In general this is not something NT is making available to you. You can get
a lot of information about the initiating user from the create
(IRP_MJ_CREATE) operation, but I don’t think that ‘user is remote’ is part
of this. You could possibly try to figure out who is ABOVE you on the stack.
If srv is above you, this is a rather clear indication that this IO came
from afar rather than locally. So, and I think this is a TERRIBLE HACK, you
could walk up (illegally) the IO_STACK looking at the device objects above
and seeing if any of them are linked to SRV.
The idea in NT is that network security happens above and outside local
filesystems (via srv and the io manager and the object manager and the
security reference monitor etc.) Your local filesystem should only concern
itself with per file persistent security, and then only if it implements per
file persistent security, which so far only NTFS does. The local system has
already blessed this user, you shouldn’t have to re-examine his rights to
access the system.
On the other hand, if this is a QOS issue rather than a security issue I
understand your problem.
-----Original Message-----
From: Shiva_Shankar [mailto:xxxxx@Satyam.com]
Sent: Monday, April 17, 2000 7:49 AM
To: NT Developers Interest List
Subject: [ntdev] Re: How do I get the owner of the request
Hi I?aki Castillo
Thanks for your reply, now please let me know if there is any way I
can distinguish between the local IRP’s and remote Irp’s
regards,
Shivas
From: I?aki Castillo
Reply To: NT Developers Interest List
Sent: Monday, April 17, 2000 4:58 PM
To: NT Developers Interest List
Subject: [ntdev] Re: How do I get the owner of the request
Note that Bartjan ask how to detect the origin of the request for a
local
file.
This flag is not used when accesing local files, no matter request origin is
local or remote.
SRV component translates the remote access to a local access.
Inaki.
-----Original Message-----
From: Bartjan Wattel
Sent: lunes 17 de abril de 2000 13:22
To: NT Developers Interest List
Subject: [ntdev] Re: How do I get the owner of the request
At 4/17/00 04:04 PM +0530, Shiva_Shankar wrote:
> I have a filter driver which filters on the requests going
> to the FSD. My problem is that if I want to distinguish whether
> the request is a local request or whether it has come across
> the Network, how can I find it.
You should examine the DeviceObject structure in the current FileObject.
The DeviceObject structure has a field called Characteristics that can
have
the following values:
FILE_REMOVABLE_MEDIA, FILE_READ_ONLY_DEVICE, FILE_FLOPPY_DISKETTE,
FILE_WRITE_ONCE_MEDIA or FILE_REMOTE_DEVICE.
So to see if a request comes across the network, test for
FileObject->DeviceObject->Characteristics & FILE_REMORE_DEVICE
With kind regards,
Bartjan Wattel < mailto:xxxxx@ascit.com mailto:xxxxx >
> ----------------------------------------- Yours, for X-Tra Security !!!
> —
> ThunderStore HQ
> Ant. v.d. Heydenstraat 2, 5527 BV HAPERT, The Netherlands
> Tel: +31 (0)49 7383 505 / Fax: +31 (0)49 7388 440
> Web: http://www.thunderstore.com http:
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@pandasoftware.es
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
—
You are currently subscribed to ntdev as: xxxxx@Satyam.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)</http:></mailto:xxxxx>