Everhart, Glenn From: Jamey Kirby [jkirby@mkallc.com] Sent: Tuesday, August 18, 1998 1:17 PM To: Maxim Shatskih; rfernando@enterprise.net; John McNamee; ntdev; ntfsd Subject: RE: [ntfsd] [ntdev] Accessing a file on a server from inside a d I have a driver that emulates a disk drive using a file. I have mounted volumes to file residing on the network with no problems. All of my IO is accuring from system thread; ZwCreateFile(), ZwReadFile() and ZwWriteFile(). As long as the user ID you are logged on with has access rights to the network resource, I see no reason why it is not working for you. I have a driver loaded at this exact moment that is using this technique and it works just fine. Jamey Kirby Senior Partner Magnuson, Kirby & Associates, LLC. mailto:jkirby@mkallc.com http://www.mkallc.com > -----Original Message----- > From: owner-ntdev@atria.com [mailto:owner-ntdev@atria.com]On Behalf Of > Maxim Shatskih > Sent: Tuesday, August 18, 1998 6:51 AM > To: rfernando@enterprise.net; John McNamee; ntdev; ntfsd > Subject: RE: [ntfsd] [ntdev] Accessing a file on a server from inside a > d > > > It seems so that you cannot access network drives (at least cannot > connect to servers) from system thread. > Try using original user-mode thread for this purpose instead. > This is because system thread will run under LocalSystem account - at > NT security does not allow network servers access under this account. > > Max > > > -----Original Message----- > > From: Robert Fernando [SMTP:rfernando@enterprise.net] > > Sent: Tuesday, August 18, 1998 11:04 AM > > To: John McNamee; ntdev; ntfsd > > Subject: Re: [ntfsd] [ntdev] Accessing a file on a server from > > inside a d > > > > Hi all, > > > > The zwcreate function is lauchd from a seperate thread, which is > > created > > when the the driver starts up. > > The driver is a filter. > > > > Call to launch second thread from init routine > > > > status = PsCreateSystemThread(&check_thread_handle, (ACCESS_MASK) > > 0L, > > NULL, NULL, NULL, CHANGEThread, > > deviceExtension); // Context > > > > The main purpose of the second thread is to read and process irps > > being > > sent to the device. > > > > Would this be the soucre of the security problems I appear to be > > having. > > Unfortunatly I have no experience of nt security model. > > Other than the sdk docs is a good gguide to the subject, with example > > code. > > > > Robert Fernando > > > > ---------- > > > From: John McNamee > > > To: Robert Fernando > > > Subject: Re: [ntfsd] [ntdev] Accessing a file on a server from > > inside a d > > > Date: 18 August 1998 01:06 > > > > > > On 17 Aug 98 at 22:44, Robert Fernando > > wrote: > > > > > > > The reason for opening the file remotly is to hold on the server a > > list > > of > > > > valid id for the media we are trying to read, if the locally > > calulated > > id > > > > matched the one on the server the media can be read. > > > > > > > > Have the file held in one place aids management of it. > > > > > > How well do you understand the NT security model? Do you know about > > tokens? > > > This is covered in the Platform SDK. The Win32 security API's are > > just a > > thin > > > layer on top of the native NT API's, so the Platform SDK pretty much > > describes > > > how kernel security works. To understand why you're having > > problems, you > > have > > > to understand how NT grants access to secure objects like network > > files. > > > > > > Where exactly in your driver are you trying to access the network? > > From > > > your dispatch routines? From a DPC? A system thread? It makes a > > world > > of > > > difference. The only place you have a chance of getting network > > access > > is > > > from your dispatch routines, and then only if the process/thread > > that > > called > > > you has those rights. Services, for exmample, probably won't. > > > > > > If you could explain a bit more about what your driver is doing, I > > may be > > able > > > to make a recommendation. > > > > > > --John > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > [ To unsubscribe, send email to ntdev-request@atria.com with body > > UNSUBSCRIBE (the subject is ignored). ] > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > [ To unsubscribe, send email to ntdev-request@atria.com with body > UNSUBSCRIBE (the subject is ignored). ] > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [ To unsubscribe, send email to ntdev-request@atria.com with body UNSUBSCRIBE (the subject is ignored). ]