Deny access in object creation...

OSR_Community_User · June 4, 2007, 9:54am

Hi friends,
I have an issue with access control rights for the device object.
My storage filter driver intercepts all I/O requests to any partition or volume. I want to reject the file object creation when a partition or volume is being opened by any application. (Idea is to change the security attributes dynamically but not setting the attributes at the time of device object creation.)

I have found few API’s for that … SeAssignSecurity, ObGetDeviceSecurity, etc… Am I in the right way? or is there any other solution? If it is correct, I could not find how to and what to change in SECURITY_DESCRIPTOR object. I am stuck here. I tried rejecting MJ_CREATE IRP’s but seems that it is not working.
Can anybody tell me the way to the solution? Please give me the idea.

Thanks,
Venkat.

Want to look great? Get expert opinion on beauty and skin care.
http://content.msn.co.in/Lifestyle/AskExpert/Default01.htm

Peter_Viscarola_OSR · June 4, 2007, 10:01am

So… you’re not trying to deny opens for FILES on a given volume, right? You’re trying to deny actual VOLUME open requests, yes? I just want to be sure we’re all reading from the same page.

And where, precisely, are you presently filtering? And you’re presently rejecting CREATE requests… You’re actually SEEING create requests that you can correlate with an application issuing a CreateFile?

Have you watched the flow of the incoming IRPs of interest with IRP tracker?

Peter

OSR_Community_User · June 4, 2007, 2:03pm

Yes,
My intention is to deny access to any partition on a volume. Here my driver is upper storage filter driver that intervenes all I/O to a partition by creating filter device objects on each partition.
Currently, I am not rejecting any CREATE requests and the intention is to deny access to all kinds of applications.Thanks,
Venkat.

Date: Mon, 4 Jun 2007 10:02:01 -0400> From: xxxxx@osr.com> To: xxxxx@lists.osr.com> Subject: RE:[ntdev] Deny access in object creation…> > [quote] > I want to reject the file object creation when a partition or volume is being opened by any application.> [/quote] > > So… you’re not trying to deny opens for FILES on a given volume, right? You’re trying to deny actual VOLUME open requests, yes? I just want to be sure we’re all reading from the same page.> > And where, precisely, are you presently filtering? And you’re presently rejecting CREATE requests… You’re actually SEEING create requests that you can correlate with an application issuing a CreateFile?> > Have you watched the flow of the incoming IRPs of interest with IRP tracker?> > Peter> > > —> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256\> > To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Want to look great? Get expert opinion on beauty and skin care.
http://content.msn.co.in/Lifestyle/AskExpert/Default01.htm

OSR_Community_User · June 4, 2007, 3:09pm

Well ok but “deny access to any partition on a volume” does not make any
sense. Give an example of what you are trying to do, how would this
function look to a user?

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mr. Venkata
Ramana Goud M
Sent: Monday, June 04, 2007 2:03 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Deny access in object creation…

Yes,
My intention is to deny access to any partition on a volume. Here my
driver is upper storage filter driver that intervenes all I/O to a
partition by creating filter device objects on each partition.
Currently, I am not rejecting any CREATE requests and the intention is
to deny access to all kinds of applications.

Thanks,
Venkat.

Date: Mon, 4 Jun 2007 10:02:01 -0400
From: xxxxx@osr.com
To: xxxxx@lists.osr.com
Subject: RE:[ntdev] Deny access in object creation…

[quote]
I want to reject the file object creation when a partition or volume
is being opened by any application.
[/quote]

So… you’re not trying to deny opens for FILES on a given volume,
right? You’re trying to deny actual VOLUME open requests, yes? I just
want to be sure we’re all reading from the same page.

And where, precisely, are you presently filtering? And you’re
presently rejecting CREATE requests… You’re actually SEEING create
requests that you can correlate with an application issuing a
CreateFile?

Have you watched the flow of the incoming IRPs of interest with IRP
tracker?

Peter

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Want to look great? Get expert opinion on beauty and skin care. Ask the
expert! http:
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer</http:>

Peter_Viscarola_OSR · June 4, 2007, 10:46pm

And *I’M* going to ask one more time: EXACTLY where is your driver located in the stack?

“Upper storage filter driver” isn’t “over the disk class PDO” or “over the volume instance PDO” – it’s marketing talk. Please give us a technical answer.

Have you written this yet (as it seems from your initial post) or are you trying to figure out how to approach such a project?

Peter
OSR