https://git.reactos.org/?p=reactos.git;a=commitdiff;h=a9eda8f492137e7d8d9ac5089956689b28d8f332

commit a9eda8f492137e7d8d9ac5089956689b28d8f332
Author:     Hermès Bélusca-Maïto <[email protected]>
AuthorDate: Tue Jun 26 22:30:09 2018 +0200
Commit:     Hermès Bélusca-Maïto <[email protected]>
CommitDate: Wed Jun 27 23:40:16 2018 +0200

    [LSASRV] Enable SE_CREATE_TOKEN_PRIVILEGE in LSASS since one of our 
purposes is to create access tokens -- NtCreateToken() requires this privilege.
---
 dll/win32/lsasrv/lsasrv.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/dll/win32/lsasrv/lsasrv.c b/dll/win32/lsasrv/lsasrv.c
index e2a28bd600..206c10ec06 100644
--- a/dll/win32/lsasrv/lsasrv.c
+++ b/dll/win32/lsasrv/lsasrv.c
@@ -272,6 +272,7 @@ NTSTATUS WINAPI
 LsapInitLsa(VOID)
 {
     NTSTATUS Status;
+    BOOLEAN PrivilegeEnabled;
 
     TRACE("LsapInitLsa() called\n");
 
@@ -300,6 +301,13 @@ LsapInitLsa(VOID)
         return Status;
     }
 
+    /* Enable the token creation privilege for the rest of our lifetime */
+    Status = RtlAdjustPrivilege(SE_CREATE_TOKEN_PRIVILEGE, TRUE, FALSE, 
&PrivilegeEnabled);
+    if (!NT_SUCCESS(Status))
+    {
+        ERR("RtlAdjustPrivilege(SE_CREATE_TOKEN_PRIVILEGE) failed, ignoring 
(Status 0x%08lx)\n", Status);
+    }
+
     /* Start the authentication LPC port thread */
     Status = StartAuthenticationPort();
     if (!NT_SUCCESS(Status))

Reply via email to