server: Fix token_access_check to allow full access to security descriptors with…

server: Fix token_access_check to allow full access to security descriptors with present but NULL DACLs.

server: Fix token_access_check to allow full access to security descriptors with…
12e44bf2 · Rob Shearman · Alexandre Julliard · a006b060 · 12e44bf2 · 12e44bf2
Commit 12e44bf2 authored Oct 16, 2007 by Rob Shearman Committed by Alexandre Julliard Oct 16, 2007
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 8 deletions

security.c dlls/advapi32/tests/security.c +0 -1

token.c server/token.c +1 -7

No files found.
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -798,7 +798,6 @@ static void test_AccessCheck(void)
    ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping,
                      PrivSet, &PrivSetLen, &Access, &AccessStatus);
    ok(ret, "AccessCheck failed with error %d\n", GetLastError());
-    todo_wine
    ok(AccessStatus && (Access == KEY_READ),
        "AccessCheck failed to grant access with error %d\n",
        GetLastError());

--- a/server/token.c
+++ b/server/token.c
@@ -811,18 +811,12 @@ static unsigned int token_access_check( struct token *token,
    }

    /* 1: Grant desired access if the object is unprotected */
-    if (!dacl_present)
+    if (!dacl_present || !dacl)
    {
        *priv_count = 0;
        *granted_access = desired_access;
        return *status = STATUS_SUCCESS;
    }
-    if (!dacl)
-    {
-        *priv_count = 0;
-        *status = STATUS_ACCESS_DENIED;
-        return STATUS_SUCCESS;
-    }

    /* 2: Check if caller wants access to system security part. Note: access
     * is only granted if specifically asked for */