Skip to content

W
wine-winehq
Commit 1802a5b9 authored by Rob Shearman's avatar Rob Shearman Committed by Alexandre Julliard
Browse files
Options

advapi32: Use a duplicate of the process token if a NULL token is passed into…

advapi32: Use a duplicate of the process token if a NULL token is passed into CheckTokenMembership and there is no thread token.
parent 9b3b9a10
Hide whitespace changes
Inline Side-by-side
Showing with 33 additions and 14 deletions
dlls/advapi32/security.c
View file @ 1802a5b9
......@@ -625,8 +625,10 @@ BOOL WINAPI
CheckTokenMembership( HANDLE token, PSID sid_to_check,
PBOOL is_member )
{
PTOKEN_GROUPS token_groups;
PTOKEN_GROUPS token_groups = NULL;
HANDLE thread_token = NULL;
DWORD size, i;
BOOL ret;
TRACE("(%p %s %p)\n", token, debugstr_sid(sid_to_check), is_member);
......@@ -634,26 +636,37 @@ CheckTokenMembership( HANDLE token, PSID sid_to_check,
if (!token)
{
if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &token))
return FALSE;
if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &thread_token))
{
HANDLE process_token;
ret = OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &process_token);
if (!ret)
goto exit;
ret = DuplicateTokenEx(process_token, TOKEN_QUERY,
NULL, SecurityImpersonation, TokenImpersonation,
&thread_token);
CloseHandle(process_token);
if (!ret)
goto exit;
}
token = thread_token;
}
if (!GetTokenInformation(token, TokenGroups, NULL, 0, &size))
{
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
return FALSE;
}
ret = GetTokenInformation(token, TokenGroups, NULL, 0, &size);
if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
goto exit;
token_groups = HeapAlloc(GetProcessHeap(), 0, size);
if (!token_groups)
return FALSE;
if (!GetTokenInformation(token, TokenGroups, token_groups, size, &size))
{
HeapFree(GetProcessHeap(), 0, token_groups);
return FALSE;
ret = FALSE;
goto exit;
}
ret = GetTokenInformation(token, TokenGroups, token_groups, size, &size);
if (!ret)
goto exit;
for (i = 0; i < token_groups->GroupCount; i++)
{
TRACE("Groups[%d]: {0x%x, %s}\n", i,
......@@ -668,9 +681,11 @@ CheckTokenMembership( HANDLE token, PSID sid_to_check,
}
}
exit:
HeapFree(GetProcessHeap(), 0, token_groups);
if (thread_token != NULL) CloseHandle(thread_token);
return TRUE;
return ret;
}
/******************************************************************************
......
dlls/advapi32/tests/security.c
View file @ 1802a5b9
......@@ -3249,6 +3249,10 @@ static void test_CheckTokenMembership(void)
ok(ret, "CheckTokenMembership failed with error %d\n", GetLastError());
ok(is_member, "CheckTokenMembership should have detected sid as member\n");
ret = pCheckTokenMembership(NULL, token_groups->Groups[i].Sid, &is_member);
ok(ret, "CheckTokenMembership failed with error %d\n", GetLastError());
ok(is_member, "CheckTokenMembership should have detected sid as member\n");
ret = pCheckTokenMembership(process_token, token_groups->Groups[i].Sid, &is_member);
todo_wine {
ok(!ret && GetLastError() == ERROR_NO_IMPERSONATION_TOKEN,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment