Access Tokens and Threads
rob at codeweavers.com
Wed Nov 3 16:02:42 CST 2004
Elad Lahav wrote:
>I've been looking into the annoying "Set ThreadImpersonationToken handle"
>messages. In order to fix this issue, I need to know a few things:
>1. Does Wine maintain access tokens at all? It seems that most of the relevant
>functions (e.g., NtQueryInformationThread and NtSetInformationThread) simply
No, Wine currently ignores thread tokens. It should store them as an
attribute of the thread in wineserver. Some tests need to be performed
to figure out whether the access checks for the token are carried out in
NtSetInformationThread or whether they are carried out on a
>2. It looks like the thread's token is a part of the so-called "security
>descriptor" member of the thread's SECURITY_ATTRIBUTES structure.
Not really. The SECURITY_ATTRIBUTES lpSecurityDescriptor member contains
the owner and the access control lists that specify who has access to
that handle (as with most other objects through the OBJECT_ATTRIBUTES
>know what structure this descriptor points to?
If I understand you correctly I think it is SECURITY_DESCRIPTOR. It is
More information about the wine-devel