[reactos] 01/01: [NTOS:SE] Don't assert on levels that don't allow impersonation. - Ros-diffs

21 Nov 2021

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=88e3ef5fa06d030d86f5d9...
commit 88e3ef5fa06d030d86f5d91a43f727922496da8e
Author:     Thomas Faber thomas.faber@reactos.org
AuthorDate: Sun Nov 21 17:18:25 2021 -0500
Commit:     Thomas Faber thomas.faber@reactos.org
CommitDate: Sun Nov 21 17:19:03 2021 -0500
[NTOS:SE] Don't assert on levels that don't allow impersonation.
---
 ntoskrnl/se/token.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/ntoskrnl/se/token.c b/ntoskrnl/se/token.c
index cd320a8dcdf..fa4a0e8d847 100644
--- a/ntoskrnl/se/token.c
+++ b/ntoskrnl/se/token.c
@@ -3582,11 +3582,13 @@ SeTokenCanImpersonate(
/*
      * SecurityAnonymous and SecurityIdentification levels do not
-     * allow impersonation. If we get such levels from the call
-     * then something's seriously wrong.
+     * allow impersonation.
      */
-    ASSERT(ImpersonationLevel != SecurityAnonymous &&
-           ImpersonationLevel != SecurityIdentification);
+    if (ImpersonationLevel == SecurityAnonymous ||
+        ImpersonationLevel == SecurityIdentification)
+    {
+        return FALSE;
+    }
/* Time to lock our tokens */
     SepAcquireTokenLockShared(ProcessToken);

    