I want to be able to open a network attached disk drive in a kernel mode
driver to read a configuration file. Unfortunatley, I need a user id and
password to do this because the kernel driver runs under the System account
(I am assuming). Is there a way to impersonate a user in kernel mode the way
you can in user mode? If so is there example code somewhere?
Yes. SeCreateClientSecurity in original thread context.
SeImpersonateClient/Ex in worker thread context, followed by
PsRevertToSelf, then SeDeleteClientSecurity.
- Nick Ryan
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doug
Sent: Friday, May 23, 2003 7:45 AM
To: NT Developers Interest List
Subject: [ntdev] Impersonate User In Kernel ModeI want to be able to open a network attached disk drive in a
kernel mode driver to read a configuration file.
Unfortunatley, I need a user id and password to do this
because the kernel driver runs under the System account (I am
assuming). Is there a way to impersonate a user in kernel
mode the way you can in user mode? If so is there example
code somewhere?
You are currently subscribed to ntdev as: xxxxx@nryan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Are there docs somewhere that show usage/parameters?
“Nick Ryan” wrote in message news:xxxxx@ntdev…
>
> Yes. SeCreateClientSecurity in original thread context.
> SeImpersonateClient/Ex in worker thread context, followed by
> PsRevertToSelf, then SeDeleteClientSecurity.
>
> - Nick Ryan
In the IFS kit.
- Nick Ryan
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doug
Sent: Friday, May 23, 2003 12:55 PM
To: NT Developers Interest List
Subject: [ntdev] Re: Impersonate User In Kernel ModeAre there docs somewhere that show usage/parameters?
“Nick Ryan” wrote in message news:xxxxx@ntdev…
> >
> > Yes. SeCreateClientSecurity in original thread context.
> > SeImpersonateClient/Ex in worker thread context, followed by
> > PsRevertToSelf, then SeDeleteClientSecurity.
> >
> > - Nick Ryan
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@nryan.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Thanks!
“Nick Ryan” wrote in message news:xxxxx@ntdev…
>
> In the IFS kit.
>
> - Nick Ryan
None of the what you stated perform the “logging on” function like the
LogonUser function that would be in the user world. Also, looking in the
publicly available ntifs.h file on the web, I see no “logging-on” function.
How does a driver get access to the access token information in kernel mode?
“Nick Ryan” wrote in message news:xxxxx@ntdev…
>
> In the IFS kit.
>
> - Nick Ryan
>
>
>
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of Doug
> > Sent: Friday, May 23, 2003 12:55 PM
> > To: NT Developers Interest List
> > Subject: [ntdev] Re: Impersonate User In Kernel Mode
> >
> >
> > Are there docs somewhere that show usage/parameters?
> >
> > “Nick Ryan” wrote in message news:xxxxx@ntdev…
> > >
> > > Yes. SeCreateClientSecurity in original thread context.
> > > SeImpersonateClient/Ex in worker thread context, followed by
> > > PsRevertToSelf, then SeDeleteClientSecurity.
> > >
> > > - Nick Ryan
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@nryan.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
>
>
You need to be running in some thread created by some process executed
in the session of logged-on user you want to impersonate.
- Nick Ryan
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doug
Sent: Friday, May 23, 2003 1:35 PM
To: NT Developers Interest List
Subject: [ntdev] Re: Impersonate User In Kernel ModeNone of the what you stated perform the “logging on” function
like the LogonUser function that would be in the user world.
Also, looking in the publicly available ntifs.h file on the
web, I see no “logging-on” function. How does a driver get
access to the access token information in kernel mode?“Nick Ryan” wrote in message news:xxxxx@ntdev…
> >
> > In the IFS kit.
> >
> > - Nick Ryan
> >
> >
> >
> > > -----Original Message-----
> > > From: xxxxx@lists.osr.com
> > > [mailto:xxxxx@lists.osr.com] On Behalf Of Doug
> > > Sent: Friday, May 23, 2003 12:55 PM
> > > To: NT Developers Interest List
> > > Subject: [ntdev] Re: Impersonate User In Kernel Mode
> > >
> > >
> > > Are there docs somewhere that show usage/parameters?
> > >
> > > “Nick Ryan” wrote in message news:xxxxx@ntdev…
> > > >
> > > > Yes. SeCreateClientSecurity in original thread context.
> > > > SeImpersonateClient/Ex in worker thread context, followed by
> > > > PsRevertToSelf, then SeDeleteClientSecurity.
> > > >
> > > > - Nick Ryan
> > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntdev as: xxxxx@nryan.com To
> > > unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> >
> >
> >
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@nryan.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> How does a driver get access to the access token information in
kernel mode?
Lots of Sexxx calls and ZwQueryInformationToken.
Use Parameters.Create.SecurityContext for your work with tokens, not
the thread’s current token.
Max
Nick,
Is PsRevertToSelf documented I could not see this call in
Windows XP SP1 IFS?
-Srin.
-----Original Message-----
From: Nick Ryan [mailto:xxxxx@nryan.com]
Sent: Friday, May 23, 2003 12:05 PM
To: NT Developers Interest List
Subject: [ntdev] RE: Impersonate User In Kernel ModeYes. SeCreateClientSecurity in original thread context.
SeImpersonateClient/Ex in worker thread context, followed by
PsRevertToSelf, then SeDeleteClientSecurity.
- Nick Ryan
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Doug
> Sent: Friday, May 23, 2003 7:45 AM
> To: NT Developers Interest List
> Subject: [ntdev] Impersonate User In Kernel Mode
>
>
> I want to be able to open a network attached disk drive in a
> kernel mode driver to read a configuration file.
> Unfortunatley, I need a user id and password to do this
> because the kernel driver runs under the System account (I am
> assuming). Is there a way to impersonate a user in kernel
> mode the way you can in user mode? If so is there example
> code somewhere?
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@nryan.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
You are currently subscribed to ntdev as: xxxxx@nai.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
It’s in the Server 2k3 ntifs.h:
NTKERNELAPI
VOID
PsRevertToSelf(
VOID
);
- Nick Ryan
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@NAI.com
Sent: Sunday, May 25, 2003 9:42 AM
To: NT Developers Interest List
Subject: [ntdev] RE: Impersonate User In Kernel ModeNick,
Is PsRevertToSelf documented I could not see this call
in Windows XP SP1 IFS?-Srin.
> -----Original Message-----
> From: Nick Ryan [mailto:xxxxx@nryan.com]
> Sent: Friday, May 23, 2003 12:05 PM
> To: NT Developers Interest List
> Subject: [ntdev] RE: Impersonate User In Kernel Mode
>
> Yes. SeCreateClientSecurity in original thread context.
> SeImpersonateClient/Ex in worker thread context, followed by
> PsRevertToSelf, then SeDeleteClientSecurity.
>
> - Nick Ryan
>
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of Doug
> > Sent: Friday, May 23, 2003 7:45 AM
> > To: NT Developers Interest List
> > Subject: [ntdev] Impersonate User In Kernel Mode
> >
> >
> > I want to be able to open a network attached disk drive
in a kernel
> > mode driver to read a configuration file. Unfortunatley, I need a
> > user id and password to do this because the kernel driver
runs under
> > the System account (I am assuming). Is there a way to
impersonate a
> > user in kernel mode the way you can in user mode? If so is there
> > example code somewhere?
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@nryan.com To
> > unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@nai.com To
> unsubscribe send a blank email to xxxxx@lists.osr.com
You are currently subscribed to ntdev as: xxxxx@nryan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
I want to start a driver, have that driver start a thread, and have that
thread change from using the System account to using a different userid &
password to open a remote network attached file. Is this possible since the
thread was created in kernel space with the System account and not in user
space? Can I get the proper tokens/ access rights?
Doug
“Nick Ryan” wrote in message news:xxxxx@ntdev…
>
> You need to be running in some thread created by some process executed
> in the session of logged-on user you want to impersonate.
>
> - Nick Ryan
>
You must have a user mode service which will call LogonUser routine and give
the token. There is no kernel mode routines fro logging on a user I know of.
-htfv
----- Original Message -----
From: “Doug”
Newsgroups: ntdev
To: “NT Developers Interest List”
Sent: Tuesday, May 27, 2003 3:50 PM
Subject: [ntdev] Re: Impersonate User In Kernel Mode
> I want to start a driver, have that driver start a thread, and have that
> thread change from using the System account to using a different userid &
> password to open a remote network attached file. Is this possible since
the
> thread was created in kernel space with the System account and not in user
> space? Can I get the proper tokens/ access rights?
>
> Doug
>
> “Nick Ryan” wrote in message news:xxxxx@ntdev…
> >
> > You need to be running in some thread created by some process executed
> > in the session of logged-on user you want to impersonate.
> >
> > - Nick Ryan
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@vba.com.by
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>