mirror of
https://github.com/reactos/reactos.git
synced 2024-10-06 01:13:38 +00:00
[LSASRV]
- Validate Account SIDs in LsarCreateAccount and LsarOpenAccount. - LsarOpenAccount: Do not check the granted access of the policy handle. - LsarOpenAccount: Return the proper status code. svn path=/trunk/; revision=57448
This commit is contained in:
parent
e36d4c8c40
commit
0683a941e9
|
@ -440,6 +440,10 @@ NTSTATUS WINAPI LsarCreateAccount(
|
|||
LPWSTR SidString = NULL;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
||||
/* Validate the AccountSid */
|
||||
if (!RtlValidSid(AccountSid))
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
/* Validate the PolicyHandle */
|
||||
Status = LsapValidateDbObject(PolicyHandle,
|
||||
LsaDbPolicyObject,
|
||||
|
@ -842,10 +846,14 @@ NTSTATUS WINAPI LsarOpenAccount(
|
|||
LPWSTR SidString = NULL;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
||||
/* Validate the AccountSid */
|
||||
if (!RtlValidSid(AccountSid))
|
||||
return STATUS_INVALID_PARAMETER;
|
||||
|
||||
/* Validate the PolicyHandle */
|
||||
Status = LsapValidateDbObject(PolicyHandle,
|
||||
LsaDbPolicyObject,
|
||||
POLICY_CREATE_ACCOUNT,
|
||||
0,
|
||||
&PolicyObject);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
|
@ -861,7 +869,7 @@ NTSTATUS WINAPI LsarOpenAccount(
|
|||
&AccountsObject);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ERR("LsapCreateDbObject (Accounts) failed (Status 0x%08lx)\n", Status);
|
||||
ERR("LsapOpenDbObject (Accounts) failed (Status 0x%08lx)\n", Status);
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -909,7 +917,7 @@ done:
|
|||
if (AccountsObject != NULL)
|
||||
LsapCloseDbObject(AccountsObject);
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue