search

mpilouk / dokan

Automatically exported from code.google.com/p/dokan
0 stars 0 forks source link

Unable to access Dokan drive as non admin #243

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
> What steps will reproduce the problem?

1. Install Dokan library 0.6.0 release 
2. start dokan as standard user (Non Administrator) 

!!! Access Denied !!! 
Please help!!

> What is the expected output? What do you see instead?

Expect to open the requested file instead get to see
!!! Access Denied !!! 

> What version of the product are you using? On what operating system?

Dokan library 0.6.0

> Please provide any additional information below.

Drive mounts as expected but when trying to access the file it throw's 
"Access Denied". I checked the access for Administrator and Standard user by 
mounting the Dokan drive as non admin and tried accessing the file but got the 
same error later i switched user without un-mounting the drive and accessed the 
files which worked as expected.

Original issue reported on code.google.com by vijay.rx...@gmail.com on 19 Dec 2011 at 12:02

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
Same problem for me...

Original comment by spl...@gmail.com on 17 Jan 2012 at 9:51

GoogleCodeExporter commented 9 years ago 
...and here...

Original comment by maker...@gmail.com on 30 Jun 2012 at 9:36

GoogleCodeExporter commented 9 years ago 
I have found the problem.

The device is created with SDDL_DEVOBJ_SYS_ALL_ADM_RWX_WORLD_RW_RES_R 
permissions and according to the docs:

Also note that traversal access is not granted to normal users. As such, this 
might not be an appropriate descriptor for a device with a namespace.

So I made my own SDDL string of:
D:P(A;;GA;;;SY)(A;;GRGWGX;;;BA)(A;;GRGWGX;;;WD)(A;;GRGX;;;RC)
which also gives Execute permissions and that works for me.

In init.c I added
static UNICODE_STRING sddl = 
RTL_CONSTANT_STRING(L"D:P(A;;GA;;;SY)(A;;GRGWGX;;;BA)(A;;GRGWGX;;;WD)(A;;GRGX;;;
RC)");
and then I use that string for the calls to IoCreateDeviceSecure.

A full solution would require passing some kind of details into the mount 
procedure or making sure that and userspace driver can correctly control the 
permissions.

Original comment by jnewbi...@chrysocome.net on 29 Jul 2012 at 12:07

GoogleCodeExporter commented 9 years ago 
Please make at least a hotfix for this issue, it's a complete showstopper.

Original comment by 7egg...@gmx.de on 19 May 2013 at 9:33

GoogleCodeExporter commented 9 years ago 
The same problem here, pleas fix it.

Original comment by jan...@gmail.com on 31 Aug 2013 at 8:59

GoogleCodeExporter commented 9 years ago 
Thanks for jnewbi, it works.

Original comment by kuanghf...@gmail.com on 15 Oct 2013 at 9:10