From 89c8d4178cb14d9c3e3acdd9ac013d91ae55b681 Mon Sep 17 00:00:00 2001
From: Eric Kohl <eric.kohl@reactos.org>
Date: Sat, 5 Jun 2010 12:20:53 +0000
Subject: [PATCH] [NTOSKRNL] NtDuplicateToken: Fail, if a primary token is to
 be created from an impersonation token and and the impersonation level of the
 impersonation token is below SecurityImpersonation.

svn path=/trunk/; revision=47586
---
 reactos/ntoskrnl/se/token.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/reactos/ntoskrnl/se/token.c b/reactos/ntoskrnl/se/token.c
index aa281bc68d5..6ee52544ba4 100644
--- a/reactos/ntoskrnl/se/token.c
+++ b/reactos/ntoskrnl/se/token.c
@@ -1871,6 +1871,21 @@ NtDuplicateToken(IN HANDLE ExistingTokenHandle,
         }
     }
 
+    /*
+     * Fail, if a primary token is to be created from an impersonation token
+     * and and the impersonation level of the impersonation token is below SecurityImpersonation.
+     */
+    if (Token->TokenType == TokenImpersonation &&
+        TokenType == TokenPrimary &&
+        Token->ImpersonationLevel < SecurityImpersonation)
+    {
+        ObDereferenceObject(Token);
+        SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
+                                           PreviousMode,
+                                           FALSE);
+        return STATUS_BAD_IMPERSONATION_LEVEL;
+    }
+
     Status = SepDuplicateToken(Token,
                                ObjectAttributes,
                                EffectiveOnly,