Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-05 21:42:57 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NTOS]

Browse source 
- Properly implement ObpValidateAccessMask
- If the security descriptor has a system acl, the caller will need access to it

svn path=/trunk/; revision=71636
This commit is contained in:
Ged Murphy 2016-06-14 18:01:02 +00:00
parent bf37176da7
commit 1f533a9d6b
1 changed files with 16 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

17
reactos/ntoskrnl/ob/obhandle.c
View file

@ -484,7 +484,22 @@ NTSTATUS
NTAPI NTAPI
ObpValidateAccessMask(IN PACCESS_STATE AccessState) ObpValidateAccessMask(IN PACCESS_STATE AccessState)
{ {
/* TODO */ PISECURITY_DESCRIPTOR SecurityDescriptor;
/* We're only interested if the object for this access state has an SD */
SecurityDescriptor = AccessState->SecurityDescriptor;
if (SecurityDescriptor)
{
/* Check if the SD has a system ACL but hasn't been granted access to get/set it */
if ((SecurityDescriptor->Control & SE_SACL_PRESENT) &&
!(AccessState->PreviouslyGrantedAccess & ACCESS_SYSTEM_SECURITY))
{
/* We're gonna need access */
AccessState->RemainingDesiredAccess |= ACCESS_SYSTEM_SECURITY;
}
}
/* This can't fail */
return STATUS_SUCCESS; return STATUS_SUCCESS;
} }