Add a missing ACE(SeAliasAdminsSid / GENERIC_ALL) to the SePublicDefaultDacl ACL. This fixes a kmtest:ObSecurity failure.
svn path=/trunk/; revision=74050
/* create PublicDefaultDacl */
AclLength = sizeof(ACL) +
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
/* create PublicDefaultDacl */
AclLength = sizeof(ACL) +
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
- (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
+ (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
+ (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));
SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
AclLength,
GENERIC_ALL,
SeLocalSystemSid);
GENERIC_ALL,
SeLocalSystemSid);
+ RtlAddAccessAllowedAce(SePublicDefaultDacl,
+ ACL_REVISION,
+ GENERIC_ALL,
+ SeAliasAdminsSid);
+
/* create PublicDefaultUnrestrictedDacl */
AclLength = sizeof(ACL) +
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
/* create PublicDefaultUnrestrictedDacl */
AclLength = sizeof(ACL) +
(sizeof(ACE) + RtlLengthSid(SeWorldSid)) +