Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Check in IRP_MJ_CREATE if allowed access

Gova_GimerGova_Gimer Member - All Emails Posts: 43
edited August 2019 in NTFSD

In my disk filesystem in IRP_MJ_CREATE i'am a (PACL or PSECURITY_DESCRIPTOR) extracted from my fat ,How do i check if a 'windows user logged' is authorized access of the file ?

Solution : I capture PACCESS_TOKEN in SECURITY_SUBJECT_CONTEXT::client token from _IO_STACK_LOCATION::Create::SecurityContext::AccessState::SubjectSecurityContext::ClientToken;
AND i call SeQueryInformationToken with TokenOwner for get SID , and browse the PACL extracted from my fat for compare SID of each PACL by SID extracted from ClientToken.
I have not yet test this option.
It is good ?

if no then how ?????



  • Eric_BergeEric_Berge Member Posts: 32

    See the Windows API SeAccessCheck which I believe will do a lot of the work for you in this case.

  • Gova_GimerGova_Gimer Member - All Emails Posts: 43
    edited August 2019


    Is it possible to check access in user-mode mode ?
    For information i developpe a kernel virtual disk filesystem for manage a virtual disk since user-mode

  • Gova_GimerGova_Gimer Member - All Emails Posts: 43

    Solution purpose :
    i capture from my fat data PACL and data SID of owner and group , in my kernel driver
    i create SECURITY_DESCRIPTOR with SIDs and PACE added.
    i call SeAccessCheck.

    It's good ?

  • Eric_BergeEric_Berge Member Posts: 32

    I believe the general outline is that you'll get the SECURITY_DESCRIPTOR from your file system and you'll get the SECURITY_SUBJECT_CONTEXT from the parameters to the IRP_MJ_CREATE (Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext). That's not be all the pieces you need but I believe that's the major part of it. It would be best to point you to a Microsoft example like the FastFat code, but unfortunately that does not support ACLs. In general the FastFat and the "File System Algoritms" document from Microsoft are some of the best sources for info on file systems (and the old NT 4.0-based Nagar book which in spite of it's age still has a lot of good info and you might still be able to order one from OSR -- although I just looked at it and I didn't see code for dealing with ACLs in their "Create" function).

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Writing WDF Drivers 13 April 2020 OSR Seminar Space & ONLINE
Developing Minifilters 20 Apr 2020 OSR Seminar Space & ONLINE
Internals & Software Drivers TBD Dulles, VA