[ekohl] 57351: [LSASRV] LsarSetInfromationPolicy: Check desired access depending on the information class. LsarLookupPrivilegeValue / LsarLookupPrivilegeName: Check desired access. - Ros-diffs

20 Sep 2012

Author: ekohl
Date: Thu Sep 20 11:29:45 2012
New Revision: 57351

URL: http://svn.reactos.org/svn/reactos?rev=57351&view=rev
Log:
[LSASRV]
LsarSetInfromationPolicy: Check desired access depending on the information class.
LsarLookupPrivilegeValue / LsarLookupPrivilegeName: Check desired access.

Modified:
    trunk/reactos/dll/win32/lsasrv/lsarpc.c

Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?…
==============================================================================

--- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Thu Sep 20 11:29:45 2012
@@ -278,6 +278,7 @@
     PLSAPR_POLICY_INFORMATION PolicyInformation)
 {
     PLSA_DB_OBJECT DbObject;
+    ACCESS_MASK DesiredAccess = 0;
     NTSTATUS Status;
 
     TRACE("LsarSetInformationPolicy(%p,0x%08x,%p)\n",
@@ -288,9 +289,39 @@
         TRACE("*PolicyInformation %p\n", *PolicyInformation);
     }
 
+    switch (InformationClass)
+    {
+        case PolicyAuditLogInformation:
+        case PolicyAuditFullSetInformation:
+            DesiredAccess = POLICY_AUDIT_LOG_ADMIN;
+            break;
+
+        case PolicyAuditEventsInformation:
+            DesiredAccess = POLICY_SET_AUDIT_REQUIREMENTS;
+            break;
+
+        case PolicyPrimaryDomainInformation:
+        case PolicyAccountDomainInformation:
+            DesiredAccess = POLICY_TRUST_ADMIN;
+            break;
+
+        case PolicyLsaServerRoleInformation:
+        case PolicyReplicaSourceInformation:
+            DesiredAccess = POLICY_SERVER_ADMIN;
+            break;
+
+        case PolicyDefaultQuotaInformation:
+            DesiredAccess = POLICY_SET_DEFAULT_QUOTA_LIMITS;
+            break;
+
+        default:
+            ERR("Invalid InformationClass!\n");
+            return STATUS_INVALID_PARAMETER;
+    }
+
     Status = LsapValidateDbObject(PolicyHandle,
                                   LsaDbPolicyObject,
-                                  0, /* FIXME */
+                                  DesiredAccess,
                                   &DbObject);
     if (!NT_SUCCESS(Status))
         return Status;
@@ -1338,7 +1369,7 @@
 
     Status = LsapValidateDbObject(PolicyHandle,
                                   LsaDbPolicyObject,
-                                  0, /* FIXME */
+                                  POLICY_LOOKUP_NAMES,
                                   NULL);
     if (!NT_SUCCESS(Status))
     {
@@ -1368,7 +1399,7 @@
 
     Status = LsapValidateDbObject(PolicyHandle,
                                   LsaDbPolicyObject,
-                                  0, /* FIXME */
+                                  POLICY_LOOKUP_NAMES,
                                   NULL);
     if (!NT_SUCCESS(Status))
     {



    