mirror of
https://github.com/reactos/reactos.git
synced 2025-08-05 00:55:48 +00:00
[NTOSKRNL]
Make NtDuplicateToken fail if the caller tries to create a new impersonation token with a raised impersonation level. This fixes a winetest. svn path=/trunk/; revision=47456
This commit is contained in:
Eric Kohl
parent
2e0bbab8ca
commit
dfc4dcb9b5
1 changed files with 49 additions and 27 deletions
|
|
@ -1844,39 +1844,61 @@ NtDuplicateToken(IN HANDLE ExistingTokenHandle,
|
||||||
PreviousMode,
|
PreviousMode,
|
||||||
(PVOID*)&Token,
|
(PVOID*)&Token,
|
||||||
NULL);
|
NULL);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
|
||||||
|
PreviousMode,
|
||||||
|
FALSE);
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Fail, if the original token is an impersonation token and the caller
|
||||||
|
* tries to raise the impersonation level of the new token above the
|
||||||
|
* impersonation level of the original token.
|
||||||
|
*/
|
||||||
|
if (Token->TokenType == TokenImpersonation)
|
||||||
|
{
|
||||||
|
if (QoSPresent &&
|
||||||
|
CapturedSecurityQualityOfService->ImpersonationLevel >Token->ImpersonationLevel)
|
||||||
|
{
|
||||||
|
ObDereferenceObject(Token);
|
||||||
|
SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
|
||||||
|
PreviousMode,
|
||||||
|
FALSE);
|
||||||
|
return STATUS_BAD_IMPERSONATION_LEVEL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Status = SepDuplicateToken(Token,
|
||||||
|
ObjectAttributes,
|
||||||
|
EffectiveOnly,
|
||||||
|
TokenType,
|
||||||
|
(QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
|
||||||
|
PreviousMode,
|
||||||
|
&NewToken);
|
||||||
|
|
||||||
|
ObDereferenceObject(Token);
|
||||||
|
|
||||||
if (NT_SUCCESS(Status))
|
if (NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
Status = SepDuplicateToken(Token,
|
Status = ObInsertObject((PVOID)NewToken,
|
||||||
ObjectAttributes,
|
NULL,
|
||||||
EffectiveOnly,
|
DesiredAccess,
|
||||||
TokenType,
|
0,
|
||||||
(QoSPresent ? CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
|
NULL,
|
||||||
PreviousMode,
|
&hToken);
|
||||||
&NewToken);
|
|
||||||
|
|
||||||
ObDereferenceObject(Token);
|
|
||||||
|
|
||||||
if (NT_SUCCESS(Status))
|
if (NT_SUCCESS(Status))
|
||||||
{
|
{
|
||||||
Status = ObInsertObject((PVOID)NewToken,
|
_SEH2_TRY
|
||||||
NULL,
|
|
||||||
DesiredAccess,
|
|
||||||
0,
|
|
||||||
NULL,
|
|
||||||
&hToken);
|
|
||||||
|
|
||||||
if (NT_SUCCESS(Status))
|
|
||||||
{
|
{
|
||||||
_SEH2_TRY
|
*NewTokenHandle = hToken;
|
||||||
{
|
|
||||||
*NewTokenHandle = hToken;
|
|
||||||
}
|
|
||||||
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
|
||||||
{
|
|
||||||
Status = _SEH2_GetExceptionCode();
|
|
||||||
}
|
|
||||||
_SEH2_END;
|
|
||||||
}
|
}
|
||||||
|
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
Status = _SEH2_GetExceptionCode();
|
||||||
|
}
|
||||||
|
_SEH2_END;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue