[RTL] When taking system volume ownership, assert that we succeeded to restore privileges

CORE-17637
2024-09-28 21:44:31 +00:00 · 2021-06-17 15:39:40 +02:00 · 2021-06-17 15:39:40 +02:00 · fb9ebe17bf
parent 9c5b39e25a
commit fb9ebe17bf
1 changed files with 13 additions and 7 deletions
--- a/sdk/lib/rtl/sysvol.c
+++ b/sdk/lib/rtl/sysvol.c
@ -412,7 +412,9 @@ Cleanup:
    return Status;
 }

-static NTSTATUS
+_Must_inspect_result_
+static
+NTSTATUS
 RtlpSysVolTakeOwnership(IN PUNICODE_STRING DirectoryPath,
                        IN PSECURITY_DESCRIPTOR SecurityDescriptor)
 {
@ -511,12 +513,16 @@ RtlpSysVolTakeOwnership(IN PUNICODE_STRING DirectoryPath,
 Cleanup:
    if (TokenEnabled)
    {
-        ZwAdjustPrivilegesToken(hToken,
-                                FALSE,
-                                &TokenPrivileges,
-                                0,
-                                NULL,
-                                NULL);
+        /* Disable privileges that we had to enable, whetever the result was. */
+        NTSTATUS Status2 = ZwAdjustPrivilegesToken(hToken,
+                                                   FALSE,
+                                                   &TokenPrivileges,
+                                                   0,
+                                                   NULL,
+                                                   NULL);
+        /* This must succeed */
+        ASSERT(NT_SUCCESS(Status2));
+        (void)Status2;
    }

    if (AdminSid != NULL)