openthreadtoken fails on Windows Vista but not on Windows XP

I have a printer port monitor that runs fine on Windows XP. In order to avoid "session 0 isolation" on Vista, dialogs are opened from a rpcserver process running in session 1 which is instructed by the printer port monitor through a pipe, running in session 0. When the port monitor is run on Vista it fails to create the rpcserver process because openthreadtoken fails (invoked by the print spooler service) with error 1008 (ERROR_NO_TOKEN). The complete function for creating the process is attached. Why is this working on Windows XP and not Windows Vista

Olav

void CreateServer()

RPC_STATUS status;

unsigned short *szStringBinding = NULL;

TCHAR pszProtocolSequence[] = _T("ncacn_np");

TCHAR pszEndpoint[] = _T(\\pipe\\rpcserver);

status = RpcStringBindingCompose(

NULL,

reinterpret_cast<unsigned short*>(pszProtocolSequence),

NULL,

reinterpret_cast<unsigned short*>(pszEndpoint),

NULL,

&szStringBinding); // String binding output.

if (status)

{

::MessageBox(NULL,_T("rpcstringbindingcompose feilet"),_T("debug"),MB_OK);

}

status = RpcBindingFromStringBinding(

szStringBinding, // The string binding to validate.

&hRpc1Binding); // Put the result in the implicit binding handle defined in the IDL file.

if (status)

{

::MessageBox(NULL,_T("rpcbindingfromstringbinding feilet"),_T("debug"),MB_OK);

}

HANDLE hToken = NULL;

HANDLE hTokenDup = NULL;

LPVOID pEnvironment = NULL;

STARTUPINFO si;

PROCESS_INFORMATION pi;

memset(&si, 0, sizeof(STARTUPINFO));

memset(&pi, 0, sizeof(PROCESS_INFORMATION));

si.cb = sizeof(STARTUPINFO);

si.lpDesktop = _T("Winsta0\\Default");

// This function fails with error 1008 on Windows Vista, but succeeds on Windows XP

if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE, TRUE, &hToken))

{

DWORD error = GetLastError();

TCHAR tmp[500];

wsprintf(tmp,_T("openthreadtoken failed %d"), error);

::MessageBox(NULL,tmp,_T("debug"),MB_OK);

}

if (!DuplicateTokenEx(hToken,

TOKEN_IMPERSONATE|TOKEN_READ|TOKEN_ASSIGN_PRIMARY|TOKEN_DUPLICATE,

NULL, SecurityImpersonation, TokenPrimary, &hTokenDup))

{

::MessageBox(NULL,_T("duplicatetokenex failed"),_T("debug"),MB_OK);

}

CloseHandle(hToken);

if (!CreateEnvironmentBlock(&pEnvironment, hTokenDup, FALSE))

{

::MessageBox(NULL,_T("createenvironment failed"),_T("debug"),MB_OK);

}

if (!CreateProcessAsUser(hTokenDup,

settings->GetRpcServer(),

NULL,

NULL,

NULL,

FALSE,

CREATE_NO_WINDOW,

pEnvironment,

NULL,

&si,

&pi))

{

::MessageBox(NULL,_T("createprocessasuser feilet"),_T("debug"),MB_OK);

}

DestroyEnvironmentBlock(pEnvironment);

CloseHandle(hTokenDup);

}

OpenThreadToken will fail if you are not impersonating. If you never call any impersonation APIs, then the process will have a token but individual threads will not. Access checks typically verify access against the current thread token, or the process token if there is no thread token. You should do the same: if OpenThreadToken fails with ERROR_NO_TOKEN, you should call OpenProcessToken(GetCurrentProcess(), ...) instead and use that token.

HTH

Why are you calling CreateProcessAsUser instead of just CreateProcess And why aren't you just passing NULL for the environment parameter

The service (print spooler) is running in session 0 on Vista. If I call CreateProcess() I thought the new process would run in the same session as the parent. Since the session is 0, the new process will not be able to display my dialogs. Hence, I need to create the process with access to the desktop of the current user.

You are correct -- with CreateProcess the child runs with a token (and session) inherited from the parent. I think the disconnect for me is that your code doesn't show any impersonation happening. So this code is being executed by the service, in order to run a program on the interactive user's desktop You need to impersonate the client before getting the thread token -- perhaps that's what was missing.