@@ -5587,9 +5587,18 @@ struct _Py_SECURITY_ATTRIBUTE_DATA {
55875587 PACL acl ;
55885588 SECURITY_DESCRIPTOR sd ;
55895589 EXPLICIT_ACCESS_W ea [4 ];
5590- char sid [64 ];
5590+ BYTE sidAdmins [SECURITY_MAX_SID_SIZE ];
5591+ BYTE sidSystem [SECURITY_MAX_SID_SIZE ];
5592+ BYTE sidCreator [SECURITY_MAX_SID_SIZE ];
55915593};
55925594
5595+ static int
5596+ _initializeSid (BYTE * sid , WELL_KNOWN_SID_TYPE sidType )
5597+ {
5598+ DWORD cbSid = SECURITY_MAX_SID_SIZE ;
5599+ return CreateWellKnownSid (sidType , NULL , sid , & cbSid ) ? 1 : 0 ;
5600+ }
5601+
55935602static int
55945603initializeDefaultSecurityAttributes (
55955604 PSECURITY_ATTRIBUTES * securityAttributes ,
@@ -5612,44 +5621,37 @@ initializeMkdir700SecurityAttributes(
56125621 * securityAttributes = NULL ;
56135622 memset (data , 0 , sizeof (* data ));
56145623
5624+ SID_IDENTIFIER_AUTHORITY SidNtAuthority = SECURITY_NT_AUTHORITY ;
56155625 if (!InitializeSecurityDescriptor (& data -> sd , SECURITY_DESCRIPTOR_REVISION )
5616- || !SetSecurityDescriptorGroup (& data -> sd , NULL , TRUE)) {
5626+ || !SetSecurityDescriptorGroup (& data -> sd , NULL , TRUE)
5627+ || !_initializeSid (data -> sidAdmins , WinBuiltinAdministratorsSid )
5628+ || !_initializeSid (data -> sidSystem , WinLocalSystemSid )
5629+ || !_initializeSid (data -> sidCreator , WinCreatorOwnerRightsSid )
5630+ ) {
56175631 return GetLastError ();
56185632 }
56195633
5620- int use_alias = 0 ;
5621- DWORD cbSid = sizeof (data -> sid );
5622- if (!CreateWellKnownSid (WinCreatorOwnerRightsSid , NULL , (PSID )data -> sid , & cbSid )) {
5623- use_alias = 1 ;
5624- }
5625-
56265634 data -> securityAttributes .nLength = sizeof (SECURITY_ATTRIBUTES );
56275635 data -> ea [0 ].grfAccessPermissions = GENERIC_ALL ;
56285636 data -> ea [0 ].grfAccessMode = SET_ACCESS ;
56295637 data -> ea [0 ].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT ;
5630- if (use_alias ) {
5631- data -> ea [0 ].Trustee .TrusteeForm = TRUSTEE_IS_NAME ;
5632- data -> ea [0 ].Trustee .TrusteeType = TRUSTEE_IS_ALIAS ;
5633- data -> ea [0 ].Trustee .ptstrName = L"CURRENT_USER" ;
5634- } else {
5635- data -> ea [0 ].Trustee .TrusteeForm = TRUSTEE_IS_SID ;
5636- data -> ea [0 ].Trustee .TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP ;
5637- data -> ea [0 ].Trustee .ptstrName = (LPWCH )(SID * )data -> sid ;
5638- }
5638+ data -> ea [0 ].Trustee .TrusteeForm = TRUSTEE_IS_SID ;
5639+ data -> ea [0 ].Trustee .TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP ;
5640+ data -> ea [0 ].Trustee .ptstrName = (LPWCH )data -> sidSystem ;
56395641
56405642 data -> ea [1 ].grfAccessPermissions = GENERIC_ALL ;
56415643 data -> ea [1 ].grfAccessMode = SET_ACCESS ;
56425644 data -> ea [1 ].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT ;
5643- data -> ea [1 ].Trustee .TrusteeForm = TRUSTEE_IS_NAME ;
5644- data -> ea [1 ].Trustee .TrusteeType = TRUSTEE_IS_ALIAS ;
5645- data -> ea [1 ].Trustee .ptstrName = L"SYSTEM" ;
5645+ data -> ea [1 ].Trustee .TrusteeForm = TRUSTEE_IS_SID ;
5646+ data -> ea [1 ].Trustee .TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP ;
5647+ data -> ea [1 ].Trustee .ptstrName = ( LPWCH ) data -> sidAdmins ;
56465648
56475649 data -> ea [2 ].grfAccessPermissions = GENERIC_ALL ;
56485650 data -> ea [2 ].grfAccessMode = SET_ACCESS ;
56495651 data -> ea [2 ].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT ;
5650- data -> ea [2 ].Trustee .TrusteeForm = TRUSTEE_IS_NAME ;
5652+ data -> ea [2 ].Trustee .TrusteeForm = TRUSTEE_IS_SID ;
56515653 data -> ea [2 ].Trustee .TrusteeType = TRUSTEE_IS_ALIAS ;
5652- data -> ea [2 ].Trustee .ptstrName = L"ADMINISTRATORS" ;
5654+ data -> ea [2 ].Trustee .ptstrName = ( LPWCH ) data -> sidCreator ;
56535655
56545656 int r = SetEntriesInAclW (3 , data -> ea , NULL , & data -> acl );
56555657 if (r ) {
0 commit comments