From 102ba75f151b13fdb4590098e0841bff6b03882e Mon Sep 17 00:00:00 2001
From: Pierre Schweitzer <pierre@reactos.org>
Date: Sat, 10 Nov 2018 10:31:03 +0100
Subject: [PATCH] [NTOSKRNL] Return security descriptor size when querying
 object basic info

---
 ntoskrnl/ob/oblife.c | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/ntoskrnl/ob/oblife.c b/ntoskrnl/ob/oblife.c
index 1a884385387..6cc1403e631 100644
--- a/ntoskrnl/ob/oblife.c
+++ b/ntoskrnl/ob/oblife.c
@@ -1488,6 +1488,8 @@ NtQueryObject(IN HANDLE ObjectHandle,
     PVOID Object = NULL;
     NTSTATUS Status;
     POBJECT_HEADER_QUOTA_INFO ObjectQuota;
+    SECURITY_INFORMATION SecurityInformation;
+    POBJECT_TYPE ObjectType;
     KPROCESSOR_MODE PreviousMode = ExGetPreviousMode();
     PAGED_CODE();
 
@@ -1528,6 +1530,7 @@ NtQueryObject(IN HANDLE ObjectHandle,
 
         /* Get the object header */
         ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
+        ObjectType = ObjectHeader->Type;
     }
 
     _SEH2_TRY
@@ -1583,9 +1586,6 @@ NtQueryObject(IN HANDLE ObjectHandle,
                 BasicInfo->NameInfoSize = 0; /* FIXME*/
                 BasicInfo->TypeInfoSize = 0; /* FIXME*/
 
-                /* Copy security information */
-                BasicInfo->SecurityDescriptorSize = 0; /* FIXME*/
-
                 /* Check if this is a symlink */
                 if (ObjectHeader->Type == ObpSymbolicLinkObjectType)
                 {
@@ -1599,6 +1599,26 @@ NtQueryObject(IN HANDLE ObjectHandle,
                     BasicInfo->CreationTime.QuadPart = (ULONGLONG)0;
                 }
 
+                /* Copy security information */
+                BasicInfo->SecurityDescriptorSize = 0;
+                if (BooleanFlagOn(HandleInfo.GrantedAccess, READ_CONTROL) &&
+                    ObjectHeader->SecurityDescriptor != NULL)
+                {
+                    SecurityInformation = OWNER_SECURITY_INFORMATION |
+                                          GROUP_SECURITY_INFORMATION |
+                                          DACL_SECURITY_INFORMATION |
+                                          SACL_SECURITY_INFORMATION;
+
+                    ObjectType->TypeInfo.SecurityProcedure(Object,
+                                                           QuerySecurityDescriptor,
+                                                           &SecurityInformation,
+                                                           NULL,
+                                                           &BasicInfo->SecurityDescriptorSize,
+                                                           &ObjectHeader->SecurityDescriptor,
+                                                           ObjectType->TypeInfo.PoolType,
+                                                           &ObjectType->TypeInfo.GenericMapping);
+                }
+
                 /* Break out with success */
                 Status = STATUS_SUCCESS;
                 break;