Author: ekohl
Date: Sun Sep 30 22:41:34 2012
New Revision: 57448
URL:
http://svn.reactos.org/svn/reactos?rev=57448&view=rev
Log:
[LSASRV]
- Validate Account SIDs in LsarCreateAccount and LsarOpenAccount.
- LsarOpenAccount: Do not check the granted access of the policy handle.
- LsarOpenAccount: Return the proper status code.
Modified:
trunk/reactos/dll/win32/lsasrv/lsarpc.c
Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?…
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Sun Sep 30 22:41:34 2012
@@ -440,6 +440,10 @@
LPWSTR SidString = NULL;
NTSTATUS Status = STATUS_SUCCESS;
+ /* Validate the AccountSid */
+ if (!RtlValidSid(AccountSid))
+ return STATUS_INVALID_PARAMETER;
+
/* Validate the PolicyHandle */
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
@@ -842,10 +846,14 @@
LPWSTR SidString = NULL;
NTSTATUS Status = STATUS_SUCCESS;
+ /* Validate the AccountSid */
+ if (!RtlValidSid(AccountSid))
+ return STATUS_INVALID_PARAMETER;
+
/* Validate the PolicyHandle */
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
- POLICY_CREATE_ACCOUNT,
+ 0,
&PolicyObject);
if (!NT_SUCCESS(Status))
{
@@ -861,7 +869,7 @@
&AccountsObject);
if (!NT_SUCCESS(Status))
{
- ERR("LsapCreateDbObject (Accounts) failed (Status 0x%08lx)\n",
Status);
+ ERR("LsapOpenDbObject (Accounts) failed (Status 0x%08lx)\n", Status);
goto done;
}
@@ -909,7 +917,7 @@
if (AccountsObject != NULL)
LsapCloseDbObject(AccountsObject);
- return STATUS_SUCCESS;
+ return Status;
}