How to duplicate socket for target process under different user

Question

I've hit upon a problem with WSADuplicateSocket, which I'm using to duplicate a socket for use by a different process. It works find when both processes are running under the same Windows user, but fails with error code 10022 (WSAEINVAL) when they are running under different users.

Specifically, the process calling WSADuplicateSocket is running under an admin user account and the target process is running under the System account.

Searching the web, I've found other references to the issue, but no solutions. Does anyone know of a way to resolve this?

Here's the current code:

bool Duplicate(
    SOCKET s,
    WSAPROTOCOL_INFO* pSocketInfo,
    int targetProcessID,
    int& errorNum
)
{
    memset(pSocketInfo, 0, sizeof(WSAPROTOCOL_INFO));
    if (::WSADuplicateSocket(s, targetProcessID, pSocketInfo)
        == SOCKET_ERROR)
    {
        errorNum = ::WSAGetLastError();
        return false;
    }
    return true;
}

Answer 1

maybe the target user (system) does not have the privilege to access the network? i think that around windows xp a special service account has been created (network service) to separate services that need the access to the network. have you tested your code for another user, other than system?

Answer 2

The MSDN is a little bit unclear on the subject and I don't have time to test this myself, but maybe the socket handle, as a kernel object, has a security descriptor attached, that doesn't allow access to it by anyone else than the creator.

Try calling GetKernelObjectSecurity to examine ACLs attached to the handle and then try calling SetKernelObjectSecurity to allow other users access to the handle. Maybe then WSADuplicateSocket will work correctly?