ZwQuerySecurityObject, FltQuerySecurityObject,ObGetObjectSecurity returning ACCESS DENIED on a network share file.
in [Device Drivers]
|
Prev: ZwQuerySecurityObject, FltQuerySecurityObject, ObGetObjectSecurity returning ACCESS DENIED on a network share file.
Next: CM_Get_Child
From: matt_sykes on 25 Aug 2010 02:35 On 24 Aug, 21:45, "Maxim S. Shatskih" <ma...(a)storagecraft.com.no.spam> wrote: > > I imagine the problem is because the kernel has not been authorised in > > the same way as the shell once the user owning that share has logged > > on. What is your take on this? > > Your kernel code must be in the correct user thread context to make such SMB calls. > > -- > Maxim S. Shatskih > Windows DDK MVP > ma...(a)storagecraft.comhttp://www.storagecraft.com Thought so. Unfortunately its called by a service, which runs in the system account. I had thought of this already though but thanks for verifying it. In another product we hooked NtCreateTokan in order to do impersonation but this isnt in this product.
From: matt_sykes on 25 Aug 2010 07:44 On 25 Aug, 12:09, "Pavel A." <pave...(a)12fastmail34.fm> wrote: > "matt_sykes" <zzeb...(a)hotmail.com> wrote in message > > news:fd566716-1ac7-403d-ad82- > ........ > > > In another product we hooked NtCreateTokan in order to do > > impersonation but this isnt in this product. > > That's good - no need to repeat the traditional mantras about hooking :) > > -- pa :) We found a 2003 server bug doing this a few months back.
From: matt_sykes on 25 Aug 2010 08:05
On 24 Aug, 21:45, "Maxim S. Shatskih" <ma...(a)storagecraft.com.no.spam> wrote: > > I imagine the problem is because the kernel has not been authorised in > > the same way as the shell once the user owning that share has logged > > on. What is your take on this? > > Your kernel code must be in the correct user thread context to make such SMB calls. > > -- > Maxim S. Shatskih > Windows DDK MVP > ma...(a)storagecraft.comhttp://www.storagecraft.com I had a little play with calling the code from the kernel in a user thread context (in a deviceioctl handler) and ZwQuerySecurityObject() still returns ACCESS_DENIED. Did you have a different user thread context in mind? |