projects / reactos.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[NTOSKRNL]
[reactos.git] / reactos / ntoskrnl / se / token.c
diff --git a/reactos/ntoskrnl/se/token.c b/reactos/ntoskrnl/se/token.c
index aa281bc..6ee5254 100644 (file)
--- a/reactos/ntoskrnl/se/token.c
+++ b/reactos/ntoskrnl/se/token.c
@@ -1871,6 +1871,21 @@ NtDuplicateToken(IN HANDLE ExistingTokenHandle,
         }
     }
 
         }
     }
 
+    /*
+     * Fail, if a primary token is to be created from an impersonation token
+     * and and the impersonation level of the impersonation token is below SecurityImpersonation.
+     */
+    if (Token->TokenType == TokenImpersonation &&
+        TokenType == TokenPrimary &&
+        Token->ImpersonationLevel < SecurityImpersonation)
+    {
+        ObDereferenceObject(Token);
+        SepReleaseSecurityQualityOfService(CapturedSecurityQualityOfService,
+                                           PreviousMode,
+                                           FALSE);
+        return STATUS_BAD_IMPERSONATION_LEVEL;
+    }
+
     Status = SepDuplicateToken(Token,
                                ObjectAttributes,
                                EffectiveOnly,
     Status = SepDuplicateToken(Token,
                                ObjectAttributes,
                                EffectiveOnly,
A free Windows-compatible Operating System