From 1161db9756e93541fd59c28def82a9cbf7a6a1dc Mon Sep 17 00:00:00 2001
From: Eric Kohl <eric.kohl@reactos.org>
Date: Tue, 23 Aug 2016 21:14:17 +0000
Subject: [PATCH] [LSASRV] LsarSetSecurityObject: Impersonate the client and
 retrieve the client token when the owner sid will be set.

svn path=/trunk/; revision=72449
---
 reactos/dll/win32/lsasrv/lsarpc.c | 31 ++++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/reactos/dll/win32/lsasrv/lsarpc.c b/reactos/dll/win32/lsasrv/lsarpc.c
index 561feca75a8..ee5e77f6165 100644
--- a/reactos/dll/win32/lsasrv/lsarpc.c
+++ b/reactos/dll/win32/lsasrv/lsarpc.c
@@ -372,18 +372,27 @@ NTSTATUS WINAPI LsarSetSecurityObject(
     if (!NT_SUCCESS(Status))
         goto done;
 
-#if 0
-    RpcImpersonateClient(NULL);
+    /* Get the clients token if we try to set the owner */
+    if (SecurityInformation & OWNER_SECURITY_INFORMATION)
+    {
+        Status = I_RpcMapWin32Status(RpcImpersonateClient(NULL));
+        if (!NT_SUCCESS(Status))
+        {
+            ERR("RpcImpersonateClient returns 0x%08lx\n", Status);
+            goto done;
+        }
 
-    Status = NtOpenThreadToken(NtCurrentThread(),
-                               8,
-                               TRUE,
-                               &hToken);
-    if (!NT_SUCCESS(Status))
-        goto done;
-
-    RpcRevertToSelf();
-#endif
+        Status = NtOpenThreadToken(NtCurrentThread(),
+                                   TOKEN_QUERY,
+                                   TRUE,
+                                   &TokenHandle);
+        RpcRevertToSelf();
+        if (!NT_SUCCESS(Status))
+        {
+            ERR("NtOpenThreadToken returns 0x%08lx\n", Status);
+            goto done;
+        }
+    }
 
     /* Build the new security descriptor */
     Status = RtlSetSecurityObject(SecurityInformation,