[weiden] 50397: Create a security descriptor for the desktops rather than passing the ACLs in as a security descriptor - Ros-diffs

16 Jan 2011

Author: weiden
Date: Sun Jan 16 02:51:58 2011
New Revision: 50397
URL: http://svn.reactos.org/svn/reactos?rev=50397&view=rev
Log:
Create a security descriptor for the desktops rather than passing the ACLs in as a security descriptor
Modified:
    trunk/reactos/base/system/winlogon/wlx.c
Modified: trunk/reactos/base/system/winlogon/wlx.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/winlogon/wlx.c?...
==============================================================================

--- trunk/reactos/base/system/winlogon/wlx.c [iso-8859-1] (original)
+++ trunk/reactos/base/system/winlogon/wlx.c [iso-8859-1] Sun Jan 16 02:51:58 2011
@@ -961,7 +961,9 @@
    DWORD SidSize, AclSize;
    PACL pDefaultAcl = NULL;
    PACL pUserDesktopAcl = NULL;
+	SECURITY_DESCRIPTOR DefaultSecurityDescriptor;
    SECURITY_ATTRIBUTES DefaultSecurity;
+	SECURITY_DESCRIPTOR UserDesktopSecurityDescriptor;
    SECURITY_ATTRIBUTES UserDesktopSecurity;
    BOOL ret = FALSE;
@@ -1008,8 +1010,24 @@
    	ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
    	goto cleanup;
    }
+
+	/*
+	 * Create the default security descriptor
+	 */
+	if (!InitializeSecurityDescriptor(&DefaultSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
+	{
+		ERR("WL: InitializeSecurityDescriptor() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
+
+	if (!SetSecurityDescriptorDacl(&DefaultSecurityDescriptor, TRUE, pDefaultAcl, FALSE))
+	{
+		ERR("WL: SetSecurityDescriptorDacl() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
+
    DefaultSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
-	DefaultSecurity.lpSecurityDescriptor = pDefaultAcl;
+	DefaultSecurity.lpSecurityDescriptor = &DefaultSecurityDescriptor;
    DefaultSecurity.bInheritHandle = TRUE;
/*
@@ -1021,8 +1039,24 @@
    	ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
    	goto cleanup;
    }
+
+	/*
+	 * Create the user desktop security descriptor
+	 */
+	if (!InitializeSecurityDescriptor(&UserDesktopSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
+	{
+		ERR("WL: InitializeSecurityDescriptor() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
+
+	if (!SetSecurityDescriptorDacl(&UserDesktopSecurityDescriptor, TRUE, pUserDesktopAcl, FALSE))
+	{
+		ERR("WL: SetSecurityDescriptorDacl() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
+
    UserDesktopSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
-	UserDesktopSecurity.lpSecurityDescriptor = pUserDesktopAcl;
+	UserDesktopSecurity.lpSecurityDescriptor = &UserDesktopSecurityDescriptor;
    UserDesktopSecurity.bInheritHandle = TRUE;
/*

    