On 04/03/2013 12:23, Alexey Utkin wrote:
:
We can have the situation with:
1) OpenThreadToken return 0 without exception - that is ok for thread
without impersonation.
2) processTokenWithDuplicateAccess is 0 for some reason (weak precess
privileges)
For that case we have no access to process token without exception
(hToken :=: 0).
boolean hasRight = false;
if (hToken != 0L) {
So, in upper line we need to check token for non-empty value.
! Do you concern about the [false] return value for that case?
try {
hasRight = AccessCheck(hToken, securityInfo,
accessMask,
genericRead, genericWrite, genericExecute,
genericAll);
Here is the actual work, that can make an exception (for example it
happens for invalid SID)
} finally {
CloseHandle(hToken);
If token was open it have to be closed without excuses.
}
}
return hasRight;
}
implementation approach?
Can the handle to the token (hToken) be 0? In my comment I was
suggesting:
long hToken = OpenThreadToken(...);
try {
...
} finally {
CloseHandle(hToken);
}
This mail is hard to read but I think the implementation is good.
-Alan.
