server: Fix token_access_check to allow full access to security descriptors with present but NULL DACLs.

2007-10-16 09:50:50 +01:00 · 2007-10-16 09:50:50 +01:00 · 12e44bf299
parent a006b06080
commit 12e44bf299
2 changed files with 1 additions and 8 deletions
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@ -798,7 +798,6 @@ static void test_AccessCheck(void)
    ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping,
                      PrivSet, &PrivSetLen, &Access, &AccessStatus);
    ok(ret, "AccessCheck failed with error %d\n", GetLastError());
-    todo_wine
    ok(AccessStatus && (Access == KEY_READ),
        "AccessCheck failed to grant access with error %d\n",
        GetLastError());
--- a/server/token.c
+++ b/server/token.c
@ -811,18 +811,12 @@ static unsigned int token_access_check( struct token *token,
    }

    /* 1: Grant desired access if the object is unprotected */
-    if (!dacl_present)
+    if (!dacl_present || !dacl)
    {
        *priv_count = 0;
        *granted_access = desired_access;
        return *status = STATUS_SUCCESS;
    }
-    if (!dacl)
-    {
-        *priv_count = 0;
-        *status = STATUS_ACCESS_DENIED;
-        return STATUS_SUCCESS;
-    }

    /* 2: Check if caller wants access to system security part. Note: access
     * is only granted if specifically asked for */