server: Fix handling of MAXIMUM_ALLOWED in token_access_check.
Sebastian Lackner
sebastian at fds-team.de
Fri Feb 3 02:57:10 CST 2017
Signed-off-by: Sebastian Lackner <sebastian at fds-team.de>
---
dlls/advapi32/tests/security.c | 6 ++++++
server/token.c | 5 ++++-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index f3396074772..3250544f571 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -1376,6 +1376,12 @@ static void test_AccessCheck(void)
ok(AccessStatus && (Access == KEY_READ),
"AccessCheck failed to grant access with error %d\n",
GetLastError());
+ ret = AccessCheck(SecurityDescriptor, Token, MAXIMUM_ALLOWED, &Mapping,
+ PrivSet, &PrivSetLen, &Access, &AccessStatus);
+ ok(ret, "AccessCheck failed with error %d\n", GetLastError());
+ ok(AccessStatus && (Access == KEY_ALL_ACCESS),
+ "AccessCheck failed to grant access with error %d\n",
+ GetLastError());
/* sd with blank dacl */
ret = SetSecurityDescriptorDacl(SecurityDescriptor, TRUE, Acl, FALSE);
diff --git a/server/token.c b/server/token.c
index 8c5e836466f..9489529a5d1 100644
--- a/server/token.c
+++ b/server/token.c
@@ -844,7 +844,10 @@ static unsigned int token_access_check( struct token *token,
if (!dacl_present || !dacl)
{
if (priv_count) *priv_count = 0;
- *granted_access = desired_access;
+ if (desired_access & MAXIMUM_ALLOWED)
+ *granted_access = mapping->GenericAll;
+ else
+ *granted_access = desired_access;
return *status = STATUS_SUCCESS;
}
--
2.11.0
More information about the wine-patches
mailing list