[ros-diffs] [ekohl] 57821: [LSASRV] - Add a trusted flag to the lsa object type. - Inherit the trusted flag from the policy object when an account or secret object is created or opened. - Set the trusted flag ...

Author: ekohl Date: Sat Dec 8 17:18:17 2012 New Revision: 57821 URL: http://svn.reactos.org/svn/reactos?rev=57821&view=rev Log: [LSASRV] - Add a trusted flag to the lsa object type. - Inherit the trusted flag from the policy object when an account or secret object is created or opened. - Set the trusted flag for a policy object in LsaIOpenPolicyTrusted. Modified: trunk/reactos/dll/win32/lsasrv/database.c trunk/reactos/dll/win32/lsasrv/lsarpc.c trunk/reactos/dll/win32/lsasrv/lsasrv.h trunk/reactos/dll/win32/lsasrv/policy.c Modified: trunk/reactos/dll/win32/lsasrv/database.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/database.… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/database.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/database.c [iso-8859-1] Sat Dec 8 17:18:17 2012 @@ -304,6 +304,7 @@ L"Policy", LsaDbPolicyObject, 0, + TRUE, &PolicyObject); if (!NT_SUCCESS(Status)) goto done; @@ -434,6 +435,7 @@ L"Policy", LsaDbPolicyObject, 0, + TRUE, &PolicyObject); if (!NT_SUCCESS(Status)) goto done; @@ -596,6 +598,7 @@ IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, + IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject) { PLSA_DB_OBJECT NewObject; @@ -698,6 +701,7 @@ NewObject->Access = DesiredAccess; NewObject->KeyHandle = ObjectKeyHandle; NewObject->ParentObject = ParentObject; + NewObject->Trusted = Trusted; if (ParentObject != NULL) ParentObject->RefCount++; @@ -714,6 +718,7 @@ IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, + IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject) { PLSA_DB_OBJECT NewObject; @@ -809,6 +814,7 @@ NewObject->Access = DesiredAccess; NewObject->KeyHandle = ObjectKeyHandle; NewObject->ParentObject = ParentObject; + NewObject->Trusted = Trusted; if (ParentObject != NULL) ParentObject->RefCount++; Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Sat Dec 8 17:18:17 2012 @@ -258,6 +258,7 @@ L"Policy", LsaDbPolicyObject, DesiredAccess, + FALSE, &PolicyObject); RtlLeaveCriticalSection(&PolicyHandleTableLock); @@ -592,6 +593,7 @@ SidString, LsaDbAccountObject, DesiredAccess, + PolicyObject->Trusted, &AccountObject); if (!NT_SUCCESS(Status)) { @@ -1036,6 +1038,7 @@ SecretName->Buffer, LsaDbSecretObject, DesiredAccess, + PolicyObject->Trusted, &SecretObject); if (!NT_SUCCESS(Status)) { @@ -1131,6 +1134,7 @@ SidString, LsaDbAccountObject, DesiredAccess, + PolicyObject->Trusted, &AccountObject); if (!NT_SUCCESS(Status)) { @@ -1241,6 +1245,7 @@ return Status; } + /* Get the size of the Privilgs attribute */ Status = LsapGetObjectAttribute(AccountObject, L"Privilgs", NULL, @@ -1348,7 +1353,7 @@ } } - /* Set the new priivliege set */ + /* Set the new privilege set */ Status = LsapSetObjectAttribute(AccountObject, L"Privilgs", NewPrivileges, @@ -1591,6 +1596,7 @@ SecretName->Buffer, LsaDbSecretObject, DesiredAccess, + PolicyObject->Trusted, &SecretObject); if (!NT_SUCCESS(Status)) { Modified: trunk/reactos/dll/win32/lsasrv/lsasrv.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsasrv.h?… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] Sat Dec 8 17:18:17 2012 @@ -47,6 +47,7 @@ ULONG RefCount; ACCESS_MASK Access; HANDLE KeyHandle; + BOOLEAN Trusted; struct _LSA_DB_OBJECT *ParentObject; } LSA_DB_OBJECT, *PLSA_DB_OBJECT; @@ -87,6 +88,7 @@ IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE HandleType, IN ACCESS_MASK DesiredAccess, + IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject); NTSTATUS @@ -95,6 +97,7 @@ IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, + IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject); NTSTATUS Modified: trunk/reactos/dll/win32/lsasrv/policy.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/policy.c?… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/policy.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/policy.c [iso-8859-1] Sat Dec 8 17:18:17 2012 @@ -29,6 +29,7 @@ L"Policy", LsaDbPolicyObject, POLICY_ALL_ACCESS, + TRUE, &PolicyObject); if (NT_SUCCESS(Status))