[ekohl] 74050: [NTOS:SE] Add a missing ACE(SeAliasAdminsSid / GENERIC_ALL) to the SePublicDefaultDacl ACL. This fixes a kmtest:ObSecurity failure.
Author: ekohl Date: Sat Mar 4 14:38:13 2017 New Revision: 74050
URL: http://svn.reactos.org/svn/reactos?rev=74050&view=rev Log: [NTOS:SE] Add a missing ACE(SeAliasAdminsSid / GENERIC_ALL) to the SePublicDefaultDacl ACL. This fixes a kmtest:ObSecurity failure.
Modified: trunk/reactos/ntoskrnl/se/acl.c
Modified: trunk/reactos/ntoskrnl/se/acl.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/acl.c?rev=74050... ============================================================================== --- trunk/reactos/ntoskrnl/se/acl.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/se/acl.c [iso-8859-1] Sat Mar 4 14:38:13 2017 @@ -38,7 +38,8 @@ /* create PublicDefaultDacl */ AclLength = sizeof(ACL) + (sizeof(ACE) + RtlLengthSid(SeWorldSid)) + - (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)); + (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) + + (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool, AclLength, @@ -59,6 +60,11 @@ ACL_REVISION, GENERIC_ALL, SeLocalSystemSid); + + RtlAddAccessAllowedAce(SePublicDefaultDacl, + ACL_REVISION, + GENERIC_ALL, + SeAliasAdminsSid);
/* create PublicDefaultUnrestrictedDacl */ AclLength = sizeof(ACL) +
-
ekohl@svn.reactos.org