Caching user names

OSR_Community_User · April 28, 2006, 10:25pm

I’m considering caching of user names in the filter (I don’t know
why it wasn’t thought of before ;-). By caching I mean not just caching
in the context, between open <> close, but rather during entire Windows
session.

From some testing, LUID seems to be the correct thing to cache here

am I right?

Now comes the hard part - is there any way to tell if a user is
deleted? Adding a user won’t hurt, but removing a user could trigger the
same LUID.

TIA.

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · April 29, 2006, 2:29pm

Why not deal with SIDs only in the kmode code, and leave all user name
stuff to umode?

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Dejan Maksimovic”
To: “Windows File Systems Devs Interest List”
Sent: Saturday, April 29, 2006 6:26 AM
Subject: [ntfsd] Caching user names

>
> I’m considering caching of user names in the filter (I don’t know
> why it wasn’t thought of before ;-). By caching I mean not just caching
> in the context, between open <> close, but rather during entire Windows
> session.
>
> From some testing, LUID seems to be the correct thing to cache here
> - am I right?
>
> Now comes the hard part - is there any way to tell if a user is
> deleted? Adding a user won’t hurt, but removing a user could trigger the
> same LUID.
>
> TIA.
>
> –
> Kind regards, Dejan M.
> http://www.alfasp.com E-mail: xxxxx@alfasp.com
> Alfa Transparent File Encryptor - Transparent file encryption services.
> Alfa File Protector - File protection and hiding library for Win32
> developers.
> Alfa File Monitor - File monitoring library for Win32 developers.
>
>
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · April 29, 2006, 3:20pm

Mainly because it would break the current design a lot.

“Maxim S. Shatskih” wrote:

Why not deal with SIDs only in the kmode code, and leave all user name stuff to
umode?

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Dejan Maksimovic”
> To: “Windows File Systems Devs Interest List”
> Sent: Saturday, April 29, 2006 6:26 AM
> Subject: [ntfsd] Caching user names
>
> >
> > I’m considering caching of user names in the filter (I don’t know
> > why it wasn’t thought of before ;-). By caching I mean not just caching
> > in the context, between open <> close, but rather during entire Windows
> > session.
> >
> > From some testing, LUID seems to be the correct thing to cache here
> > - am I right?
> >
> > Now comes the hard part - is there any way to tell if a user is
> > deleted? Adding a user won’t hurt, but removing a user could trigger the
> > same LUID.
> >
> > TIA.
> >
> > –
> > Kind regards, Dejan M.
> > http://www.alfasp.com E-mail: xxxxx@alfasp.com
> > Alfa Transparent File Encryptor - Transparent file encryption services.
> > Alfa File Protector - File protection and hiding library for Win32
> > developers.
> > Alfa File Monitor - File monitoring library for Win32 developers.
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@alfasp.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · April 29, 2006, 7:34pm

It depends on what you want to do, but perhaps you could key off of
logon session IDs (which is perhaps what you’re referring to by LUID).
If so, then you can build your mapping when you first encounter a
session, and flush it per key when the logon session terminates.
See SeQueryAuthenticationIdToken,
SeRegisterLogonSessionTerminatedRoutine and
SeMarkLogonSessionForTerminationNotification.

Note that the same user can have multiple logon sessions running on
the same machine, so you’re going to get a many to one mapping from
LUID to user.

On 4/29/06, Dejan Maksimovic wrote:
>
> Mainly because it would break the current design a lot.
>
> “Maxim S. Shatskih” wrote:
>
> > Why not deal with SIDs only in the kmode code, and leave all user name stuff to
> > umode?
> >
> > Maxim Shatskih, Windows DDK MVP
> > StorageCraft Corporation
> > xxxxx@storagecraft.com
> > http://www.storagecraft.com
> >
> > ----- Original Message -----
> > From: “Dejan Maksimovic”
> > To: “Windows File Systems Devs Interest List”
> > Sent: Saturday, April 29, 2006 6:26 AM
> > Subject: [ntfsd] Caching user names
> >
> > >
> > > I’m considering caching of user names in the filter (I don’t know
> > > why it wasn’t thought of before ;-). By caching I mean not just caching
> > > in the context, between open <> close, but rather during entire Windows
> > > session.
> > >
> > > From some testing, LUID seems to be the correct thing to cache here
> > > - am I right?
> > >
> > > Now comes the hard part - is there any way to tell if a user is
> > > deleted? Adding a user won’t hurt, but removing a user could trigger the
> > > same LUID.
> > >
> > > TIA.
> > >
> > > –
> > > Kind regards, Dejan M.
> > > http://www.alfasp.com E-mail: xxxxx@alfasp.com
> > > Alfa Transparent File Encryptor - Transparent file encryption services.
> > > Alfa File Protector - File protection and hiding library for Win32
> > > developers.
> > > Alfa File Monitor - File monitoring library for Win32 developers.
> > >
> > >
> > >
> > > —
> > > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> > >
> > > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> > —
> > Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@alfasp.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> –
> Kind regards, Dejan M.
> http://www.alfasp.com E-mail: xxxxx@alfasp.com
> Alfa Transparent File Encryptor - Transparent file encryption services.
> Alfa File Protector - File protection and hiding library for Win32 developers.
> Alfa File Monitor - File monitoring library for Win32 developers.
>
>
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

–
Life is what happens to you while you’re busy making other plans
– John Lennon

OSR_Community_User · April 30, 2006, 11:33am

This seems to be exactly what I need, thanks.

Sigurður Ásgeirsson wrote:

It depends on what you want to do, but perhaps you could key off of
logon session IDs (which is perhaps what you’re referring to by LUID).
If so, then you can build your mapping when you first encounter a
session, and flush it per key when the logon session terminates.
See SeQueryAuthenticationIdToken,
SeRegisterLogonSessionTerminatedRoutine and
SeMarkLogonSessionForTerminationNotification.

Note that the same user can have multiple logon sessions running on
the same machine, so you’re going to get a many to one mapping from
LUID to user.

On 4/29/06, Dejan Maksimovic wrote:
> >
> > Mainly because it would break the current design a lot.
> >
> > “Maxim S. Shatskih” wrote:
> >
> > > Why not deal with SIDs only in the kmode code, and leave all user name stuff to
> > > umode?
> > >
> > > Maxim Shatskih, Windows DDK MVP
> > > StorageCraft Corporation
> > > xxxxx@storagecraft.com
> > > http://www.storagecraft.com
> > >
> > > ----- Original Message -----
> > > From: “Dejan Maksimovic”
> > > To: “Windows File Systems Devs Interest List”
> > > Sent: Saturday, April 29, 2006 6:26 AM
> > > Subject: [ntfsd] Caching user names
> > >
> > > >
> > > > I’m considering caching of user names in the filter (I don’t know
> > > > why it wasn’t thought of before ;-). By caching I mean not just caching
> > > > in the context, between open <> close, but rather during entire Windows
> > > > session.
> > > >
> > > > From some testing, LUID seems to be the correct thing to cache here
> > > > - am I right?
> > > >
> > > > Now comes the hard part - is there any way to tell if a user is
> > > > deleted? Adding a user won’t hurt, but removing a user could trigger the
> > > > same LUID.
> > > >
> > > > TIA.
> > > >
> > > > –
> > > > Kind regards, Dejan M.
> > > > http://www.alfasp.com E-mail: xxxxx@alfasp.com
> > > > Alfa Transparent File Encryptor - Transparent file encryption services.
> > > > Alfa File Protector - File protection and hiding library for Win32
> > > > developers.
> > > > Alfa File Monitor - File monitoring library for Win32 developers.
> > > >
> > > >
> > > >
> > > > —
> > > > Questions? First check the IFS FAQ at
> > > https://www.osronline.com/article.cfm?id=17
> > > >
> > > > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> > > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> > > —
> > > Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
> > >
> > > You are currently subscribed to ntfsd as: xxxxx@alfasp.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> > –
> > Kind regards, Dejan M.
> > http://www.alfasp.com E-mail: xxxxx@alfasp.com
> > Alfa Transparent File Encryptor - Transparent file encryption services.
> > Alfa File Protector - File protection and hiding library for Win32 developers.
> > Alfa File Monitor - File monitoring library for Win32 developers.
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@gmail.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
> –
> Life is what happens to you while you’re busy making other plans
> – John Lennon
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.