From fb9ebe17bf7b422fbfc0dd63ff14d9d0dea82884 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Gardou?= <jerome.gardou@reactos.org>
Date: Thu, 17 Jun 2021 15:39:40 +0200
Subject: [PATCH] [RTL] When taking system volume ownership, assert that we
 succeeded to restore privileges

CORE-17637
---
 sdk/lib/rtl/sysvol.c | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/sdk/lib/rtl/sysvol.c b/sdk/lib/rtl/sysvol.c
index 67c79df0651..6bc7b63f34b 100644
--- a/sdk/lib/rtl/sysvol.c
+++ b/sdk/lib/rtl/sysvol.c
@@ -412,7 +412,9 @@ Cleanup:
     return Status;
 }
 
-static NTSTATUS
+_Must_inspect_result_
+static
+NTSTATUS
 RtlpSysVolTakeOwnership(IN PUNICODE_STRING DirectoryPath,
                         IN PSECURITY_DESCRIPTOR SecurityDescriptor)
 {
@@ -511,12 +513,16 @@ RtlpSysVolTakeOwnership(IN PUNICODE_STRING DirectoryPath,
 Cleanup:
     if (TokenEnabled)
     {
-        ZwAdjustPrivilegesToken(hToken,
-                                FALSE,
-                                &TokenPrivileges,
-                                0,
-                                NULL,
-                                NULL);
+        /* Disable privileges that we had to enable, whetever the result was. */
+        NTSTATUS Status2 = ZwAdjustPrivilegesToken(hToken,
+                                                   FALSE,
+                                                   &TokenPrivileges,
+                                                   0,
+                                                   NULL,
+                                                   NULL);
+        /* This must succeed */
+        ASSERT(NT_SUCCESS(Status2));
+        (void)Status2;
     }
 
     if (AdminSid != NULL)