Commit 12e44bf2 authored by Rob Shearman's avatar Rob Shearman Committed by Alexandre Julliard

server: Fix token_access_check to allow full access to security descriptors with…

server: Fix token_access_check to allow full access to security descriptors with present but NULL DACLs.
parent a006b060
...@@ -798,7 +798,6 @@ static void test_AccessCheck(void) ...@@ -798,7 +798,6 @@ static void test_AccessCheck(void)
ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping, ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping,
PrivSet, &PrivSetLen, &Access, &AccessStatus); PrivSet, &PrivSetLen, &Access, &AccessStatus);
ok(ret, "AccessCheck failed with error %d\n", GetLastError()); ok(ret, "AccessCheck failed with error %d\n", GetLastError());
todo_wine
ok(AccessStatus && (Access == KEY_READ), ok(AccessStatus && (Access == KEY_READ),
"AccessCheck failed to grant access with error %d\n", "AccessCheck failed to grant access with error %d\n",
GetLastError()); GetLastError());
......
...@@ -811,18 +811,12 @@ static unsigned int token_access_check( struct token *token, ...@@ -811,18 +811,12 @@ static unsigned int token_access_check( struct token *token,
} }
/* 1: Grant desired access if the object is unprotected */ /* 1: Grant desired access if the object is unprotected */
if (!dacl_present) if (!dacl_present || !dacl)
{ {
*priv_count = 0; *priv_count = 0;
*granted_access = desired_access; *granted_access = desired_access;
return *status = STATUS_SUCCESS; return *status = STATUS_SUCCESS;
} }
if (!dacl)
{
*priv_count = 0;
*status = STATUS_ACCESS_DENIED;
return STATUS_SUCCESS;
}
/* 2: Check if caller wants access to system security part. Note: access /* 2: Check if caller wants access to system security part. Note: access
* is only granted if specifically asked for */ * is only granted if specifically asked for */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment