mirror of
https://github.com/reactos/reactos.git
synced 2025-08-05 15:52:57 +00:00
[NTOSKRNL]
Make NtDuplicateToken fail if the caller tries to create a new impersonation token with a raised impersonation level. This fixes a winetest. svn path=/trunk/; revision=47456
This commit is contained in:
Eric Kohl
parent
2e0bbab8ca
commit
dfc4dcb9b5
1 changed files with 49 additions and 27 deletions
|
|
@ -1844,8 +1844,32 @@ NtDuplicateToken(IN HANDLE ExistingTokenHandle,
|
||||||
PreviousMode,
|
PreviousMode,
|
||||||
(PVOID*)&Token,
|
(PVOID*)&Token,
|
||||||
NULL);
|
NULL);
|
||||||
if (NT_SUCCESS(Status))
|
if (!NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
|
SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
|
||||||
|
PreviousMode,
|
||||||
|
FALSE);
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Fail, if the original token is an impersonation token and the caller
|
||||||
|
* tries to raise the impersonation level of the new token above the
|
||||||
|
* impersonation level of the original token.
|
||||||
|
*/
|
||||||
|
if (Token->TokenType == TokenImpersonation)
|
||||||
|
{
|
||||||
|
if (QoSPresent &&
|
||||||
|
CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
|
||||||
|
{
|
||||||
|
ObDereferenceObject(Token);
|
||||||
|
SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
|
||||||
|
PreviousMode,
|
||||||
|
FALSE);
|
||||||
|
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Status = SepDuplicateToken(Token,
|
Status = SepDuplicateToken(Token,
|
||||||
ObjectAttributes,
|
ObjectAttributes,
|
||||||
EffectiveOnly,
|
EffectiveOnly,
|
||||||
|
|
@ -1864,7 +1888,6 @@ NtDuplicateToken(IN HANDLE ExistingTokenHandle,
|
||||||
0,
|
0,
|
||||||
NULL,
|
NULL,
|
||||||
&hToken);
|
&hToken);
|
||||||
|
|
||||||
if (NT_SUCCESS(Status))
|
if (NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
_SEH2_TRY
|
_SEH2_TRY
|
||||||
|
|
@ -1878,7 +1901,6 @@ NtDuplicateToken(IN HANDLE ExistingTokenHandle,
|
||||||
_SEH2_END;
|
_SEH2_END;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/* Free the captured structure */
|
/* Free the captured structure */
|
||||||
SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
|
SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue