diff --git a/src/sys/create.c b/src/sys/create.c index 7d959f74..eb2c954c 100644 --- a/src/sys/create.c +++ b/src/sys/create.c @@ -368,6 +368,7 @@ VOID FspFsvolCreateComplete( ULONG SecurityDescriptorSize; UNICODE_STRING ReparseFileName; ACCESS_MASK DesiredAccess = IrpSp->Parameters.Create.SecurityContext->DesiredAccess; + PPRIVILEGE_SET Privileges = 0; USHORT ShareAccess = IrpSp->Parameters.Create.ShareAccess; ULONG Flags = IrpSp->Flags; KPROCESSOR_MODE RequestorMode = @@ -458,7 +459,7 @@ VOID FspFsvolCreateComplete( FALSE, DesiredAccess, AccessState->PreviouslyGrantedAccess, - 0, + &Privileges, IoGetFileObjectGenericMapping(), RequestorMode, &GrantedAccess, @@ -468,6 +469,17 @@ VOID FspFsvolCreateComplete( FSP_RETURN(); } + if (0 != Privileges) + { + Result = SeAppendPrivileges(AccessState, Privileges); + SeFreePrivileges(Privileges); + if (!NT_SUCCESS(Result)) + { + FspFsvolCreateClose(Irp, Response); + FSP_RETURN(); + } + } + SetFlag(AccessState->PreviouslyGrantedAccess, GrantedAccess); ClearFlag(AccessState->RemainingDesiredAccess, GrantedAccess); } diff --git a/src/sys/device.c b/src/sys/device.c index 71246536..ea2e3a1e 100644 --- a/src/sys/device.c +++ b/src/sys/device.c @@ -226,6 +226,8 @@ static VOID FspFsvolDeviceFini(PDEVICE_OBJECT DeviceObject) FSP_FSVOL_DEVICE_EXTENSION *FsvolDeviceExtension = FspFsvolDeviceExtension(DeviceObject); +#if 0 + /* FspFsvolDeviceFreeElement is now a no-op, so this is no longer necessary */ /* * Enumerate and delete all entries in the GenericTable. * There is no need to protect accesses to the table as we are in the device destructor. @@ -233,6 +235,7 @@ static VOID FspFsvolDeviceFini(PDEVICE_OBJECT DeviceObject) FSP_DEVICE_GENERIC_TABLE_ELEMENT_DATA *Element; while (0 != (Element = RtlGetElementGenericTableAvl(&FsvolDeviceExtension->GenericTable, 0))) RtlDeleteElementGenericTableAvl(&FsvolDeviceExtension->GenericTable, &Element->Identifier); +#endif /* * Dereference the virtual volume device so that it can now go away.