Synchronize with trunk.

[reactos.git] / ntoskrnl / ob / obhandle.c

diff --git a/ntoskrnl/ob/obhandle.c b/ntoskrnl/ob/obhandle.c
index 0a741fc..b4c260a 100644 (file)
--- a/ntoskrnl/ob/obhandle.c
+++ b/ntoskrnl/ob/obhandle.c
@@ -462,6 +462,7 @@ ObpChargeQuotaForObject(IN POBJECT_HEADER ObjectHeader,
 
         /* Charge the quota */
         ObjectHeader->QuotaBlockCharged = (PVOID)1;
+        DPRINT("FIXME: Should charge: %lx %lx\n", PagedPoolCharge, NonPagedPoolCharge);
 #if 0
             PsChargeSharedPoolQuota(PsGetCurrentProcess(),
                                     PagedPoolCharge,
@@ -752,12 +753,10 @@ ObpCloseHandleTableEntry(IN PHANDLE_TABLE HandleTable,
 
     /* Return to caller */
     OBTRACE(OB_HANDLE_DEBUG,
-            "%s - Closed handle: %lx for %p. HC PC %lx %lx\n",
+            "%s - Closed handle: %lx for %p.\n",
             __FUNCTION__,
             Handle,
-            Body,
-            ObjectHeader->HandleCount,
-            ObjectHeader->PointerCount);
+            Body);
     return STATUS_SUCCESS;
 }
 
@@ -898,7 +897,7 @@ ObpIncrementHandleCount(IN PVOID Object,
         if (!ObCheckObjectAccess(Object,
                                  AccessState,
                                  TRUE,
-                                 AccessMode,
+                                 ProbeMode,
                                  &Status))
         {
             /* Access was denied, so fail */
@@ -1711,6 +1710,9 @@ ObpCloseHandle(IN HANDLE Handle,
     OBTRACE(OB_HANDLE_DEBUG,
             "%s - Closing handle: %lx\n", __FUNCTION__, Handle);
 
+    if (AccessMode == KernelMode && Handle == (HANDLE)-1)
+        return STATUS_INVALID_HANDLE;
+
     /* Check if we're dealing with a kernel handle */
     if (ObIsKernelHandle(Handle, AccessMode))
     {
@@ -1751,7 +1753,6 @@ ObpCloseHandle(IN HANDLE Handle,
 
         /* Detach and return success */
         if (AttachedToProcess) KeUnstackDetachProcess(&ApcState);
-        Status = STATUS_SUCCESS;
     }
     else
     {
@@ -2455,6 +2456,7 @@ ObOpenObjectByName(IN POBJECT_ATTRIBUTES ObjectAttributes,
 
     /* Capture all the info */
     Status = ObpCaptureObjectCreateInformation(ObjectAttributes,
+                                               AccessMode,
                                                AccessMode,
                                                TRUE,
                                                &TempBuffer->ObjectCreateInfo,
@@ -2488,6 +2490,15 @@ ObOpenObjectByName(IN POBJECT_ATTRIBUTES ObjectAttributes,
         PassedAccessState->SecurityDescriptor =
             TempBuffer->ObjectCreateInfo.SecurityDescriptor;
     }
+    
+    /* Validate the access mask */
+    Status = ObpValidateAccessMask(PassedAccessState);
+    if (!NT_SUCCESS(Status))
+    {
+        /* Cleanup after lookup */
+        ObpReleaseLookupContext(&TempBuffer->LookupContext);
+        goto Cleanup;
+    }
 
     /* Now do the lookup */
     Status = ObpLookupObjectName(TempBuffer->ObjectCreateInfo.RootDirectory,