[ros-diffs] [gadamopoulos] 66863: [WINLOGON] - Create the window station handle and the desktops with MAXIMUM_ALLOWED access rights. - Call AddAceToWindowStation before calling SetWindowStationUser.

gadamopoulos Mon, 23 Mar 2015 00:47:44 -0700

Author: gadamopoulos
Date: Mon Mar 23 07:46:17 2015
New Revision: 66863

URL: http://svn.reactos.org/svn/reactos?rev=66863&view=rev
Log:
[WINLOGON]
- Create the window station handle and the desktops with MAXIMUM_ALLOWED access 
rights.
- Call AddAceToWindowStation before calling SetWindowStationUser.


Modified:
    trunk/reactos/base/system/winlogon/sas.c
    trunk/reactos/base/system/winlogon/wlx.c

Modified: trunk/reactos/base/system/winlogon/sas.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/winlogon/sas.c?rev=66863&r1=66862&r2=66863&view=diff
==============================================================================
--- trunk/reactos/base/system/winlogon/sas.c    [iso-8859-1] (original)
+++ trunk/reactos/base/system/winlogon/sas.c    [iso-8859-1] Mon Mar 23 
07:46:17 2015
@@ -1007,6 +1007,11 @@
 
 DWORD WINAPI SetWindowStationUser(HWINSTA hWinSta, LUID* pluid, PSID psid, 
DWORD sidSize);
 
+BOOL
+AddAceToWindowStation(
+    IN HWINSTA WinSta,
+    IN PSID Sid);
+
 static
 BOOL AllowWinstaAccess(PWLSESSION Session)
 {
@@ -1068,6 +1073,8 @@
         WARN("Couldn't get Authentication id from user token!\n");
         goto Cleanup;
     }
+
+    AddAceToWindowStation(Session->InteractiveWindowStation, psid);
 
     ret = SetWindowStationUser(Session->InteractiveWindowStation,
                                &Stats.AuthenticationId,

Modified: trunk/reactos/base/system/winlogon/wlx.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/winlogon/wlx.c?rev=66863&r1=66862&r2=66863&view=diff
==============================================================================
--- trunk/reactos/base/system/winlogon/wlx.c    [iso-8859-1] (original)
+++ trunk/reactos/base/system/winlogon/wlx.c    [iso-8859-1] Mon Mar 23 
07:46:17 2015
@@ -1235,7 +1235,7 @@
     Session->InteractiveWindowStation = CreateWindowStationW(
         Session->InteractiveWindowStationName,
         0,
-        GENERIC_ALL,
+        MAXIMUM_ALLOWED,
         &DefaultSecurity);
     if (!Session->InteractiveWindowStation)
     {
@@ -1256,7 +1256,7 @@
         NULL,
         NULL,
         0, /* FIXME: Add DF_ALLOWOTHERACCOUNTHOOK flag? */
-        GENERIC_ALL,
+        MAXIMUM_ALLOWED,
         &UserDesktopSecurity);
     if (!Session->ApplicationDesktop)
     {
@@ -1272,7 +1272,7 @@
         NULL,
         NULL,
         0,
-        GENERIC_ALL,
+        MAXIMUM_ALLOWED,
         &DefaultSecurity);
     if (!Session->WinlogonDesktop)
     {
@@ -1288,7 +1288,7 @@
         NULL,
         NULL,
         0,
-        GENERIC_ALL,
+        MAXIMUM_ALLOWED,
         &DefaultSecurity);
     if(!Session->ScreenSaverDesktop)
     {

[ros-diffs] [gadamopoulos] 66863: [WINLOGON] - Create the window station handle and the desktops with MAXIMUM_ALLOWED access rights. - Call AddAceToWindowStation before calling SetWindowStationUser.

Reply via email to