From a804ba3200190c1405d4af93ef53d9623797ddbb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?George=20Bi=C8=99oc?= <george.bisoc@reactos.org>
Date: Mon, 6 Mar 2023 20:03:44 +0100
Subject: [PATCH] [NTOS:SE] Print debug output only if NDEBUG is not defined

This mutes a lot of debug spam that fills up the debugger when an access
check fails because a requestor doesn't have enough privileges to access
an object.
---
 ntoskrnl/se/debug.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/ntoskrnl/se/debug.c b/ntoskrnl/se/debug.c
index da5e35a160e..f21d5400938 100644
--- a/ntoskrnl/se/debug.c
+++ b/ntoskrnl/se/debug.c
@@ -13,6 +13,7 @@
 
 /* PRIVATE FUNCTIONS **********************************************************/
 
+#ifndef NDEBUG
 /**
  * @brief
  * Converts an Access Control Entry (ACE) type to a string.
@@ -204,6 +205,7 @@ SepDumpSidsOfToken(
         RtlFreeUnicodeString(&SidString);
     }
 }
+#endif
 
 /* PUBLIC FUNCTIONS ***********************************************************/
 
@@ -215,9 +217,11 @@ VOID
 SepDumpSdDebugInfo(
     _In_opt_ PISECURITY_DESCRIPTOR SecurityDescriptor)
 {
+#ifndef NDEBUG
     UNICODE_STRING SidString;
     PSID OwnerSid, GroupSid;
     PACL Dacl, Sacl;
+#endif
 
     /* Don't dump anything if no SD was provided */
     if (!SecurityDescriptor)
@@ -225,6 +229,7 @@ SepDumpSdDebugInfo(
         return;
     }
 
+#ifndef NDEBUG
     /* Cache the necessary security buffers to dump info from */
     OwnerSid = SepGetOwnerFromDescriptor(SecurityDescriptor);
     GroupSid = SepGetGroupFromDescriptor(SecurityDescriptor);
@@ -264,6 +269,7 @@ SepDumpSdDebugInfo(
     {
         SepDumpAclInfo(Dacl, FALSE);
     }
+#endif
 }
 
 /**
@@ -274,7 +280,9 @@ VOID
 SepDumpTokenDebugInfo(
     _In_opt_ PTOKEN Token)
 {
+#ifndef NDEBUG
     UNICODE_STRING SidString;
+#endif
 
     /* Don't dump anything if no token was provided */
     if (!Token)
@@ -282,6 +290,7 @@ SepDumpTokenDebugInfo(
         return;
     }
 
+#ifndef NDEBUG
     /* Dump relevant token info */
     DbgPrint("================== ACCESS TOKEN DUMP INFO ==================\n");
     DbgPrint("Token -> 0x%p\n", Token);
@@ -305,6 +314,7 @@ SepDumpTokenDebugInfo(
         DbgPrint("Token restricted SIDs:\n");
         SepDumpSidsOfToken(Token->RestrictedSids, Token->RestrictedSidCount);
     }
+#endif
 }
 
 /**
@@ -321,10 +331,12 @@ SepDumpAccessRightsStats(
         return;
     }
 
+#ifndef NDEBUG
     DbgPrint("================== ACCESS CHECK RIGHTS STATISTICS ==================\n");
     DbgPrint("Remaining access rights -> 0x%08lx\n", AccessRights->RemainingAccessRights);
     DbgPrint("Granted access rights -> 0x%08lx\n", AccessRights->GrantedAccessRights);
     DbgPrint("Denied access rights -> 0x%08lx\n", AccessRights->DeniedAccessRights);
+#endif
 }
 
 /* EOF */