ObDeassignSecurity(IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
{
EX_FAST_REF FastRef;
- ULONG_PTR Count;
+ ULONG Count;
PSECURITY_DESCRIPTOR OldSecurityDescriptor;
-
+
/* Get the fast reference and capture it */
FastRef = *(PEX_FAST_REF)SecurityDescriptor;
-
+
/* Don't free again later */
*SecurityDescriptor = NULL;
-
+
/* Get the descriptor and reference count */
OldSecurityDescriptor = ExGetObjectFastReference(FastRef);
Count = ExGetCountFastReference(FastRef);
-
+
/* Dereference the descriptor */
ObDereferenceSecurityDescriptor(OldSecurityDescriptor, Count + 1);
PSECURITY_DESCRIPTOR OldDescriptor, NewDescriptor, CachedDescriptor;
PEX_FAST_REF FastRef;
EX_FAST_REF OldValue;
- ULONG_PTR Count;
+ ULONG Count;
PAGED_CODE();
/* Get the object header */
OldValue = ExCompareSwapFastReference(FastRef,
CachedDescriptor,
OldDescriptor);
-
+
/* Get the security descriptor */
SecurityDescriptor = ExGetObjectFastReference(OldValue);
Count = ExGetCountFastReference(OldValue);
-
+
/* Make sure the swap worked */
if (SecurityDescriptor == OldDescriptor)
{
{
POBJECT_HEADER ObjectHeader;
POBJECT_TYPE ObjectType;
- PSECURITY_DESCRIPTOR SecurityDescriptor;
+ PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
BOOLEAN SdAllocated;
BOOLEAN Result = TRUE;
ACCESS_MASK GrantedAccess = 0;
{
POBJECT_HEADER ObjectHeader;
POBJECT_TYPE ObjectType;
- PSECURITY_DESCRIPTOR SecurityDescriptor;
+ PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
BOOLEAN SdAllocated;
BOOLEAN Result;
ACCESS_MASK GrantedAccess = 0;
return FALSE;
}
+ /* First try to perform a fast traverse check
+ * If it fails, then the entire access check will
+ * have to be done.
+ */
+ Result = SeFastTraverseCheck(SecurityDescriptor,
+ AccessState,
+ FILE_WRITE_DATA,
+ AccessMode);
+ if (Result)
+ {
+ ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
+ return TRUE;
+ }
+
/* Lock the security context */
SeLockSubjectContext(&AccessState->SubjectSecurityContext);
{
POBJECT_HEADER ObjectHeader;
POBJECT_TYPE ObjectType;
- PSECURITY_DESCRIPTOR SecurityDescriptor;
+ PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
BOOLEAN SdAllocated;
BOOLEAN Result;
ACCESS_MASK GrantedAccess = 0;
PAGED_CODE();
/* Check if we're dealing with a kernel handle */
- if (ObIsKernelHandle(Handle, ExGetPreviousMode()))
+ if (ObpIsKernelHandle(Handle, ExGetPreviousMode()))
{
/* Use the kernel table and convert the handle */
HandleTable = ObpKernelHandleTable;