Alexandre Julliard : server: impersonation_level should be an int since we store -1 in it.
Alexandre Julliard
julliard at winehq.org
Wed Mar 26 09:16:13 CDT 2008
Module: wine
Branch: master
Commit: f6d871eecf772ef5fb0a6f4e521cf15bfcb0555b
URL: http://source.winehq.org/git/wine.git/?a=commit;h=f6d871eecf772ef5fb0a6f4e521cf15bfcb0555b
Author: Alexandre Julliard <julliard at winehq.org>
Date: Wed Mar 26 14:38:49 2008 +0100
server: impersonation_level should be an int since we store -1 in it.
Make sure we don't check the impersonation level for primary tokens.
---
server/security.h | 2 +-
server/token.c | 25 ++++++++++++-------------
2 files changed, 13 insertions(+), 14 deletions(-)
diff --git a/server/security.h b/server/security.h
index ebdf95f..39b1d2f 100644
--- a/server/security.h
+++ b/server/security.h
@@ -48,7 +48,7 @@ extern const PSID security_local_system_sid;
extern struct token *token_create_admin(void);
extern struct token *token_duplicate( struct token *src_token, unsigned primary,
- SECURITY_IMPERSONATION_LEVEL impersonation_level );
+ int impersonation_level );
extern int token_check_privileges( struct token *token, int all_required,
const LUID_AND_ATTRIBUTES *reqprivs,
unsigned int count, LUID_AND_ATTRIBUTES *usedprivs);
diff --git a/server/token.c b/server/token.c
index 72b3e29..7352ec2 100644
--- a/server/token.c
+++ b/server/token.c
@@ -90,7 +90,7 @@ struct token
unsigned primary; /* is this a primary or impersonation token? */
ACL *default_dacl; /* the default DACL to assign to objects created by this user */
TOKEN_SOURCE source; /* source of the token */
- SECURITY_IMPERSONATION_LEVEL impersonation_level; /* impersonation level this token is capable of if non-primary token */
+ int impersonation_level; /* impersonation level this token is capable of if non-primary token */
};
struct privilege
@@ -421,7 +421,7 @@ static struct token *create_token( unsigned primary, const SID *user,
const LUID_AND_ATTRIBUTES *privs, unsigned int priv_count,
const ACL *default_dacl, TOKEN_SOURCE source,
const luid_t *modified_id,
- SECURITY_IMPERSONATION_LEVEL impersonation_level )
+ int impersonation_level )
{
struct token *token = alloc_object( &token_ops );
if (token)
@@ -506,7 +506,7 @@ static struct token *create_token( unsigned primary, const SID *user,
}
struct token *token_duplicate( struct token *src_token, unsigned primary,
- SECURITY_IMPERSONATION_LEVEL impersonation_level )
+ int impersonation_level )
{
const luid_t *modified_id =
primary || (impersonation_level == src_token->impersonation_level) ?
@@ -515,20 +515,19 @@ struct token *token_duplicate( struct token *src_token, unsigned primary,
struct privilege *privilege;
struct group *group;
- if ((impersonation_level < SecurityAnonymous) ||
- (impersonation_level > SecurityDelegation))
+ if (!primary &&
+ (impersonation_level < SecurityAnonymous ||
+ impersonation_level > SecurityDelegation ||
+ (!src_token->primary && (impersonation_level > src_token->impersonation_level))))
{
set_error( STATUS_BAD_IMPERSONATION_LEVEL );
return NULL;
}
- if (primary || (impersonation_level <= src_token->impersonation_level))
- token = create_token( primary, src_token->user, NULL, 0,
- NULL, 0, src_token->default_dacl,
- src_token->source, modified_id,
- impersonation_level );
- else set_error( STATUS_BAD_IMPERSONATION_LEVEL );
-
+ token = create_token( primary, src_token->user, NULL, 0,
+ NULL, 0, src_token->default_dacl,
+ src_token->source, modified_id,
+ impersonation_level );
if (!token) return token;
/* copy groups */
@@ -1013,7 +1012,7 @@ DECL_HANDLER(open_token)
{
if (thread->token)
{
- if (thread->token->impersonation_level <= SecurityAnonymous)
+ if (!thread->token->primary && thread->token->impersonation_level <= SecurityAnonymous)
set_error( STATUS_CANT_OPEN_ANONYMOUS );
else
reply->token = alloc_handle( current->process, thread->token,
More information about the wine-cvs
mailing list