Module: wine Branch: master Commit: 5290766ae0826e506b944b42944a5468bb79fa5c URL: http://source.winehq.org/git/wine.git/?a=commit;h=5290766ae0826e506b944b4294... Author: Nikolay Sivov <nsivov(a)codeweavers.com> Date: Tue Aug 2 02:12:51 2011 +0400 advapi32: Fix CheckTokenMemberShip for primary tokens. --- dlls/advapi32/security.c | 13 +++++++++++++ dlls/advapi32/tests/security.c | 6 ++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index c3454a8..e4953d0 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -607,6 +607,19 @@ CheckTokenMembership( HANDLE token, PSID sid_to_check, } token = thread_token; } + else + { + TOKEN_TYPE type; + + ret = GetTokenInformation(token, TokenType, &type, sizeof(TOKEN_TYPE), &size); + if (!ret) goto exit; + + if (type == TokenPrimary) + { + SetLastError(ERROR_NO_IMPERSONATION_TOKEN); + return FALSE; + } + } ret = GetTokenInformation(token, TokenGroups, NULL, 0, &size); if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 6a9a1d2..931f912 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -3637,21 +3637,23 @@ static void test_CheckTokenMembership(void) return; } + is_member = FALSE; ret = pCheckTokenMembership(token, token_groups->Groups[i].Sid, &is_member); ok(ret, "CheckTokenMembership failed with error %d\n", GetLastError()); ok(is_member, "CheckTokenMembership should have detected sid as member\n"); + is_member = FALSE; ret = pCheckTokenMembership(NULL, token_groups->Groups[i].Sid, &is_member); ok(ret, "CheckTokenMembership failed with error %d\n", GetLastError()); ok(is_member, "CheckTokenMembership should have detected sid as member\n"); + is_member = TRUE; + SetLastError(0xdeadbeef); ret = pCheckTokenMembership(process_token, token_groups->Groups[i].Sid, &is_member); -todo_wine { ok(!ret && GetLastError() == ERROR_NO_IMPERSONATION_TOKEN, "CheckTokenMembership with process token %s with error %d\n", ret ? "succeeded" : "failed", GetLastError()); ok(!is_member, "CheckTokenMembership should have cleared is_member\n"); -} HeapFree(GetProcessHeap(), 0, token_groups); CloseHandle(token);