Oh,
The operating system is windows 2000;
There is a domain “adomain”;
There is server “aserver” in this domain has a shared folder.
There is a work station “acomputer” in this domain also;
There are two account on “acomputer”:
-
ren: is the local computer account.
-
laura: is the domain acount.
( the two account all have permission to access the shared folder) -
When I use “ren” logon to the the local computer and launch the usermode
app and sendout IOCTL to driver to let it create system thread. every thing
ok -
when I use “laura” logon to the domain( on the same computer). then
launch the usermode app and sendout IOCTL to driver to let it create a
system therad. got access denied when in dispatch routine using
SeImpersonateClientEx then ZwCreateFile. ZwCreateFile(network file) return
c0000022.
Is that clear? ( or need more other info)
Thanks.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Tony Mason
Sent: Wednesday, October 02, 2002 12:28 PM
To: File Systems Developers
Subject: [ntfsd] RE: Strange result when access network file in kernel
dri ver by using SeImpersonateClientEx.
Can you give us some hints as to your operating environment? For example,
are you working on Windows NT 4.0? Windows XP? Security behavior changes
from version to version.
When you say you get 0xC0000022, what specific function is returning this
call? The call to SeImpersonateClientEx? Or the call to read from a
network file? Or open the network file?
Problems of this sort are almost always tied into the specifics of the
implementation - hence we really need to know how you implemented things
here.
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: Laura Ren [mailto:xxxxx@yahoo.ca]
Sent: Wednesday, October 02, 2002 12:25 PM
To: File Systems Developers
Subject: [ntfsd] Strange result when access network file in kernel driver by
using SeImpersonateClientEx.
Hi All,
I am writting a file system filter driver. I need to do network file read
and write some times. so I create a system thread when I recieve a usermode
IOCTL, and use the NtCurrentProcess() to get that user’s process. and create
a security context based on that thread. ( that user has the permission to
access network file).
And in the dispatch routine. I impersonate the current thread to the saved
security context. and do network file operation.
But there are some confusion situations.
- this works fine if I logon to local computer and start the app and
sendout ioctl. - but got “access denied c0000022” if i logon to the domain and start the
app and sendout ioctl( the network file is on this domain)
How to solve this?
Hope you help me out.
Thanks
Luara
Post your free ad now! http://personals.yahoo.ca
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to %%email.unsub%%
You are currently subscribed to ntfsd as: xxxxx@yahoo.ca
To unsubscribe send a blank email to %%email.unsub%%
Post your free ad now! http://personals.yahoo.ca