[PATCH 1/2] Fix CheckTokenMemberShip for primary tokens
Nikolay Sivov
nsivov at codeweavers.com
Mon Aug 1 17:12:51 CDT 2011
---
dlls/advapi32/security.c | 13 +++++++++++++
dlls/advapi32/tests/security.c | 6 ++++--
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c
index c3454a8..e4953d0 100644
--- a/dlls/advapi32/security.c
+++ b/dlls/advapi32/security.c
@@ -607,6 +607,19 @@ CheckTokenMembership( HANDLE token, PSID sid_to_check,
}
token = thread_token;
}
+ else
+ {
+ TOKEN_TYPE type;
+
+ ret = GetTokenInformation(token, TokenType, &type, sizeof(TOKEN_TYPE), &size);
+ if (!ret) goto exit;
+
+ if (type == TokenPrimary)
+ {
+ SetLastError(ERROR_NO_IMPERSONATION_TOKEN);
+ return FALSE;
+ }
+ }
ret = GetTokenInformation(token, TokenGroups, NULL, 0, &size);
if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 6a9a1d2..931f912 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -3637,21 +3637,23 @@ static void test_CheckTokenMembership(void)
return;
}
+ is_member = FALSE;
ret = pCheckTokenMembership(token, token_groups->Groups[i].Sid, &is_member);
ok(ret, "CheckTokenMembership failed with error %d\n", GetLastError());
ok(is_member, "CheckTokenMembership should have detected sid as member\n");
+ is_member = FALSE;
ret = pCheckTokenMembership(NULL, token_groups->Groups[i].Sid, &is_member);
ok(ret, "CheckTokenMembership failed with error %d\n", GetLastError());
ok(is_member, "CheckTokenMembership should have detected sid as member\n");
+ is_member = TRUE;
+ SetLastError(0xdeadbeef);
ret = pCheckTokenMembership(process_token, token_groups->Groups[i].Sid, &is_member);
-todo_wine {
ok(!ret && GetLastError() == ERROR_NO_IMPERSONATION_TOKEN,
"CheckTokenMembership with process token %s with error %d\n",
ret ? "succeeded" : "failed", GetLastError());
ok(!is_member, "CheckTokenMembership should have cleared is_member\n");
-}
HeapFree(GetProcessHeap(), 0, token_groups);
CloseHandle(token);
--
1.5.6.5
--------------020006090502050107060602--
More information about the wine-patches
mailing list