Access Tokens and Threads
Robert Shearman
rob at codeweavers.com
Wed Nov 3 16:02:42 CST 2004
Elad Lahav wrote:
>I've been looking into the annoying "Set ThreadImpersonationToken handle"
>messages. In order to fix this issue, I need to know a few things:
>1. Does Wine maintain access tokens at all? It seems that most of the relevant
>functions (e.g., NtQueryInformationThread and NtSetInformationThread) simply
>ignore it.
>
>
No, Wine currently ignores thread tokens. It should store them as an
attribute of the thread in wineserver. Some tests need to be performed
to figure out whether the access checks for the token are carried out in
NtSetInformationThread or whether they are carried out on a
syscall-by-syscall basis.
>2. It looks like the thread's token is a part of the so-called "security
>descriptor" member of the thread's SECURITY_ATTRIBUTES structure.
>
Not really. The SECURITY_ATTRIBUTES lpSecurityDescriptor member contains
the owner and the access control lists that specify who has access to
that handle (as with most other objects through the OBJECT_ATTRIBUTES
structure)
>Does anyone
>know what structure this descriptor points to?
>
>
If I understand you correctly I think it is SECURITY_DESCRIPTOR. It is
documented here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_attributes.asp
Rob
More information about the wine-devel
mailing list