From 2ffd28325aa7c70b60bf1ee915df9c8ec40c3960 Mon Sep 17 00:00:00 2001
From: Colin Finck <colin@reactos.org>
Date: Tue, 12 May 2015 14:43:25 +0000
Subject: [PATCH] - Add a dummy winspool.drv SpoolerInit doing an RPC call to a
 dummy RpcSpoolerInit, which itself passes the call to a dummy spoolss.dll
 SpoolerInit.   This serves as an example to show how I expect most spooler
 functions to work. - Implement the publicly exported and fundamental
 RevertToPrinterSelf and ImpersonatePrinterClient spoolss.dll functions. - Fix
 WINSPOOL_HANDLE_bind. - Fix build with GCC.

svn path=/branches/colins-printing-for-freedom/; revision=67693
---
 .../printing/base/spoolss/CMakeLists.txt      |  3 +-
 .../win32ss/printing/base/spoolss/context.c   | 62 +++++++++++++++++++
 reactos/win32ss/printing/base/spoolss/main.c  |  7 +++
 .../printing/base/spoolss/spoolss.spec        |  6 +-
 .../printing/base/spoolsv/CMakeLists.txt      |  3 +-
 reactos/win32ss/printing/base/spoolsv/init.c  | 33 ++++++++++
 .../win32ss/printing/base/spoolsv/precomp.h   |  3 +
 .../win32ss/printing/base/spoolsv/rpcstubs.c  |  7 ---
 reactos/win32ss/printing/base/winspool/main.c | 32 +++++++++-
 .../printing/base/winspool/winspool.spec      |  2 +-
 10 files changed, 142 insertions(+), 16 deletions(-)
 create mode 100644 reactos/win32ss/printing/base/spoolss/context.c
 create mode 100644 reactos/win32ss/printing/base/spoolsv/init.c

diff --git a/reactos/win32ss/printing/base/spoolss/CMakeLists.txt b/reactos/win32ss/printing/base/spoolss/CMakeLists.txt
index e0f50d93ad8..98d0ae9e24e 100644
--- a/reactos/win32ss/printing/base/spoolss/CMakeLists.txt
+++ b/reactos/win32ss/printing/base/spoolss/CMakeLists.txt
@@ -2,6 +2,7 @@
 spec2def(spoolss spoolss.spec ADD_IMPORTLIB)
 
 list(APPEND SOURCE
+    context.c
     main.c
     precomp.h)
 
@@ -13,6 +14,6 @@ add_library(spoolss SHARED
 
 set_module_type(spoolss win32dll UNICODE)
 target_link_libraries(spoolss wine)
-add_importlibs(spoolss kernel32 msvcrt ntdll)
+add_importlibs(spoolss msvcrt kernel32 advapi32 ntdll)
 add_pch(spoolss precomp.h SOURCE)
 add_cd_file(TARGET spoolss DESTINATION reactos/system32 FOR all)
diff --git a/reactos/win32ss/printing/base/spoolss/context.c b/reactos/win32ss/printing/base/spoolss/context.c
new file mode 100644
index 00000000000..5fce2bc0dd9
--- /dev/null
+++ b/reactos/win32ss/printing/base/spoolss/context.c
@@ -0,0 +1,62 @@
+/*
+ * PROJECT:     ReactOS Spooler Router
+ * LICENSE:     GNU LGPL v2.1 or any later version as published by the Free Software Foundation
+ * PURPOSE:     Functions related to switching between security contexts
+ * COPYRIGHT:   Copyright 2015 Colin Finck <colin@reactos.org>
+ */
+
+#include "precomp.h"
+
+/**
+ * @see RevertToPrinterSelf
+ */
+BOOL WINAPI
+ImpersonatePrinterClient(HANDLE hToken)
+{
+    if (!hToken)
+    {
+        SetLastError(ERROR_INVALID_HANDLE);
+        return FALSE;
+    }
+
+    if (!SetThreadToken(NULL, hToken))
+    {
+        ERR("SetThreadToken failed with error %u!\n", GetLastError());
+        CloseHandle(hToken);
+        return FALSE;
+    }
+
+    CloseHandle(hToken);
+    return TRUE;
+}
+
+/**
+ * RevertToPrinterSelf reverts the security context from the current user's context back to the process context.
+ * As spoolss.dll is used by spoolsv.exe, this is usually the SYSTEM security context.
+ *
+ * Unlike the traditional ImpersonateClient and then RevertToSelf approach, we do it the other way round here,
+ * because spoolss.dll is delay-loaded by spoolsv.exe in the current user's context. Use RevertToPrinterSelf then to
+ * return to the SYSTEM context for specific tasks.
+ */
+HANDLE WINAPI
+RevertToPrinterSelf()
+{
+    HANDLE hToken;
+
+    // Retrieve our current impersonation token
+    if (!OpenThreadToken(GetCurrentThread(), TOKEN_IMPERSONATE, TRUE, &hToken))
+    {
+        ERR("OpenThreadToken failed with error %u!\n", GetLastError());
+        return NULL;
+    }
+
+    // Tell the thread to stop impersonating
+    if (!SetThreadToken(NULL, NULL))
+    {
+        ERR("SetThreadToken failed with error %u!\n", GetLastError());
+        return NULL;
+    }
+
+    // Return the token required for reverting back to impersonation in ImpersonatePrinterClient
+    return hToken;
+}
diff --git a/reactos/win32ss/printing/base/spoolss/main.c b/reactos/win32ss/printing/base/spoolss/main.c
index 4ed1cf4efb1..b37bd30756c 100644
--- a/reactos/win32ss/printing/base/spoolss/main.c
+++ b/reactos/win32ss/printing/base/spoolss/main.c
@@ -67,6 +67,13 @@ StartDocPrinterW(HANDLE hPrinter, DWORD Level, LPBYTE pDocInfo)
     return 0;
 }
 
+DWORD WINAPI
+SpoolerInit()
+{
+    // Nothing to do here yet
+    return ERROR_SUCCESS;
+}
+
 BOOL WINAPI
 StartPagePrinter(HANDLE hPrinter)
 {
diff --git a/reactos/win32ss/printing/base/spoolss/spoolss.spec b/reactos/win32ss/printing/base/spoolss/spoolss.spec
index 7e10f883e34..e2685d9920f 100644
--- a/reactos/win32ss/printing/base/spoolss/spoolss.spec
+++ b/reactos/win32ss/printing/base/spoolss/spoolss.spec
@@ -89,7 +89,7 @@
 @ stdcall GetPrintProcessorDirectoryW(wstr wstr long ptr long ptr)
 @ stub GetServerPolicy
 @ stub GetShrinkedSize
-@ stub ImpersonatePrinterClient
+@ stdcall ImpersonatePrinterClient(long)
 @ stdcall InitializeRouter(long)
 @ stub IsNamedPipeRpcCall
 @ stub LoadDriver
@@ -122,7 +122,7 @@
 @ stub ReplyOpenPrinter
 @ stub ReplyPrinterChangeNotification
 @ stub ResetPrinterW
-@ stub RevertToPrinterSelf
+@ stdcall RevertToPrinterSelf()
 @ stub RouterAllocBidiMem
 @ stub RouterAllocBidiResponseContainer
 @ stub RouterAllocPrinterNotifyInfo
@@ -161,7 +161,7 @@
 @ stub SpoolerFindNextPrinterChangeNotification
 @ stub SpoolerFreePrinterNotifyInfo
 @ stub SpoolerHasInitialized
-@ stub SpoolerInit
+@ stdcall SpoolerInit()
 @ stdcall StartDocPrinterW(long long ptr)
 @ stdcall StartPagePrinter(long)
 @ stub UndoAlignKMPtr
diff --git a/reactos/win32ss/printing/base/spoolsv/CMakeLists.txt b/reactos/win32ss/printing/base/spoolsv/CMakeLists.txt
index ffe56079093..a8c55a4045a 100644
--- a/reactos/win32ss/printing/base/spoolsv/CMakeLists.txt
+++ b/reactos/win32ss/printing/base/spoolsv/CMakeLists.txt
@@ -3,6 +3,7 @@ include_directories(${REACTOS_SOURCE_DIR}/include/reactos/idl)
 add_rpc_files(server ${REACTOS_SOURCE_DIR}/include/reactos/idl/winspool.idl)
 
 list(APPEND SOURCE
+    init.c
     main.c
     rpcserver.c
     rpcstubs.c
@@ -12,7 +13,7 @@ list(APPEND SOURCE
 add_executable(spoolsv ${SOURCE} spoolsv.rc)
 set_module_type(spoolsv win32cui UNICODE)
 target_link_libraries(spoolsv wine)
-add_importlibs(spoolsv advapi32 kernel32 msvcrt ntdll rpcrt4)
 add_delay_importlibs(spoolsv spoolss)
+add_importlibs(spoolsv msvcrt kernel32 advapi32 ntdll rpcrt4)
 add_pch(spoolsv precomp.h SOURCE)
 add_cd_file(TARGET spoolsv DESTINATION reactos/system32 FOR all)
diff --git a/reactos/win32ss/printing/base/spoolsv/init.c b/reactos/win32ss/printing/base/spoolsv/init.c
new file mode 100644
index 00000000000..699505fdb84
--- /dev/null
+++ b/reactos/win32ss/printing/base/spoolsv/init.c
@@ -0,0 +1,33 @@
+/*
+ * PROJECT:     ReactOS Print Spooler Service
+ * LICENSE:     GNU GPLv2 or any later version as published by the Free Software Foundation
+ * PURPOSE:     Various initialization functions
+ * COPYRIGHT:   Copyright 2015 Colin Finck <colin@reactos.org>
+ */
+
+#include "precomp.h"
+
+DWORD
+_RpcSpoolerInit()
+{
+    DWORD ErrorCode;
+
+    // Call SpoolerInit in the security context of the client.
+    // This delay-loads spoolss.dll in the user context and all further calls to functions in spoolss.dll will be done in the user context as well.
+    ErrorCode = RpcImpersonateClient(NULL);
+    if (ErrorCode != ERROR_SUCCESS)
+    {
+        ERR("RpcImpersonateClient failed with status %u!\n", ErrorCode);
+        return ErrorCode;
+    }
+
+    ErrorCode = SpoolerInit();
+    if (ErrorCode != ERROR_SUCCESS)
+    {
+        ERR("SpoolerInit failed with status %u!\n", ErrorCode);
+        RpcRevertToSelf();
+        return ErrorCode;
+    }
+
+    return RpcRevertToSelf();
+}
diff --git a/reactos/win32ss/printing/base/spoolsv/precomp.h b/reactos/win32ss/printing/base/spoolsv/precomp.h
index f7b5b64a104..a15b0d98bff 100644
--- a/reactos/win32ss/printing/base/spoolsv/precomp.h
+++ b/reactos/win32ss/printing/base/spoolsv/precomp.h
@@ -19,4 +19,7 @@ WINE_DEFAULT_DEBUG_CHANNEL(spoolsv);
 // rpcserver.c
 extern DWORD WINAPI RpcThreadProc(LPVOID lpParameter);
 
+// Undocumented spoolss
+DWORD WINAPI SpoolerInit();
+
 #endif
diff --git a/reactos/win32ss/printing/base/spoolsv/rpcstubs.c b/reactos/win32ss/printing/base/spoolsv/rpcstubs.c
index cfcb6adb60d..e0379f3b2bc 100644
--- a/reactos/win32ss/printing/base/spoolsv/rpcstubs.c
+++ b/reactos/win32ss/printing/base/spoolsv/rpcstubs.c
@@ -448,13 +448,6 @@ _RpcRemoteFindFirstPrinterChangeNotification(WINSPOOL_PRINTER_HANDLE hPrinter, D
     return ERROR_INVALID_FUNCTION;
 }
 
-DWORD
-_RpcSpoolerInit()
-{
-    UNIMPLEMENTED;
-    return ERROR_INVALID_FUNCTION;
-}
-
 DWORD
 _RpcResetPrinterEx()
 {
diff --git a/reactos/win32ss/printing/base/winspool/main.c b/reactos/win32ss/printing/base/winspool/main.c
index a83204cefbf..32c9fa2bfe0 100644
--- a/reactos/win32ss/printing/base/winspool/main.c
+++ b/reactos/win32ss/printing/base/winspool/main.c
@@ -15,7 +15,7 @@ WINSPOOL_HANDLE_bind(WINSPOOL_HANDLE wszName)
     RPC_STATUS Status;
 
     // Get us a string binding handle from the supplied connection information
-    Status = RpcStringBindingComposeW(NULL, L"ncacn_np", wszStringBinding, L"\\pipe\\spoolss", NULL, &wszStringBinding);
+    Status = RpcStringBindingComposeW(NULL, L"ncacn_np", wszName, L"\\pipe\\spoolss", NULL, &wszStringBinding);
     if (Status != RPC_S_OK)
     {
         ERR("RpcStringBindingComposeW failed with status %u!\n", Status);
@@ -209,8 +209,8 @@ OpenPrinterA(LPSTR pPrinterName, LPHANDLE phPrinter, LPPRINTER_DEFAULTSA pDefaul
         if (pDefault->pDevMode)
         {
             // Fixed size strings, so no additional memory needs to be allocated
-            MultiByteToWideChar(CP_ACP, 0, pDefault->pDevMode->dmDeviceName, -1, wDevMode.dmDeviceName, sizeof(wDevMode.dmDeviceName) / sizeof(WCHAR));
-            MultiByteToWideChar(CP_ACP, 0, pDefault->pDevMode->dmFormName, -1, wDevMode.dmFormName, sizeof(wDevMode.dmFormName) / sizeof(WCHAR));
+            MultiByteToWideChar(CP_ACP, 0, (LPCSTR)pDefault->pDevMode->dmDeviceName, -1, wDevMode.dmDeviceName, sizeof(wDevMode.dmDeviceName) / sizeof(WCHAR));
+            MultiByteToWideChar(CP_ACP, 0, (LPCSTR)pDefault->pDevMode->dmFormName, -1, wDevMode.dmFormName, sizeof(wDevMode.dmFormName) / sizeof(WCHAR));
 
             // Use CopyMemory to copy over several structure values in one step
             CopyMemory(&wDevMode.dmSpecVersion, &pDefault->pDevMode->dmSpecVersion, (ULONG_PTR)&wDevMode.dmCollate - (ULONG_PTR)&wDevMode.dmSpecVersion + sizeof(wDevMode.dmCollate));
@@ -272,6 +272,32 @@ OpenPrinterW(LPWSTR pPrinterName, LPHANDLE phPrinter, LPPRINTER_DEFAULTSW pDefau
     return ReturnValue;
 }
 
+BOOL WINAPI
+SpoolerInit()
+{
+    BOOL ReturnValue = FALSE;
+    DWORD ErrorCode;
+
+    // Nothing to initialize here yet, but pass this call to the Spool Service as well.
+    RpcTryExcept
+    {
+        ErrorCode = _RpcSpoolerInit();
+        if (ErrorCode)
+        {
+            ERR("_RpcSpoolerInit failed with error %u!\n", ErrorCode);
+        }
+
+        ReturnValue = (ErrorCode == ERROR_SUCCESS);
+    }
+    RpcExcept(EXCEPTION_EXECUTE_HANDLER)
+    {
+        ERR("_RpcSpoolerInit failed with exception code %u!\n", RpcExceptionCode());
+    }
+    RpcEndExcept;
+
+    return ReturnValue;
+}
+
 DWORD WINAPI
 StartDocPrinterW(HANDLE hPrinter, DWORD Level, LPBYTE pDocInfo)
 {
diff --git a/reactos/win32ss/printing/base/winspool/winspool.spec b/reactos/win32ss/printing/base/winspool/winspool.spec
index d8562698b9e..665d7856a0b 100644
--- a/reactos/win32ss/printing/base/winspool/winspool.spec
+++ b/reactos/win32ss/printing/base/winspool/winspool.spec
@@ -157,7 +157,7 @@
 @ stub SetPrinterW
 @ stub SplDriverUnloadComplete
 @ stub SpoolerDevQueryPrintW
-@ stub SpoolerInit
+@ stdcall SpoolerInit()
 @ stub SpoolerPrinterEvent
 @ stub StartDocDlgA
 @ stub StartDocDlgW