object directory: __ipc_sd_init(): use consts, empirically remove admins acl.

1 files changed, 11 insertions, 4 deletions

diff --git a/src/object/ntapi_tt_keyed_object_directory.c b/src/object/ntapi_tt_keyed_object_directory.c
index 6e7352e..a4835bf 100644
--- a/src/object/ntapi_tt_keyed_object_directory.c
+++ b/src/object/ntapi_tt_keyed_object_directory.c
@@ -11,6 +11,14 @@
 #include <ntapi/nt_acl.h>
 #include "ntapi_impl.h"
 
+#define __SID_SYSTEM			{1,1,{{0,0,0,0,0,5}},{18}}
+#define __SID_OWNER_RIGHTS		{1,1,{{0,0,0,0,0,3}},{4}}
+#define __SID_AUTHENTICATED_USERS	{1,1,{{0,0,0,0,0,5}},{11}}
+
+static const nt_sid    sid_system       = __SID_SYSTEM;
+static const nt_sid    sid_owner_rights = __SID_OWNER_RIGHTS;
+static const nt_sid    sid_auth_users   = __SID_AUTHENTICATED_USERS;
+
 typedef ntapi_zw_open_directory_object objdir_open_fn;
 
 static void __tt_guid_to_hex_utf16(
@@ -113,10 +121,9 @@ static void __ipc_sd_init(nt_sd_common_buffer * sd, int fdir)
 
 	/* ace's for LOCAL_SYSTEM, AUTHENTICATED_USERS, and process token user */
 	ace = (nt_access_allowed_ace *)&sd->buffer;
-	ace = __ipc_ace_init(ace,mask_system,&(nt_sid){1,1,{{0,0,0,0,0,5}},{18}});
-	ace = __ipc_ace_init(ace,mask_other,&(nt_sid){1,1,{{0,0,0,0,0,5}},{11}});
-	ace = __ipc_ace_init(ace,mask_owner,(nt_sid *)&(nt_sid_os){1,2,{{0,0,0,0,0,5}},{32,544}});
-	ace = __ipc_ace_init(ace,mask_owner,&(nt_sid){1,1,{{0,0,0,0,0,3}},{4}});
+	ace = __ipc_ace_init(ace,mask_system,&sid_system);
+	ace = __ipc_ace_init(ace,mask_other,&sid_auth_users);
+	ace = __ipc_ace_init(ace,mask_owner,&sid_owner_rights);
 	ace = __ipc_ace_init(ace,mask_owner,(nt_sid *)&sd->owner);
 
 	sd->dacl.acl_revision   = 0x02;