- only mask out the generic rights flags in RtlMapGenericMask()
- only deny access when requested rights can't be granted in IoCheckDesiredAccess()
Modified: trunk/reactos/ntoskrnl/io/share.c
Modified: trunk/reactos/ntoskrnl/se/access.c
Modified: trunk/reactos/ntoskrnl/io/share.c
--- trunk/reactos/ntoskrnl/io/share.c	2005-03-20 13:32:27 UTC (rev 14221)
+++ trunk/reactos/ntoskrnl/io/share.c	2005-03-20 13:53:54 UTC (rev 14222)
@@ -280,12 +280,15 @@

 IoCheckDesiredAccess(IN OUT PACCESS_MASK DesiredAccess,
 		     IN ACCESS_MASK GrantedAccess)
 {

+  PAGED_CODE();
+  

   RtlMapGenericMask(DesiredAccess,
 		    IoFileObjectType->Mapping);

-  if ((*DesiredAccess & GrantedAccess) != GrantedAccess)
-    return(STATUS_ACCESS_DENIED);

 

-  return(STATUS_SUCCESS);

+  if ((~(*DesiredAccess) & GrantedAccess) != 0)
+    return STATUS_ACCESS_DENIED;
+  else
+    return STATUS_SUCCESS;

 }
Modified: trunk/reactos/ntoskrnl/se/access.c
--- trunk/reactos/ntoskrnl/se/access.c	2005-03-20 13:32:27 UTC (rev 14221)
+++ trunk/reactos/ntoskrnl/se/access.c	2005-03-20 13:53:54 UTC (rev 14222)
@@ -72,7 +72,7 @@

 	if (*AccessMask & GENERIC_ALL)
 		*AccessMask |= GenericMapping->GenericAll;
 

-	*AccessMask &= 0x0FFFFFFF;

+	*AccessMask &= ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);

 }
 
 /*