reactos/win32ss/printing/base/spoolss/context.c

/*
 * PROJECT:     ReactOS Spooler Router
 * LICENSE:     GPL-2.0+ (https://spdx.org/licenses/GPL-2.0+)
 * PURPOSE:     Functions related to switching between security contexts
 * COPYRIGHT:   Copyright 2015 Colin Finck (colin@reactos.org)
 */

#include "precomp.h"

/**
 * @see RevertToPrinterSelf
 */
BOOL WINAPI
ImpersonatePrinterClient(HANDLE hToken)
{
    DWORD cbReturned;
    DWORD dwErrorCode;
    TOKEN_TYPE Type;

    // Sanity check
    if (!hToken)
    {
        dwErrorCode = ERROR_INVALID_HANDLE;
        goto Cleanup;
    }

    // Get the type of the supplied token.
    if (!GetTokenInformation(hToken, TokenType, &Type, sizeof(TOKEN_TYPE), &cbReturned))
    {
        dwErrorCode = GetLastError();
        ERR("GetTokenInformation failed with error %lu!\n", dwErrorCode);
        goto Cleanup;
    }

    // Check if this is an impersonation token and only set it as the thread token in this case.
    // This is not always an impersonation token, see RevertToPrinterSelf.
    if (Type == TokenImpersonation)
    {
        if (!SetThreadToken(NULL, hToken))
        {
            dwErrorCode = GetLastError();
            ERR("SetThreadToken failed with error %lu!\n", dwErrorCode);
            goto Cleanup;
        }
    }

Cleanup:
    if (hToken)
        CloseHandle(hToken);

    SetLastError(dwErrorCode);
    return (dwErrorCode == ERROR_SUCCESS);
}

/**
 * RevertToPrinterSelf reverts the security context from the current user's context back to the process context.
 * As spoolss.dll is used by spoolsv.exe, this is usually the SYSTEM security context.
 *
 * Unlike the traditional ImpersonateClient and then RevertToSelf approach, we do it the other way round here,
 * because spoolss.dll is delay-loaded by spoolsv.exe in the current user's context. Use RevertToPrinterSelf then to
 * return to the SYSTEM context for specific tasks.
 */
HANDLE WINAPI
RevertToPrinterSelf(VOID)
{
    DWORD dwErrorCode;
    HANDLE hReturnValue = NULL;
    HANDLE hToken = NULL;

    // All spoolss code is usually called after impersonating the client. In this case, we can retrieve our current thread impersonation token using OpenThreadToken.
    // But in rare occasions, spoolss code is also called from a higher-privileged thread that doesn't impersonate the client. Then we don't get an impersonation token.
    // Anyway, we can't just return nothing in this case, because this is being treated as failure by the caller. So we return the token of the current process.
    // This behaviour is verified with Windows!
    if (OpenThreadToken(GetCurrentThread(), TOKEN_IMPERSONATE, TRUE, &hToken))
    {
        // Tell the thread to stop impersonating.
        if (!SetThreadToken(NULL, NULL))
        {
            dwErrorCode = GetLastError();
            ERR("SetThreadToken failed with error %lu!\n", dwErrorCode);
            goto Cleanup;
        }
    }
    else if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
    {
        dwErrorCode = GetLastError();
        ERR("OpenProcessToken failed with error %lu!\n", dwErrorCode);
        goto Cleanup;
    }

    // We were successful, return a token!
    dwErrorCode = ERROR_SUCCESS;
    hReturnValue = hToken;

    // Don't let the cleanup routine close this.
    hToken = NULL;

Cleanup:
    if (hToken)
        CloseHandle(hToken);

    SetLastError(dwErrorCode);
    return hReturnValue;
}
- Add a dummy winspool.drv SpoolerInit doing an RPC call to a dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll SpoolerInit. This serves as an example to show how I expect most spooler functions to work. - Implement the publicly exported and fundamental RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix WINSPOOL_HANDLE_bind. - Fix build with GCC. svn path=/branches/colins-printing-for-freedom/; revision=67693 2015-05-12 14:43:25 +00:00			`/*`
			`* PROJECT: ReactOS Spooler Router`
[PRINTING] [SKIPLIST] Use the new header with SPDX license identifier and relicense the entire Printing Stack as well as its Skiplist dependency under GPL-2.0+ Previously, the Printing Stack was a mix of GPLed and LGPLed code. Having everything under GPL-2.0+ makes things consistent and allows me to import code from most Open Source licenses. Given that the Printing Stack components are exchangeable with their Windows counterparts and implement documented interfaces, this license change doesn't impose any additional restrictions on dependent components (like printer drivers). svn path=/trunk/; revision=75988 2017-09-29 17:18:19 +00:00			`* LICENSE: GPL-2.0+ (https://spdx.org/licenses/GPL-2.0+)`
- Add a dummy winspool.drv SpoolerInit doing an RPC call to a dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll SpoolerInit. This serves as an example to show how I expect most spooler functions to work. - Implement the publicly exported and fundamental RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix WINSPOOL_HANDLE_bind. - Fix build with GCC. svn path=/branches/colins-printing-for-freedom/; revision=67693 2015-05-12 14:43:25 +00:00			`* PURPOSE: Functions related to switching between security contexts`
[PRINTING] [SKIPLIST] Use the new header with SPDX license identifier and relicense the entire Printing Stack as well as its Skiplist dependency under GPL-2.0+ Previously, the Printing Stack was a mix of GPLed and LGPLed code. Having everything under GPL-2.0+ makes things consistent and allows me to import code from most Open Source licenses. Given that the Printing Stack components are exchangeable with their Windows counterparts and implement documented interfaces, this license change doesn't impose any additional restrictions on dependent components (like printer drivers). svn path=/trunk/; revision=75988 2017-09-29 17:18:19 +00:00			`* COPYRIGHT: Copyright 2015 Colin Finck (colin@reactos.org)`
- Add a dummy winspool.drv SpoolerInit doing an RPC call to a dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll SpoolerInit. This serves as an example to show how I expect most spooler functions to work. - Implement the publicly exported and fundamental RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix WINSPOOL_HANDLE_bind. - Fix build with GCC. svn path=/branches/colins-printing-for-freedom/; revision=67693 2015-05-12 14:43:25 +00:00			`*/`

			`#include "precomp.h"`

			`/**`
			`* @see RevertToPrinterSelf`
			`*/`
			`BOOL WINAPI`
			`ImpersonatePrinterClient(HANDLE hToken)`
			`{`
[SPOOLSS] Rewrite RevertToPrinterSelf and ImpersonatePrinterClient. In contrast to what I first thought, they shall also work when the thread has no impersonation token. This occurs for example when spooler functions are called from a thread that doesn't originate from a RPC request. The rewritten functions also provide proper error codes. The native behaviour of these functions was verified through API Monitoring under Windows. svn path=/branches/colins-printing-for-freedom/; revision=68472 2015-07-20 16:15:52 +00:00			`DWORD cbReturned;`
			`DWORD dwErrorCode;`
			`TOKEN_TYPE Type;`

			`// Sanity check`
- Add a dummy winspool.drv SpoolerInit doing an RPC call to a dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll SpoolerInit. This serves as an example to show how I expect most spooler functions to work. - Implement the publicly exported and fundamental RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix WINSPOOL_HANDLE_bind. - Fix build with GCC. svn path=/branches/colins-printing-for-freedom/; revision=67693 2015-05-12 14:43:25 +00:00			`if (!hToken)`
			`{`
[SPOOLSS] Rewrite RevertToPrinterSelf and ImpersonatePrinterClient. In contrast to what I first thought, they shall also work when the thread has no impersonation token. This occurs for example when spooler functions are called from a thread that doesn't originate from a RPC request. The rewritten functions also provide proper error codes. The native behaviour of these functions was verified through API Monitoring under Windows. svn path=/branches/colins-printing-for-freedom/; revision=68472 2015-07-20 16:15:52 +00:00			`dwErrorCode = ERROR_INVALID_HANDLE;`
			`goto Cleanup;`
- Add a dummy winspool.drv SpoolerInit doing an RPC call to a dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll SpoolerInit. This serves as an example to show how I expect most spooler functions to work. - Implement the publicly exported and fundamental RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix WINSPOOL_HANDLE_bind. - Fix build with GCC. svn path=/branches/colins-printing-for-freedom/; revision=67693 2015-05-12 14:43:25 +00:00			`}`

[SPOOLSS] Rewrite RevertToPrinterSelf and ImpersonatePrinterClient. In contrast to what I first thought, they shall also work when the thread has no impersonation token. This occurs for example when spooler functions are called from a thread that doesn't originate from a RPC request. The rewritten functions also provide proper error codes. The native behaviour of these functions was verified through API Monitoring under Windows. svn path=/branches/colins-printing-for-freedom/; revision=68472 2015-07-20 16:15:52 +00:00			`// Get the type of the supplied token.`
			`if (!GetTokenInformation(hToken, TokenType, &Type, sizeof(TOKEN_TYPE), &cbReturned))`
- Add a dummy winspool.drv SpoolerInit doing an RPC call to a dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll SpoolerInit. This serves as an example to show how I expect most spooler functions to work. - Implement the publicly exported and fundamental RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix WINSPOOL_HANDLE_bind. - Fix build with GCC. svn path=/branches/colins-printing-for-freedom/; revision=67693 2015-05-12 14:43:25 +00:00			`{`
[SPOOLSS] Rewrite RevertToPrinterSelf and ImpersonatePrinterClient. In contrast to what I first thought, they shall also work when the thread has no impersonation token. This occurs for example when spooler functions are called from a thread that doesn't originate from a RPC request. The rewritten functions also provide proper error codes. The native behaviour of these functions was verified through API Monitoring under Windows. svn path=/branches/colins-printing-for-freedom/; revision=68472 2015-07-20 16:15:52 +00:00			`dwErrorCode = GetLastError();`
			`ERR("GetTokenInformation failed with error %lu!\n", dwErrorCode);`
			`goto Cleanup;`
			`}`

			`// Check if this is an impersonation token and only set it as the thread token in this case.`
			`// This is not always an impersonation token, see RevertToPrinterSelf.`
			`if (Type == TokenImpersonation)`
			`{`
			`if (!SetThreadToken(NULL, hToken))`
			`{`
			`dwErrorCode = GetLastError();`
			`ERR("SetThreadToken failed with error %lu!\n", dwErrorCode);`
			`goto Cleanup;`
			`}`
- Add a dummy winspool.drv SpoolerInit doing an RPC call to a dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll SpoolerInit. This serves as an example to show how I expect most spooler functions to work. - Implement the publicly exported and fundamental RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix WINSPOOL_HANDLE_bind. - Fix build with GCC. svn path=/branches/colins-printing-for-freedom/; revision=67693 2015-05-12 14:43:25 +00:00			`}`

[SPOOLSS] Rewrite RevertToPrinterSelf and ImpersonatePrinterClient. In contrast to what I first thought, they shall also work when the thread has no impersonation token. This occurs for example when spooler functions are called from a thread that doesn't originate from a RPC request. The rewritten functions also provide proper error codes. The native behaviour of these functions was verified through API Monitoring under Windows. svn path=/branches/colins-printing-for-freedom/; revision=68472 2015-07-20 16:15:52 +00:00			`Cleanup:`
			`if (hToken)`
			`CloseHandle(hToken);`

			`SetLastError(dwErrorCode);`
			`return (dwErrorCode == ERROR_SUCCESS);`
- Add a dummy winspool.drv SpoolerInit doing an RPC call to a dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll SpoolerInit. This serves as an example to show how I expect most spooler functions to work. - Implement the publicly exported and fundamental RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix WINSPOOL_HANDLE_bind. - Fix build with GCC. svn path=/branches/colins-printing-for-freedom/; revision=67693 2015-05-12 14:43:25 +00:00			`}`

			`/**`
			`* RevertToPrinterSelf reverts the security context from the current user's context back to the process context.`
			`* As spoolss.dll is used by spoolsv.exe, this is usually the SYSTEM security context.`
			`*`
			`* Unlike the traditional ImpersonateClient and then RevertToSelf approach, we do it the other way round here,`
			`* because spoolss.dll is delay-loaded by spoolsv.exe in the current user's context. Use RevertToPrinterSelf then to`
			`* return to the SYSTEM context for specific tasks.`
			`*/`
			`HANDLE WINAPI`
[INCLUDE/REACTOS][LOCALMON][LOCALSPL][SPOOLSS] Add some missing VOIDs. CORE-11799 (#94) 2017-10-30 21:43:47 +00:00			`RevertToPrinterSelf(VOID)`
- Add a dummy winspool.drv SpoolerInit doing an RPC call to a dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll SpoolerInit. This serves as an example to show how I expect most spooler functions to work. - Implement the publicly exported and fundamental RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix WINSPOOL_HANDLE_bind. - Fix build with GCC. svn path=/branches/colins-printing-for-freedom/; revision=67693 2015-05-12 14:43:25 +00:00			`{`
[SPOOLSS] Rewrite RevertToPrinterSelf and ImpersonatePrinterClient. In contrast to what I first thought, they shall also work when the thread has no impersonation token. This occurs for example when spooler functions are called from a thread that doesn't originate from a RPC request. The rewritten functions also provide proper error codes. The native behaviour of these functions was verified through API Monitoring under Windows. svn path=/branches/colins-printing-for-freedom/; revision=68472 2015-07-20 16:15:52 +00:00			`DWORD dwErrorCode;`
			`HANDLE hReturnValue = NULL;`
			`HANDLE hToken = NULL;`
- Add a dummy winspool.drv SpoolerInit doing an RPC call to a dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll SpoolerInit. This serves as an example to show how I expect most spooler functions to work. - Implement the publicly exported and fundamental RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix WINSPOOL_HANDLE_bind. - Fix build with GCC. svn path=/branches/colins-printing-for-freedom/; revision=67693 2015-05-12 14:43:25 +00:00
[SPOOLSS] Rewrite RevertToPrinterSelf and ImpersonatePrinterClient. In contrast to what I first thought, they shall also work when the thread has no impersonation token. This occurs for example when spooler functions are called from a thread that doesn't originate from a RPC request. The rewritten functions also provide proper error codes. The native behaviour of these functions was verified through API Monitoring under Windows. svn path=/branches/colins-printing-for-freedom/; revision=68472 2015-07-20 16:15:52 +00:00			`// All spoolss code is usually called after impersonating the client. In this case, we can retrieve our current thread impersonation token using OpenThreadToken.`
			`// But in rare occasions, spoolss code is also called from a higher-privileged thread that doesn't impersonate the client. Then we don't get an impersonation token.`
			`// Anyway, we can't just return nothing in this case, because this is being treated as failure by the caller. So we return the token of the current process.`
			`// This behaviour is verified with Windows!`
			`if (OpenThreadToken(GetCurrentThread(), TOKEN_IMPERSONATE, TRUE, &hToken))`
- Add a dummy winspool.drv SpoolerInit doing an RPC call to a dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll SpoolerInit. This serves as an example to show how I expect most spooler functions to work. - Implement the publicly exported and fundamental RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix WINSPOOL_HANDLE_bind. - Fix build with GCC. svn path=/branches/colins-printing-for-freedom/; revision=67693 2015-05-12 14:43:25 +00:00			`{`
[SPOOLSS] Rewrite RevertToPrinterSelf and ImpersonatePrinterClient. In contrast to what I first thought, they shall also work when the thread has no impersonation token. This occurs for example when spooler functions are called from a thread that doesn't originate from a RPC request. The rewritten functions also provide proper error codes. The native behaviour of these functions was verified through API Monitoring under Windows. svn path=/branches/colins-printing-for-freedom/; revision=68472 2015-07-20 16:15:52 +00:00			`// Tell the thread to stop impersonating.`
			`if (!SetThreadToken(NULL, NULL))`
			`{`
			`dwErrorCode = GetLastError();`
			`ERR("SetThreadToken failed with error %lu!\n", dwErrorCode);`
			`goto Cleanup;`
			`}`
- Add a dummy winspool.drv SpoolerInit doing an RPC call to a dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll SpoolerInit. This serves as an example to show how I expect most spooler functions to work. - Implement the publicly exported and fundamental RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix WINSPOOL_HANDLE_bind. - Fix build with GCC. svn path=/branches/colins-printing-for-freedom/; revision=67693 2015-05-12 14:43:25 +00:00			`}`
[SPOOLSS] Rewrite RevertToPrinterSelf and ImpersonatePrinterClient. In contrast to what I first thought, they shall also work when the thread has no impersonation token. This occurs for example when spooler functions are called from a thread that doesn't originate from a RPC request. The rewritten functions also provide proper error codes. The native behaviour of these functions was verified through API Monitoring under Windows. svn path=/branches/colins-printing-for-freedom/; revision=68472 2015-07-20 16:15:52 +00:00			`else if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))`
- Add a dummy winspool.drv SpoolerInit doing an RPC call to a dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll SpoolerInit. This serves as an example to show how I expect most spooler functions to work. - Implement the publicly exported and fundamental RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix WINSPOOL_HANDLE_bind. - Fix build with GCC. svn path=/branches/colins-printing-for-freedom/; revision=67693 2015-05-12 14:43:25 +00:00			`{`
[SPOOLSS] Rewrite RevertToPrinterSelf and ImpersonatePrinterClient. In contrast to what I first thought, they shall also work when the thread has no impersonation token. This occurs for example when spooler functions are called from a thread that doesn't originate from a RPC request. The rewritten functions also provide proper error codes. The native behaviour of these functions was verified through API Monitoring under Windows. svn path=/branches/colins-printing-for-freedom/; revision=68472 2015-07-20 16:15:52 +00:00			`dwErrorCode = GetLastError();`
			`ERR("OpenProcessToken failed with error %lu!\n", dwErrorCode);`
			`goto Cleanup;`
- Add a dummy winspool.drv SpoolerInit doing an RPC call to a dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll SpoolerInit. This serves as an example to show how I expect most spooler functions to work. - Implement the publicly exported and fundamental RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix WINSPOOL_HANDLE_bind. - Fix build with GCC. svn path=/branches/colins-printing-for-freedom/; revision=67693 2015-05-12 14:43:25 +00:00			`}`

[SPOOLSS] Rewrite RevertToPrinterSelf and ImpersonatePrinterClient. In contrast to what I first thought, they shall also work when the thread has no impersonation token. This occurs for example when spooler functions are called from a thread that doesn't originate from a RPC request. The rewritten functions also provide proper error codes. The native behaviour of these functions was verified through API Monitoring under Windows. svn path=/branches/colins-printing-for-freedom/; revision=68472 2015-07-20 16:15:52 +00:00			`// We were successful, return a token!`
			`dwErrorCode = ERROR_SUCCESS;`
			`hReturnValue = hToken;`

			`// Don't let the cleanup routine close this.`
			`hToken = NULL;`

			`Cleanup:`
			`if (hToken)`
			`CloseHandle(hToken);`

			`SetLastError(dwErrorCode);`
			`return hReturnValue;`
- Add a dummy winspool.drv SpoolerInit doing an RPC call to a dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll SpoolerInit. This serves as an example to show how I expect most spooler functions to work. - Implement the publicly exported and fundamental RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix WINSPOOL_HANDLE_bind. - Fix build with GCC. svn path=/branches/colins-printing-for-freedom/; revision=67693 2015-05-12 14:43:25 +00:00			`}`