impersonation and roaming profiles

Hi,

Someone posted a similar question to the list in 2001 but without any
responses! I am going to try again hoping for a response

In my IRP_MJ_CREATE dispatch I try to retrieve the file id of the file.
Since this consumes a lot of stack, I queue this into a workitem.
I use SeCreateClientSecurity, SeImpersonateClient, PsRevertToSelf and
finally SeDeleteClientSecurity. This seems to work fine for all
cases where I try to access network shares. However I have problems in
loading and saving roaming profiles.

Can anyone tell me what is wrong?

I initialise the QOS values with SecurityImpersonation,
SECURITY_STATIC_TRACKING, FALSE.

I call the SeCreateClientSecurity with PsGetCurrentThread() and
ServerIsRemote set to FALSE.

Since this is in IRP_MJ_CREATE would using either of PsGetCurrentThread() or
irp->Tail.Overlay.Thread make a difference?

Thanks in advance

I’ll be the one to ask the obvious here: Why?

Since you’re already in the correct (user) context in IRP_MJ_CREATE, why not
do it there? Getting a file id is pretty simple. If you’re using too much
stack, change it so that you allocate/free whatever you need.

My experience is that impersonation, although possible, is extremely messy
and must handle a lot of really ugly possibilities. Yuck.

Ken

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of faras namus
Sent: Saturday, December 17, 2005 8:37 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] impersonation and roaming profiles

Hi,

Someone posted a similar question to the list in 2001 but without any
responses! I am going to try again hoping for a response

In my IRP_MJ_CREATE dispatch I try to retrieve the file id of the file.
Since this consumes a lot of stack, I queue this into a workitem.
I use SeCreateClientSecurity, SeImpersonateClient, PsRevertToSelf and
finally SeDeleteClientSecurity. This seems to work fine for all
cases where I try to access network shares. However I have problems in
loading and saving roaming profiles.

Can anyone tell me what is wrong?

I initialise the QOS values with SecurityImpersonation,
SECURITY_STATIC_TRACKING, FALSE.

I call the SeCreateClientSecurity with PsGetCurrentThread() and
ServerIsRemote set to FALSE.

Since this is in IRP_MJ_CREATE would using either of PsGetCurrentThread() or
irp->Tail.Overlay.Thread make a difference?

Thanks in advance

— Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17 You are currently subscribed to
ntfsd as: unknown lmsubst tag argument: ‘’ To unsubscribe send a blank email
to xxxxx@lists.osr.com

I still want to know what the problem with impersonation is, in this
scenario. I do quite a lot of processing in IRP_MJ_CREATE (file-id was just
one example) and it seems I cannot get away with using work items (which
might access files on the network).

On 12/17/05, Ken Cross wrote:
>
>
> I’ll be the one to ask the obvious here: Why?
>
> Since you’re already in the correct (user) context in IRP_MJ_CREATE, why
> not
> do it there? Getting a file id is pretty simple. If you’re using too
> much
> stack, change it so that you allocate/free whatever you need.
>
> My experience is that impersonation, although possible, is extremely messy
> and must handle a lot of really ugly possibilities. Yuck.
>
> Ken
>
>
> ________________________________
>
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of faras namus
> Sent: Saturday, December 17, 2005 8:37 AM
> To: Windows File Systems Devs Interest List
> Subject: [ntfsd] impersonation and roaming profiles
>
>
> Hi,
>
> Someone posted a similar question to the list in 2001 but without any
> responses! I am going to try again hoping for a response
>
> In my IRP_MJ_CREATE dispatch I try to retrieve the file id of the file.
> Since this consumes a lot of stack, I queue this into a workitem.
> I use SeCreateClientSecurity, SeImpersonateClient, PsRevertToSelf and
> finally SeDeleteClientSecurity. This seems to work fine for all
> cases where I try to access network shares. However I have problems in
> loading and saving roaming profiles.
>
> Can anyone tell me what is wrong?
>
> I initialise the QOS values with SecurityImpersonation,
> SECURITY_STATIC_TRACKING, FALSE.
>
> I call the SeCreateClientSecurity with PsGetCurrentThread() and
> ServerIsRemote set to FALSE.
>
> Since this is in IRP_MJ_CREATE would using either of PsGetCurrentThread()
> or
> irp->Tail.Overlay.Thread make a difference?
>
> Thanks in advance
>
>
>
> — Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17 You are currently subscribed
> to
> ntfsd as: unknown lmsubst tag argument: ‘’ To unsubscribe send a blank
> email
> to xxxxx@lists.osr.com
>
>
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>