[NTOS:SE]

Add a missing ACE(SeAliasAdminsSid / GENERIC_ALL) to the SePublicDefaultDacl ACL. This fixes a kmtest:ObSecurity failure.

svn path=/trunk/; revision=74050

diff --git a/reactos/ntoskrnl/se/acl.c b/reactos/ntoskrnl/se/acl.c
index a29a85e..392f2a9 100644 (file)
--- a/reactos/ntoskrnl/se/acl.c
+++ b/reactos/ntoskrnl/se/acl.c
@@ -38,7 +38,8 @@ SepInitDACLs(VOID)
     /* create PublicDefaultDacl */
     AclLength = sizeof(ACL) +
                 (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
     /* create PublicDefaultDacl */
     AclLength = sizeof(ACL) +
                 (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +

-                (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
+                (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
+                (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));

 
     SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
                                                 AclLength,
 
     SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
                                                 AclLength,


@@ -60,6 +61,11 @@ SepInitDACLs(VOID)
                            GENERIC_ALL,
                            SeLocalSystemSid);
 
                            GENERIC_ALL,
                            SeLocalSystemSid);
 

+    RtlAddAccessAllowedAce(SePublicDefaultDacl,
+                           ACL_REVISION,
+                           GENERIC_ALL,
+                           SeAliasAdminsSid);
+

     /* create PublicDefaultUnrestrictedDacl */
     AclLength = sizeof(ACL) +
                 (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
     /* create PublicDefaultUnrestrictedDacl */
     AclLength = sizeof(ACL) +
                 (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +