zw.h: correct ZwDuplicateToken proto.

advapi32\token\token.c: DuplicateTokenEx: pass correct values to NtDuplicateToken
security.c: RtlImpersonateSelf: pass correct values to NtDuplicateToken
ntoskrnl\token.c:
-NtSetInformationToken: lie and say we succeded
-NtDuplicateToken: don't deref. nullpointer

svn path=/trunk/; revision=12103

diff --git a/reactos/include/ntos/zw.h b/reactos/include/ntos/zw.h
index 5fde605..c20e40c 100755 (executable)
--- a/reactos/include/ntos/zw.h
+++ b/reactos/include/ntos/zw.h
@@ -1,5 +1,5 @@
 
-/* $Id: zw.h,v 1.37 2004/12/10 16:50:36 navaraf Exp $
+/* $Id: zw.h,v 1.38 2004/12/14 00:41:23 gdalsnes Exp $
  *
  * COPYRIGHT:        See COPYING in the top level directory
  * PROJECT:          ReactOS kernel
@@ -5838,7 +5838,7 @@ STDCALL
 NtDuplicateToken(  
        IN HANDLE ExistingToken, 
        IN ACCESS_MASK DesiredAccess, 
-       IN POBJECT_ATTRIBUTES ObjectAttributes,
+       IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
        IN BOOLEAN EffectiveOnly,
        IN TOKEN_TYPE TokenType,  
        OUT PHANDLE NewToken     
@@ -5849,8 +5849,8 @@ STDCALL
 ZwDuplicateToken(  
        IN HANDLE ExistingToken, 
        IN ACCESS_MASK DesiredAccess, 
-       IN POBJECT_ATTRIBUTES ObjectAttributes,
-       IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
+       IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
+       IN BOOLEAN EffectiveOnly,
        IN TOKEN_TYPE TokenType,  
        OUT PHANDLE NewToken     
        );

diff --git a/reactos/lib/advapi32/token/token.c b/reactos/lib/advapi32/token/token.c
index 42f6fee..aaf07ca 100644 (file)
--- a/reactos/lib/advapi32/token/token.c
+++ b/reactos/lib/advapi32/token/token.c
@@ -1,4 +1,4 @@
-/* $Id: token.c,v 1.16 2004/12/11 00:21:33 weiden Exp $
+/* $Id: token.c,v 1.17 2004/12/14 00:41:24 gdalsnes Exp $
  *
  * COPYRIGHT:       See COPYING in the top level directory
  * PROJECT:         ReactOS system libraries
@@ -261,22 +261,27 @@ DuplicateTokenEx (HANDLE ExistingTokenHandle,
   OBJECT_ATTRIBUTES ObjectAttributes;
   HANDLE NewToken;
   NTSTATUS Status;
-
-  ObjectAttributes.Length = sizeof(OBJECT_ATTRIBUTES);
-  ObjectAttributes.RootDirectory = NULL;
-  ObjectAttributes.ObjectName = NULL;
-  ObjectAttributes.Attributes = 0;
-  if (lpTokenAttributes->bInheritHandle)
-    {
-      ObjectAttributes.Attributes |= OBJ_INHERIT;
-    }
-  ObjectAttributes.SecurityDescriptor = lpTokenAttributes->lpSecurityDescriptor;
-  ObjectAttributes.SecurityQualityOfService = NULL;
+  SECURITY_QUALITY_OF_SERVICE Sqos;
+  
+  Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
+  Sqos.ImpersonationLevel = ImpersonationLevel;
+  Sqos.ContextTrackingMode = 0;
+  Sqos.EffectiveOnly = FALSE;
+
+  InitializeObjectAttributes(
+      &ObjectAttributes,
+      NULL,
+      lpTokenAttributes->bInheritHandle ? OBJ_INHERIT : 0,
+      NULL,
+      lpTokenAttributes->lpSecurityDescriptor
+      );
+ 
+  ObjectAttributes.SecurityQualityOfService = &Sqos;
 
   Status = NtDuplicateToken (ExistingTokenHandle,
                             dwDesiredAccess,
                             &ObjectAttributes,
-                            ImpersonationLevel,
+              Sqos.EffectiveOnly, /* why both here _and_ in Sqos? */
                             TokenType,
                             &NewToken);
   if (!NT_SUCCESS(Status))

diff --git a/reactos/lib/rtl/security.c b/reactos/lib/rtl/security.c
index 6939ed8..f4e5bcb 100644 (file)
--- a/reactos/lib/rtl/security.c
+++ b/reactos/lib/rtl/security.c
@@ -1,4 +1,4 @@
-/* $Id: security.c,v 1.2 2004/07/13 11:52:09 ekohl Exp $
+/* $Id: security.c,v 1.3 2004/12/14 00:41:24 gdalsnes Exp $
  *
  * COPYRIGHT:       See COPYING in the top level directory
  * PROJECT:         ReactOS kernel
@@ -27,7 +27,9 @@ RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
    HANDLE ProcessToken;
    HANDLE ImpersonationToken;
    NTSTATUS Status;
-
+   OBJECT_ATTRIBUTES ObjAttr;
+   SECURITY_QUALITY_OF_SERVICE Sqos;   
+   
    Status = NtOpenProcessToken(NtCurrentProcess(),
                                TOKEN_DUPLICATE,
                                &ProcessToken);
@@ -36,11 +38,26 @@ RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
       DPRINT1("NtOpenProcessToken() failed (Status %lx)\n", Status);
       return(Status);
    }
-
+  
+   Sqos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
+   Sqos.ImpersonationLevel = ImpersonationLevel;
+   Sqos.ContextTrackingMode = 0;
+   Sqos.EffectiveOnly = FALSE;
+   
+   InitializeObjectAttributes(
+      &ObjAttr,
+      NULL,
+      0,
+      NULL,
+      NULL
+      );
+   
+   ObjAttr.SecurityQualityOfService = &Sqos;
+   
    Status = NtDuplicateToken(ProcessToken,
                              TOKEN_IMPERSONATE,
-                             NULL,
-                             ImpersonationLevel,
+                             &ObjAttr,
+                             Sqos.EffectiveOnly, /* why both here _and_ in Sqos? */
                              TokenImpersonation,
                              &ImpersonationToken);
    if (!NT_SUCCESS(Status))

diff --git a/reactos/ntoskrnl/se/token.c b/reactos/ntoskrnl/se/token.c
index 440bf7b..e228413 100644 (file)
--- a/reactos/ntoskrnl/se/token.c
+++ b/reactos/ntoskrnl/se/token.c
@@ -1,4 +1,4 @@
-/* $Id: token.c,v 1.43 2004/12/10 16:50:38 navaraf Exp $
+/* $Id: token.c,v 1.44 2004/12/14 00:41:24 gdalsnes Exp $
  *
  * COPYRIGHT:         See COPYING in the top level directory
  * PROJECT:           ReactOS kernel
@@ -914,7 +914,9 @@ NtSetInformationToken(IN HANDLE TokenHandle,
       break;
 
     default:
-      return STATUS_NOT_IMPLEMENTED;
+      DPRINT1("NtSetInformationToken: lying about success (stub)\n");   
+      return STATUS_SUCCESS;  
+
     }
 
   Status = ObReferenceObjectByHandle(TokenHandle,
@@ -965,12 +967,16 @@ NtSetInformationToken(IN HANDLE TokenHandle,
 
 /*
  * @implemented
+ *
+ * NOTE: Some sources claim 4th param is ImpersonationLevel, but on W2K
+ * this is certainly NOT true, thou i can't say for sure that EffectiveOnly
+ * is correct either. -Gunnar
  */
 NTSTATUS STDCALL
 NtDuplicateToken(IN HANDLE ExistingTokenHandle,
                 IN ACCESS_MASK DesiredAccess,
-                IN POBJECT_ATTRIBUTES ObjectAttributes,
-                IN BOOLEAN EffectiveOnly,
+       IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL /*is it really optional?*/,
+       IN BOOLEAN EffectiveOnly,
                 IN TOKEN_TYPE TokenType,
                 OUT PHANDLE NewTokenHandle)
 {
@@ -996,7 +1002,9 @@ NtDuplicateToken(IN HANDLE ExistingTokenHandle,
                             ObjectAttributes,
                             EffectiveOnly,
                             TokenType,
-                            ObjectAttributes->SecurityQualityOfService->ImpersonationLevel,
+              ObjectAttributes->SecurityQualityOfService ? 
+                  ObjectAttributes->SecurityQualityOfService->ImpersonationLevel : 
+                  0 /*SecurityAnonymous*/,
                             PreviousMode,
                             &NewToken);