server: Fix handling of MAXIMUM_ALLOWED in token_access_check.

Signed-off-by: Sebastian Lackner <sebastian@fds-team.de> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

server: Fix handling of MAXIMUM_ALLOWED in token_access_check.
0e42bce0 · Sebastian Lackner · Alexandre Julliard · a39d67d8 · 0e42bce0 · 0e42bce0
Commit 0e42bce0 authored Feb 03, 2017 by Sebastian Lackner Committed by Alexandre Julliard Feb 03, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 1 deletion

security.c dlls/advapi32/tests/security.c +6 -0

token.c server/token.c +4 -1

No files found.
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -1376,6 +1376,12 @@ static void test_AccessCheck(void)
    ok(AccessStatus && (Access == KEY_READ),
        "AccessCheck failed to grant access with error %d\n",
        GetLastError());
+    ret = AccessCheck(SecurityDescriptor, Token, MAXIMUM_ALLOWED, &Mapping,
+                      PrivSet, &PrivSetLen, &Access, &AccessStatus);
+    ok(ret, "AccessCheck failed with error %d\n", GetLastError());
+    ok(AccessStatus && (Access == KEY_ALL_ACCESS),
+        "AccessCheck failed to grant access with error %d\n",
+        GetLastError());

    /* sd with blank dacl */
    ret = SetSecurityDescriptorDacl(SecurityDescriptor, TRUE, Acl, FALSE);

--- a/server/token.c
+++ b/server/token.c
@@ -844,7 +844,10 @@ static unsigned int token_access_check( struct token *token,
    if (!dacl_present || !dacl)
    {
        if (priv_count) *priv_count = 0;
-        *granted_access = desired_access;
+        if (desired_access & MAXIMUM_ALLOWED)
+            *granted_access = mapping->GenericAll;
+        else
+            *granted_access = desired_access;
        return *status = STATUS_SUCCESS;
    }