[gadamopoulos] 66863: [WINLOGON] - Create the window station handle and the desktops with MAXIMUM_ALLOWED access rights. - Call AddAceToWindowStation before calling SetWindowStationUser. - Ros-diffs

23 Mar 2015

Author: gadamopoulos
Date: Mon Mar 23 07:46:17 2015
New Revision: 66863
URL: http://svn.reactos.org/svn/reactos?rev=66863&view=rev
Log:
[WINLOGON]
- Create the window station handle and the desktops with MAXIMUM_ALLOWED access rights.
- Call AddAceToWindowStation before calling SetWindowStationUser.
Modified:
    trunk/reactos/base/system/winlogon/sas.c
    trunk/reactos/base/system/winlogon/wlx.c
Modified: trunk/reactos/base/system/winlogon/sas.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/winlogon/sas.c…
==============================================================================

--- trunk/reactos/base/system/winlogon/sas.c    [iso-8859-1] (original)
+++ trunk/reactos/base/system/winlogon/sas.c    [iso-8859-1] Mon Mar 23 07:46:17 2015
@@ -1007,6 +1007,11 @@
 DWORD WINAPI SetWindowStationUser(HWINSTA hWinSta, LUID* pluid, PSID psid, DWORD
sidSize);
+BOOL
+AddAceToWindowStation(
+    IN HWINSTA WinSta,
+    IN PSID Sid);
+
 static
 BOOL AllowWinstaAccess(PWLSESSION Session)
 {
@@ -1068,6 +1073,8 @@
         WARN("Couldn't get Authentication id from user token!\n");
         goto Cleanup;
     }
+
+    AddAceToWindowStation(Session->InteractiveWindowStation, psid);
     ret = SetWindowStationUser(Session->InteractiveWindowStation,
                                &Stats.AuthenticationId,
Modified: trunk/reactos/base/system/winlogon/wlx.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/winlogon/wlx.c…
==============================================================================
--- trunk/reactos/base/system/winlogon/wlx.c    [iso-8859-1] (original)
+++ trunk/reactos/base/system/winlogon/wlx.c    [iso-8859-1] Mon Mar 23 07:46:17 2015
@@ -1235,7 +1235,7 @@
     Session->InteractiveWindowStation = CreateWindowStationW(
         Session->InteractiveWindowStationName,
         0,
-        GENERIC_ALL,
+        MAXIMUM_ALLOWED,
         &DefaultSecurity);
     if (!Session->InteractiveWindowStation)
     {
@@ -1256,7 +1256,7 @@
         NULL,
         NULL,
         0, /* FIXME: Add DF_ALLOWOTHERACCOUNTHOOK flag? */
-        GENERIC_ALL,
+        MAXIMUM_ALLOWED,
         &UserDesktopSecurity);
     if (!Session->ApplicationDesktop)
     {
@@ -1272,7 +1272,7 @@
         NULL,
         NULL,
         0,
-        GENERIC_ALL,
+        MAXIMUM_ALLOWED,
         &DefaultSecurity);
     if (!Session->WinlogonDesktop)
     {
@@ -1288,7 +1288,7 @@
         NULL,
         NULL,
         0,
-        GENERIC_ALL,
+        MAXIMUM_ALLOWED,
         &DefaultSecurity);
     if(!Session->ScreenSaverDesktop)
     {
    