[weiden] 50397: Create a security descriptor for the desktops rather than passing the ACLs in as a security descriptor - Ros-diffs

16 Jan 2011

Author: weiden
Date: Sun Jan 16 02:51:58 2011
New Revision: 50397

URL: http://svn.reactos.org/svn/reactos?rev=50397&view=rev
Log:
Create a security descriptor for the desktops rather than passing the ACLs in as a
security descriptor

Modified:
    trunk/reactos/base/system/winlogon/wlx.c

Modified: trunk/reactos/base/system/winlogon/wlx.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/winlogon/wlx.c…
==============================================================================

--- trunk/reactos/base/system/winlogon/wlx.c [iso-8859-1] (original)
+++ trunk/reactos/base/system/winlogon/wlx.c [iso-8859-1] Sun Jan 16 02:51:58 2011
@@ -961,7 +961,9 @@
 	DWORD SidSize, AclSize;
 	PACL pDefaultAcl = NULL;
 	PACL pUserDesktopAcl = NULL;
+	SECURITY_DESCRIPTOR DefaultSecurityDescriptor;
 	SECURITY_ATTRIBUTES DefaultSecurity;
+	SECURITY_DESCRIPTOR UserDesktopSecurityDescriptor;
 	SECURITY_ATTRIBUTES UserDesktopSecurity;
 	BOOL ret = FALSE;
 
@@ -1008,8 +1010,24 @@
 		ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
 		goto cleanup;
 	}
+
+	/*
+	 * Create the default security descriptor
+	 */
+	if (!InitializeSecurityDescriptor(&DefaultSecurityDescriptor,
SECURITY_DESCRIPTOR_REVISION))
+	{
+		ERR("WL: InitializeSecurityDescriptor() failed (error %lu)\n",
GetLastError());
+		goto cleanup;
+	}
+
+	if (!SetSecurityDescriptorDacl(&DefaultSecurityDescriptor, TRUE, pDefaultAcl,
FALSE))
+	{
+		ERR("WL: SetSecurityDescriptorDacl() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
+
 	DefaultSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
-	DefaultSecurity.lpSecurityDescriptor = pDefaultAcl;
+	DefaultSecurity.lpSecurityDescriptor = &DefaultSecurityDescriptor;
 	DefaultSecurity.bInheritHandle = TRUE;
 
 	/*
@@ -1021,8 +1039,24 @@
 		ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
 		goto cleanup;
 	}
+
+	/*
+	 * Create the user desktop security descriptor
+	 */
+	if (!InitializeSecurityDescriptor(&UserDesktopSecurityDescriptor,
SECURITY_DESCRIPTOR_REVISION))
+	{
+		ERR("WL: InitializeSecurityDescriptor() failed (error %lu)\n",
GetLastError());
+		goto cleanup;
+	}
+
+	if (!SetSecurityDescriptorDacl(&UserDesktopSecurityDescriptor, TRUE,
pUserDesktopAcl, FALSE))
+	{
+		ERR("WL: SetSecurityDescriptorDacl() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
+
 	UserDesktopSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
-	UserDesktopSecurity.lpSecurityDescriptor = pUserDesktopAcl;
+	UserDesktopSecurity.lpSecurityDescriptor = &UserDesktopSecurityDescriptor;
 	UserDesktopSecurity.bInheritHandle = TRUE;
 
 	/*



    