[LSASRV]

- Add a trusted flag to the lsa object type.
- Inherit the trusted flag from the policy object when an account or secret object is created or opened.
- Set the trusted flag for a policy object in LsaIOpenPolicyTrusted.

svn path=/trunk/; revision=57821

diff --git a/reactos/dll/win32/lsasrv/database.c b/reactos/dll/win32/lsasrv/database.c
index 1afa0a3..aa04e13 100644 (file)
--- a/reactos/dll/win32/lsasrv/database.c
+++ b/reactos/dll/win32/lsasrv/database.c
@@ -304,6 +304,7 @@ LsapCreateDatabaseObjects(VOID)
                               L"Policy",
                               LsaDbPolicyObject,
                               0,
+                              TRUE,
                               &PolicyObject);
     if (!NT_SUCCESS(Status))
         goto done;
@@ -434,6 +435,7 @@ LsapGetDomainInfo(VOID)
                               L"Policy",
                               LsaDbPolicyObject,
                               0,
+                              TRUE,
                               &PolicyObject);
     if (!NT_SUCCESS(Status))
         goto done;
@@ -596,6 +598,7 @@ LsapCreateDbObject(IN PLSA_DB_OBJECT ParentObject,
                    IN LPWSTR ObjectName,
                    IN LSA_DB_OBJECT_TYPE ObjectType,
                    IN ACCESS_MASK DesiredAccess,
+                   IN BOOLEAN Trusted,
                    OUT PLSA_DB_OBJECT *DbObject)
 {
     PLSA_DB_OBJECT NewObject;
@@ -698,6 +701,7 @@ LsapCreateDbObject(IN PLSA_DB_OBJECT ParentObject,
     NewObject->Access = DesiredAccess;
     NewObject->KeyHandle = ObjectKeyHandle;
     NewObject->ParentObject = ParentObject;
+    NewObject->Trusted = Trusted;
 
     if (ParentObject != NULL)
         ParentObject->RefCount++;
@@ -714,6 +718,7 @@ LsapOpenDbObject(IN PLSA_DB_OBJECT ParentObject,
                  IN LPWSTR ObjectName,
                  IN LSA_DB_OBJECT_TYPE ObjectType,
                  IN ACCESS_MASK DesiredAccess,
+                 IN BOOLEAN Trusted,
                  OUT PLSA_DB_OBJECT *DbObject)
 {
     PLSA_DB_OBJECT NewObject;
@@ -809,6 +814,7 @@ LsapOpenDbObject(IN PLSA_DB_OBJECT ParentObject,
     NewObject->Access = DesiredAccess;
     NewObject->KeyHandle = ObjectKeyHandle;
     NewObject->ParentObject = ParentObject;
+    NewObject->Trusted = Trusted;
 
     if (ParentObject != NULL)
         ParentObject->RefCount++;

diff --git a/reactos/dll/win32/lsasrv/lsarpc.c b/reactos/dll/win32/lsasrv/lsarpc.c
index db70223..a95ef98 100644 (file)
--- a/reactos/dll/win32/lsasrv/lsarpc.c
+++ b/reactos/dll/win32/lsasrv/lsarpc.c
@@ -258,6 +258,7 @@ NTSTATUS WINAPI LsarOpenPolicy(
                               L"Policy",
                               LsaDbPolicyObject,
                               DesiredAccess,
+                              FALSE,
                               &PolicyObject);
 
     RtlLeaveCriticalSection(&PolicyHandleTableLock);
@@ -592,6 +593,7 @@ NTSTATUS WINAPI LsarCreateAccount(
                                 SidString,
                                 LsaDbAccountObject,
                                 DesiredAccess,
+                                PolicyObject->Trusted,
                                 &AccountObject);
     if (!NT_SUCCESS(Status))
     {
@@ -1036,6 +1038,7 @@ NTSTATUS WINAPI LsarCreateSecret(
                                 SecretName->Buffer,
                                 LsaDbSecretObject,
                                 DesiredAccess,
+                                PolicyObject->Trusted,
                                 &SecretObject);
     if (!NT_SUCCESS(Status))
     {
@@ -1131,6 +1134,7 @@ NTSTATUS WINAPI LsarOpenAccount(
                               SidString,
                               LsaDbAccountObject,
                               DesiredAccess,
+                              PolicyObject->Trusted,
                               &AccountObject);
     if (!NT_SUCCESS(Status))
     {
@@ -1241,6 +1245,7 @@ NTSTATUS WINAPI LsarAddPrivilegesToAccount(
         return Status;
     }
 
+    /* Get the size of the Privilgs attribute */
     Status = LsapGetObjectAttribute(AccountObject,
                                     L"Privilgs",
                                     NULL,
@@ -1348,7 +1353,7 @@ NTSTATUS WINAPI LsarAddPrivilegesToAccount(
             }
         }
 
-        /* Set the new priivliege set */
+        /* Set the new privilege set */
         Status = LsapSetObjectAttribute(AccountObject,
                                         L"Privilgs",
                                         NewPrivileges,
@@ -1591,6 +1596,7 @@ NTSTATUS WINAPI LsarOpenSecret(
                               SecretName->Buffer,
                               LsaDbSecretObject,
                               DesiredAccess,
+                              PolicyObject->Trusted,
                               &SecretObject);
     if (!NT_SUCCESS(Status))
     {

diff --git a/reactos/dll/win32/lsasrv/lsasrv.h b/reactos/dll/win32/lsasrv/lsasrv.h
index 6488585..10a9573 100644 (file)
--- a/reactos/dll/win32/lsasrv/lsasrv.h
+++ b/reactos/dll/win32/lsasrv/lsasrv.h
@@ -47,6 +47,7 @@ typedef struct _LSA_DB_OBJECT
     ULONG RefCount;
     ACCESS_MASK Access;
     HANDLE KeyHandle;
+    BOOLEAN Trusted;
     struct _LSA_DB_OBJECT *ParentObject;
 } LSA_DB_OBJECT, *PLSA_DB_OBJECT;
 
@@ -87,6 +88,7 @@ LsapCreateDbObject(IN PLSA_DB_OBJECT ParentObject,
                    IN LPWSTR ObjectName,
                    IN LSA_DB_OBJECT_TYPE HandleType,
                    IN ACCESS_MASK DesiredAccess,
+                   IN BOOLEAN Trusted,
                    OUT PLSA_DB_OBJECT *DbObject);
 
 NTSTATUS
@@ -95,6 +97,7 @@ LsapOpenDbObject(IN PLSA_DB_OBJECT ParentObject,
                  IN LPWSTR ObjectName,
                  IN LSA_DB_OBJECT_TYPE ObjectType,
                  IN ACCESS_MASK DesiredAccess,
+                 IN BOOLEAN Trusted,
                  OUT PLSA_DB_OBJECT *DbObject);
 
 NTSTATUS

diff --git a/reactos/dll/win32/lsasrv/policy.c b/reactos/dll/win32/lsasrv/policy.c
index 8fe0735..88463b2 100644 (file)
--- a/reactos/dll/win32/lsasrv/policy.c
+++ b/reactos/dll/win32/lsasrv/policy.c
@@ -29,6 +29,7 @@ LsaIOpenPolicyTrusted(OUT LSAPR_HANDLE *PolicyHandle)
                               L"Policy",
                               LsaDbPolicyObject,
                               POLICY_ALL_ACCESS,
+                              TRUE,
                               &PolicyObject);
 
     if (NT_SUCCESS(Status))