[ros-diffs] [reactos] 01/01: [NTOS:SE] Don't assert on levels that don't allow impersonation.

Thomas Faber Sun, 21 Nov 2021 14:32:56 -0800

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=88e3ef5fa06d030d86f5d91a43f727922496da8e


commit 88e3ef5fa06d030d86f5d91a43f727922496da8e
Author:     Thomas Faber <thomas.fa...@reactos.org>
AuthorDate: Sun Nov 21 17:18:25 2021 -0500
Commit:     Thomas Faber <thomas.fa...@reactos.org>
CommitDate: Sun Nov 21 17:19:03 2021 -0500

    [NTOS:SE] Don't assert on levels that don't allow impersonation.
---
 ntoskrnl/se/token.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/ntoskrnl/se/token.c b/ntoskrnl/se/token.c
index cd320a8dcdf..fa4a0e8d847 100644
--- a/ntoskrnl/se/token.c
+++ b/ntoskrnl/se/token.c
@@ -3582,11 +3582,13 @@ SeTokenCanImpersonate(
 
     /*
      * SecurityAnonymous and SecurityIdentification levels do not
-     * allow impersonation. If we get such levels from the call
-     * then something's seriously wrong.
+     * allow impersonation.
      */
-    ASSERT(ImpersonationLevel != SecurityAnonymous &&
-           ImpersonationLevel != SecurityIdentification);
+    if (ImpersonationLevel == SecurityAnonymous ||
+        ImpersonationLevel == SecurityIdentification)
+    {
+        return FALSE;
+    }
 
     /* Time to lock our tokens */
     SepAcquireTokenLockShared(ProcessToken);

[ros-diffs] [reactos] 01/01: [NTOS:SE] Don't assert on levels that don't allow impersonation.

Reply via email to