return STATUS_SUCCESS;
}
+ULONG SidInTokenCalls = 0;
static BOOLEAN
SepSidInToken(PACCESS_TOKEN _Token,
PAGED_CODE();
+ SidInTokenCalls++;
+ if (!(SidInTokenCalls % 10000)) DPRINT1("SidInToken Calls: %d\n", SidInTokenCalls);
+
if (Token->UserAndGroupCount == 0)
{
return FALSE;
{
if (RtlEqualSid(Sid, Token->UserAndGroups[i].Sid))
{
- if (Token->UserAndGroups[i].Attributes & SE_GROUP_ENABLED)
+ if ((i == 0)|| (Token->UserAndGroups[i].Attributes & SE_GROUP_ENABLED))
{
return TRUE;
}
SeUnlockSubjectContext(SubjectSecurityContext);
}
- *GrantedAccess = DesiredAccess;
+ if (DesiredAccess & MAXIMUM_ALLOWED)
+ {
+ *GrantedAccess = GenericMapping->GenericAll;
+ *GrantedAccess |= (DesiredAccess & ~MAXIMUM_ALLOWED);
+ }
+ else
+ {
+ *GrantedAccess = DesiredAccess | PreviouslyGrantedAccess;
+ }
+
*AccessStatus = STATUS_SUCCESS;
return TRUE;
}