- only mask out the generic rights flags in RtlMapGenericMask()
- only deny access when requested rights can't be granted in IoCheckDesiredAccess()
Modified: trunk/reactos/ntoskrnl/io/share.c
Modified: trunk/reactos/ntoskrnl/se/access.c

Modified: trunk/reactos/ntoskrnl/io/share.c
--- trunk/reactos/ntoskrnl/io/share.c	2005-03-20 13:32:27 UTC (rev 14221)
+++ trunk/reactos/ntoskrnl/io/share.c	2005-03-20 13:53:54 UTC (rev 14222)
@@ -280,12 +280,15 @@
 IoCheckDesiredAccess(IN OUT PACCESS_MASK DesiredAccess,
 		     IN ACCESS_MASK GrantedAccess)
 {
+  PAGED_CODE();
+  
   RtlMapGenericMask(DesiredAccess,
 		    IoFileObjectType->Mapping);
-  if ((*DesiredAccess & GrantedAccess) != GrantedAccess)
-    return(STATUS_ACCESS_DENIED);
 
-  return(STATUS_SUCCESS);
+  if ((~(*DesiredAccess) & GrantedAccess) != 0)
+    return STATUS_ACCESS_DENIED;
+  else
+    return STATUS_SUCCESS;
 }
 
 

Modified: trunk/reactos/ntoskrnl/se/access.c
--- trunk/reactos/ntoskrnl/se/access.c	2005-03-20 13:32:27 UTC (rev 14221)
+++ trunk/reactos/ntoskrnl/se/access.c	2005-03-20 13:53:54 UTC (rev 14222)
@@ -72,7 +72,7 @@
 	if (*AccessMask & GENERIC_ALL)
 		*AccessMask |= GenericMapping->GenericAll;
 
-	*AccessMask &= 0x0FFFFFFF;
+	*AccessMask &= ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
 }
 
 /*