https://git.reactos.org/?p=reactos.git;a=commitdiff;h=88e3ef5fa06d030d86f5d…
commit 88e3ef5fa06d030d86f5d91a43f727922496da8e
Author: Thomas Faber <thomas.faber(a)reactos.org>
AuthorDate: Sun Nov 21 17:18:25 2021 -0500
Commit: Thomas Faber <thomas.faber(a)reactos.org>
CommitDate: Sun Nov 21 17:19:03 2021 -0500
[NTOS:SE] Don't assert on levels that don't allow impersonation.
---
ntoskrnl/se/token.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/ntoskrnl/se/token.c b/ntoskrnl/se/token.c
index cd320a8dcdf..fa4a0e8d847 100644
--- a/ntoskrnl/se/token.c
+++ b/ntoskrnl/se/token.c
@@ -3582,11 +3582,13 @@ SeTokenCanImpersonate(
/*
* SecurityAnonymous and SecurityIdentification levels do not
- * allow impersonation. If we get such levels from the call
- * then something's seriously wrong.
+ * allow impersonation.
*/
- ASSERT(ImpersonationLevel != SecurityAnonymous &&
- ImpersonationLevel != SecurityIdentification);
+ if (ImpersonationLevel == SecurityAnonymous ||
+ ImpersonationLevel == SecurityIdentification)
+ {
+ return FALSE;
+ }
/* Time to lock our tokens */
SepAcquireTokenLockShared(ProcessToken);