From 12e44bf29974743d3ca9819817657c785e3c49e1 Mon Sep 17 00:00:00 2001 From: Rob Shearman Date: Tue, 16 Oct 2007 09:50:50 +0100 Subject: [PATCH] server: Fix token_access_check to allow full access to security descriptors with present but NULL DACLs. --- dlls/advapi32/tests/security.c | 1 - server/token.c | 8 +------- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 0fbd3f939dc..b9a12ce9448 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -798,7 +798,6 @@ static void test_AccessCheck(void) ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping, PrivSet, &PrivSetLen, &Access, &AccessStatus); ok(ret, "AccessCheck failed with error %d\n", GetLastError()); - todo_wine ok(AccessStatus && (Access == KEY_READ), "AccessCheck failed to grant access with error %d\n", GetLastError()); diff --git a/server/token.c b/server/token.c index bbb293a8799..38877fefdb5 100644 --- a/server/token.c +++ b/server/token.c @@ -811,18 +811,12 @@ static unsigned int token_access_check( struct token *token, } /* 1: Grant desired access if the object is unprotected */ - if (!dacl_present) + if (!dacl_present || !dacl) { *priv_count = 0; *granted_access = desired_access; return *status = STATUS_SUCCESS; } - if (!dacl) - { - *priv_count = 0; - *status = STATUS_ACCESS_DENIED; - return STATUS_SUCCESS; - } /* 2: Check if caller wants access to system security part. Note: access * is only granted if specifically asked for */