remoting: Pass a real handle to SHGetFolderPath.

Previously, we were passing the pseudo handle returned by GetCurrentThreadToken(). While this worked fine on Windows 10, but failed on Windows 7. This commit instead uses OpenThreadToken, which returns a real handle to the user token. Bug: 967928 Change-Id: Ic1f58aa03d07fb68748aff2b5c08a3aaf7b1005b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1632601Reviewed-by: Joe Downing <joedow@chromium.org> Commit-Queue: Joe Downing <joedow@chromium.org> Cr-Commit-Position: refs/heads/master@{#664118}

remoting: Pass a real handle to SHGetFolderPath.
Previously, we were passing the pseudo handle returned by GetCurrentThreadToken(). While this worked fine on Windows 10, but failed on Windows 7. This commit instead uses OpenThreadToken, which returns a real handle to the user token. Bug: 967928 Change-Id: Ic1f58aa03d07fb68748aff2b5c08a3aaf7b1005b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1632601Reviewed-by: Joe Downing <joedow@chromium.org> Commit-Queue: Joe Downing <joedow@chromium.org> Cr-Commit-Position: refs/heads/master@{#664118}
d7b6d532 · Erik Jensen · Commit Bot · 2ded5acf · d7b6d532
Commit d7b6d532 authored May 29, 2019 by Erik Jensen Committed by Commit Bot May 29, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 2 deletions

remoting/host/file_transfer/get_desktop_directory_win.cc remoting/host/file_transfer/get_desktop_directory_win.cc +20 -2

No files found.
--- a/remoting/host/file_transfer/get_desktop_directory_win.cc
+++ b/remoting/host/file_transfer/get_desktop_directory_win.cc
@@ -4,9 +4,12 @@
 #include "remoting/host/file_transfer/get_desktop_directory.h"
-#include <Windows.h>
+#include <windows.h>
 #include <shlobj.h>
+#include "base/logging.h"
+#include "base/win/scoped_handle.h"
 namespace remoting {
 // We can't use PathService on Windows because it doesn't play nicely with
@@ -15,13 +18,28 @@ namespace remoting {
 // thread. As such, we have to call the relevant API directly and be explicit
 // about wanting impersonation handling.
 protocol::FileTransferResult<base::FilePath> GetDesktopDirectory() {
+  // SHGetFolderPath on Windows 7 doesn't seem to like the pseudo handle
+  // returned by GetCurrentThreadToken(), so call OpenThreadToken to get a real
+  // handle.
+  HANDLE user_token = nullptr;
+  if (!OpenThreadToken(GetCurrentThread(),
+                       TOKEN_QUERY | TOKEN_IMPERSONATE | TOKEN_DUPLICATE, TRUE,
+                       &user_token)) {
+    PLOG(ERROR) << "Failed to open thread token";
+    return protocol::MakeFileTransferError(
+        FROM_HERE, protocol::FileTransfer_Error_Type_UNEXPECTED_ERROR,
+        GetLastError());
+  }
+  base::win::ScopedHandle scoped_user_token(user_token);
  wchar_t buffer[MAX_PATH];
  buffer[0] = 0;
  // While passing NULL for the third parameter would normally get the directory
  // for the current user, there are process-wide caches that can cause trouble
  // when impersonation is in play, so specify the token explicitly.
  HRESULT hr =
-      SHGetFolderPath(NULL, CSIDL_DESKTOPDIRECTORY, GetCurrentThreadToken(),
+      SHGetFolderPath(NULL, CSIDL_DESKTOPDIRECTORY, scoped_user_token.Get(),
                      SHGFP_TYPE_CURRENT, buffer);
  if (FAILED(hr)) {
    LOG(ERROR) << "Failed to get desktop directory: " << hr;