As discussed at the beginning of this chapter, to access secured objects, servers typically impersonate a client. During the impersonation process, the server's impersonation token assumes the security characteristics of the client. This simplifies the security model because Windows 2000 simply uses the thread's impersonation token to perform access checks.
To begin impersonation, the server calls one of the following impersonation functions:
ImpersonateNamedPipeClient . Used when the client and server are connected via a named pipe
ImpersonateLoggedOnUser . Used when the client is the currently logged on user
After a server has finished accessing resources on behalf of the client, it stops impersonating the client by calling the RevertToSelf function.
Public Declare Function ImpersonateNamedPipeClient Lib "advapi32.dll" ( _ ByVal hNamedPipe As Long) As Long Public Declare Function ImpersonateLoggedOnUser Lib "advapi32.dll" ( _ ByVal hToken As Long) As Long Public Declare Function RevertToSelf Lib "advapi32.dll" () As Long
As an example of how a server process uses impersonation to use the client's security context, the example in the next chapter takes you through the process of logging a user on and then impersonating that user. It uses the TestFileForAccess function in Listing 10.12. In the TestFileForAccess function, the server impersonates the logged-on user and attempts to open a filename passed as a parameter.
In Listing 10.12, the TestFileForAccess function begins by impersonating the client that is logged in. Next, the function attempts to open the file using the filename passed as a parameter. The file is accessed using the client's access token rather than the server's. Before returning, the function calls RevertToSelf to start using the server's access token rather than the impersonation token.