diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c index a60820d4df2..3fe44cb1eaa 100644 --- a/dlls/ntdll/nt.c +++ b/dlls/ntdll/nt.c @@ -63,10 +63,10 @@ NTSTATUS WINAPI NtDuplicateToken( SERVER_START_REQ( duplicate_token ) { - req->handle = ExistingToken; - req->access = DesiredAccess; - req->inherit = ObjectAttributes && (ObjectAttributes->Attributes & OBJ_INHERIT); - req->primary = (TokenType == TokenPrimary); + req->handle = ExistingToken; + req->access = DesiredAccess; + req->attributes = ObjectAttributes ? ObjectAttributes->Attributes : 0; + req->primary = (TokenType == TokenPrimary); req->impersonation_level = ImpersonationLevel; status = wine_server_call( req ); if (!status) *NewToken = reply->new_handle; @@ -91,8 +91,10 @@ NTSTATUS WINAPI NtOpenProcessToken( SERVER_START_REQ( open_token ) { - req->handle = ProcessHandle; - req->flags = 0; + req->handle = ProcessHandle; + req->access = DesiredAccess; + req->attributes = 0; + req->flags = 0; ret = wine_server_call( req ); if (!ret) *TokenHandle = reply->token; } @@ -118,8 +120,10 @@ NTSTATUS WINAPI NtOpenThreadToken( SERVER_START_REQ( open_token ) { - req->handle = ThreadHandle; - req->flags = OPEN_TOKEN_THREAD; + req->handle = ThreadHandle; + req->access = DesiredAccess; + req->attributes = 0; + req->flags = OPEN_TOKEN_THREAD; if (OpenAsSelf) req->flags |= OPEN_TOKEN_AS_SELF; ret = wine_server_call( req ); if (!ret) *TokenHandle = reply->token; diff --git a/include/wine/server_protocol.h b/include/wine/server_protocol.h index f38868fc734..65a5be81269 100644 --- a/include/wine/server_protocol.h +++ b/include/wine/server_protocol.h @@ -3416,6 +3416,8 @@ struct open_token_request { struct request_header __header; obj_handle_t handle; + unsigned int access; + unsigned int attributes; unsigned int flags; }; struct open_token_reply @@ -3498,7 +3500,7 @@ struct duplicate_token_request struct request_header __header; obj_handle_t handle; unsigned int access; - int inherit; + unsigned int attributes; int primary; int impersonation_level; }; @@ -4319,6 +4321,6 @@ union generic_reply struct query_symlink_reply query_symlink_reply; }; -#define SERVER_PROTOCOL_VERSION 212 +#define SERVER_PROTOCOL_VERSION 213 #endif /* __WINE_WINE_SERVER_PROTOCOL_H */ diff --git a/server/protocol.def b/server/protocol.def index df5a97592bb..70b587aaa10 100644 --- a/server/protocol.def +++ b/server/protocol.def @@ -2399,6 +2399,8 @@ enum message_type /* Open a security token */ @REQ(open_token) obj_handle_t handle; /* handle to the thread or process */ + unsigned int access; /* access rights to the new token */ + unsigned int attributes;/* object attributes */ unsigned int flags; /* flags (see below) */ @REPLY obj_handle_t token; /* handle to the token */ @@ -2454,10 +2456,10 @@ enum message_type @END @REQ(duplicate_token) - obj_handle_t handle; /* handle to the token to duplicate */ - unsigned int access; /* access rights to the new token */ - int inherit; /* inherit flag */ - int primary; /* is the new token to be a primary one? */ + obj_handle_t handle; /* handle to the token to duplicate */ + unsigned int access; /* access rights to the new token */ + unsigned int attributes; /* object attributes */ + int primary; /* is the new token to be a primary one? */ int impersonation_level; /* impersonation level of the new token */ @REPLY obj_handle_t new_handle; /* duplicated handle */ diff --git a/server/token.c b/server/token.c index a31d6566818..d10b9a19e08 100644 --- a/server/token.c +++ b/server/token.c @@ -883,7 +883,8 @@ DECL_HANDLER(open_token) if (thread) { if (thread->token) - reply->token = alloc_handle( current->process, thread->token, TOKEN_ALL_ACCESS, 0); + reply->token = alloc_handle( current->process, thread->token, req->access, + req->attributes & OBJ_INHERIT ); else set_error(STATUS_NO_TOKEN); release_object( thread ); @@ -895,7 +896,8 @@ DECL_HANDLER(open_token) if (process) { if (process->token) - reply->token = alloc_handle( current->process, process->token, TOKEN_ALL_ACCESS, 0); + reply->token = alloc_handle( current->process, process->token, req->access, + req->attributes & OBJ_INHERIT ); else set_error(STATUS_NO_TOKEN); release_object( process ); @@ -1015,7 +1017,8 @@ DECL_HANDLER(duplicate_token) access = req->access; if (access & MAXIMUM_ALLOWED) access = TOKEN_ALL_ACCESS; /* FIXME: needs general solution */ - reply->new_handle = alloc_handle( current->process, token, access, req->inherit); + reply->new_handle = alloc_handle( current->process, token, access, + req->attributes & OBJ_INHERIT); release_object( token ); } release_object( src_token ); diff --git a/server/trace.c b/server/trace.c index 153f5a9c104..aff977fae88 100644 --- a/server/trace.c +++ b/server/trace.c @@ -2949,6 +2949,8 @@ static void dump_set_clipboard_info_reply( const struct set_clipboard_info_reply static void dump_open_token_request( const struct open_token_request *req ) { fprintf( stderr, " handle=%p,", req->handle ); + fprintf( stderr, " access=%08x,", req->access ); + fprintf( stderr, " attributes=%08x,", req->attributes ); fprintf( stderr, " flags=%08x", req->flags ); } @@ -3021,7 +3023,7 @@ static void dump_duplicate_token_request( const struct duplicate_token_request * { fprintf( stderr, " handle=%p,", req->handle ); fprintf( stderr, " access=%08x,", req->access ); - fprintf( stderr, " inherit=%d,", req->inherit ); + fprintf( stderr, " attributes=%08x,", req->attributes ); fprintf( stderr, " primary=%d,", req->primary ); fprintf( stderr, " impersonation_level=%d", req->impersonation_level ); }