Sebastian Lackner : server: Fix handling of MAXIMUM_ALLOWED in token_access_check. - wine-commits

3 Feb 2017

Module: wine
Branch: master
Commit: 0e42bce0b6bd606565de64158348725efa65bb4c
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=0e42bce0b6bd606565de641583...
Author: Sebastian Lackner sebastian@fds-team.de
Date:   Fri Feb  3 09:57:10 2017 +0100
server: Fix handling of MAXIMUM_ALLOWED in token_access_check.
Signed-off-by: Sebastian Lackner sebastian@fds-team.de
Signed-off-by: Alexandre Julliard julliard@winehq.org
---
dlls/advapi32/tests/security.c | 6 ++++++
 server/token.c                 | 5 ++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index f339607..3250544 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -1376,6 +1376,12 @@ static void test_AccessCheck(void)
     ok(AccessStatus && (Access == KEY_READ),
         "AccessCheck failed to grant access with error %d\n",
         GetLastError());
+    ret = AccessCheck(SecurityDescriptor, Token, MAXIMUM_ALLOWED, &Mapping,
+                      PrivSet, &PrivSetLen, &Access, &AccessStatus);
+    ok(ret, "AccessCheck failed with error %d\n", GetLastError());
+    ok(AccessStatus && (Access == KEY_ALL_ACCESS),
+        "AccessCheck failed to grant access with error %d\n",
+        GetLastError());
/* sd with blank dacl */
     ret = SetSecurityDescriptorDacl(SecurityDescriptor, TRUE, Acl, FALSE);
diff --git a/server/token.c b/server/token.c
index 8c5e836..9489529 100644
--- a/server/token.c
+++ b/server/token.c
@@ -844,7 +844,10 @@ static unsigned int token_access_check( struct token *token,
     if (!dacl_present || !dacl)
     {
         if (priv_count) *priv_count = 0;
-        *granted_access = desired_access;
+        if (desired_access & MAXIMUM_ALLOWED)
+            *granted_access = mapping->GenericAll;
+        else
+            *granted_access = desired_access;
         return *status = STATUS_SUCCESS;
     }

    