Commit 8fb562f7 authored by Zebediah Figura's avatar Zebediah Figura Committed by Alexandre Julliard

ntdll: Fix the prototype of NtDuplicateToken().

The fourth parameter is a boolean flag. The impersonation level is specified only through the SECURITY_QUALITY_OF_SERVICE structure. Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=54913
parent 60ef0f86
...@@ -682,13 +682,19 @@ BOOL WINAPI DuplicateToken( HANDLE token, SECURITY_IMPERSONATION_LEVEL level, PH ...@@ -682,13 +682,19 @@ BOOL WINAPI DuplicateToken( HANDLE token, SECURITY_IMPERSONATION_LEVEL level, PH
BOOL WINAPI DuplicateTokenEx( HANDLE token, DWORD access, LPSECURITY_ATTRIBUTES sa, BOOL WINAPI DuplicateTokenEx( HANDLE token, DWORD access, LPSECURITY_ATTRIBUTES sa,
SECURITY_IMPERSONATION_LEVEL level, TOKEN_TYPE type, PHANDLE ret ) SECURITY_IMPERSONATION_LEVEL level, TOKEN_TYPE type, PHANDLE ret )
{ {
SECURITY_QUALITY_OF_SERVICE qos;
OBJECT_ATTRIBUTES attr; OBJECT_ATTRIBUTES attr;
TRACE("%p 0x%08lx 0x%08x 0x%08x %p\n", token, access, level, type, ret ); TRACE("%p 0x%08lx 0x%08x 0x%08x %p\n", token, access, level, type, ret );
qos.Length = sizeof(qos);
qos.ImpersonationLevel = level;
qos.ContextTrackingMode = SECURITY_STATIC_TRACKING;
qos.EffectiveOnly = FALSE;
InitializeObjectAttributes( &attr, NULL, (sa && sa->bInheritHandle) ? OBJ_INHERIT : 0, InitializeObjectAttributes( &attr, NULL, (sa && sa->bInheritHandle) ? OBJ_INHERIT : 0,
NULL, sa ? sa->lpSecurityDescriptor : NULL ); NULL, sa ? sa->lpSecurityDescriptor : NULL );
return set_ntstatus( NtDuplicateToken( token, access, &attr, level, type, ret )); attr.SecurityQualityOfService = &qos;
return set_ntstatus( NtDuplicateToken( token, access, &attr, FALSE, type, ret ));
} }
/****************************************************************************** /******************************************************************************
......
...@@ -1647,8 +1647,9 @@ RtlAdjustPrivilege(ULONG Privilege, ...@@ -1647,8 +1647,9 @@ RtlAdjustPrivilege(ULONG Privilege,
NTSTATUS WINAPI NTSTATUS WINAPI
RtlImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel) RtlImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
{ {
SECURITY_QUALITY_OF_SERVICE qos;
NTSTATUS Status; NTSTATUS Status;
OBJECT_ATTRIBUTES ObjectAttributes; OBJECT_ATTRIBUTES attr;
HANDLE ProcessToken; HANDLE ProcessToken;
HANDLE ImpersonationToken; HANDLE ImpersonationToken;
...@@ -1659,14 +1660,15 @@ RtlImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel) ...@@ -1659,14 +1660,15 @@ RtlImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
if (Status != STATUS_SUCCESS) if (Status != STATUS_SUCCESS)
return Status; return Status;
InitializeObjectAttributes( &ObjectAttributes, NULL, 0, NULL, NULL ); qos.Length = sizeof(qos);
qos.ImpersonationLevel = ImpersonationLevel;
qos.ContextTrackingMode = SECURITY_STATIC_TRACKING;
qos.EffectiveOnly = FALSE;
InitializeObjectAttributes( &attr, NULL, 0, NULL, NULL );
attr.SecurityQualityOfService = &qos;
Status = NtDuplicateToken( ProcessToken, Status = NtDuplicateToken( ProcessToken, TOKEN_IMPERSONATE, &attr, FALSE,
TOKEN_IMPERSONATE, TokenImpersonation, &ImpersonationToken );
&ObjectAttributes,
ImpersonationLevel,
TokenImpersonation,
&ImpersonationToken );
if (Status != STATUS_SUCCESS) if (Status != STATUS_SUCCESS)
{ {
NtClose( ProcessToken ); NtClose( ProcessToken );
......
...@@ -69,7 +69,7 @@ static NTSTATUS (WINAPI *pNtGetNextThread)(HANDLE process, HANDLE thread, ACCESS ...@@ -69,7 +69,7 @@ static NTSTATUS (WINAPI *pNtGetNextThread)(HANDLE process, HANDLE thread, ACCESS
ULONG flags, HANDLE *handle); ULONG flags, HANDLE *handle);
static NTSTATUS (WINAPI *pNtOpenProcessToken)(HANDLE,DWORD,HANDLE*); static NTSTATUS (WINAPI *pNtOpenProcessToken)(HANDLE,DWORD,HANDLE*);
static NTSTATUS (WINAPI *pNtOpenThreadToken)(HANDLE,DWORD,BOOLEAN,HANDLE*); static NTSTATUS (WINAPI *pNtOpenThreadToken)(HANDLE,DWORD,BOOLEAN,HANDLE*);
static NTSTATUS (WINAPI *pNtDuplicateToken)(HANDLE,ACCESS_MASK,OBJECT_ATTRIBUTES*,SECURITY_IMPERSONATION_LEVEL,TOKEN_TYPE,HANDLE*); static NTSTATUS (WINAPI *pNtDuplicateToken)(HANDLE,ACCESS_MASK,OBJECT_ATTRIBUTES*,BOOLEAN,TOKEN_TYPE,HANDLE*);
static NTSTATUS (WINAPI *pNtDuplicateObject)(HANDLE,HANDLE,HANDLE,HANDLE*,ACCESS_MASK,ULONG,ULONG); static NTSTATUS (WINAPI *pNtDuplicateObject)(HANDLE,HANDLE,HANDLE,HANDLE*,ACCESS_MASK,ULONG,ULONG);
static NTSTATUS (WINAPI *pNtCompareObjects)(HANDLE,HANDLE); static NTSTATUS (WINAPI *pNtCompareObjects)(HANDLE,HANDLE);
...@@ -2145,13 +2145,13 @@ static void test_token(void) ...@@ -2145,13 +2145,13 @@ static void test_token(void)
status = pNtOpenProcessToken( GetCurrentProcess(), TOKEN_ALL_ACCESS, &handle ); status = pNtOpenProcessToken( GetCurrentProcess(), TOKEN_ALL_ACCESS, &handle );
ok( status == STATUS_SUCCESS, "NtOpenProcessToken failed: %lx\n", status); ok( status == STATUS_SUCCESS, "NtOpenProcessToken failed: %lx\n", status);
status = pNtDuplicateToken( handle, TOKEN_ALL_ACCESS, NULL, 0, TokenPrimary, &handle2 ); status = pNtDuplicateToken( handle, TOKEN_ALL_ACCESS, NULL, FALSE, TokenPrimary, &handle2 );
ok( status == STATUS_SUCCESS, "NtOpenProcessToken failed: %lx\n", status); ok( status == STATUS_SUCCESS, "NtOpenProcessToken failed: %lx\n", status);
pNtClose( handle2 ); pNtClose( handle2 );
status = pNtDuplicateToken( handle, TOKEN_ALL_ACCESS, NULL, 0, TokenPrimary, (HANDLE *)0xdeadbee0 ); status = pNtDuplicateToken( handle, TOKEN_ALL_ACCESS, NULL, FALSE, TokenPrimary, (HANDLE *)0xdeadbee0 );
ok( status == STATUS_ACCESS_VIOLATION, "NtOpenProcessToken failed: %lx\n", status); ok( status == STATUS_ACCESS_VIOLATION, "NtOpenProcessToken failed: %lx\n", status);
handle2 = (HANDLE)0xdeadbeef; handle2 = (HANDLE)0xdeadbeef;
status = pNtDuplicateToken( (HANDLE)0xdead, TOKEN_ALL_ACCESS, NULL, 0, TokenPrimary, &handle2 ); status = pNtDuplicateToken( (HANDLE)0xdead, TOKEN_ALL_ACCESS, NULL, FALSE, TokenPrimary, &handle2 );
ok( status == STATUS_INVALID_HANDLE, "NtOpenProcessToken failed: %lx\n", status); ok( status == STATUS_INVALID_HANDLE, "NtOpenProcessToken failed: %lx\n", status);
ok( !handle2 || broken(handle2 == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", handle2 ); ok( !handle2 || broken(handle2 == (HANDLE)0xdeadbeef) /* vista */, "handle set %p\n", handle2 );
pNtClose( handle ); pNtClose( handle );
......
...@@ -111,12 +111,16 @@ NTSTATUS WINAPI NtOpenThreadTokenEx( HANDLE thread, DWORD access, BOOLEAN self, ...@@ -111,12 +111,16 @@ NTSTATUS WINAPI NtOpenThreadTokenEx( HANDLE thread, DWORD access, BOOLEAN self,
* NtDuplicateToken (NTDLL.@) * NtDuplicateToken (NTDLL.@)
*/ */
NTSTATUS WINAPI NtDuplicateToken( HANDLE token, ACCESS_MASK access, OBJECT_ATTRIBUTES *attr, NTSTATUS WINAPI NtDuplicateToken( HANDLE token, ACCESS_MASK access, OBJECT_ATTRIBUTES *attr,
SECURITY_IMPERSONATION_LEVEL level, TOKEN_TYPE type, HANDLE *handle ) BOOLEAN effective_only, TOKEN_TYPE type, HANDLE *handle )
{ {
SECURITY_IMPERSONATION_LEVEL level = SecurityAnonymous;
unsigned int status; unsigned int status;
data_size_t len; data_size_t len;
struct object_attributes *objattr; struct object_attributes *objattr;
if (effective_only)
FIXME( "ignoring effective-only flag\n" );
*handle = 0; *handle = 0;
if ((status = alloc_object_attributes( attr, &objattr, &len ))) return status; if ((status = alloc_object_attributes( attr, &objattr, &len ))) return status;
......
...@@ -162,7 +162,7 @@ NTSTATUS WINAPI wow64_NtDuplicateToken( UINT *args ) ...@@ -162,7 +162,7 @@ NTSTATUS WINAPI wow64_NtDuplicateToken( UINT *args )
HANDLE token = get_handle( &args ); HANDLE token = get_handle( &args );
ACCESS_MASK access = get_ulong( &args ); ACCESS_MASK access = get_ulong( &args );
OBJECT_ATTRIBUTES32 *attr32 = get_ptr( &args ); OBJECT_ATTRIBUTES32 *attr32 = get_ptr( &args );
SECURITY_IMPERSONATION_LEVEL level = get_ulong( &args ); BOOLEAN effective_only = get_ulong( &args );
TOKEN_TYPE type = get_ulong( &args ); TOKEN_TYPE type = get_ulong( &args );
ULONG *handle_ptr = get_ptr( &args ); ULONG *handle_ptr = get_ptr( &args );
...@@ -171,7 +171,7 @@ NTSTATUS WINAPI wow64_NtDuplicateToken( UINT *args ) ...@@ -171,7 +171,7 @@ NTSTATUS WINAPI wow64_NtDuplicateToken( UINT *args )
NTSTATUS status; NTSTATUS status;
*handle_ptr = 0; *handle_ptr = 0;
status = NtDuplicateToken( token, access, objattr_32to64( &attr, attr32 ), level, type, &handle ); status = NtDuplicateToken( token, access, objattr_32to64( &attr, attr32 ), effective_only, type, &handle );
put_handle( handle_ptr, handle ); put_handle( handle_ptr, handle );
return status; return status;
} }
......
...@@ -4169,7 +4169,7 @@ NTSYSAPI NTSTATUS WINAPI NtDeleteValueKey(HANDLE,const UNICODE_STRING *); ...@@ -4169,7 +4169,7 @@ NTSYSAPI NTSTATUS WINAPI NtDeleteValueKey(HANDLE,const UNICODE_STRING *);
NTSYSAPI NTSTATUS WINAPI NtDeviceIoControlFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,ULONG,PVOID,ULONG,PVOID,ULONG); NTSYSAPI NTSTATUS WINAPI NtDeviceIoControlFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,ULONG,PVOID,ULONG,PVOID,ULONG);
NTSYSAPI NTSTATUS WINAPI NtDisplayString(PUNICODE_STRING); NTSYSAPI NTSTATUS WINAPI NtDisplayString(PUNICODE_STRING);
NTSYSAPI NTSTATUS WINAPI NtDuplicateObject(HANDLE,HANDLE,HANDLE,PHANDLE,ACCESS_MASK,ULONG,ULONG); NTSYSAPI NTSTATUS WINAPI NtDuplicateObject(HANDLE,HANDLE,HANDLE,PHANDLE,ACCESS_MASK,ULONG,ULONG);
NTSYSAPI NTSTATUS WINAPI NtDuplicateToken(HANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,SECURITY_IMPERSONATION_LEVEL,TOKEN_TYPE,PHANDLE); NTSYSAPI NTSTATUS WINAPI NtDuplicateToken(HANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,BOOLEAN,TOKEN_TYPE,PHANDLE);
NTSYSAPI NTSTATUS WINAPI NtEnumerateKey(HANDLE,ULONG,KEY_INFORMATION_CLASS,void *,DWORD,DWORD *); NTSYSAPI NTSTATUS WINAPI NtEnumerateKey(HANDLE,ULONG,KEY_INFORMATION_CLASS,void *,DWORD,DWORD *);
NTSYSAPI NTSTATUS WINAPI NtEnumerateValueKey(HANDLE,ULONG,KEY_VALUE_INFORMATION_CLASS,PVOID,ULONG,PULONG); NTSYSAPI NTSTATUS WINAPI NtEnumerateValueKey(HANDLE,ULONG,KEY_VALUE_INFORMATION_CLASS,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtExtendSection(HANDLE,PLARGE_INTEGER); NTSYSAPI NTSTATUS WINAPI NtExtendSection(HANDLE,PLARGE_INTEGER);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment