I've been looking into the annoying "Set ThreadImpersonationToken handle" messages. In order to fix this issue, I need to know a few things: 1. Does Wine maintain access tokens at all? It seems that most of the relevant functions (e.g., NtQueryInformationThread and NtSetInformationThread) simply ignore it. 2. It looks like the thread's token is a part of the so-called "security descriptor" member of the thread's SECURITY_ATTRIBUTES structure. Does anyone know what structure this descriptor points to?
Elad
Elad Lahav wrote:
I've been looking into the annoying "Set ThreadImpersonationToken handle" messages. In order to fix this issue, I need to know a few things:
- Does Wine maintain access tokens at all? It seems that most of the relevant
functions (e.g., NtQueryInformationThread and NtSetInformationThread) simply ignore it.
No, Wine currently ignores thread tokens. It should store them as an attribute of the thread in wineserver. Some tests need to be performed to figure out whether the access checks for the token are carried out in NtSetInformationThread or whether they are carried out on a syscall-by-syscall basis.
- It looks like the thread's token is a part of the so-called "security
descriptor" member of the thread's SECURITY_ATTRIBUTES structure.
Not really. The SECURITY_ATTRIBUTES lpSecurityDescriptor member contains the owner and the access control lists that specify who has access to that handle (as with most other objects through the OBJECT_ATTRIBUTES structure)
Does anyone know what structure this descriptor points to?
If I understand you correctly I think it is SECURITY_DESCRIPTOR. It is documented here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/se...
Rob
-
Elad Lahav -
Robert Shearman