From 44f8ef985c9a3f5bc6637929a37bc5ed6101b984 Mon Sep 17 00:00:00 2001
From: Thomas Bluemel <thomas@reactsoft.com>
Date: Sun, 16 Jan 2011 02:51:58 +0000
Subject: [PATCH] Create a security descriptor for the desktops rather than
 passing the ACLs in as a security descriptor

svn path=/trunk/; revision=50397
---
 reactos/base/system/winlogon/wlx.c | 38 ++++++++++++++++++++++++++++--
 1 file changed, 36 insertions(+), 2 deletions(-)

diff --git a/reactos/base/system/winlogon/wlx.c b/reactos/base/system/winlogon/wlx.c
index 7dcb9bc3471..3258c19b166 100644
--- a/reactos/base/system/winlogon/wlx.c
+++ b/reactos/base/system/winlogon/wlx.c
@@ -961,7 +961,9 @@ CreateWindowStationAndDesktops(
 	DWORD SidSize, AclSize;
 	PACL pDefaultAcl = NULL;
 	PACL pUserDesktopAcl = NULL;
+	SECURITY_DESCRIPTOR DefaultSecurityDescriptor;
 	SECURITY_ATTRIBUTES DefaultSecurity;
+	SECURITY_DESCRIPTOR UserDesktopSecurityDescriptor;
 	SECURITY_ATTRIBUTES UserDesktopSecurity;
 	BOOL ret = FALSE;
 
@@ -1008,8 +1010,24 @@ CreateWindowStationAndDesktops(
 		ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
 		goto cleanup;
 	}
+
+	/*
+	 * Create the default security descriptor
+	 */
+	if (!InitializeSecurityDescriptor(&DefaultSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
+	{
+		ERR("WL: InitializeSecurityDescriptor() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
+
+	if (!SetSecurityDescriptorDacl(&DefaultSecurityDescriptor, TRUE, pDefaultAcl, FALSE))
+	{
+		ERR("WL: SetSecurityDescriptorDacl() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
+
 	DefaultSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
-	DefaultSecurity.lpSecurityDescriptor = pDefaultAcl;
+	DefaultSecurity.lpSecurityDescriptor = &DefaultSecurityDescriptor;
 	DefaultSecurity.bInheritHandle = TRUE;
 
 	/*
@@ -1021,8 +1039,24 @@ CreateWindowStationAndDesktops(
 		ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
 		goto cleanup;
 	}
+
+	/*
+	 * Create the user desktop security descriptor
+	 */
+	if (!InitializeSecurityDescriptor(&UserDesktopSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
+	{
+		ERR("WL: InitializeSecurityDescriptor() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
+
+	if (!SetSecurityDescriptorDacl(&UserDesktopSecurityDescriptor, TRUE, pUserDesktopAcl, FALSE))
+	{
+		ERR("WL: SetSecurityDescriptorDacl() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
+
 	UserDesktopSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
-	UserDesktopSecurity.lpSecurityDescriptor = pUserDesktopAcl;
+	UserDesktopSecurity.lpSecurityDescriptor = &UserDesktopSecurityDescriptor;
 	UserDesktopSecurity.bInheritHandle = TRUE;
 
 	/*