[ekohl] 50390: [NTOSKRNL] Simplify SepPrivilegeCheck. Patch by Timo Kreuzer. - Ros-diffs

15 Jan 2011

Author: ekohl
Date: Sat Jan 15 14:35:26 2011
New Revision: 50390
URL: http://svn.reactos.org/svn/reactos?rev=50390&view=rev
Log:
[NTOSKRNL]
Simplify SepPrivilegeCheck.
Patch by Timo Kreuzer.
Modified:
    trunk/reactos/ntoskrnl/se/priv.c
Modified: trunk/reactos/ntoskrnl/se/priv.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/priv.c?rev=5039...
==============================================================================

--- trunk/reactos/ntoskrnl/se/priv.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/priv.c [iso-8859-1] Sat Jan 15 14:35:26 2011
@@ -118,54 +118,46 @@
 {
     ULONG i;
     ULONG j;
-    ULONG k;
+    ULONG Required;
DPRINT("SepPrivilegeCheck() called\n");
PAGED_CODE();
if (PreviousMode == KernelMode)
-    {
         return TRUE;
-    }
-
-    k = 0;
-    if (PrivilegeCount > 0)
-    {
-        for (i = 0; i < Token->PrivilegeCount; i++)
-        {
-            for (j = 0; j < PrivilegeCount; j++)
+
+    /* Get the number of privileges that are required to match */
+    Required = (PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) ? PrivilegeCount : 1;
+
+    /* Loop all requested privileges until we found the required ones */
+    for (i = 0; i < PrivilegeCount && Required > 0; i++)
+    {
+        /* Loop the privileges of the token */
+        for (j = 0; j < Token->PrivilegeCount; j++)
+        {
+            /* Check if the LUIDs match */
+            if (Token->Privileges[j].Luid.LowPart == Privileges[i].Luid.LowPart &&
+                Token->Privileges[j].Luid.HighPart == Privileges[i].Luid.HighPart)
             {
-                if (Token->Privileges[i].Luid.LowPart == Privileges[j].Luid.LowPart &&
-                    Token->Privileges[i].Luid.HighPart == Privileges[j].Luid.HighPart)
+                DPRINT("Found privilege. Attributes: %lx\n",
+                       Token->Privileges[j].Attributes);
+
+                /* Check if the privilege is enabled */
+                if (Token->Privileges[j].Attributes & SE_PRIVILEGE_ENABLED)
                 {
-                    DPRINT("Found privilege\n");
-                    DPRINT("Privilege attributes %lx\n",
-                           Token->Privileges[i].Attributes);
-
-                    if (Token->Privileges[i].Attributes & SE_PRIVILEGE_ENABLED)
-                    {
-                        Privileges[j].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
-                        k++;
-                    }
+                    Privileges[i].Attributes |= SE_PRIVILEGE_USED_FOR_ACCESS;
+                    Required--;
                 }
+
+                /* Leave the inner loop */
+                break;
             }
         }
     }
-    if ((PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY) &&
-        PrivilegeCount == k)
-    {
-        return TRUE;
-    }
-
-    if (k > 0 &&
-        !(PrivilegeControl & PRIVILEGE_SET_ALL_NECESSARY))
-    {
-        return TRUE;
-    }
-
-    return FALSE;
+    /* Return whether we found all required privileges */
+    return (Required == 0);
 }
NTSTATUS

    