[SHELL-EXPERIMENTS]

[reactos.git] / ntoskrnl / ob / obsecure.c

diff --git a/ntoskrnl/ob/obsecure.c b/ntoskrnl/ob/obsecure.c
index 28014b4..15395b7 100644 (file)
--- a/ntoskrnl/ob/obsecure.c
+++ b/ntoskrnl/ob/obsecure.c
@@ -62,17 +62,17 @@ ObDeassignSecurity(IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
     EX_FAST_REF FastRef;
     ULONG Count;
     PSECURITY_DESCRIPTOR OldSecurityDescriptor;
-    
+
     /* Get the fast reference and capture it */
     FastRef = *(PEX_FAST_REF)SecurityDescriptor;
-    
+
     /* Don't free again later */
     *SecurityDescriptor = NULL;
-    
+
     /* Get the descriptor and reference count */
     OldSecurityDescriptor = ExGetObjectFastReference(FastRef);
     Count = ExGetCountFastReference(FastRef);
-    
+
     /* Dereference the descriptor */
     ObDereferenceSecurityDescriptor(OldSecurityDescriptor, Count + 1);
 
@@ -162,11 +162,11 @@ ObSetSecurityDescriptorInfo(IN PVOID Object,
                 OldValue = ExCompareSwapFastReference(FastRef,
                                                       CachedDescriptor,
                                                       OldDescriptor);
-                
+
                 /* Get the security descriptor */
                 SecurityDescriptor = ExGetObjectFastReference(OldValue);
                 Count = ExGetCountFastReference(OldValue);
-                
+
                 /* Make sure the swap worked */
                 if (SecurityDescriptor == OldDescriptor)
                 {
@@ -217,7 +217,7 @@ ObCheckCreateObjectAccess(IN PVOID Object,
 {
     POBJECT_HEADER ObjectHeader;
     POBJECT_TYPE ObjectType;
-    PSECURITY_DESCRIPTOR SecurityDescriptor;
+    PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
     BOOLEAN SdAllocated;
     BOOLEAN Result = TRUE;
     ACCESS_MASK GrantedAccess = 0;
@@ -280,7 +280,7 @@ ObpCheckTraverseAccess(IN PVOID Object,
 {
     POBJECT_HEADER ObjectHeader;
     POBJECT_TYPE ObjectType;
-    PSECURITY_DESCRIPTOR SecurityDescriptor;
+    PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
     BOOLEAN SdAllocated;
     BOOLEAN Result;
     ACCESS_MASK GrantedAccess = 0;
@@ -301,6 +301,20 @@ ObpCheckTraverseAccess(IN PVOID Object,
         return FALSE;
     }
 
+    /* First try to perform a fast traverse check
+     * If it fails, then the entire access check will
+     * have to be done.
+     */
+    Result = SeFastTraverseCheck(SecurityDescriptor,
+                                 AccessState,
+                                 FILE_WRITE_DATA,
+                                 AccessMode);
+    if (Result)
+    {
+        ObReleaseObjectSecurity(SecurityDescriptor, SdAllocated);
+        return TRUE;
+    }
+
     /* Lock the security context */
     SeLockSubjectContext(&AccessState->SubjectSecurityContext);
 
@@ -338,7 +352,7 @@ ObpCheckObjectReference(IN PVOID Object,
 {
     POBJECT_HEADER ObjectHeader;
     POBJECT_TYPE ObjectType;
-    PSECURITY_DESCRIPTOR SecurityDescriptor;
+    PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
     BOOLEAN SdAllocated;
     BOOLEAN Result;
     ACCESS_MASK GrantedAccess = 0;
@@ -996,7 +1010,7 @@ ObQueryObjectAuditingByHandle(IN HANDLE Handle,
     PAGED_CODE();
 
     /* Check if we're dealing with a kernel handle */
-    if (ObIsKernelHandle(Handle, ExGetPreviousMode()))
+    if (ObpIsKernelHandle(Handle, ExGetPreviousMode()))
     {
         /* Use the kernel table and convert the handle */
         HandleTable = ObpKernelHandleTable;