Hi
I am developing a file system filter driver and i am trying to access a shared folder as a remote user, but every time i get this error message “\SharedDir is not accessible. You do not have the permission to use this network resource. Device is not ready”.
For local file system, everything is working but for network case i reckon i am missing something important.
Are some specific parameters needed to be passed in Fltcreate in create routine like flags or options?
Kindly apprise me if you feel i have missed something.
Debbrat
What i meant was some specific value needs to be passed in flags and options parameter.
It sounds like you don’t have access to the remote resource. That isn’t a matter of changing flags, it’s a matter of understanding the context in which you are operating and what credentials are being presented to the server.
Have you looked at the SMB protocol to see what information it is passing along? Debugged on the server to find out what your impersonation token looks like when it arrives there? Ensured the context in which you are opening the file has the correct security credentials registered?
This is doubly so if it works locally. It sounds like what would happen in a system worker thread, where you have local system credentials. Across the network that will turn into a request from an untrusted entity.
Tony
OSR
Thanks Tony for the reply.
I did not look into the SMB protocol, but before i look into it, i investigated the impersonation level of the client security for the network access. For this i performed a check to ascertain whether the call has been originated by SRV, for this i checked whether the current process is a system process, if it is then i called the SeCaptureSubjectContext to capture the local subject context and if the access token (client token) was was valid then indeed a call was made by the SRV and the system process is impersonating as a server.
After this check i saw that the impersonation level in network access was set to SecurityImpersonation. When i tried to call SeCreateClientSecurity with remote Session set to True and impersonation level set to SecurityDelegation, SeCreateClientSecurity returned STATUS_BAD_IMPERSONATION_LEVEL.
One curious thing is if i access the shared folder when the driver is not running and then attach the driver to the specified drive, i am able to access the directory and see the contents of the files.
Debbrat
Debbrat
Hi Tony
I used wireshark to see what information was being passed into SMB, got these two info
Source Destination Info
172.25.11.137 172.25.11.139 Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path:
172.25.11.139 172.25.11.137 Trans2 Response, QUERY_PATH_INFO, Error: STATUS_VOLUME_DISMOUNTED
After this i get the Device is not ready message.
Is because of some security, access is being denied for remote access?
Apart from Iopb->Parameters.Create.SecurityContext, is there any other security feature which governs the behavior of create for remote resources?
Debbrat
A volume dismounted error would sound like something going on server side, not client side. You may need to monitor server side to understand the failure better.
Tony
OSR
Delegation is more powerful that impersonation, so you won’t be able to get a delegation token from a thread with an impersonation token.
Tony
OSR
I have been looking in sever side only, still got no leads, but anyway thanks Tony for the reply.