[ros-diffs] [tkreuzer] 62072: [NTOSKRNL] - In SepAccessCheck remove CurrentAccess (which is in all cases only a duplicate of PreviouslyGrantedAccess) and replace AccessMask with TempAccess

9 Feb 2014

Author: tkreuzer
Date: Sun Feb  9 16:21:49 2014
New Revision: 62072
URL: http://svn.reactos.org/svn/reactos?rev=62072&view=rev
Log:
[NTOSKRNL]
- In SepAccessCheck remove CurrentAccess (which is in all cases only a duplicate of PreviouslyGrantedAccess) and replace AccessMask with TempAccess
Modified:
    trunk/reactos/ntoskrnl/se/accesschk.c
Modified: trunk/reactos/ntoskrnl/se/accesschk.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/accesschk.c?rev...
==============================================================================

--- trunk/reactos/ntoskrnl/se/accesschk.c	[iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/accesschk.c	[iso-8859-1] Sun Feb  9 16:21:49 2014
@@ -31,9 +31,6 @@
                OUT PACCESS_MASK GrantedAccess,
                OUT PNTSTATUS AccessStatus)
 {
-#ifdef OLD_ACCESS_CHECK
-    ACCESS_MASK CurrentAccess, AccessMask;
-#endif
     ACCESS_MASK RemainingAccess;
     ACCESS_MASK TempAccess;
     ACCESS_MASK TempGrantedAccess = 0;
@@ -115,7 +112,7 @@
         if (DesiredAccess & MAXIMUM_ALLOWED)
         {
             *GrantedAccess = GenericMapping->GenericAll;
-            *GrantedAccess |= (DesiredAccess & ~MAXIMUM_ALLOWED);
+            *GrantedAccess |= (DesiredAccess | PreviouslyGrantedAccess) & ~MAXIMUM_ALLOWED;
         }
         else
         {
@@ -125,10 +122,6 @@
         *AccessStatus = STATUS_SUCCESS;
         return TRUE;
     }
-
-#ifdef OLD_ACCESS_CHECK
-    CurrentAccess = PreviouslyGrantedAccess;
-#endif
/* Deny access if the DACL is empty */
     if (Dacl->AceCount == 0)
@@ -252,9 +245,9 @@
                 if (SepSidInToken(Token, Sid))
                 {
 #ifdef OLD_ACCESS_CHECK
-                    AccessMask = CurrentAce->AccessMask;
-                    RtlMapGenericMask(&AccessMask, GenericMapping);
-                    CurrentAccess |= AccessMask;
+                    TempAccess = CurrentAce->AccessMask;
+                    RtlMapGenericMask(&TempAccess, GenericMapping);
+                    PreviouslyGrantedAccess |= TempAccess;
 #else
                     /* Map access rights from the ACE */
                     TempAccess = CurrentAce->AccessMask;
@@ -276,10 +269,10 @@
     }
#ifdef OLD_ACCESS_CHECK
-    DPRINT("CurrentAccess %08lx\n DesiredAccess %08lx\n",
-           CurrentAccess, DesiredAccess);
-
-    *GrantedAccess = CurrentAccess & DesiredAccess;
+    DPRINT("PreviouslyGrantedAccess %08lx\n DesiredAccess %08lx\n",
+           PreviouslyGrantedAccess, DesiredAccess);
+
+    *GrantedAccess = PreviouslyGrantedAccess & DesiredAccess;
if ((*GrantedAccess & ~VALID_INHERIT_FLAGS) ==
         (DesiredAccess & ~VALID_INHERIT_FLAGS))

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [tkreuzer] 62072: [NTOSKRNL] - In SepAccessCheck remove CurrentAccess (which is in all cases only a duplicate of PreviouslyGrantedAccess) and replace AccessMask with TempAccess