Laura:
Do you use a dedicated system thread (created by PsCreateSystemThread) to
call ZwCreateFile and ZwWriteFile after impersonation? If you call
ZwCreateFile in user thread context, it will succeeds as you mentioned.
However, if you call ZwWriteFile in system thread context without proper
impersonation, it will failed. I guess that is why if you login as domain
Admin, the write go through since now user thread and system thread share
the same security context. Make sure you do use a dedicated system thread to
do all the create/open, read/write work with proper impersonation.
By the way, security descriptor is set in OBJECT_ATTRIBUTES instead of
ZwCreateFile.
Bi
-----Original Message-----
From: Laura Ren [mailto:xxxxx@yahoo.ca]
Sent: Wednesday, October 09, 2002 12:48 AM
To: File Systems Developers
Subject: [ntfsd] RE: Is there a queue object that the kernel mode and user
mode can share?
Thanks Tom.
And Bi,
Yes the domain user has the full control permission to this shared folder.
I use LM indirectly by ZwCreateFile() path name:"
\??\UNC\servername\sharename\filename
<file:> " I think it is correct.
And about Vikhram’s 4 methords I thought 1 and 4 have the potential to solve
the problem. But I doubt about 2 and 3. They are parameters of
ZwCreateFile(,…,Security…)
It seems that it just affect this object’s security descriptor and it’s
inherit’s children’s, given the file object can be created. it will not
affect the result whether the object can be created or not. ( are my opinion
correct about this?)
Laura
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Tom Hansen
Sent: Tuesday, October 08, 2002 3:30 PM
To: File Systems Developers
Subject: [ntfsd] RE: Is there a queue object that the kernel mode and user
mode can share?
… and one of the fundental problem with bringing all your data back into
user mode is the process transitions (context switches) this can cause if
you are moving large numbers of IRP_MJ_WRITE requests. You also mention
that you need to BLOCK the write IRP. This can cause a number of problems,
including deadlock scenarios. If you are doing some kind of replication
scheme, I would suggest that you don’t block the write IRP, but simply
transfer the data from your write buffers into a staging buffer (perhaps one
that is provided by a kernel-mode communications interface that will
transfer your data) and let the write irp go. /TomH
-----Original Message-----
From: Bi Chen [mailto:xxxxx@AppStream.com]
Sent: Tuesday, October 08, 2002 2:40 PM
To: File Systems Developers
Subject: [ntfsd] RE: Is there a queue object that the kernel mode and user
mode can share?
Hi, Laura:
I do not see you need get data back to usr mode in order to write it to
network. In the email Vikhram replying to you, he layed out the step to do
this by create a dedicated system thread in kernel and impersonating the
current log-on user. This is far more efficient and general than routing
back to user mode. By general I mean you can, in your file system filter
driver, intercept any write of certain files and route it to network. It
does not limit your solution only to your application.
Bi
-----Original Message-----
From: Laura Ren [mailto:xxxxx@yahoo.ca]
Sent: Tuesday, October 08, 2002 11:17 PM
To: File Systems Developers
Subject: [ntfsd] RE: Is there a queue object that the kernel mode and user
mode can share?
Hi, Chen
Thanks for your answer.
I need to block IRP_WRITE in the dispatch routine and transfer the data to
user mode and write the same data to remote. So there are no limits of the
data. And the IRP_WRITE packets should be blocked in sequnce.
At first I tried to complete network file writing in my driver. But failed
if I logon as a general domain user. So now, I tried to send the written
data to user mode then write to network file.
The failure of network file writing in driver are described as follow:
////////////////////////////////////////////////////////////////////////////
////////////////////////
I met a problem when access network shared files in the kernel driver.
I always got a “Access Denied 0xc0000022” error.
The senario is:
1. A Win2000 Domain;
2. User account “Acc” in this domain in Domain/Users group.
3. A Shared folder on a Server(win 2000) in this domain.( the Acc has the
permission to full control to this shared folder)
4. A Computer(win2000) in this domain
The steps are:
1. I logon to that computer using the domain account “Acc”
2. I start a app and send out an IOCTL from this app
3. Create a system thread in the driver after receive this IOCTL. and create
a security client context.
4. When needed in the dispacth routine of this driver, impersonate the
thread using the saved security client context then access the shared folder
on that server in this domain.
Always got an 0xC0000022 error.
5. But When I logon that computer using an adminstrator domain account. Then
every thing ok.
6. even after logon under adminstrator’s account then create the sytem
thread and log out and relogon under the “Acc” account, this time I can
access that share folder also.
Does any one has any suggestion?
Or is there any books or articles about those? I search on the web. still
can not get whole picture about security and network resource access and
user logon.
Thanks
Laura.
////////////////////////////////////////////////////////////////////////////
///////////////////
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Bi Chen
Sent: Tuesday, October 08, 2002 1:44 PM
To: File Systems Developers
Subject: [ntfsd] RE: Is there a queue object that the kernel mode and user
mode can share?
Hi, Laura:
There are many ways to do this kind of thing. None of them are best in all
cases.
It totally depends on your need. For example, do you have large amount of
data to transfer to usr mode? Does your driver needs to take a peek of the
data, what is the concurrency of the incoming data, i.e. the possiblity of
multiple data packets coming in simultaneously.
Using dangling IRP as described in Walter’s WDM boot, Chap. 9. is quite good
choice if you data packet size is within certain limit. There are many other
ways. Let me know you situation.
Bi
-----Original Message-----
From: Laura Ren [mailto:xxxxx@yahoo.ca mailto:xxxxx]
Sent: Tuesday, October 08, 2002 7:36 AM
To: File Systems Developers
Subject: [ntfsd] RE: Is there a queue object that the kernel mode and
user mode can share?
Because I thought IOCTL is good if the user mode know when to request data.
But if it doesn’t, IOCTL is not good enough.
I’d better check LPC first.
I also thought to create a file as the share media between user mode and
kernel mode. but it may be too slow.
Thanks.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com
mailto:xxxxx]On Behalf Of Fuller, Rob
Sent: Tuesday, October 08, 2002 10:17 AM
To: File Systems Developers
Subject: [ntfsd] RE: Is there a queue object that the kernel mode and
user mode can share?
LPC does what you want, but it’s undocumented. O well. Why not use IOCTL’s
which is what the rest of us do?
-----Original Message-----
From: Laura Ren [mailto:xxxxx@yahoo.ca mailto:xxxxx]
Sent: Tuesday, October 08, 2002 9:19 AM
To: File Systems Developers
Subject: [ntfsd] Is there a queue object that the kernel mode and user
mode can share?
Hi all,
Is there a queue object that the kernel driver and user mode app can share?
I need transfer data from my driver to my user mode app.
Thanks for your help.
Laura
Post your ad for free now! http://personals.yahoo.ca
http:
—
You are currently subscribed to ntfsd as: xxxxx@inin.com
To unsubscribe send a blank email to %%email.unsub%%
—
You are currently subscribed to ntfsd as: xxxxx@yahoo.ca
To unsubscribe send a blank email to %%email.unsub%%
Post your free ad now! http://personals.yahoo.ca http:
—
You are currently subscribed to ntfsd as: xxxxx@appstream.com
To unsubscribe send a blank email to %%email.unsub%%
—
You are currently subscribed to ntfsd as: xxxxx@yahoo.ca
To unsubscribe send a blank email to %%email.unsub%%
—
You are currently subscribed to ntfsd as: xxxxx@appstream.com
To unsubscribe send a blank email to %%email.unsub%%
—
You are currently subscribed to ntfsd as: xxxxx@inflectionsystems.com
To unsubscribe send a blank email to %%email.unsub%%
—
You are currently subscribed to ntfsd as: xxxxx@yahoo.ca
To unsubscribe send a blank email to %%email.unsub%%
—
You are currently subscribed to ntfsd as: xxxxx@appstream.com
To unsubscribe send a blank email to %%email.unsub%%</http:></http:></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></file:>