https://git.reactos.org/?p=reactos.git;a=commitdiff;h=a9eda8f492137e7d8d9ac5...
commit a9eda8f492137e7d8d9ac5089956689b28d8f332 Author: Hermès Bélusca-Maïto hermes.belusca-maito@reactos.org AuthorDate: Tue Jun 26 22:30:09 2018 +0200 Commit: Hermès Bélusca-Maïto hermes.belusca-maito@reactos.org CommitDate: Wed Jun 27 23:40:16 2018 +0200
[LSASRV] Enable SE_CREATE_TOKEN_PRIVILEGE in LSASS since one of our purposes is to create access tokens -- NtCreateToken() requires this privilege. --- dll/win32/lsasrv/lsasrv.c | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/dll/win32/lsasrv/lsasrv.c b/dll/win32/lsasrv/lsasrv.c index e2a28bd600..206c10ec06 100644 --- a/dll/win32/lsasrv/lsasrv.c +++ b/dll/win32/lsasrv/lsasrv.c @@ -272,6 +272,7 @@ NTSTATUS WINAPI LsapInitLsa(VOID) { NTSTATUS Status; + BOOLEAN PrivilegeEnabled;
TRACE("LsapInitLsa() called\n");
@@ -300,6 +301,13 @@ LsapInitLsa(VOID) return Status; }
+ /* Enable the token creation privilege for the rest of our lifetime */ + Status = RtlAdjustPrivilege(SE_CREATE_TOKEN_PRIVILEGE, TRUE, FALSE, &PrivilegeEnabled); + if (!NT_SUCCESS(Status)) + { + ERR("RtlAdjustPrivilege(SE_CREATE_TOKEN_PRIVILEGE) failed, ignoring (Status 0x%08lx)\n", Status); + } + /* Start the authentication LPC port thread */ Status = StartAuthenticationPort(); if (!NT_SUCCESS(Status))