Prevent Chrome from getting launched in the wrong context.

Validate that we're in an impersonation context and not in session 0 before attempting to launch any UI.

BUG=112010
TEST=


Review URL: http://codereview.chromium.org/9406022

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@122365 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 48 insertions, 11 deletions

diff --git a/cloud_print/virtual_driver/win/port_monitor/port_monitor.cc b/cloud_print/virtual_driver/win/port_monitor/port_monitor.cc
index 9232332..8466a50 100644
--- a/cloud_print/virtual_driver/win/port_monitor/port_monitor.cc
+++ b/cloud_print/virtual_driver/win/port_monitor/port_monitor.cc
@@ -233,6 +233,8 @@ bool LaunchPrintDialog(const string16& xps_path,
 // rather than the generic chrome download page.  See
 // http://code.google.com/p/chromium/issues/detail?id=112019
 void LaunchChromeDownloadPage() {
+// Probably best to NOT launch IE from a unit test.
+#ifndef UNIT_TEST
   HANDLE token = NULL;
   if (!GetUserToken(&token)) {
     LOG(ERROR) << "Unable to get user token.";
@@ -249,17 +251,34 @@ void LaunchChromeDownloadPage() {
   base::LaunchOptions options;
   options.as_user = token_scoped;
   base::LaunchProcess(command_line, options, NULL);
+#endif
 }
 
 // Returns false if the print job is being run in a context
 // that shouldn't be launching Chrome.
 bool ValidateCurrentUser() {
-  wchar_t user_name[UNLEN + 1] = L"";
-  DWORD name_size = sizeof(user_name);
-  GetUserName(user_name, &name_size);
-  LOG(INFO) << "Username is " << user_name << ".";
-  // TODO(abodenha@chromium.org) Return false if running as session 0 or
-  // as local system.
+  HANDLE token = NULL;
+  if (!GetUserToken(&token)) {
+    // If we can't get the token we're probably not impersonating
+    // the user, so validation should fail.
+    return false;
+  }
+  base::win::ScopedHandle token_scoped(token);
+
+  if (base::win::GetVersion() >= base::win::VERSION_VISTA) {
+    DWORD session_id = 0;
+    DWORD dummy;
+    if (!GetTokenInformation(token_scoped,
+                             TokenSessionId,
+                             reinterpret_cast<void *>(&session_id),
+                             sizeof(DWORD),
+                             &dummy)) {
+      return false;
+    }
+    if (session_id == 0) {
+      return false;
+    }
+  }
   return true;
 }
 }  // namespace
diff --git a/cloud_print/virtual_driver/win/port_monitor/port_monitor_unittest.cc b/cloud_print/virtual_driver/win/port_monitor/port_monitor_unittest.cc
index 61f949c9..93de765 100644
--- a/cloud_print/virtual_driver/win/port_monitor/port_monitor_unittest.cc
+++ b/cloud_print/virtual_driver/win/port_monitor/port_monitor_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -8,6 +8,7 @@
 #include "base/path_service.h"
 #include "base/string16.h"
 #include "base/win/registry.h"
+#include "base/win/scoped_handle.h"
 #include "cloud_print/virtual_driver/win/port_monitor/spooler_win.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -194,24 +195,41 @@ TEST_F(PortMonitorTest, FlowTest) {
   EXPECT_TRUE(monitor2->pfnOpenPort(monitor_handle, NULL, &port_handle));
   EXPECT_TRUE(port_handle != NULL);
   EXPECT_TRUE(monitor2->pfnStartDocPort != NULL);
-  EXPECT_TRUE(monitor2->pfnStartDocPort(port_handle, L"", 0, 0, NULL));
   EXPECT_TRUE(monitor2->pfnWritePort != NULL);
+  EXPECT_TRUE(monitor2->pfnReadPort != NULL);
+  EXPECT_TRUE(monitor2->pfnEndDocPort != NULL);
+
+  // These functions should fail if we have not impersonated the user.
+  EXPECT_FALSE(monitor2->pfnStartDocPort(port_handle, L"", 0, 0, NULL));
+  EXPECT_FALSE(monitor2->pfnWritePort(port_handle,
+                                     buffer,
+                                     kBufferSize,
+                                     &bytes_processed));
+  EXPECT_EQ(0, bytes_processed);
+  EXPECT_FALSE(monitor2->pfnReadPort(port_handle,
+                                     buffer,
+                                     sizeof(buffer),
+                                     &bytes_processed));
+  EXPECT_EQ(0u, bytes_processed);
+  EXPECT_FALSE(monitor2->pfnEndDocPort(port_handle));
+
+  // Now impersonate so we can test the success case.
+  ASSERT_TRUE(ImpersonateSelf(SecurityImpersonation));
+  EXPECT_TRUE(monitor2->pfnStartDocPort(port_handle, L"", 0, 0, NULL));
   EXPECT_TRUE(monitor2->pfnWritePort(port_handle,
                                      buffer,
                                      kBufferSize,
                                      &bytes_processed));
   EXPECT_EQ(kBufferSize, bytes_processed);
-  EXPECT_TRUE(monitor2->pfnReadPort != NULL);
   EXPECT_FALSE(monitor2->pfnReadPort(port_handle,
                                      buffer,
                                      sizeof(buffer),
                                      &bytes_processed));
   EXPECT_EQ(0u, bytes_processed);
-  EXPECT_TRUE(monitor2->pfnEndDocPort != NULL);
   EXPECT_TRUE(monitor2->pfnEndDocPort(port_handle));
+  RevertToSelf();
   EXPECT_TRUE(monitor2->pfnClosePort != NULL);
   EXPECT_TRUE(monitor2->pfnClosePort(port_handle));
-
   // Shutdown the port monitor.
   Monitor2Shutdown(monitor_handle);
 }