server: Use attributes instead of inherit flag in token requests.
Also use the specified access rights in the open_token request.
diff --git a/server/protocol.def b/server/protocol.def
index df5a975..70b587a 100644
--- a/server/protocol.def
+++ b/server/protocol.def
@@ -2399,6 +2399,8 @@
/* Open a security token */
@REQ(open_token)
obj_handle_t handle; /* handle to the thread or process */
+ unsigned int access; /* access rights to the new token */
+ unsigned int attributes;/* object attributes */
unsigned int flags; /* flags (see below) */
@REPLY
obj_handle_t token; /* handle to the token */
@@ -2454,10 +2456,10 @@
@END
@REQ(duplicate_token)
- obj_handle_t handle; /* handle to the token to duplicate */
- unsigned int access; /* access rights to the new token */
- int inherit; /* inherit flag */
- int primary; /* is the new token to be a primary one? */
+ obj_handle_t handle; /* handle to the token to duplicate */
+ unsigned int access; /* access rights to the new token */
+ unsigned int attributes; /* object attributes */
+ int primary; /* is the new token to be a primary one? */
int impersonation_level; /* impersonation level of the new token */
@REPLY
obj_handle_t new_handle; /* duplicated handle */
diff --git a/server/token.c b/server/token.c
index a31d656..d10b9a1 100644
--- a/server/token.c
+++ b/server/token.c
@@ -883,7 +883,8 @@
if (thread)
{
if (thread->token)
- reply->token = alloc_handle( current->process, thread->token, TOKEN_ALL_ACCESS, 0);
+ reply->token = alloc_handle( current->process, thread->token, req->access,
+ req->attributes & OBJ_INHERIT );
else
set_error(STATUS_NO_TOKEN);
release_object( thread );
@@ -895,7 +896,8 @@
if (process)
{
if (process->token)
- reply->token = alloc_handle( current->process, process->token, TOKEN_ALL_ACCESS, 0);
+ reply->token = alloc_handle( current->process, process->token, req->access,
+ req->attributes & OBJ_INHERIT );
else
set_error(STATUS_NO_TOKEN);
release_object( process );
@@ -1015,7 +1017,8 @@
access = req->access;
if (access & MAXIMUM_ALLOWED) access = TOKEN_ALL_ACCESS; /* FIXME: needs general solution */
- reply->new_handle = alloc_handle( current->process, token, access, req->inherit);
+ reply->new_handle = alloc_handle( current->process, token, access,
+ req->attributes & OBJ_INHERIT);
release_object( token );
}
release_object( src_token );
diff --git a/server/trace.c b/server/trace.c
index 153f5a9..aff977f 100644
--- a/server/trace.c
+++ b/server/trace.c
@@ -2949,6 +2949,8 @@
static void dump_open_token_request( const struct open_token_request *req )
{
fprintf( stderr, " handle=%p,", req->handle );
+ fprintf( stderr, " access=%08x,", req->access );
+ fprintf( stderr, " attributes=%08x,", req->attributes );
fprintf( stderr, " flags=%08x", req->flags );
}
@@ -3021,7 +3023,7 @@
{
fprintf( stderr, " handle=%p,", req->handle );
fprintf( stderr, " access=%08x,", req->access );
- fprintf( stderr, " inherit=%d,", req->inherit );
+ fprintf( stderr, " attributes=%08x,", req->attributes );
fprintf( stderr, " primary=%d,", req->primary );
fprintf( stderr, " impersonation_level=%d", req->impersonation_level );
}
