CIFS/SMB: LogonUser(NEW_CREDENTIALS) does not work

NTFSD
1

My task is: access some files on SMB share, for which the current Windows user has no access.

My solution is: LogonUser(NEW_CREDENTIALS) + ImpersonateLoggedOnUser, then do all CreateFile calls under this impersonation. Actually, each CreateFile is wrapped around by ImpersonateLoggedOnUser/RevertToSelf.

When I’m just plain opening 1 file to read it sequentially - this works.

But now I need to access some files whose format I don’t know, via the calls to 3rd party source-less DLL which can access these files as their “engine”.

I also wrap each call to this DLL via ImpersonateLoggedOnUser/RevertToSelf.

In this case, the thing usually (but not always) fails, in a very nasty mode.

First, it hangs for about 30 seconds in NtQueryDirectoryFile (called by the DLL). Then this syscall usually (not always) fails with STATUS_CONNECTION_DISCONNECTED.

Adding WNetAddConnection2 call just before the DLL calls solves the issue.

The question is: is LogonUser(NEW_CREDENTIALS) really supported for SMB work? if not - can I call something similar to WNetAddConnection2 but without cleartext credentials, the same logic but which will use the current thread’s token and its LSA context instead of username/password pair?

Also - what is going on? what is the reason for the SMB redir (OS: 2008 non-R2 both sides) to wait for such a long time and then fail with STATUS_CONNECTION_DISCONNECTED? can somebody with source access respond? I just cannot understand this status code in the scenario where I have not call any WNet APIs and just opened the file.


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

2

Yes, I believe that LOGON32_LOGON_NEW_CREDENTIALS should work there.

I wonder if the app pushes requests to a worker thread sometimes without properly transferring impersonation information?

  • S

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Friday, April 09, 2010 2:27 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] CIFS/SMB: LogonUser(NEW_CREDENTIALS) does not work

My task is: access some files on SMB share, for which the current Windows user has no access.

My solution is: LogonUser(NEW_CREDENTIALS) + ImpersonateLoggedOnUser, then do all CreateFile calls under this impersonation. Actually, each CreateFile is wrapped around by ImpersonateLoggedOnUser/RevertToSelf.

When I’m just plain opening 1 file to read it sequentially - this works.

But now I need to access some files whose format I don’t know, via the calls to 3rd party source-less DLL which can access these files as their “engine”.

I also wrap each call to this DLL via ImpersonateLoggedOnUser/RevertToSelf.

In this case, the thing usually (but not always) fails, in a very nasty mode.

First, it hangs for about 30 seconds in NtQueryDirectoryFile (called by the DLL). Then this syscall usually (not always) fails with STATUS_CONNECTION_DISCONNECTED.

Adding WNetAddConnection2 call just before the DLL calls solves the issue.

The question is: is LogonUser(NEW_CREDENTIALS) really supported for SMB work? if not - can I call something similar to WNetAddConnection2 but without cleartext credentials, the same logic but which will use the current thread’s token and its LSA context instead of username/password pair?

Also - what is going on? what is the reason for the SMB redir (OS: 2008 non-R2 both sides) to wait for such a long time and then fail with STATUS_CONNECTION_DISCONNECTED? can somebody with source access respond? I just cannot understand this status code in the scenario where I have not call any WNet APIs and just opened the file.


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

3

>I wonder if the app pushes requests to a worker thread sometimes without properly transferring

impersonation information?

No.

The call stack goes uninterrupted from my call to 3rd party DLL (under impersonation), then several calls within the DLL, then FindFirstFile+NtQueryDirectoryFile.

The last one hangs for at least 30 seconds, then fails with “connection disconnected”.

Note that the error is not “access denied”. It is “connection disconnected” (Win32 error 64).


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com