Geek asks and answers

Security Issue with CreateProcess API

Purpose . I am trying to send some files from my client to the server. I use "rsync" to transfer data. I use CreateProcess APi and pass the rsync path along with the parameters.

A positive case . When I send data from local drives, such as "C:" where my windows are installed, the above method works correctly and transfers the data.

Problem . When I try to send data to a mapped drive (shared network drive). CreateProcess fails, but the error I get is rsync cannot find the file. The same rsync command, when I run on the command line, all files are transferred successfully without any errors, but the files cannot be transferred using CreateProcess.

Code :

    int CreateRsyncProcess(const wchar_t * ptrCommand)
    {
        STARTUPINFO si;
        PROCESS_INFORMATION pi;
        SECURITY_ATTRIBUTES sap,sat,sao;
        HANDLE out;
        DWORD pwExit;

        //init the STARTUPINFO struct
        memset(&si,0,sizeof(si));
        si.cb=sizeof(si);

        wstring cmd = L"";
        cmd.append(ptrCommand);


        //proc sec attributes
        sap.nLength=sizeof(SECURITY_ATTRIBUTES);
        sap.lpSecurityDescriptor= NULL;
        sap.bInheritHandle=1;

        //thread sec attributes
        sat.nLength=sizeof(SECURITY_ATTRIBUTES);
        sat.lpSecurityDescriptor= NULL;
        sat.bInheritHandle=1;


        //create the proc
        if(!CreateProcess(NULL,(LPWSTR)cmd.c_str(),&sap,&sat,1,CREATE_NO_WINDOW,NULL,NULL,&si,&pi))
        {
            DWORD err = GetLastError();
            if(out != INVALID_HANDLE_VALUE)
                CloseHandle(out);

            return 1;
        }

        //wait till the proc ends

        WaitForSingleObject(pi.hProcess,INFINITE);

        GetExitCodeProcess(pi.hProcess,&pwExit);

        //close all
        CloseHandle(pi.hProcess);
        CloseHandle(pi.hThread);
        if(out != INVALID_HANDLE_VALUE)
            CloseHandle(out);
        TerminateProcess(pi.hProcess,0);


        return pwExit;

}

Rsync Cmd : "C: \ Program Files \ cwRsync \ bin \ rsync.exe" -cvriHPDkREL --no-implied-dirs --stats -e '"C: \ Program Files \ cwRsync \ bin \ ssh" -o StrictHostKeyChecking = no -i "C: \ Program Files \ cwRsync \ bin \ rsync-key" '"/ cygdrive / Z / 64Bit" user@server.com : ~ / 6a90c592-2b3b-4088-8942-2106776c863a /

Does this happen due to some security or security issues related to creating CreateProcess or something else? Please help as I am stuck on this.

thank

The EDIT: . This works fine as a normal process, but when I run it in a service, it fails. Thus, the main problem is that the service does not have access to network resources. Any workarounds for this?

+3
3

, , , , , , .

- .

    DWORD dwIdCurrentSession = 0xFFFFFFFF;

    WTS_SESSION_INFO* pSessionInfo = NULL;          
    DWORD dwSessionsCount = 0;
    if(WTSEnumerateSessions(WTS_CURRENT_SERVER_HANDLE, 0, 1, &pSessionInfo, &dwSessionsCount))
    {   
        for(int i=0; i<(int)dwSessionsCount; i++)
        {
            WTS_SESSION_INFO &si = pSessionInfo[i];
            if(si.State == WTSActive)
            {                                                       
                dwIdCurrentSession = si.SessionId;
                break;
            }
        }

        WTSFreeMemory(pSessionInfo);    
    }

    if(dwIdCurrentSession != 0xFFFFFFFF)
    {
        HANDLE hLoggedOnUserToken = NULL;           
        // Get Session User Token   
        if(WTSQueryUserToken(dwIdCurrentSession, &hLoggedOnUserToken))                          
        {                   
            LPVOID lpEnviroment = NULL;
            if(CreateEnvironmentBlock(&lpEnviroment, hLoggedOnUserToken, false))
            {               
                STARTUPINFO si;
                PROCESS_INFORMATION pi;

                ZeroMemory( &si, sizeof(si) );
                si.cb = sizeof(si);
                ZeroMemory( &pi, sizeof(pi) );

                // Create Process
                if(CreateProcessAsUser(hLoggedOnUserToken,
                    NULL,
                    (LPWSTR)cmd.c_str(),
                    NULL,
                    NULL,
                    FALSE,
                    CREATE_UNICODE_ENVIRONMENT,
                    lpEnviroment,
                    NULL,
                    &si,
                    &pi )
                ) 
                {   
                    // Wait for finish......

                    // Clean up
                    CloseHandle( pi.hProcess );
                    CloseHandle( pi.hThread );                                  
                }

                DestroyEnvironmentBlock(lpEnviroment);
            }

            CloseHandle(hLoggedOnUserToken);    
        }
    }
+1

- . UNC- ( ) .

+4

, Windows 7 32-bit, Windows 7 64-bit .., ? , UAC? UAC, .

. .

Right now, if UAC is really your problem, my only suggestion is that you are exploring the possibility of using ShellExecuteEx instead. The RunElevated feature found in Vista UAC Elevator Top Up and Down may come in handy. For convenience, I will enable the function here.

BOOL RunElevated(
  HWND hwnd, LPCTSTR pszPath,
  LPCTSTR pszParameters = NULL, LPCTSTR pszDirectory = NULL)
{
  SHELLEXECUTEINFO shex;
  memset( &shex, 0, sizeof( shex) );

  shex.cbSize = sizeof(SHELLEXECUTEINFO);
  shex.fMask = 0;
  shex.hwnd = hwnd;
  shex.lpVerb = _T("runas");
  shex.lpFile = pszPath;
  shex.lpParameters = pszParameters;
  shex.lpDirectory = pszDirectory;
  shex.nShow = SW_NORMAL;
  return ::ShellExecuteEx(&shex);
}

If using ShellExecuteEx is not an option, you can also try the CreateProcessElevated function found in Vista UAC: the ultimate guide .

0
source

More articles:


All Articles