来自（哪里

Windows C# 有没有办法使用父进程的 Kerberos 票证创建新进程？

支持使用 SSPI 进行多进程的 kerberos 约束委派

我正在尝试将 Kerberos 凭据从一个进程复制到另一个进程以调用远程命令。史蒂夫非常有帮助，但我对如何创建子进程，使用正确的凭据句柄加载它和模拟，然后获取同一个子进程来执行调用后的实际命令有点困惑DuplicateHandles 要求子进程首先存在。

我的问题是，如何让子进程执行我最初打算让它作为 CreateProcessAsUser 模拟执行的命令？

到目前为止的代码：

var CurrentIdentity = ((WindowsIdentity)User.Identity).Token;

IntPtr parentHandle = IntPtr.Zero;

CloneParentProcessToken.QuerySecurityContextToken(ref CurrentIdentity, out parentHandle);

IntPtr parentProcessHandle = Process.GetCurrentProcess().Handle;

currentUser = System.Security.Principal.WindowsIdentity.GetCurrent().Name;

//Create Child Process as User

IntPtr childProcessHandle = CreateProcessAsUser();

IntPtr lpTargetHandle = IntPtr.Zero;

//Duplicate parent security handle into child

if (CloneParentProcessToken.DuplicateHandle(parentProcessHandle, parentHandle, childProcessHandle, out lpTargetHandle,

    ProcessUtility.TOKEN_IMPERSONATE, true, (uint)0x00000002))

{

    int childHandleProcessID = CloneParentProcessToken.GetProcessId(lpTargetHandle);

    IntPtr newChildProcess = ProcessUtility.OpenProcess(ProcessUtility.ProcessAccessFlags.All, true, childHandleProcessID);

    IntPtr newProcessAccessTokenHandle = IntPtr.Zero;

    if (ProcessUtility.OpenProcessToken(newChildProcess, ProcessUtility.TOKEN_IMPERSONATE, out newProcessAccessTokenHandle))

    {

        //Impersonate the user in the new child process

        if (CloneParentProcessToken.ImpersonateLoggedOnUser(newProcessAccessTokenHandle))

        {

            //newChildProcess is pointer to child process with token and impersonation

            Process child = Process.GetProcessById(childHandleProcessID);

            //Have child process execute???

        }

    }