[ekohl] 47456: [NTOSKRNL] Make NtDuplicateToken fail if the caller tries to create a new impersonation token with a raised impersonation level. This fixes a winetest. - Ros-diffs

30 May 2010

Author: ekohl
Date: Sun May 30 21:46:02 2010
New Revision: 47456

URL: http://svn.reactos.org/svn/reactos?rev=47456&view=rev
Log:
[NTOSKRNL]
Make NtDuplicateToken fail if the caller tries to create a new impersonation token with a
raised impersonation level. This fixes a winetest.

Modified:
    trunk/reactos/ntoskrnl/se/token.c

Modified: trunk/reactos/ntoskrnl/se/token.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/token.c?rev=47…
==============================================================================

--- trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/token.c [iso-8859-1] Sun May 30 21:46:02 2010
@@ -1844,39 +1844,61 @@
                                        PreviousMode,
                                        (PVOID*)&Token,
                                        NULL);
+    if (!NT_SUCCESS(Status))
+    {
+        SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
+                                           PreviousMode,
+                                           FALSE);
+        return Status;
+    }
+
+    /*
+     * Fail, if the original token is an impersonation token and the caller
+     * tries to raise the impersonation level of the new token above the
+     * impersonation level of the original token.
+     */
+    if (Token->TokenType == TokenImpersonation)
+    {
+        if (QoSPresent &&
+            CapturedSecurityQualityOfService->ImpersonationLevel
>Token->ImpersonationLevel)
+        {
+            ObDereferenceObject(Token);
+            SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
+                                               PreviousMode,
+                                               FALSE);
+            return STATUS_BAD_IMPERSONATION_LEVEL;
+        }
+    }
+
+    Status = SepDuplicateToken(Token,
+                               ObjectAttributes,
+                               EffectiveOnly,
+                               TokenType,
+                               (QoSPresent ?
CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
+                               PreviousMode,
+                               &NewToken);
+
+    ObDereferenceObject(Token);
+
     if (NT_SUCCESS(Status))
     {
-        Status = SepDuplicateToken(Token,
-                                   ObjectAttributes,
-                                   EffectiveOnly,
-                                   TokenType,
-                                   (QoSPresent ?
CapturedSecurityQualityOfService->ImpersonationLevel : SecurityAnonymous),
-                                   PreviousMode,
-                                   &NewToken);
-
-        ObDereferenceObject(Token);
-
+        Status = ObInsertObject((PVOID)NewToken,
+                                NULL,
+                                DesiredAccess,
+                                0,
+                                NULL,
+                                &hToken);
         if (NT_SUCCESS(Status))
         {
-            Status = ObInsertObject((PVOID)NewToken,
-                                    NULL,
-                                    DesiredAccess,
-                                    0,
-                                    NULL,
-                                    &hToken);
-
-            if (NT_SUCCESS(Status))
+            _SEH2_TRY
             {
-                _SEH2_TRY
-                {
-                    *NewTokenHandle = hToken;
-                }
-                _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
-                {
-                    Status = _SEH2_GetExceptionCode();
-                }
-                _SEH2_END;
+                *NewTokenHandle = hToken;
             }
+            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+            {
+                Status = _SEH2_GetExceptionCode();
+            }
+            _SEH2_END;
         }
     }
 



    