mirror of
https://github.com/reactos/reactos.git
synced 2024-11-04 22:00:55 +00:00
2092dc06bb
HHHHHHHHHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCCCCCCCCCCCCCCCCCCCCCCKKKKKKKKKKKKKKKKKK!!! There are two problems concerning with network services. First, a window station should be created for every network service process that gets started although this doesn't happen. Instead, network services like RPCSS and DNS service host process (svchost.exe) attempt to access the default window station (Winsta0). This is because the access token of these two network service processes have an authentication ID that is uniquely generated. This is incorrect, because NetworkService is a special account with its own designed authentication ID for it. As a matter of fact, no window station is created for a network service and as such both RPCSS and DNS svchost.exe attempt to access Winsta0 which they cannot. The second problem, albeit not quite relevant to the first one but still worth mentioning nevertheless, is that network services have an access token that is primary which it should be an impersonation token. These problems all come from LSASS as LSA infrastructure is responsible for creating access tokens with security context for objects. For the moment being, add a hack on Winlogon that gives allow access to the default window station to network services. When LSASS and involved components are fixed, this hack must be removed. |
||
---|---|---|
.. | ||
lang | ||
res | ||
CMakeLists.txt | ||
environment.c | ||
notify.c | ||
resource.h | ||
rpcserver.c | ||
sas.c | ||
screensaver.c | ||
security.c | ||
setup.c | ||
shutdown.c | ||
winlogon.c | ||
winlogon.h | ||
winlogon.rc | ||
wlx.c |