[Openib-windows] Running WSD from as a non-administrator

Tzachi Dar tzachid at mellanox.co.il
Mon Aug 14 12:15:34 PDT 2006 

I'll try to explain the logic and process that brought me to this
change, I hope that it will make things clearer.

The code that existed before didn't allow one a "non-administrator" user
to open the device. I have tried looking in Google to a solution to this
problem and what I saw was that the problem happens since the device is
being created by NDIS (NdisMRegisterDevice) and not by a IoCreateDevice
or IoCreateDeviceSecure which allow giving an ACL. I also saw that the
WHQL process verifies that we only use NdisMRegisterDevice.

So there were two possible solutions to solve this: 1) Use some driver
as a proxy between the user process and the IPOIB driver (for example
adding another function in IBAL). 2) try to find a work around, which is
what I did. I looked at mailing list of the OpenVPN project and saw that
this is what they have been using. There wasn't almost any other
documentation of the problem.

I have tried this and it worked well, even when two processes are using
the device.

Did you see a problem with this solution?

Thanks
Tzachi

> -----Original Message-----
> From: ftillier.sst at gmail.com [mailto:ftillier.sst at gmail.com] 
> On Behalf Of Fabian Tillier
> Sent: Monday, August 14, 2006 9:07 PM
> To: Tzachi Dar
> Cc: openib-windows at openib.org
> Subject: Re: [Openib-windows] Running WSD from as a non-administrator
> 
> Hi Tzachi,
> 
> Could you clarify the change below please?
> 
> Thanks,
> 
> - Fab
> 
> On 8/4/06, Fabian Tillier <ftillier at silverstorm.com> wrote:
> > Hi Tzachi,
> >
> > I saw some intermittent failures, where IBAT IOCTL requests where 
> > failing.  I was unable to figure out what was causing it, but had a 
> > question about the changes in this patch.
> >
> > On 7/30/06, Tzachi Dar <tzachid at mellanox.co.il> wrote:
> > > Index: ulp/wsd/user/ibsp_ip.c
> > > 
> ===================================================================
> > > --- ulp/wsd/user/ibsp_ip.c (revision 420)
> > > +++ ulp/wsd/user/ibsp_ip.c (working copy)
> > > @@ -96,7 +96,7 @@
> > >   if( g_ibsp.h_ibat_dev == INVALID_HANDLE_VALUE )
> > >   {
> > >    g_ibsp.h_ibat_dev = CreateFileW( IBAT_WIN32_NAME,
> > > -   GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
> > > +   MAXIMUM_ALLOWED, 0, NULL,
> >
> > Why did you change the share disposition from shared 
> read/write access 
> > to no sharing?  Wouldn't this cause only a single application to be 
> > able to open the device?  The change from GENERIC_READ to 
> > MAXIMUM_ALLOWED is granting more rights, but the share 
> disposition is 
> > granting fewer.
> >
> > Is there any reason not to allow shared access?  Or is it 
> because the 
> > IOCTL path is neither READ nor WRITE?
> >
> > Thanks,
> >
> > - Fab
> >
>

More information about the ofw mailing list