessionId = kernel32.WTSGetActiveConsoleSessionId();
final DWORD serviceSessionId = getCurrentSessionId();
final HANDLEByReference pExecutionToken = new HANDLEByReference();
final HANDLE currentProcessToken = getCurrentProcessToken();
try {
final HANDLE interactiveUserToken = getUserToken(interactiveSessionId);
checkAPIError(advapi32.DuplicateTokenEx(currentProcessToken, WinNT.TOKEN_ALL_ACCESS, null, SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation,
WinNT.TOKEN_TYPE.TokenPrimary, pExecutionToken));
} finally {
kernel32.CloseHandle(currentProcessToken);
}
final HANDLE executionToken = pExecutionToken.getValue();
try {
checkAPIError(advapi32.SetTokenInformation(executionToken, TOKEN_INFORMATION_CLASS.TokenSessionId, new IntByReference(interactiveSessionId.intValue()), DWORD.SIZE));
final WinBase.STARTUPINFO si = new WinBase.STARTUPINFO();
final PROCESS_INFORMATION processInfo = new WinBase.PROCESS_INFORMATION();
final int dwFlags = WinBase.DETACHED_PROCESS;
checkAPIError(advapi32.CreateProcessAsUser(executionToken, null, process, null, null, false, dwFlags, null, null, si, processInfo));
LOGGER.debug("Execution done. Process ID is {}", processInfo.dwProcessId);
} finally {
kernel32.CloseHandle(executionToken);
}
}
这篇关于具有提升权限的 CreateProcessAsUser的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
