https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f341b9080b2840de23467996fcd413740e4354a1
commit f341b9080b2840de23467996fcd413740e4354a1 Author: George Bișoc <[email protected]> AuthorDate: Tue Sep 21 19:52:10 2021 +0200 Commit: George Bișoc <[email protected]> CommitDate: Fri Sep 24 19:13:16 2021 +0200 [NTOS:SE] Set the SACL to the World security descriptor Implement the portion chunk of code that is responsible for setting the system access control list (SACL) to the World security descriptor, based from SeWorldSid (World security identifier). --- ntoskrnl/se/sd.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/ntoskrnl/se/sd.c b/ntoskrnl/se/sd.c index ed5d83b65e9..76584c2c5c0 100644 --- a/ntoskrnl/se/sd.c +++ b/ntoskrnl/se/sd.c @@ -181,6 +181,10 @@ SeSetWorldSecurityDescriptor( { SdSize += sizeof(ACL) + sizeof(ACE) + SidSize; } + if (SecurityInformation & SACL_SECURITY_INFORMATION) + { + SdSize += sizeof(ACL) + sizeof(ACE) + SidSize; + } if (*BufferLength < SdSize) { @@ -236,7 +240,26 @@ SeSetWorldSecurityDescriptor( if (SecurityInformation & SACL_SECURITY_INFORMATION) { - /* FIXME - SdRel->Control |= SE_SACL_PRESENT; */ + PACL Sacl = (PACL)((PUCHAR)SdRel + Current); + + Status = RtlCreateAcl(Sacl, + sizeof(ACL) + sizeof(ACE) + SidSize, + ACL_REVISION); + if (!NT_SUCCESS(Status)) + return Status; + + Status = RtlAddAuditAccessAce(Sacl, + ACL_REVISION, + ACCESS_SYSTEM_SECURITY | STANDARD_RIGHTS_ALL, + SeWorldSid, + TRUE, + TRUE); + if (!NT_SUCCESS(Status)) + return Status; + + SdRel->Control |= SE_SACL_PRESENT; + SdRel->Sacl = Current; + Current += SidSize; } return STATUS_SUCCESS;
