fixed SeSetWorldSecurityDescriptor() so it creates a security descriptor that is at least valid
Modified: trunk/reactos/ntoskrnl/se/sd.c
Modified: trunk/reactos/ntoskrnl/se/sd.c
--- trunk/reactos/ntoskrnl/se/sd.c	2006-01-14 13:37:08 UTC (rev 20850)
+++ trunk/reactos/ntoskrnl/se/sd.c	2006-01-14 14:52:50 UTC (rev 20851)
@@ -125,6 +125,7 @@

   ULONG SidSize;
   ULONG SdSize;
   NTSTATUS Status;

+  PISECURITY_DESCRIPTOR_RELATIVE SdRel = (PISECURITY_DESCRIPTOR_RELATIVE)SecurityDescriptor;

 
   DPRINT("SeSetWorldSecurityDescriptor() called\n");
 
@@ -133,8 +134,17 @@

       return STATUS_ACCESS_DENIED;
     }
 

+  /* calculate the minimum size of the buffer */

   SidSize = RtlLengthSid(SeWorldSid);

-  SdSize = sizeof(SECURITY_DESCRIPTOR) + (2 * SidSize);

+  SdSize = sizeof(SECURITY_DESCRIPTOR_RELATIVE);
+  if (SecurityInformation & OWNER_SECURITY_INFORMATION)
+      SdSize += SidSize;
+  if (SecurityInformation & GROUP_SECURITY_INFORMATION)
+      SdSize += SidSize;
+  if (SecurityInformation & DACL_SECURITY_INFORMATION)
+    {
+      SdSize += sizeof(ACL) + sizeof(ACE) + SidSize;
+    }

 
   if (*BufferLength < SdSize)
     {
@@ -144,42 +154,57 @@

 
   *BufferLength = SdSize;
 

-  Status = RtlCreateSecurityDescriptor(SecurityDescriptor,
-           SECURITY_DESCRIPTOR_REVISION);

+  Status = RtlCreateSecurityDescriptorRelative(SdRel,
+                                               SECURITY_DESCRIPTOR_REVISION);

   if (!NT_SUCCESS(Status))
     {
       return Status;
     }
 

-  SecurityDescriptor->Control |= SE_SELF_RELATIVE;
-  Current = (ULONG_PTR)SecurityDescriptor + sizeof(SECURITY_DESCRIPTOR);

+  Current = (ULONG_PTR)(SdRel + 1);

 
   if (SecurityInformation & OWNER_SECURITY_INFORMATION)
     {
       RtlCopyMemory((PVOID)Current,

-      SeWorldSid,
-      SidSize);
-      SecurityDescriptor->Owner = (PSID)((ULONG_PTR)Current - (ULONG_PTR)SecurityDescriptor);

+                    SeWorldSid,
+                    SidSize);
+      SdRel->Owner = (DWORD)((ULONG_PTR)Current - (ULONG_PTR)SdRel);

       Current += SidSize;
     }
 
   if (SecurityInformation & GROUP_SECURITY_INFORMATION)
     {
       RtlCopyMemory((PVOID)Current,

-      SeWorldSid,
-      SidSize);
-      SecurityDescriptor->Group = (PSID)((ULONG_PTR)Current - (ULONG_PTR)SecurityDescriptor);

+                    SeWorldSid,
+                    SidSize);
+      SdRel->Group = (DWORD)((ULONG_PTR)Current - (ULONG_PTR)SdRel);

       Current += SidSize;
     }
 
   if (SecurityInformation & DACL_SECURITY_INFORMATION)
     {

-      SecurityDescriptor->Control |= SE_DACL_PRESENT;

+      PACL Dacl = (PACL)Current;
+      SdRel->Control |= SE_DACL_PRESENT;
+
+      Status = RtlCreateAcl(Dacl,
+                            sizeof(ACL) + sizeof(ACE) + SidSize,
+                            ACL_REVISION);
+      if (!NT_SUCCESS(Status))
+          return Status;
+
+      Status = RtlAddAccessAllowedAce(Dacl,
+                                      ACL_REVISION,
+                                      GENERIC_ALL,
+                                      SeWorldSid);
+      if (!NT_SUCCESS(Status))
+          return Status;
+
+      SdRel->Dacl = (DWORD)((ULONG_PTR)Current - (ULONG_PTR)SdRel);

     }
 
   if (SecurityInformation & SACL_SECURITY_INFORMATION)
     {

-      SecurityDescriptor->Control |= SE_SACL_PRESENT;

+      /* FIXME - SdRel->Control |= SE_SACL_PRESENT; */

     }
 
   return STATUS_SUCCESS;