[ros-diffs] [ekohl] 46347: [NTOSKRNL] NtAccessCheck: - Fix returned status if the token is not an impersonation token. - Add a check for the token impersonation level.
ekohl at svn.reactos.org
ekohl at svn.reactos.org
Tue Mar 23 01:16:14 CET 2010
Author: ekohl
Date: Tue Mar 23 01:16:14 2010
New Revision: 46347
URL: http://svn.reactos.org/svn/reactos?rev=46347&view=rev
Log:
[NTOSKRNL]
NtAccessCheck:
- Fix returned status if the token is not an impersonation token.
- Add a check for the token impersonation level.
Modified:
trunk/reactos/ntoskrnl/se/semgr.c
Modified: trunk/reactos/ntoskrnl/se/semgr.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/semgr.c?rev=46347&r1=46346&r2=46347&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/semgr.c [iso-8859-1] Tue Mar 23 01:16:14 2010
@@ -743,7 +743,15 @@
{
DPRINT1("No impersonation token\n");
ObDereferenceObject(Token);
- return STATUS_ACCESS_DENIED;
+ return STATUS_NO_IMPERSONATION_TOKEN;
+ }
+
+ /* Check the impersonation level */
+ if (Token->ImpersonationLevel < SecurityIdentification)
+ {
+ DPRINT1("Impersonation level < SecurityIdentification\n");
+ ObDereferenceObject(Token);
+ return STATUS_BAD_IMPERSONATION_LEVEL;
}
/* Set up the subject context, and lock it */
More information about the Ros-diffs
mailing list