0

I have a small deploy tool that I'm upgrading. The tool takes a version of code from the build box, updates SVN, and then plops it on X servers (A deploy moves specific parts of the deploy installs to different servers within the stack).

What is happening now is when it's ran on anything other than our build box, it will not work due to securities.

Our build box is internal and on our own domain. The servers we're copying to are on a high security domain. I have used the techniques explained here: Accessing Password Protected Network Drives in Windows in C#? for accessing files / data on those domain drives so i don't need to map it.

But here's the catch.

Build box - Domain A

Deploy Server - Domain B Deploy Server 2 - Domain B

My box has complete control over our Build Box because the dev's run as administrators, and it is on our domain. However, once I impersonate my login so I'm on Domain B, I can't access my Domain A build box.

This is an internal utility, and any help would be appreciated.

*If there's extensive work on this instead of copying I can open new threads and run a command line to get these files from SVN on each server as that is a possibility instead of copying. We keep all deploy install files in SVN.

IntPtr token;
if (!Security.Access.LogonUser("ChuckNorris", "a_small_bunny[0]", "OfficeSpace", Security.Enums.LogonType.NewCredentials, Security.Enums.LogonProvider.Default, out token))
{
    throw new Win32Exception();
}

try
{
    IntPtr dToken;
    if (!Security.Access.DuplicateToken(token, Security.Enums.SecurityImpersonationLevel.Impersonation, out dToken))
        throw new Win32Exception();

    try
    {
        using (WindowsImpersonationContext iContext = new WindowsIdentity(dToken).Impersonate())
        {
            Directory.CreateDirectory(destDir); //Works Here as I have impersonation

            // copy each file to destination
     //This will bomb as my user is now linked to the prod domain.
            foreach (string file in Directory.GetFiles(srcDir))
            {
                // update property bag
                UpdatePropertyBag(
                    propertyBag,
                    PropertyBag.Step,
                    "Copying [" + file + "] to [" + destDir + "]");

                // copy each file
                File.Copy(file, CombinePath(destDir, Path.GetFileName(file)));
            }

            // deal with each file/folder
            foreach (string dir in Directory.GetDirectories(srcDir))
            {
                // copy each subdirectory
                CopyDirectory(propertyBag, srcDir, destDir, Path.GetFileName(dir));
            }

            iContext.Undo();
        }
    }
    catch (Exception ex)
    {
    }
    finally
    {
        if (dToken != IntPtr.Zero)
        {
            if (!Security.Access.CloseHandle(dToken))
            {
                // Uncomment if you need to know this case.
                ////throw new Win32Exception();
            }
        }
    }
}
catch (Exception ex)
{
}
finally
{
    if (token != IntPtr.Zero)
    {
        if (!Security.Access.CloseHandle(token))
        {
            // Uncomment if you need to know this case.
            ////throw new Win32Exception();
        }
    }
}
Community
  • 1
  • 1
Ryan Ternier
  • 8,714
  • 4
  • 46
  • 69

1 Answers1

0

I may have missed something in the flow above but can you:

  1. Impersonate domain A
  2. Copy to a shared location with permissions for both domains.
  3. Impersonate domain b, move to final location. Other options are to read the file details, load into memory, and write to the destination and preserve timestamp if necessary.
Adam Tuliper
  • 29,982
  • 4
  • 53
  • 71