server: Fix token_access_check to allow full access to security descriptors with present but NULL DACLs.

This commit is contained in:
Rob Shearman 2007-10-16 09:50:50 +01:00 committed by Alexandre Julliard
parent a006b06080
commit 12e44bf299
2 changed files with 1 additions and 8 deletions

View File

@ -798,7 +798,6 @@ static void test_AccessCheck(void)
ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping,
PrivSet, &PrivSetLen, &Access, &AccessStatus);
ok(ret, "AccessCheck failed with error %d\n", GetLastError());
todo_wine
ok(AccessStatus && (Access == KEY_READ),
"AccessCheck failed to grant access with error %d\n",
GetLastError());

View File

@ -811,18 +811,12 @@ static unsigned int token_access_check( struct token *token,
}
/* 1: Grant desired access if the object is unprotected */
if (!dacl_present)
if (!dacl_present || !dacl)
{
*priv_count = 0;
*granted_access = desired_access;
return *status = STATUS_SUCCESS;
}
if (!dacl)
{
*priv_count = 0;
*status = STATUS_ACCESS_DENIED;
return STATUS_SUCCESS;
}
/* 2: Check if caller wants access to system security part. Note: access
* is only granted if specifically asked for */