Hello everybody,
i have a problem with accessing my plug and play virtual smartcard
reader driver under
windows7 64bit with no user (standard) rights (no administrator).
With administrator rights everything works fine.
I have already set the SDDL rights in the EvtDeviceAdd callback method.
status = WdfDeviceInitAssignSDDLString(DeviceInit,
&SDDL_DEVOBJ_SYS_ALL_ADM_RWX_WORLD_RWX_RES_RWX);
if (!NT_SUCCESS(status))
{
KdPrint(( “WdfDeviceInitAssignSDDLString failed\n” ));
}
//
// Create a framework device object.This call will in turn create
// a WDM device object, attach to the lower stack, and set the
// appropriate flags and attributes.
//
status = WdfDeviceCreate(&DeviceInit, &attributes, &device);
if (!NT_SUCCESS(status)) {
SmartcardLogError(
WdfDriverWdmGetDriverObject(WdfGetDriver()),
VCR_INSUFFICIENT_RESOURCES,
NULL,
0
);
return status;
}
I thought this should be enough to get the access in user mode, but it
doesn´t work.
I tried also to set the security registry entrys in the INF file, but
this doesn´t work too.
Then i tried to change my driver as non plug and play driver like in the
ioctl kmdf example (nonpnp),
and then my access problems disappeared (with the same SDDL rights string),
but then i got other problems.
//
//
// In order to create a control device, we first need to allocate a
// WDFDEVICE_INIT structure and set all properties.
//
pInit = WdfControlDeviceInitAllocate(
hDriver,
&SDDL_DEVOBJ_SYS_ALL_ADM_RWX_WORLD_RWX_RES_RWX
);
if (pInit == NULL) {
status = STATUS_INSUFFICIENT_RESOURCES;
return status;
}
//
// Call NonPnpDeviceAdd to create a deviceobject to represent our
// software device.
//
status = EvtDeviceAdd(hDriver, pInit);
With the non pnp version of my driver i got an error in the following
method:
//
// Tell the Framework that this device will need an interface
//
status = WdfDeviceCreateDeviceInterface(
device,
&SmartCardReaderGuid,
NULL // ReferenceString
);
with status 0xC0000010.
So finally i changed back to my pnp version, but then a had the access
right problems again.
Some more information:
-
create file can called from 2 different places (from the scmLib (smart
card library) and from my user program)
the problem i have to access with my user program, but only in user mode. -
access to the driver is made by my user programm with
//Create IOCTL communications channel to driver
m_hDevice = CreateFile(DEVICE_NAME,
GENERIC_READ|GENERIC_WRITE,
FILE_SHARE_READ|FILE_SHARE_WRITE,
NULL, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL | FILE_FLAG_OVERLAPPED,
NULL);
which failed with no administrator rights.
Hopefully someone has some hint what might be wrong. If you need more
information about my driver, please let
me know.
regards,
Michael