mirror of
https://github.com/reactos/reactos.git
synced 2025-01-13 01:22:03 +00:00
[NTOSKRNL]
NtDuplicateToken: Fail, if a primary token is to be created from an impersonation token and and the impersonation level of the impersonation token is below SecurityImpersonation. svn path=/trunk/; revision=47586
This commit is contained in:
Eric Kohl
parent
7da6d0a6e2
commit
89c8d4178c
1 changed files with 15 additions and 0 deletions
|
|
@ -1871,6 +1871,21 @@ NtDuplicateToken(IN HANDLE ExistingTokenHandle,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Fail, if a primary token is to be created from an impersonation token
|
||||||
|
* and and the impersonation level of the impersonation token is below SecurityImpersonation.
|
||||||
|
*/
|
||||||
|
if (Token->TokenType == TokenImpersonation &&
|
||||||
|
TokenType == TokenPrimary &&
|
||||||
|
Token->ImpersonationLevel < SecurityImpersonation)
|
||||||
|
{
|
||||||
|
ObDereferenceObject(Token);
|
||||||
|
SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
|
||||||
|
PreviousMode,
|
||||||
|
FALSE);
|
||||||
|
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||||
|
}
|
||||||
|
|
||||||
Status = SepDuplicateToken(Token,
|
Status = SepDuplicateToken(Token,
|
||||||
ObjectAttributes,
|
ObjectAttributes,
|
||||||
EffectiveOnly,
|
EffectiveOnly,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue