[NTOSKRNL]
authorEric Kohl <eric.kohl@reactos.org>
Tue, 23 Mar 2010 00:16:14 +0000 (00:16 +0000)
committerEric Kohl <eric.kohl@reactos.org>
Tue, 23 Mar 2010 00:16:14 +0000 (00:16 +0000)
NtAccessCheck:
- Fix returned status if the token is not an impersonation token.
- Add a check for the token impersonation level.

svn path=/trunk/; revision=46347

reactos/ntoskrnl/se/semgr.c

index d9d7eb1..38b1274 100644 (file)
@@ -743,7 +743,15 @@ NtAccessCheck(IN PSECURITY_DESCRIPTOR SecurityDescriptor,
     {
         DPRINT1("No impersonation token\n");
         ObDereferenceObject(Token);
-        return STATUS_ACCESS_DENIED;
+        return STATUS_NO_IMPERSONATION_TOKEN;
+    }
+
+    /* Check the impersonation level */
+    if (Token->ImpersonationLevel < SecurityIdentification)
+    {
+        DPRINT1("Impersonation level < SecurityIdentification\n");
+        ObDereferenceObject(Token);
+        return STATUS_BAD_IMPERSONATION_LEVEL;
     }
 
     /* Set up the subject context, and lock it */