[tkreuzer] 62072: [NTOSKRNL] - In SepAccessCheck remove CurrentAccess (which is in all cases only a duplicate of PreviouslyGrantedAccess) and replace AccessMask with TempAccess
9 Feb
2014
9 Feb
'14
4:21 p.m.
Author: tkreuzer
Date: Sun Feb 9 16:21:49 2014
New Revision: 62072
URL: http://svn.reactos.org/svn/reactos?rev=62072&view=rev
Log:
[NTOSKRNL]
- In SepAccessCheck remove CurrentAccess (which is in all cases only a duplicate of
PreviouslyGrantedAccess) and replace AccessMask with TempAccess
Modified:
trunk/reactos/ntoskrnl/se/accesschk.c
Modified: trunk/reactos/ntoskrnl/se/accesschk.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/se/accesschk.c?re…
==============================================================================
--- trunk/reactos/ntoskrnl/se/accesschk.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/se/accesschk.c [iso-8859-1] Sun Feb 9 16:21:49 2014
@@ -31,9 +31,6 @@
OUT PACCESS_MASK GrantedAccess,
OUT PNTSTATUS AccessStatus)
{
-#ifdef OLD_ACCESS_CHECK
- ACCESS_MASK CurrentAccess, AccessMask;
-#endif
ACCESS_MASK RemainingAccess;
ACCESS_MASK TempAccess;
ACCESS_MASK TempGrantedAccess = 0;
@@ -115,7 +112,7 @@
if (DesiredAccess & MAXIMUM_ALLOWED)
{
*GrantedAccess = GenericMapping->GenericAll;
- *GrantedAccess |= (DesiredAccess & ~MAXIMUM_ALLOWED);
+ *GrantedAccess |= (DesiredAccess | PreviouslyGrantedAccess) &
~MAXIMUM_ALLOWED;
}
else
{
@@ -125,10 +122,6 @@
*AccessStatus = STATUS_SUCCESS;
return TRUE;
}
-
-#ifdef OLD_ACCESS_CHECK
- CurrentAccess = PreviouslyGrantedAccess;
-#endif
/* Deny access if the DACL is empty */
if (Dacl->AceCount == 0)
@@ -252,9 +245,9 @@
if (SepSidInToken(Token, Sid))
{
#ifdef OLD_ACCESS_CHECK
- AccessMask = CurrentAce->AccessMask;
- RtlMapGenericMask(&AccessMask, GenericMapping);
- CurrentAccess |= AccessMask;
+ TempAccess = CurrentAce->AccessMask;
+ RtlMapGenericMask(&TempAccess, GenericMapping);
+ PreviouslyGrantedAccess |= TempAccess;
#else
/* Map access rights from the ACE */
TempAccess = CurrentAce->AccessMask;
@@ -276,10 +269,10 @@
}
#ifdef OLD_ACCESS_CHECK
- DPRINT("CurrentAccess %08lx\n DesiredAccess %08lx\n",
- CurrentAccess, DesiredAccess);
-
- *GrantedAccess = CurrentAccess & DesiredAccess;
+ DPRINT("PreviouslyGrantedAccess %08lx\n DesiredAccess %08lx\n",
+ PreviouslyGrantedAccess, DesiredAccess);
+
+ *GrantedAccess = PreviouslyGrantedAccess & DesiredAccess;
if ((*GrantedAccess & ~VALID_INHERIT_FLAGS) ==
(DesiredAccess & ~VALID_INHERIT_FLAGS))
3933
days inactive
3933
days old
0 comments
1 participants
participants (1)
-
tkreuzer@svn.reactos.org