https://git.reactos.org/?p=reactos.git;a=commitdiff;h=88e3ef5fa06d030d86f5d… commit 88e3ef5fa06d030d86f5d91a43f727922496da8e Author: Thomas Faber <thomas.faber(a)reactos.org> AuthorDate: Sun Nov 21 17:18:25 2021 -0500 Commit: Thomas Faber <thomas.faber(a)reactos.org> CommitDate: Sun Nov 21 17:19:03 2021 -0500 [NTOS:SE] Don't assert on levels that don't allow impersonation. --- ntoskrnl/se/token.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ntoskrnl/se/token.c b/ntoskrnl/se/token.c index cd320a8dcdf..fa4a0e8d847 100644 --- a/ntoskrnl/se/token.c +++ b/ntoskrnl/se/token.c @@ -3582,11 +3582,13 @@ SeTokenCanImpersonate( /* * SecurityAnonymous and SecurityIdentification levels do not - * allow impersonation. If we get such levels from the call - * then something's seriously wrong. + * allow impersonation. */ - ASSERT(ImpersonationLevel != SecurityAnonymous && - ImpersonationLevel != SecurityIdentification); + if (ImpersonationLevel == SecurityAnonymous || + ImpersonationLevel == SecurityIdentification) + { + return FALSE; + } /* Time to lock our tokens */ SepAcquireTokenLockShared(ProcessToken);