I've hit upon a problem with WSADuplicateSocket, which I'm using to duplicate a socket for use by a different process. It works find when both processes are running under the same Windows user, but fails with error code 10022 (WSAEINVAL) when they are running under different users.
我遇到了WSADuplicateSocket的问题,我正在使用它复制套接字以供其他进程使用。它可以在两个进程在同一Windows用户下运行时查找,但在不同用户下运行时失败并显示错误代码10022(WSAEINVAL)。
Specifically, the process calling WSADuplicateSocket is running under an admin user account and the target process is running under the System account.
具体来说,调用WSADuplicateSocket的进程在admin用户帐户下运行,目标进程在System帐户下运行。
Searching the web, I've found other references to the issue, but no solutions. Does anyone know of a way to resolve this?
在网上搜索,我发现了其他问题,但没有解决方案。有谁知道解决这个问题的方法?
Here's the current code:
这是当前的代码:
bool Duplicate(
SOCKET s,
WSAPROTOCOL_INFO* pSocketInfo,
int targetProcessID,
int& errorNum
)
{
memset(pSocketInfo, 0, sizeof(WSAPROTOCOL_INFO));
if (::WSADuplicateSocket(s, targetProcessID, pSocketInfo)
== SOCKET_ERROR)
{
errorNum = ::WSAGetLastError();
return false;
}
return true;
}
2 个解决方案
#1
1
maybe the target user (system) does not have the privilege to access the network? i think that around windows xp a special service account has been created (network service) to separate services that need the access to the network. have you tested your code for another user, other than system?
也许目标用户(系统)没有访问网络的权限?我认为围绕windows xp创建了一个特殊的服务帐户(网络服务)来分离需要访问网络的服务。你有没有为系统以外的其他用户测试你的代码?
#2
1
The MSDN is a little bit unclear on the subject and I don't have time to test this myself, but maybe the socket handle, as a kernel object, has a security descriptor attached, that doesn't allow access to it by anyone else than the creator.
MSDN在这个问题上有点不清楚,我没有时间自己测试,但是作为内核对象的套接字句柄附加了一个安全描述符,不允许任何其他人访问它比创作者。
Try calling GetKernelObjectSecurity to examine ACLs attached to the handle and then try calling SetKernelObjectSecurity to allow other users access to the handle. Maybe then WSADuplicateSocket will work correctly?
尝试调用GetKernelObjectSecurity来检查附加到句柄的ACL,然后尝试调用SetKernelObjectSecurity以允许其他用户访问句柄。也许然后WSADuplicateSocket将正常工作?
#1
1
maybe the target user (system) does not have the privilege to access the network? i think that around windows xp a special service account has been created (network service) to separate services that need the access to the network. have you tested your code for another user, other than system?
也许目标用户(系统)没有访问网络的权限?我认为围绕windows xp创建了一个特殊的服务帐户(网络服务)来分离需要访问网络的服务。你有没有为系统以外的其他用户测试你的代码?
#2
1
The MSDN is a little bit unclear on the subject and I don't have time to test this myself, but maybe the socket handle, as a kernel object, has a security descriptor attached, that doesn't allow access to it by anyone else than the creator.
MSDN在这个问题上有点不清楚,我没有时间自己测试,但是作为内核对象的套接字句柄附加了一个安全描述符,不允许任何其他人访问它比创作者。
Try calling GetKernelObjectSecurity to examine ACLs attached to the handle and then try calling SetKernelObjectSecurity to allow other users access to the handle. Maybe then WSADuplicateSocket will work correctly?
尝试调用GetKernelObjectSecurity来检查附加到句柄的ACL,然后尝试调用SetKernelObjectSecurity以允许其他用户访问句柄。也许然后WSADuplicateSocket将正常工作?