Elad Lahav wrote:
I've been looking into the annoying "Set ThreadImpersonationToken handle" messages. In order to fix this issue, I need to know a few things:No, Wine currently ignores thread tokens. It should store them as an attribute of the thread in wineserver. Some tests need to be performed to figure out whether the access checks for the token are carried out in NtSetInformationThread or whether they are carried out on a syscall-by-syscall basis.
1. Does Wine maintain access tokens at all? It seems that most of the relevant functions (e.g., NtQueryInformationThread and NtSetInformationThread) simply ignore it.
2. It looks like the thread's token is a part of the so-called "security descriptor" member of the thread's SECURITY_ATTRIBUTES structure.Not really. The SECURITY_ATTRIBUTES lpSecurityDescriptor member contains the owner and the access control lists that specify who has access to that handle (as with most other objects through the OBJECT_ATTRIBUTES structure)
Does anyone know what structure this descriptor points to?
If I understand you correctly I think it is SECURITY_DESCRIPTOR. It is documented here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_attributes.asp
Rob
