https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f9c603db6efff3f9d589a… commit f9c603db6efff3f9d589a36e8ac294a639f86fb1 Author: George Bișoc &lt;george.bisoc(a)reactos.org&gt; AuthorDate: Mon Feb 22 10:43:30 2021 +0100 Commit: George Bișoc &lt;george.bisoc(a)reactos.org&gt; CommitDate: Mon Apr 26 19:36:38 2021 +0200 [NTOS:OB] Do not close the handle if it's granted access to ObpAccessProtectCloseBit As of now the Object Manager private service, ObpCloseHandleTableEntry, looks for OBJ_PROTECT_CLOSE attribute if a handle should not be closed. However, in ObDuplicateObject if an attribute of OBJ_PROTECT_CLOSE is found as it's been filled to the caller (see L2466) this attribute is removed from the attributes list of the new handle and ObpAccessProtectCloseBit access is granted to the newly duplicated object handle. With that being said ObpCloseHandleTableEntry indiscriminately closes the object handle albeit it shouldn't do so. As a matter of fact in Windows Server 2003 SP2 this service indeed checks for ObpAccessProtectCloseBit flag bit and if the condition is met then it returns STATUS_HANDLE_NOT_CLOSABLE as it should. Therefore we should do the same. Now NtClose can properly warn the calling thread the object handle can't be closed which fixes a testcase failure within NtDuplicateObject NTDLL APITEST where this function gives handle close protection bit as requested by the caller. --- ntoskrnl/include/internal/ob.h | 5 +++++ ntoskrnl/ob/obhandle.c | 3 +-- ntoskrnl/ob/obref.c | 2 -- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/ntoskrnl/include/internal/ob.h b/ntoskrnl/include/internal/ob.h index f73b99b0a72..2ecd936d536 100644 --- a/ntoskrnl/include/internal/ob.h +++ b/ntoskrnl/include/internal/ob.h @@ -53,6 +53,11 @@ OBJ_INHERIT | \ OBJ_AUDIT_OBJECT_CLOSE) +// +// Handle Access Protection Close Flag +// +#define ObpAccessProtectCloseBit 0x02000000L + // // Identifies a Kernel Handle // diff --git a/ntoskrnl/ob/obhandle.c b/ntoskrnl/ob/obhandle.c index 38171d2f16b..c738e3669ee 100644 --- a/ntoskrnl/ob/obhandle.c +++ b/ntoskrnl/ob/obhandle.c @@ -18,7 +18,6 @@ #include <debug.h> PHANDLE_TABLE ObpKernelHandleTable = NULL; -ULONG ObpAccessProtectCloseBit = MAXIMUM_ALLOWED; #define TAG_OB_HANDLE 'dHbO' @@ -726,7 +725,7 @@ ObpCloseHandleTableEntry(IN PHANDLE_TABLE HandleTable, } /* The callback allowed us to close it, but does the handle itself? */ - if ((HandleEntry->ObAttributes & OBJ_PROTECT_CLOSE) && + if ((HandleEntry->GrantedAccess & ObpAccessProtectCloseBit) && !(IgnoreHandleProtection)) { /* It doesn't, are we from user mode? */ diff --git a/ntoskrnl/ob/obref.c b/ntoskrnl/ob/obref.c index 694d4fa5073..60825543e25 100644 --- a/ntoskrnl/ob/obref.c +++ b/ntoskrnl/ob/obref.c @@ -15,8 +15,6 @@ #define NDEBUG #include <debug.h> -extern ULONG ObpAccessProtectCloseBit; - /* PRIVATE FUNCTIONS *********************************************************/ BOOLEAN