mirror of
https://github.com/reactos/reactos.git
synced 2024-12-28 10:04:49 +00:00
[NTOS:SE] Use the captured security descriptor when access checking
When performing access security check, use the security descriptor that we've captured it to determine based on that descriptor if the client can be granted access or not.
This commit is contained in:
parent
f81fb355ae
commit
fc5bc55fbb
1 changed files with 4 additions and 4 deletions
|
@ -882,8 +882,8 @@ NtAccessCheck(
|
|||
}
|
||||
|
||||
/* Check security descriptor for valid owner and group */
|
||||
if (SepGetSDOwner(SecurityDescriptor) == NULL || // FIXME: use CapturedSecurityDescriptor
|
||||
SepGetSDGroup(SecurityDescriptor) == NULL) // FIXME: use CapturedSecurityDescriptor
|
||||
if (SepGetSDOwner(CapturedSecurityDescriptor) == NULL ||
|
||||
SepGetSDGroup(CapturedSecurityDescriptor) == NULL)
|
||||
{
|
||||
DPRINT("Security Descriptor does not have a valid group or owner\n");
|
||||
SeReleaseSecurityDescriptor(CapturedSecurityDescriptor,
|
||||
|
@ -902,7 +902,7 @@ NtAccessCheck(
|
|||
/* Check if the token is the owner and grant WRITE_DAC and READ_CONTROL rights */
|
||||
if (DesiredAccess & (WRITE_DAC | READ_CONTROL | MAXIMUM_ALLOWED))
|
||||
{
|
||||
if (SepTokenIsOwner(Token, SecurityDescriptor, FALSE)) // FIXME: use CapturedSecurityDescriptor
|
||||
if (SepTokenIsOwner(Token, CapturedSecurityDescriptor, FALSE))
|
||||
{
|
||||
if (DesiredAccess & MAXIMUM_ALLOWED)
|
||||
PreviouslyGrantedAccess |= (WRITE_DAC | READ_CONTROL);
|
||||
|
@ -921,7 +921,7 @@ NtAccessCheck(
|
|||
else
|
||||
{
|
||||
/* Now perform the access check */
|
||||
SepAccessCheck(SecurityDescriptor, // FIXME: use CapturedSecurityDescriptor
|
||||
SepAccessCheck(CapturedSecurityDescriptor,
|
||||
&SubjectSecurityContext,
|
||||
DesiredAccess,
|
||||
NULL,
|
||||
|
|
Loading…
Reference in a new issue