[PATCH 1/2] server: Grant the same access rights when req->access is zero in duplicate_token.
From: Michael Müller michael@fds-team.de
Signed-off-by: Zebediah Figura z.figura12@gmail.com --- server/token.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/server/token.c b/server/token.c index ec2616098c6..2ae1cb1780a 100644 --- a/server/token.c +++ b/server/token.c @@ -1358,7 +1358,8 @@ DECL_HANDLER(duplicate_token) struct token *token = token_duplicate( src_token, req->primary, req->impersonation_level, sd, NULL, 0, NULL, 0 ); if (token) { - reply->new_handle = alloc_handle_no_access_check( current->process, token, req->access, objattr->attributes ); + unsigned int access = req->access ? req->access : get_handle_access( current->process, req->handle ); + reply->new_handle = alloc_handle_no_access_check( current->process, token, access, objattr->attributes ); release_object( token ); } release_object( src_token );
Signed-off-by: Zebediah Figura z.figura12@gmail.com --- dlls/advapi32/tests/security.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 991f57f1fc7..d9849f44c9a 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -7905,6 +7905,37 @@ static void test_pseudo_handle_security(void) } }
+static void test_duplicate_token(void) +{ + HANDLE token, token2; + BOOL ret; + + ret = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT, &token); + ok(ret, "got error %u\n", GetLastError()); + + ret = DuplicateToken(token, SecurityAnonymous, &token2); + ok(ret, "got error %u\n", GetLastError()); + TEST_GRANTED_ACCESS(token2, TOKEN_QUERY | TOKEN_IMPERSONATE); + CloseHandle(token2); + + ret = DuplicateTokenEx(token, 0, NULL, SecurityAnonymous, TokenPrimary, &token2); + ok(ret, "got error %u\n", GetLastError()); + TEST_GRANTED_ACCESS(token2, TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT); + CloseHandle(token2); + + ret = DuplicateTokenEx(token, MAXIMUM_ALLOWED, NULL, SecurityAnonymous, TokenPrimary, &token2); + ok(ret, "got error %u\n", GetLastError()); + TEST_GRANTED_ACCESS(token2, TOKEN_ALL_ACCESS); + CloseHandle(token2); + + ret = DuplicateTokenEx(token, TOKEN_QUERY_SOURCE, NULL, SecurityAnonymous, TokenPrimary, &token2); + ok(ret, "got error %u\n", GetLastError()); + TEST_GRANTED_ACCESS(token2, TOKEN_QUERY_SOURCE); + CloseHandle(token2); + + CloseHandle(token); +} + START_TEST(security) { init(); @@ -7970,6 +8001,7 @@ START_TEST(security) test_duplicate_handle_access(); test_create_process_token(); test_pseudo_handle_security(); + test_duplicate_token();
/* Must be the last test, modifies process token */ test_token_security_descriptor();
-
Zebediah Figura