OUT PACCESS_MASK GrantedAccess,
OUT PNTSTATUS AccessStatus)
{
-#ifdef OLD_ACCESS_CHECK
- ACCESS_MASK CurrentAccess, AccessMask;
-#endif
ACCESS_MASK RemainingAccess;
ACCESS_MASK TempAccess;
ACCESS_MASK TempGrantedAccess = 0;
if (DesiredAccess & MAXIMUM_ALLOWED)
{
*GrantedAccess = GenericMapping->GenericAll;
- *GrantedAccess |= (DesiredAccess & ~MAXIMUM_ALLOWED);
+ *GrantedAccess |= (DesiredAccess | PreviouslyGrantedAccess) & ~MAXIMUM_ALLOWED;
}
else
{
return TRUE;
}
-#ifdef OLD_ACCESS_CHECK
- CurrentAccess = PreviouslyGrantedAccess;
-#endif
-
/* Deny access if the DACL is empty */
if (Dacl->AceCount == 0)
{
if (SepSidInToken(Token, Sid))
{
#ifdef OLD_ACCESS_CHECK
- AccessMask = CurrentAce->AccessMask;
- RtlMapGenericMask(&AccessMask, GenericMapping);
- CurrentAccess |= AccessMask;
+ TempAccess = CurrentAce->AccessMask;
+ RtlMapGenericMask(&TempAccess, GenericMapping);
+ PreviouslyGrantedAccess |= TempAccess;
#else
/* Map access rights from the ACE */
TempAccess = CurrentAce->AccessMask;
}
#ifdef OLD_ACCESS_CHECK
- DPRINT("CurrentAccess %08lx\n DesiredAccess %08lx\n",
- CurrentAccess, DesiredAccess);
+ DPRINT("PreviouslyGrantedAccess %08lx\n DesiredAccess %08lx\n",
+ PreviouslyGrantedAccess, DesiredAccess);
- *GrantedAccess = CurrentAccess & DesiredAccess;
+ *GrantedAccess = PreviouslyGrantedAccess & DesiredAccess;
if ((*GrantedAccess & ~VALID_INHERIT_FLAGS) ==
(DesiredAccess & ~VALID_INHERIT_FLAGS))