C
cppBeginnnnnner
Guest
Hi Guys,
I'm trying to using following codes create my Server/client app.
Winsock Server app ran under account contoso\administrator on server A
Winsock client app ran under account contoso\testuser on server B
In Winsock Server app, there is a segment code that impersonating to the user 'contoso\testuser'. I'm trying to create a file after impersonate the user to 'contoso\testuser', but Process monitor showed that the user was still 'contoso\administrator'
Here are the codes I used
Using SSPI with a Windows Sockets Client - Windows applications
Using SSPI with a Windows Sockets Server - Windows applications
Here is how Winsock server uses the Impersonate.
ss = ImpersonateSecurityContext (&hctxt);
if (!SEC_SUCCESS(ss))
{
fprintf (stderr, "Impersonate failed: 0x%08x\n", ss);
cleanup();
}
else
{
printf("Impersonation worked. \n");
}
GetUserName (NULL, &cbUserName);
pUserName = (PCHAR) malloc (cbUserName);
The pUsername shows the user became 'contoso\testuser'.
I added following code after the impersonating
HANDLE hFile;
hFile = CreateFile(TEXT("one.txt"), //
GENERIC_READ, // open for reading
0, // do not share
NULL, // no security
CREATE_NEW, // create new
FILE_ATTRIBUTE_NORMAL, // normal file
NULL); // no attr. template
The file was created successfully, but Process monitor showed that the user was 'contoso\administrator' instead of 'contoso\testuser'
Continue reading...
I'm trying to using following codes create my Server/client app.
Winsock Server app ran under account contoso\administrator on server A
Winsock client app ran under account contoso\testuser on server B
In Winsock Server app, there is a segment code that impersonating to the user 'contoso\testuser'. I'm trying to create a file after impersonate the user to 'contoso\testuser', but Process monitor showed that the user was still 'contoso\administrator'
Here are the codes I used
Using SSPI with a Windows Sockets Client - Windows applications
Using SSPI with a Windows Sockets Server - Windows applications
Here is how Winsock server uses the Impersonate.
ss = ImpersonateSecurityContext (&hctxt);
if (!SEC_SUCCESS(ss))
{
fprintf (stderr, "Impersonate failed: 0x%08x\n", ss);
cleanup();
}
else
{
printf("Impersonation worked. \n");
}
GetUserName (NULL, &cbUserName);
pUserName = (PCHAR) malloc (cbUserName);
The pUsername shows the user became 'contoso\testuser'.
I added following code after the impersonating
HANDLE hFile;
hFile = CreateFile(TEXT("one.txt"), //
GENERIC_READ, // open for reading
0, // do not share
NULL, // no security
CREATE_NEW, // create new
FILE_ATTRIBUTE_NORMAL, // normal file
NULL); // no attr. template
The file was created successfully, but Process monitor showed that the user was 'contoso\administrator' instead of 'contoso\testuser'
Continue reading...
