https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f341b9080b2840de234679...
commit f341b9080b2840de23467996fcd413740e4354a1 Author: George Bișoc george.bisoc@reactos.org AuthorDate: Tue Sep 21 19:52:10 2021 +0200 Commit: George Bișoc george.bisoc@reactos.org CommitDate: Fri Sep 24 19:13:16 2021 +0200
[NTOS:SE] Set the SACL to the World security descriptor
Implement the portion chunk of code that is responsible for setting the system access control list (SACL) to the World security descriptor, based from SeWorldSid (World security identifier). --- ntoskrnl/se/sd.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/ntoskrnl/se/sd.c b/ntoskrnl/se/sd.c index ed5d83b65e9..76584c2c5c0 100644 --- a/ntoskrnl/se/sd.c +++ b/ntoskrnl/se/sd.c @@ -181,6 +181,10 @@ SeSetWorldSecurityDescriptor( { SdSize += sizeof(ACL) + sizeof(ACE) + SidSize; } + if (SecurityInformation & SACL_SECURITY_INFORMATION) + { + SdSize += sizeof(ACL) + sizeof(ACE) + SidSize; + }
if (*BufferLength < SdSize) { @@ -236,7 +240,26 @@ SeSetWorldSecurityDescriptor(
if (SecurityInformation & SACL_SECURITY_INFORMATION) { - /* FIXME - SdRel->Control |= SE_SACL_PRESENT; */ + PACL Sacl = (PACL)((PUCHAR)SdRel + Current); + + Status = RtlCreateAcl(Sacl, + sizeof(ACL) + sizeof(ACE) + SidSize, + ACL_REVISION); + if (!NT_SUCCESS(Status)) + return Status; + + Status = RtlAddAuditAccessAce(Sacl, + ACL_REVISION, + ACCESS_SYSTEM_SECURITY | STANDARD_RIGHTS_ALL, + SeWorldSid, + TRUE, + TRUE); + if (!NT_SUCCESS(Status)) + return Status; + + SdRel->Control |= SE_SACL_PRESENT; + SdRel->Sacl = Current; + Current += SidSize; }
return STATUS_SUCCESS;
-
George Bișoc