ACL solution considerations

I work on an ACL + encryption solution based on minifilter drivers.
the problem is file trasfer options that seem to not fall in the domain of fs minifilters like remote file systems, … .
for example my minifilter, is configured to attach to all volumes automatically but it can not filter network share files (shared by other PCs in a LAN)

I just found this:
typedef enum _FLT_FILESYSTEM_TYPE {
FLT_FSTYPE_UNKNOWN,
FLT_FSTYPE_RAW,
FLT_FSTYPE_NTFS,
FLT_FSTYPE_FAT,
FLT_FSTYPE_CDFS,
FLT_FSTYPE_UDFS,
FLT_FSTYPE_LANMAN,
FLT_FSTYPE_WEBDAV,
FLT_FSTYPE_RDPDR,
FLT_FSTYPE_NFS,
FLT_FSTYPE_MS_NETWARE,
FLT_FSTYPE_NETWARE,
FLT_FSTYPE_BSUDF,
FLT_FSTYPE_MUP,
FLT_FSTYPE_RSFX,
FLT_FSTYPE_ROXIO_UDF1,
FLT_FSTYPE_ROXIO_UDF2,
FLT_FSTYPE_ROXIO_UDF3,
FLT_FSTYPE_TACIT,
FLT_FSTYPE_FS_REC,
FLT_FSTYPE_INCD,
FLT_FSTYPE_INCD_FAT,
FLT_FSTYPE_EXFAT,
FLT_FSTYPE_PSFS,
FLT_FSTYPE_GPFS,
FLT_FSTYPE_NPFS,
FLT_FSTYPE_MSFS,
FLT_FSTYPE_CSVFS,
FLT_FSTYPE_REFS,
FLT_FSTYPE_OPENAFS
} FLT_FILESYSTEM_TYPE, *PFLT_FILESYSTEM_TYPE;

Is all file systems listed in this enumeration supported (for filtering by a minifilter driver)?
if not where I can find a list of supported ones. It has been a pain to find just this enumeration. I’ve searched multiple times to find the slightest bit of information about the domain of FSs that minifilters can filter.

Remote( SMB, RDP etc) FS access filtering is performed by attaching to \Device\MUP . FltMgr attaches an instance to MUP for network access filtering . MUP redirects requests to corresponding network file system object( e.g. \Device\RdpDr or \FileSystem\mrxsmb’s device objects which are unnamed) based on the path prefix. FltMgr doesn’t attach to network file system objects starting from Vista ( AFAIK). So there is one point of entry for all network file system filters - MUP. Attaching an instance to MUP allows to filter requests to remote file systems. For more information search for “MUP Changes in Microsoft Windows Vista” article at MSDN.

The situation is different if you want to filter requests from remote system to local files. In that case they are processed by a service and a kernel module by accessing files as a regular application. In that case you need a filter attached to a volume. The tricky part is filtering out server requests from local requests. Server is just an application like any other process in the system.

BTW I believe FLT_FSTYPE_* are useless.

>that case you need a filter attached to a volume. The tricky part is filtering out server requests from

local requests. Server is just an application like any other process in the system.

ECPs or the security token row about “Network” group can help.


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

thanks for your answers.