Good suggestion – that might work. It gets messy when the user is remote,
though (we’d be impersonating NtLmSsp in that case, so will probably require
special handling).
ZwSetSecurityObject would be much more straightforward (if it worked),
but…
Thanks,
Ken
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Primoz Beltram
Sent: Monday, January 10, 2005 2:30 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] ZwSetSecurityObject returns STATUS_INVALID_OWNER
Did you try to impersonate client’s SECURITY_CLIENT_CONTEXT in system worker
thread (SeImpersonateClientEx)?
WBR Primoz
-----Original Message-----
From: Ken Cross [mailto:xxxxx@comcast.net]
Sent: Sunday, January 09, 2005 3:04 PM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] ZwSetSecurityObject returns STATUS_INVALID_OWNER
Neal:
The problem is that I’m running in “the driver post-cleanup routine”, not
post-create. Basically, I’m making a copy of the file the user just closed.
That’s where it’s encountering the problem, and why I need a worker routine
(to run at PASSIVE_LEVEL), hence not in the user context.
I still haven’t figured out how to fix this, either. Is there a way to give
system threads SE_TAKE_OWNERSHIP_NAME? Or is there a good way to switch to
the user context from post-cleanup?
Thanks,
Ken
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neal Christiansen
Sent: Sunday, January 09, 2005 4:26 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] ZwSetSecurityObject returns STATUS_INVALID_OWNER
Ken,
In minifilters create operations are always synchronized by default.
This means your post-create routine is always called in the context of
the originating thread and is always guaranteed to be at passive level.
This means you don’t need to queue the request to a worker routine
unless you are trying to do this asynchronously.
Have you tried temporarily granting yourself
SE_TAKE_OWNERSHIP_PRIVILEGE. I have not verified this but it is
possible that system threads don’t have this privilege enabled by
default.
Neal Christiansen
Microsoft File System Filter Group Lead
This posting is provided “AS IS” with no warranties, and confers no
rights
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ken Cross
Sent: Thursday, December 30, 2004 8:50 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] ZwSetSecurityObject returns STATUS_INVALID_OWNER
Yes, it’s a local file. The owner of the file is S-1-5-32-544
(Administrators built-in group). I’m guessing that that’s the default
owner
for a system thread, which doesn’t really have a SID (I don’t think?).
FWIW, this is on XP SP2.
Ken
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Peter Viscarola
(OSR)
Sent: Thursday, December 30, 2004 11:03 AM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] ZwSetSecurityObject returns STATUS_INVALID_OWNER
Ken Cross wrote:
In the driver post-cleanup routine, I copy the file , which works
fine.
But
I want to set the ownership of the copy to the same as the original
file
(using ZwSetSecurityObject).
I’m getting STATUS_INVALID_OWNER
>
Just a clarifying question: This is a LOCAL file, yes? Not one located
on a remote system accessed across the network?
Who does the system report as owner of the copy of the file?
Peter
OSR
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@hermes.si
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com