[ekohl] 72449: [LSASRV] LsarSetSecurityObject: Impersonate the client and retrieve the client token when the owner sid will be set. - Ros-diffs

23 Aug 2016

Author: ekohl
Date: Tue Aug 23 21:14:17 2016
New Revision: 72449
URL: http://svn.reactos.org/svn/reactos?rev=72449&view=rev
Log:
[LSASRV]
LsarSetSecurityObject: Impersonate the client and retrieve the client token when the owner sid will be set.
Modified:
    trunk/reactos/dll/win32/lsasrv/lsarpc.c
Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?r...
==============================================================================

--- trunk/reactos/dll/win32/lsasrv/lsarpc.c	[iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/lsarpc.c	[iso-8859-1] Tue Aug 23 21:14:17 2016
@@ -372,18 +372,27 @@
     if (!NT_SUCCESS(Status))
         goto done;
-#if 0
-    RpcImpersonateClient(NULL);
-
-    Status = NtOpenThreadToken(NtCurrentThread(),
-                               8,
-                               TRUE,
-                               &hToken);
-    if (!NT_SUCCESS(Status))
-        goto done;
-
-    RpcRevertToSelf();
-#endif
+    /* Get the clients token if we try to set the owner */
+    if (SecurityInformation & OWNER_SECURITY_INFORMATION)
+    {
+        Status = I_RpcMapWin32Status(RpcImpersonateClient(NULL));
+        if (!NT_SUCCESS(Status))
+        {
+            ERR("RpcImpersonateClient returns 0x%08lx\n", Status);
+            goto done;
+        }
+
+        Status = NtOpenThreadToken(NtCurrentThread(),
+                                   TOKEN_QUERY,
+                                   TRUE,
+                                   &TokenHandle);
+        RpcRevertToSelf();
+        if (!NT_SUCCESS(Status))
+        {
+            ERR("NtOpenThreadToken returns 0x%08lx\n", Status);
+            goto done;
+        }
+    }
/* Build the new security descriptor */
     Status = RtlSetSecurityObject(SecurityInformation,

    