+static
+NTSTATUS
+LsapAddTokenDefaultDacl(
+ IN PVOID TokenInformation,
+ IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
+{
+ PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
+ PACL Dacl = NULL;
+ ULONG Length;
+
+ if (TokenInformationType == LsaTokenInformationV1)
+ {
+ TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
+
+ if (TokenInfo1->DefaultDacl.DefaultDacl != NULL)
+ return STATUS_SUCCESS;
+
+ Length = sizeof(ACL) +
+ (2 * sizeof(ACCESS_ALLOWED_ACE)) +
+ RtlLengthSid(TokenInfo1->Owner.Owner) +
+ RtlLengthSid(LsapLocalSystemSid);
+
+ Dacl = DispatchTable.AllocateLsaHeap(Length);
+ if (Dacl == NULL)
+ return STATUS_INSUFFICIENT_RESOURCES;
+
+ RtlCreateAcl(Dacl, Length, ACL_REVISION);
+
+ RtlAddAccessAllowedAce(Dacl,
+ ACL_REVISION,
+ GENERIC_ALL,
+ TokenInfo1->Owner.Owner);
+
+ /* SID: S-1-5-18 */
+ RtlAddAccessAllowedAce(Dacl,
+ ACL_REVISION,
+ GENERIC_ALL,
+ LsapLocalSystemSid);
+
+ TokenInfo1->DefaultDacl.DefaultDacl = Dacl;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+