summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
e36d4c8)
- Validate Account SIDs in LsarCreateAccount and LsarOpenAccount.
- LsarOpenAccount: Do not check the granted access of the policy handle.
- LsarOpenAccount: Return the proper status code.
svn path=/trunk/; revision=57448
LPWSTR SidString = NULL;
NTSTATUS Status = STATUS_SUCCESS;
LPWSTR SidString = NULL;
NTSTATUS Status = STATUS_SUCCESS;
+ /* Validate the AccountSid */
+ if (!RtlValidSid(AccountSid))
+ return STATUS_INVALID_PARAMETER;
+
/* Validate the PolicyHandle */
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
/* Validate the PolicyHandle */
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
LPWSTR SidString = NULL;
NTSTATUS Status = STATUS_SUCCESS;
LPWSTR SidString = NULL;
NTSTATUS Status = STATUS_SUCCESS;
+ /* Validate the AccountSid */
+ if (!RtlValidSid(AccountSid))
+ return STATUS_INVALID_PARAMETER;
+
/* Validate the PolicyHandle */
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
/* Validate the PolicyHandle */
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
&PolicyObject);
if (!NT_SUCCESS(Status))
{
&PolicyObject);
if (!NT_SUCCESS(Status))
{
&AccountsObject);
if (!NT_SUCCESS(Status))
{
&AccountsObject);
if (!NT_SUCCESS(Status))
{
- ERR("LsapCreateDbObject (Accounts) failed (Status 0x%08lx)\n", Status);
+ ERR("LsapOpenDbObject (Accounts) failed (Status 0x%08lx)\n", Status);
if (AccountsObject != NULL)
LsapCloseDbObject(AccountsObject);
if (AccountsObject != NULL)
LsapCloseDbObject(AccountsObject);