server: Use attributes instead of inherit flag in token requests.

Also use the specified access rights in the open_token request.

dlls/ntdll/nt.c

@@ -63,10 +63,10 @@ NTSTATUS WINAPI NtDuplicateToken(
 
     SERVER_START_REQ( duplicate_token )
     {
-        req->handle = ExistingToken;
-        req->access = DesiredAccess;
-        req->inherit = ObjectAttributes && (ObjectAttributes->Attributes & OBJ_INHERIT);
-        req->primary = (TokenType == TokenPrimary);
+        req->handle              = ExistingToken;
+        req->access              = DesiredAccess;
+        req->attributes          = ObjectAttributes ? ObjectAttributes->Attributes : 0;
+        req->primary             = (TokenType == TokenPrimary);
         req->impersonation_level = ImpersonationLevel;
         status = wine_server_call( req );
         if (!status) *NewToken = reply->new_handle;
@@ -91,8 +91,10 @@ NTSTATUS WINAPI NtOpenProcessToken(
 
     SERVER_START_REQ( open_token )
     {
-        req->handle = ProcessHandle;
-        req->flags  = 0;
+        req->handle     = ProcessHandle;
+        req->access     = DesiredAccess;
+        req->attributes = 0;
+        req->flags      = 0;
         ret = wine_server_call( req );
         if (!ret) *TokenHandle = reply->token;
     }
@@ -118,8 +120,10 @@ NTSTATUS WINAPI NtOpenThreadToken(
 
     SERVER_START_REQ( open_token )
     {
-        req->handle = ThreadHandle;
-        req->flags  = OPEN_TOKEN_THREAD;
+        req->handle     = ThreadHandle;
+        req->access     = DesiredAccess;
+        req->attributes = 0;
+        req->flags      = OPEN_TOKEN_THREAD;
         if (OpenAsSelf) req->flags |= OPEN_TOKEN_AS_SELF;
         ret = wine_server_call( req );
         if (!ret) *TokenHandle = reply->token;

include/wine/server_protocol.h

@@ -3416,6 +3416,8 @@ struct open_token_request
 {
     struct request_header __header;
     obj_handle_t   handle;
+    unsigned int   access;
+    unsigned int   attributes;
     unsigned int   flags;
 };
 struct open_token_reply
@@ -3498,7 +3500,7 @@ struct duplicate_token_request
     struct request_header __header;
     obj_handle_t  handle;
     unsigned int  access;
-    int           inherit;
+    unsigned int  attributes;
     int           primary;
     int           impersonation_level;
 };
@@ -4319,6 +4321,6 @@ union generic_reply
     struct query_symlink_reply query_symlink_reply;
 };
 
-#define SERVER_PROTOCOL_VERSION 212
+#define SERVER_PROTOCOL_VERSION 213
 
 #endif /* __WINE_WINE_SERVER_PROTOCOL_H */

server/protocol.def

@@ -2399,6 +2399,8 @@ enum message_type
 /* Open a security token */
 @REQ(open_token)
     obj_handle_t   handle;    /* handle to the thread or process */
+    unsigned int   access;    /* access rights to the new token */
+    unsigned int   attributes;/* object attributes */
     unsigned int   flags;     /* flags (see below) */
 @REPLY
     obj_handle_t   token;    /* handle to the token */
@@ -2454,10 +2456,10 @@ enum message_type
 @END
 
 @REQ(duplicate_token)
-    obj_handle_t  handle; /* handle to the token to duplicate */
-    unsigned int  access; /* access rights to the new token */
-    int           inherit; /* inherit flag */
-    int           primary; /* is the new token to be a primary one? */
+    obj_handle_t  handle;        /* handle to the token to duplicate */
+    unsigned int  access;        /* access rights to the new token */
+    unsigned int  attributes;    /* object attributes */
+    int           primary;       /* is the new token to be a primary one? */
     int           impersonation_level; /* impersonation level of the new token */
 @REPLY
     obj_handle_t  new_handle; /* duplicated handle */

server/token.c

@@ -883,7 +883,8 @@ DECL_HANDLER(open_token)
         if (thread)
         {
             if (thread->token)
-                reply->token = alloc_handle( current->process, thread->token, TOKEN_ALL_ACCESS, 0);
+                reply->token = alloc_handle( current->process, thread->token, req->access,
+                                             req->attributes & OBJ_INHERIT );
             else
                 set_error(STATUS_NO_TOKEN);
             release_object( thread );
@@ -895,7 +896,8 @@ DECL_HANDLER(open_token)
         if (process)
         {
             if (process->token)
-                reply->token = alloc_handle( current->process, process->token, TOKEN_ALL_ACCESS, 0);
+                reply->token = alloc_handle( current->process, process->token, req->access,
+                                             req->attributes & OBJ_INHERIT );
             else
                 set_error(STATUS_NO_TOKEN);
             release_object( process );
@@ -1015,7 +1017,8 @@ DECL_HANDLER(duplicate_token)
 
             access = req->access;
             if (access & MAXIMUM_ALLOWED) access = TOKEN_ALL_ACCESS; /* FIXME: needs general solution */
-            reply->new_handle = alloc_handle( current->process, token, access, req->inherit);
+            reply->new_handle = alloc_handle( current->process, token, access,
+                                              req->attributes & OBJ_INHERIT);
             release_object( token );
         }
         release_object( src_token );

server/trace.c

@@ -2949,6 +2949,8 @@ static void dump_set_clipboard_info_reply( const struct set_clipboard_info_reply
 static void dump_open_token_request( const struct open_token_request *req )
 {
     fprintf( stderr, " handle=%p,", req->handle );
+    fprintf( stderr, " access=%08x,", req->access );
+    fprintf( stderr, " attributes=%08x,", req->attributes );
     fprintf( stderr, " flags=%08x", req->flags );
 }
 
@@ -3021,7 +3023,7 @@ static void dump_duplicate_token_request( const struct duplicate_token_request *
 {
     fprintf( stderr, " handle=%p,", req->handle );
     fprintf( stderr, " access=%08x,", req->access );
-    fprintf( stderr, " inherit=%d,", req->inherit );
+    fprintf( stderr, " attributes=%08x,", req->attributes );
     fprintf( stderr, " primary=%d,", req->primary );
     fprintf( stderr, " impersonation_level=%d", req->impersonation_level );
 }