Commit 5290766a authored by Nikolay Sivov's avatar Nikolay Sivov Committed by Alexandre Julliard

advapi32: Fix CheckTokenMemberShip for primary tokens.

parent 01fb0fdf
...@@ -607,6 +607,19 @@ CheckTokenMembership( HANDLE token, PSID sid_to_check, ...@@ -607,6 +607,19 @@ CheckTokenMembership( HANDLE token, PSID sid_to_check,
} }
token = thread_token; token = thread_token;
} }
else
{
TOKEN_TYPE type;
ret = GetTokenInformation(token, TokenType, &type, sizeof(TOKEN_TYPE), &size);
if (!ret) goto exit;
if (type == TokenPrimary)
{
SetLastError(ERROR_NO_IMPERSONATION_TOKEN);
return FALSE;
}
}
ret = GetTokenInformation(token, TokenGroups, NULL, 0, &size); ret = GetTokenInformation(token, TokenGroups, NULL, 0, &size);
if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER) if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
......
...@@ -3637,21 +3637,23 @@ static void test_CheckTokenMembership(void) ...@@ -3637,21 +3637,23 @@ static void test_CheckTokenMembership(void)
return; return;
} }
is_member = FALSE;
ret = pCheckTokenMembership(token, token_groups->Groups[i].Sid, &is_member); ret = pCheckTokenMembership(token, token_groups->Groups[i].Sid, &is_member);
ok(ret, "CheckTokenMembership failed with error %d\n", GetLastError()); ok(ret, "CheckTokenMembership failed with error %d\n", GetLastError());
ok(is_member, "CheckTokenMembership should have detected sid as member\n"); ok(is_member, "CheckTokenMembership should have detected sid as member\n");
is_member = FALSE;
ret = pCheckTokenMembership(NULL, token_groups->Groups[i].Sid, &is_member); ret = pCheckTokenMembership(NULL, token_groups->Groups[i].Sid, &is_member);
ok(ret, "CheckTokenMembership failed with error %d\n", GetLastError()); ok(ret, "CheckTokenMembership failed with error %d\n", GetLastError());
ok(is_member, "CheckTokenMembership should have detected sid as member\n"); ok(is_member, "CheckTokenMembership should have detected sid as member\n");
is_member = TRUE;
SetLastError(0xdeadbeef);
ret = pCheckTokenMembership(process_token, token_groups->Groups[i].Sid, &is_member); ret = pCheckTokenMembership(process_token, token_groups->Groups[i].Sid, &is_member);
todo_wine {
ok(!ret && GetLastError() == ERROR_NO_IMPERSONATION_TOKEN, ok(!ret && GetLastError() == ERROR_NO_IMPERSONATION_TOKEN,
"CheckTokenMembership with process token %s with error %d\n", "CheckTokenMembership with process token %s with error %d\n",
ret ? "succeeded" : "failed", GetLastError()); ret ? "succeeded" : "failed", GetLastError());
ok(!is_member, "CheckTokenMembership should have cleared is_member\n"); ok(!is_member, "CheckTokenMembership should have cleared is_member\n");
}
HeapFree(GetProcessHeap(), 0, token_groups); HeapFree(GetProcessHeap(), 0, token_groups);
CloseHandle(token); CloseHandle(token);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment