[ros-diffs] [ekohl] 47586: [NTOSKRNL] NtDuplicateToken: Fail, if a primary token is to be created from an impersonation token and and the impersonation level of the impersonation token is below SecurityImpersonation.

Author: ekohl Date: Sat Jun 5 14:20:53 2010 New Revision: 47586 URL: http://svn.reactos.org/svn/reactos?rev=47586&view=rev Log: [NTOSKRNL] NtDuplicateToken: Fail, if a primary token is to be created from an impersonation token and and the impersonation level of the impersonation token is below SecurityImpersonation. Modified: trunk/reactos/ntoskrnl/se/token.c Modified: trunk/reactos/ntoskrnl/se/token.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/token.c?rev=47… ============================================================================== --- trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] Sat Jun 5 14:20:53 2010 @@ -1871,6 +1871,21 @@ } } + /* + * Fail, if a primary token is to be created from an impersonation token + * and and the impersonation level of the impersonation token is below SecurityImpersonation. + */ + if (Token->TokenType == TokenImpersonation && + TokenType == TokenPrimary && + Token->ImpersonationLevel < SecurityImpersonation) + { + ObDereferenceObject(Token); + SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService, + PreviousMode, + FALSE); + return STATUS_BAD_IMPERSONATION_LEVEL; + } + Status = SepDuplicateToken(Token, ObjectAttributes, EffectiveOnly,