[ekohl] 57821: [LSASRV] - Add a trusted flag to the lsa object type. - Inherit the trusted flag from the policy object when an account or secret object is created or opened. - Set the trusted flag ... - Ros-diffs

8 Dec 2012

Author: ekohl
Date: Sat Dec  8 17:18:17 2012
New Revision: 57821
URL: http://svn.reactos.org/svn/reactos?rev=57821&view=rev
Log:
[LSASRV]
- Add a trusted flag to the lsa object type.
- Inherit the trusted flag from the policy object when an account or secret object is created or opened.
- Set the trusted flag for a policy object in LsaIOpenPolicyTrusted.
Modified:
    trunk/reactos/dll/win32/lsasrv/database.c
    trunk/reactos/dll/win32/lsasrv/lsarpc.c
    trunk/reactos/dll/win32/lsasrv/lsasrv.h
    trunk/reactos/dll/win32/lsasrv/policy.c
Modified: trunk/reactos/dll/win32/lsasrv/database.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/database.c...
==============================================================================

--- trunk/reactos/dll/win32/lsasrv/database.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/database.c [iso-8859-1] Sat Dec  8 17:18:17 2012
@@ -304,6 +304,7 @@
                               L"Policy",
                               LsaDbPolicyObject,
                               0,
+                              TRUE,
                               &PolicyObject);
     if (!NT_SUCCESS(Status))
         goto done;
@@ -434,6 +435,7 @@
                               L"Policy",
                               LsaDbPolicyObject,
                               0,
+                              TRUE,
                               &PolicyObject);
     if (!NT_SUCCESS(Status))
         goto done;
@@ -596,6 +598,7 @@
                    IN LPWSTR ObjectName,
                    IN LSA_DB_OBJECT_TYPE ObjectType,
                    IN ACCESS_MASK DesiredAccess,
+                   IN BOOLEAN Trusted,
                    OUT PLSA_DB_OBJECT *DbObject)
 {
     PLSA_DB_OBJECT NewObject;
@@ -698,6 +701,7 @@
     NewObject->Access = DesiredAccess;
     NewObject->KeyHandle = ObjectKeyHandle;
     NewObject->ParentObject = ParentObject;
+    NewObject->Trusted = Trusted;
if (ParentObject != NULL)
         ParentObject->RefCount++;
@@ -714,6 +718,7 @@
                  IN LPWSTR ObjectName,
                  IN LSA_DB_OBJECT_TYPE ObjectType,
                  IN ACCESS_MASK DesiredAccess,
+                 IN BOOLEAN Trusted,
                  OUT PLSA_DB_OBJECT *DbObject)
 {
     PLSA_DB_OBJECT NewObject;
@@ -809,6 +814,7 @@
     NewObject->Access = DesiredAccess;
     NewObject->KeyHandle = ObjectKeyHandle;
     NewObject->ParentObject = ParentObject;
+    NewObject->Trusted = Trusted;
if (ParentObject != NULL)
         ParentObject->RefCount++;
Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?r...
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Sat Dec  8 17:18:17 2012
@@ -258,6 +258,7 @@
                               L"Policy",
                               LsaDbPolicyObject,
                               DesiredAccess,
+                              FALSE,
                               &PolicyObject);
RtlLeaveCriticalSection(&PolicyHandleTableLock);
@@ -592,6 +593,7 @@
                                 SidString,
                                 LsaDbAccountObject,
                                 DesiredAccess,
+                                PolicyObject->Trusted,
                                 &AccountObject);
     if (!NT_SUCCESS(Status))
     {
@@ -1036,6 +1038,7 @@
                                 SecretName->Buffer,
                                 LsaDbSecretObject,
                                 DesiredAccess,
+                                PolicyObject->Trusted,
                                 &SecretObject);
     if (!NT_SUCCESS(Status))
     {
@@ -1131,6 +1134,7 @@
                               SidString,
                               LsaDbAccountObject,
                               DesiredAccess,
+                              PolicyObject->Trusted,
                               &AccountObject);
     if (!NT_SUCCESS(Status))
     {
@@ -1241,6 +1245,7 @@
         return Status;
     }
+    /* Get the size of the Privilgs attribute */
     Status = LsapGetObjectAttribute(AccountObject,
                                     L"Privilgs",
                                     NULL,
@@ -1348,7 +1353,7 @@
             }
         }
-        /* Set the new priivliege set */
+        /* Set the new privilege set */
         Status = LsapSetObjectAttribute(AccountObject,
                                         L"Privilgs",
                                         NewPrivileges,
@@ -1591,6 +1596,7 @@
                               SecretName->Buffer,
                               LsaDbSecretObject,
                               DesiredAccess,
+                              PolicyObject->Trusted,
                               &SecretObject);
     if (!NT_SUCCESS(Status))
     {
Modified: trunk/reactos/dll/win32/lsasrv/lsasrv.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsasrv.h?r...
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] Sat Dec  8 17:18:17 2012
@@ -47,6 +47,7 @@
     ULONG RefCount;
     ACCESS_MASK Access;
     HANDLE KeyHandle;
+    BOOLEAN Trusted;
     struct _LSA_DB_OBJECT *ParentObject;
 } LSA_DB_OBJECT, *PLSA_DB_OBJECT;
@@ -87,6 +88,7 @@
                    IN LPWSTR ObjectName,
                    IN LSA_DB_OBJECT_TYPE HandleType,
                    IN ACCESS_MASK DesiredAccess,
+                   IN BOOLEAN Trusted,
                    OUT PLSA_DB_OBJECT *DbObject);
NTSTATUS
@@ -95,6 +97,7 @@
                  IN LPWSTR ObjectName,
                  IN LSA_DB_OBJECT_TYPE ObjectType,
                  IN ACCESS_MASK DesiredAccess,
+                 IN BOOLEAN Trusted,
                  OUT PLSA_DB_OBJECT *DbObject);
NTSTATUS
Modified: trunk/reactos/dll/win32/lsasrv/policy.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/policy.c?r...
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/policy.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/policy.c [iso-8859-1] Sat Dec  8 17:18:17 2012
@@ -29,6 +29,7 @@
                               L"Policy",
                               LsaDbPolicyObject,
                               POLICY_ALL_ACCESS,
+                              TRUE,
                               &PolicyObject);
if (NT_SUCCESS(Status))

    