summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
f03483a)
- In SepAccessCheck remove CurrentAccess (which is in all cases only a duplicate of PreviouslyGrantedAccess) and replace AccessMask with TempAccess
svn path=/trunk/; revision=62072
OUT PACCESS_MASK GrantedAccess,
OUT PNTSTATUS AccessStatus)
{
OUT PACCESS_MASK GrantedAccess,
OUT PNTSTATUS AccessStatus)
{
-#ifdef OLD_ACCESS_CHECK
- ACCESS_MASK CurrentAccess, AccessMask;
-#endif
ACCESS_MASK RemainingAccess;
ACCESS_MASK TempAccess;
ACCESS_MASK TempGrantedAccess = 0;
ACCESS_MASK RemainingAccess;
ACCESS_MASK TempAccess;
ACCESS_MASK TempGrantedAccess = 0;
if (DesiredAccess & MAXIMUM_ALLOWED)
{
*GrantedAccess = GenericMapping->GenericAll;
if (DesiredAccess & MAXIMUM_ALLOWED)
{
*GrantedAccess = GenericMapping->GenericAll;
- *GrantedAccess |= (DesiredAccess & ~MAXIMUM_ALLOWED);
+ *GrantedAccess |= (DesiredAccess | PreviouslyGrantedAccess) & ~MAXIMUM_ALLOWED;
-#ifdef OLD_ACCESS_CHECK
- CurrentAccess = PreviouslyGrantedAccess;
-#endif
-
/* Deny access if the DACL is empty */
if (Dacl->AceCount == 0)
{
/* Deny access if the DACL is empty */
if (Dacl->AceCount == 0)
{
if (SepSidInToken(Token, Sid))
{
#ifdef OLD_ACCESS_CHECK
if (SepSidInToken(Token, Sid))
{
#ifdef OLD_ACCESS_CHECK
- AccessMask = CurrentAce->AccessMask;
- RtlMapGenericMask(&AccessMask, GenericMapping);
- CurrentAccess |= AccessMask;
+ TempAccess = CurrentAce->AccessMask;
+ RtlMapGenericMask(&TempAccess, GenericMapping);
+ PreviouslyGrantedAccess |= TempAccess;
#else
/* Map access rights from the ACE */
TempAccess = CurrentAce->AccessMask;
#else
/* Map access rights from the ACE */
TempAccess = CurrentAce->AccessMask;
}
#ifdef OLD_ACCESS_CHECK
}
#ifdef OLD_ACCESS_CHECK
- DPRINT("CurrentAccess %08lx\n DesiredAccess %08lx\n",
- CurrentAccess, DesiredAccess);
+ DPRINT("PreviouslyGrantedAccess %08lx\n DesiredAccess %08lx\n",
+ PreviouslyGrantedAccess, DesiredAccess);
- *GrantedAccess = CurrentAccess & DesiredAccess;
+ *GrantedAccess = PreviouslyGrantedAccess & DesiredAccess;
if ((*GrantedAccess & ~VALID_INHERIT_FLAGS) ==
(DesiredAccess & ~VALID_INHERIT_FLAGS))
if ((*GrantedAccess & ~VALID_INHERIT_FLAGS) ==
(DesiredAccess & ~VALID_INHERIT_FLAGS))