reactos/base/system/winlogon
George Bișoc 2092dc06bb
[WINLOGON][HACK] Allow network services access to default window station
HHHHHHHHHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCCCCCCCCCCCCCCCCCCCCCCKKKKKKKKKKKKKKKKKK!!!

There are two problems concerning with network services. First, a window station should be created for every network service process that gets started although this doesn't happen. Instead, network services like RPCSS and DNS service host process (svchost.exe) attempt to access the default window station (Winsta0).
This is because the access token of these two network service processes have an authentication ID that is uniquely generated. This is incorrect, because NetworkService is a special account with its own designed authentication ID for it. As a matter of fact, no window station is created for a network service and as such
both RPCSS and DNS svchost.exe attempt to access Winsta0 which they cannot.

The second problem, albeit not quite relevant to the first one but still worth mentioning nevertheless, is that network services have an access token that is primary which it should be an impersonation token. These problems all come from LSASS as LSA infrastructure is responsible for creating access tokens with security
context for objects.

For the moment being, add a hack on Winlogon that gives allow access to the default window station to network services. When LSASS and involved components are fixed, this hack must be removed.
2022-05-06 10:09:49 +02:00
..
lang [TRANSLATION] Review & update Simplified Chinese (zh-CN) translation (#3933) 2022-03-31 20:30:52 +03:00
res
CMakeLists.txt [WINLOGON] Refactor the security management part 2022-05-06 10:09:49 +02:00
environment.c
notify.c [WINLOGON] Add hidden logon/logoff SFC notification 2020-12-21 20:42:40 +01:00
resource.h [WINLOGON] Show "Restarting..." message when restarting (#3593) 2021-04-18 21:48:30 +03:00
rpcserver.c [IDL][WINLOGON] Rename locally used functions of the winreg rpc interface 2019-08-10 14:04:58 +02:00
sas.c [WINLOGON] Refactor the security management part 2022-05-06 10:09:49 +02:00
screensaver.c [WINLOGON] Start screen saver as current user (#4135) 2022-01-06 04:10:56 +03:00
security.c [WINLOGON][HACK] Allow network services access to default window station 2022-05-06 10:09:49 +02:00
setup.c [WINLOGON] Hack-fix for CORE-14877 ; see commit bcec1fd6. 2018-08-06 17:38:00 +02:00
shutdown.c [WINLOGON] Display the shutdown message popup dialog on the current input desktop. (#3259) 2020-10-05 02:26:03 +02:00
winlogon.c [NETID][WINLOGON] Fix Computer Name Change to update Domain/Hostname on reboot. (#1684) 2019-07-22 00:49:47 +02:00
winlogon.h [WINLOGON] Refactor the security management part 2022-05-06 10:09:49 +02:00
winlogon.rc [TRANSLATION] Update Hong Kong Chinese (zh-HK) translation - Part 2 (#4347) 2022-03-31 17:10:21 +03:00
wlx.c [WINLOGON] Refactor the security management part 2022-05-06 10:09:49 +02:00