Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-05 00:15:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

[LSASRV][MSV1_0]

Browse source 
- Move the creation of the default DACL from msv1_0 to lsasrv. Create the default DACL only if the selected authentication package does not provide one.

svn path=/trunk/; revision=61401
This commit is contained in:
Eric Kohl 2013-12-25 13:24:42 +00:00
parent aac4baa0ad
commit 021ea6a4f8
4 changed files with 175 additions and 128 deletions
Download patch file Download diff file Expand all files Collapse all files

105
reactos/dll/win32/lsasrv/authpackage.c
View file

@ -547,9 +547,9 @@ LsapCopyLocalGroups(
PTOKEN_GROUPS LocalGroups = NULL;
ULONG SidHeaderLength = 0;
PSID SidHeader = NULL;
PSID Sid;
PSID SrcSid, DstSid;
ULONG SidLength;
ULONG CopiedSids = 0;
ULONG AllocatedSids = 0;
ULONG i;
NTSTATUS Status;
@ -585,8 +585,10 @@ LsapCopyLocalGroups(
for (i = 0; i < ClientGroupsCount; i++)
{
SrcSid = LocalGroups->Groups[i].Sid;
Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
LocalGroups->Groups[i].Sid,
SrcSid,
SidHeader,
SidHeaderLength,
NULL);
@ -596,28 +598,28 @@ LsapCopyLocalGroups(
SidLength = RtlLengthSid(SidHeader);
TRACE("Sid %lu: Length %lu\n", i, SidLength);
Sid = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
SidLength);
if (SidHeader == NULL)
DstSid = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
SidLength);
if (DstSid == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
LocalGroups->Groups[i].Sid,
Sid,
SrcSid,
DstSid,
SidLength,
NULL);
if (!NT_SUCCESS(Status))
{
RtlFreeHeap(RtlGetProcessHeap(), 0, Sid);
RtlFreeHeap(RtlGetProcessHeap(), 0, DstSid);
goto done;
}
LocalGroups->Groups[i].Sid = Sid;
CopiedSids++;
LocalGroups->Groups[i].Sid = DstSid;
AllocatedSids++;
}
*TokenGroups = LocalGroups;
@ -630,7 +632,7 @@ done:
{
if (LocalGroups != NULL)
{
for (i = 0; i < CopiedSids; i++)
for (i = 0; i < AllocatedSids; i++)
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups);
@ -641,6 +643,52 @@ done:
}
static
NTSTATUS
LsapAddTokenDefaultDacl(
IN PVOID TokenInformation,
IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
{
PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
PACL Dacl = NULL;
ULONG Length;
if (TokenInformationType == LsaTokenInformationV1)
{
TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
if (TokenInfo1->DefaultDacl.DefaultDacl != NULL)
return STATUS_SUCCESS;
Length = sizeof(ACL) +
(2 * sizeof(ACCESS_ALLOWED_ACE)) +
RtlLengthSid(TokenInfo1->Owner.Owner) +
RtlLengthSid(LsapLocalSystemSid);
Dacl = DispatchTable.AllocateLsaHeap(Length);
if (Dacl == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
RtlCreateAcl(Dacl, Length, ACL_REVISION);
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
TokenInfo1->Owner.Owner);
/* SID: S-1-5-18 */
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
LsapLocalSystemSid);
TokenInfo1->DefaultDacl.DefaultDacl = Dacl;
}
return STATUS_SUCCESS;
}
NTSTATUS
LsapLogonUser(PLSA_API_MSG RequestMsg,
PLSAP_LOGON_CONTEXT LogonContext)
@ -669,7 +717,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
Package = LsapGetAuthenticationPackage(PackageId);
if (Package == NULL)
{
TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
ERR("LsapGetAuthenticationPackage() failed to find a package\n");
return STATUS_NO_SUCH_PACKAGE;
}
@ -681,7 +729,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
RequestMsg->LogonUser.Request.AuthenticationInformationLength);
if (LocalAuthInfo == NULL)
{
TRACE("RtlAllocateHeap() failed\n");
ERR("RtlAllocateHeap() failed\n");
return STATUS_INSUFFICIENT_RESOURCES;
}
@ -693,7 +741,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
NULL);
if (!NT_SUCCESS(Status))
{
TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status);
ERR("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status);
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo);
return Status;
}
@ -706,7 +754,10 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
RequestMsg->LogonUser.Request.LocalGroupsCount,
&LocalGroups);
if (!NT_SUCCESS(Status))
{
ERR("LsapCopyLocalGroups failed (Status 0x%08lx)\n", Status);
goto done;
}
TRACE("GroupCount: %lu\n", LocalGroups->GroupCount);
}
@ -766,7 +817,16 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
if (!NT_SUCCESS(Status))
{
TRACE("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status);
ERR("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status);
goto done;
}
Status = LsapAddTokenDefaultDacl(TokenInformation,
TokenInformationType);
if (!NT_SUCCESS(Status))
{
ERR("LsapAddTokenDefaultDacl() failed (Status 0x%08lx)\n", Status);
goto done;
}
@ -802,7 +862,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
&RequestMsg->LogonUser.Request.SourceContext);
if (!NT_SUCCESS(Status))
{
TRACE("NtCreateToken failed (Status 0x%08lx)\n", Status);
ERR("NtCreateToken failed (Status 0x%08lx)\n", Status);
goto done;
}
}
@ -823,7 +883,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE);
if (!NT_SUCCESS(Status))
{
TRACE("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
goto done;
}
@ -832,7 +892,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
Status = LsapSetLogonSessionData(&RequestMsg->LogonUser.Reply.LogonId);
if (!NT_SUCCESS(Status))
{
TRACE("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status);
ERR("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status);
goto done;
}
@ -847,7 +907,10 @@ done:
if (LocalGroups != NULL)
{
for (i = 0; i < LocalGroups->GroupCount; i++)
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
{
if (LocalGroups->Groups[i].Sid != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
}
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups);
}

130
reactos/dll/win32/lsasrv/lookup.c
View file

@ -80,6 +80,7 @@ typedef struct _WELL_KNOWN_SID
LIST_ENTRY WellKnownSidListHead;
PSID LsapLocalSystemSid = NULL;
/* FUNCTIONS ***************************************************************/
@ -90,7 +91,8 @@ LsapCreateSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
PULONG SubAuthorities,
PWSTR AccountName,
PWSTR DomainName,
SID_NAME_USE Use)
SID_NAME_USE Use,
PSID *SidPtr)
{
PWELL_KNOWN_SID SidEntry;
PULONG p;
@ -159,6 +161,9 @@ LsapCreateSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
InsertTailList(&WellKnownSidListHead,
&SidEntry->ListEntry);
if (SidPtr != NULL)
*SidPtr = SidEntry->Sid;
return TRUE;
}
@ -184,7 +189,8 @@ LsapInitSids(VOID)
NULL,
szAccountName,
szDomainName,
SidTypeDomain);
SidTypeDomain,
NULL);
/* Null Sid */
LsapLoadString(hInstance, IDS_NULL_RID, szAccountName, 80);
@ -195,7 +201,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
L"",
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* World Sid */
LsapLoadString(hInstance, IDS_WORLD_RID, szAccountName, 80);
@ -206,7 +213,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
L"",
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Local Sid */
LsapLoadString(hInstance, IDS_LOCAL_RID, szAccountName, 80);
@ -217,7 +225,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
L"",
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Creator Owner Sid */
LsapLoadString(hInstance, IDS_CREATOR_OWNER_RID, szAccountName, 80);
@ -228,7 +237,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
L"",
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Creator Group Sid */
LsapLoadString(hInstance, IDS_CREATOR_GROUP_RID, szAccountName, 80);
@ -239,7 +249,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
L"",
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Creator Owner Server Sid */
LsapLoadString(hInstance, IDS_CREATOR_OWNER_SERVER_RID, szAccountName, 80);
@ -250,7 +261,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
L"",
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Creator Group Server Sid */
LsapLoadString(hInstance, IDS_CREATOR_GROUP_SERVER_RID, szAccountName, 80);
@ -261,7 +273,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
L"",
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Dialup Sid */
LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80);
@ -273,7 +286,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Network Sid */
LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80);
@ -284,7 +298,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Batch Sid*/
LsapLoadString(hInstance, IDS_BATCH_RID, szAccountName, 80);
@ -295,7 +310,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Interactive Sid */
LsapLoadString(hInstance, IDS_INTERACTIVE_RID, szAccountName, 80);
@ -306,7 +322,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Service Sid */
LsapLoadString(hInstance, IDS_SERVICE_RID, szAccountName, 80);
@ -317,7 +334,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Anonymous Logon Sid */
LsapLoadString(hInstance, IDS_ANONYMOUS_LOGON_RID, szAccountName, 80);
@ -328,7 +346,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Proxy Sid */
LsapLoadString(hInstance, IDS_PROXY_RID, szAccountName, 80);
@ -339,7 +358,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Enterprise Controllers Sid */
LsapLoadString(hInstance, IDS_ENTERPRISE_CONTROLLERS_RID, szAccountName, 80);
@ -350,7 +370,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Principal Self Sid */
LsapLoadString(hInstance, IDS_PRINCIPAL_SELF_RID, szAccountName, 80);
@ -361,7 +382,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Authenticated Users Sid */
LsapLoadString(hInstance, IDS_AUTHENTICATED_USER_RID, szAccountName, 80);
@ -372,7 +394,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Restricted Code Sid */
LsapLoadString(hInstance, IDS_RESTRICTED_CODE_RID, szAccountName, 80);
@ -383,7 +406,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Terminal Server Sid */
LsapLoadString(hInstance, IDS_TERMINAL_SERVER_RID, szAccountName, 80);
@ -394,7 +418,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Remote Logon Sid */
LsapLoadString(hInstance, IDS_REMOTE_LOGON_RID, szAccountName, 80);
@ -405,7 +430,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* This Organization Sid */
LsapLoadString(hInstance, IDS_THIS_ORGANIZATION_RID, szAccountName, 80);
@ -416,7 +442,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Local System Sid */
LsapLoadString(hInstance, IDS_LOCAL_SYSTEM_RID, szAccountName, 80);
@ -427,7 +454,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
&LsapLocalSystemSid);
/* Local Service Sid */
LsapLoadString(hInstance, IDS_LOCAL_SERVICE_RID, szAccountName, 80);
@ -438,14 +466,16 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
LsapCreateSid(&NtAuthority,
1,
SubAuthorities,
L"LOCALSERVICE",
L"NT AUTHORITY",
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Network Service Sid */
LsapLoadString(hInstance, IDS_NETWORK_SERVICE_RID, szAccountName, 80);
@ -456,14 +486,16 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
LsapCreateSid(&NtAuthority,
1,
SubAuthorities,
L"NETWORKSERVICE",
L"NT AUTHORITY",
SidTypeWellKnownGroup);
SidTypeWellKnownGroup,
NULL);
/* Builtin Domain Sid */
LsapLoadString(hInstance, IDS_BUILTIN_DOMAIN_RID, szAccountName, 80);
@ -475,7 +507,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeDomain);
SidTypeDomain,
NULL);
/* Administrators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_ADMINS, szAccountName, 80);
@ -487,7 +520,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeAlias);
SidTypeAlias,
NULL);
/* Users Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, 80);
@ -499,7 +533,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeAlias);
SidTypeAlias,
NULL);
/* Guests Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_GUESTS, szAccountName, 80);
@ -511,7 +546,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeAlias);
SidTypeAlias,
NULL);
/* Power User Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_POWER_USERS, szAccountName, 80);
@ -523,7 +559,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeAlias);
SidTypeAlias,
NULL);
/* Account Operators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_ACCOUNT_OPS, szAccountName, 80);
@ -535,7 +572,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeAlias);
SidTypeAlias,
NULL);
/* System Operators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_SYSTEM_OPS, szAccountName, 80);
@ -547,7 +585,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeAlias);
SidTypeAlias,
NULL);
/* Print Operators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_PRINT_OPS, szAccountName, 80);
@ -559,7 +598,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeAlias);
SidTypeAlias,
NULL);
/* Backup Operators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_BACKUP_OPS, szAccountName, 80);
@ -571,7 +611,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeAlias);
SidTypeAlias,
NULL);
/* Replicators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_REPLICATOR, szAccountName, 80);
@ -583,7 +624,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeAlias);
SidTypeAlias,
NULL);
/* RAS Servers Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_RAS_SERVERS, szAccountName, 80);
@ -595,7 +637,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeAlias);
SidTypeAlias,
NULL);
/* Pre-Windows 2000 Compatible Access Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_PREW2KCOMPACCESS, szAccountName, 80);
@ -607,7 +650,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeAlias);
SidTypeAlias,
NULL);
/* Remote Desktop Users Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_REMOTE_DESKTOP_USERS, szAccountName, 80);
@ -619,7 +663,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeAlias);
SidTypeAlias,
NULL);
/* Network Configuration Operators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_NETWORK_CONFIGURATION_OPS, szAccountName, 80);
@ -631,7 +676,8 @@ LsapInitSids(VOID)
SubAuthorities,
szAccountName,
szDomainName,
SidTypeAlias);
SidTypeAlias,
NULL);
/* FIXME: Add more well known sids */

3
reactos/dll/win32/lsasrv/lsasrv.h
View file

@ -91,6 +91,9 @@ extern UNICODE_STRING BuiltinDomainName;
extern PSID AccountDomainSid;
extern UNICODE_STRING AccountDomainName;
extern PSID LsapLocalSystemSid;
/* authpackage.c */
NTSTATUS
LsapInitAuthPackages(VOID);

65
reactos/dll/win32/msv1_0/msv1_0.c
View file

@ -571,66 +571,6 @@ BuildTokenOwner(PTOKEN_OWNER Owner,
}
static
NTSTATUS
BuildTokenDefaultDacl(PTOKEN_DEFAULT_DACL DefaultDacl,
PSID OwnerSid)
{
SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
PSID LocalSystemSid = NULL;
PACL Dacl = NULL;
NTSTATUS Status = STATUS_SUCCESS;
RtlAllocateAndInitializeSid(&SystemAuthority,
1,
SECURITY_LOCAL_SYSTEM_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&LocalSystemSid);
Dacl = DispatchTable.AllocateLsaHeap(1024);
if (Dacl == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
Status = RtlCreateAcl(Dacl, 1024, ACL_REVISION);
if (!NT_SUCCESS(Status))
goto done;
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
OwnerSid);
/* SID: S-1-5-18 */
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
LocalSystemSid);
DefaultDacl->DefaultDacl = Dacl;
done:
if (!NT_SUCCESS(Status))
{
if (Dacl != NULL)
DispatchTable.FreeLsaHeap(Dacl);
}
if (LocalSystemSid != NULL)
RtlFreeSid(LocalSystemSid);
return Status;
}
static
NTSTATUS
BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
@ -683,11 +623,6 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
if (!NT_SUCCESS(Status))
goto done;
Status = BuildTokenDefaultDacl(&Buffer->DefaultDacl,
OwnerSid);
if (!NT_SUCCESS(Status))
goto done;
*TokenInformation = Buffer;
done: