https://git.reactos.org/?p=reactos.git;a=commitdiff;h=fc5bc55fbbb7059057fde0...
commit fc5bc55fbbb7059057fde0dcd0c6a8144af3f908 Author: George Bișoc george.bisoc@reactos.org AuthorDate: Sun Sep 12 16:07:44 2021 +0200 Commit: George Bișoc george.bisoc@reactos.org CommitDate: Sun Sep 12 16:07:44 2021 +0200
[NTOS:SE] Use the captured security descriptor when access checking
When performing access security check, use the security descriptor that we've captured it to determine based on that descriptor if the client can be granted access or not. --- ntoskrnl/se/accesschk.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/ntoskrnl/se/accesschk.c b/ntoskrnl/se/accesschk.c index 35e22f2f35d..537ab9739a9 100644 --- a/ntoskrnl/se/accesschk.c +++ b/ntoskrnl/se/accesschk.c @@ -882,8 +882,8 @@ NtAccessCheck( }
/* Check security descriptor for valid owner and group */ - if (SepGetSDOwner(SecurityDescriptor) == NULL || // FIXME: use CapturedSecurityDescriptor - SepGetSDGroup(SecurityDescriptor) == NULL) // FIXME: use CapturedSecurityDescriptor + if (SepGetSDOwner(CapturedSecurityDescriptor) == NULL || + SepGetSDGroup(CapturedSecurityDescriptor) == NULL) { DPRINT("Security Descriptor does not have a valid group or owner\n"); SeReleaseSecurityDescriptor(CapturedSecurityDescriptor, @@ -902,7 +902,7 @@ NtAccessCheck( /* Check if the token is the owner and grant WRITE_DAC and READ_CONTROL rights */ if (DesiredAccess & (WRITE_DAC | READ_CONTROL | MAXIMUM_ALLOWED)) { - if (SepTokenIsOwner(Token, SecurityDescriptor, FALSE)) // FIXME: use CapturedSecurityDescriptor + if (SepTokenIsOwner(Token, CapturedSecurityDescriptor, FALSE)) { if (DesiredAccess & MAXIMUM_ALLOWED) PreviouslyGrantedAccess |= (WRITE_DAC | READ_CONTROL); @@ -921,7 +921,7 @@ NtAccessCheck( else { /* Now perform the access check */ - SepAccessCheck(SecurityDescriptor, // FIXME: use CapturedSecurityDescriptor + SepAccessCheck(CapturedSecurityDescriptor, &SubjectSecurityContext, DesiredAccess, NULL,