Hi ,
Is there any way to detect in a minifilter, whether a file operation is initiated by the network redirector or not ?
I want to perform filtering operations, in a minifilter, only if the file is opened through a network share. Is there any clean way of doing this ? I don’t want to rely on some hacks that may not work sometimes 
Thanks in advance.
In MJ_CREATE path, get the user’s token and check it for Network
pseudo-group presense.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntfsd…
> Hi ,
>
> Is there any way to detect in a minifilter, whether a file operation is
initiated by the network redirector or not ?
>
> I want to perform filtering operations, in a minifilter, only if the file is
opened through a network share. Is there any clean way of doing this ? I don’t
want to rely on some hacks that may not work sometimes
>
> Thanks in advance.
>
>
>
>
In your InstanceSetup method, only attach when VolumeDeviceType ==
FILE_DEVICE_NETWORK_FILE_SYSTEM
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: 05 February 2008 23:50
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Detect Network file operations in minifilter
*** WARNING ***
This mail has originated outside your organization, either from an
external partner or the Global Internet.
Keep this in mind if you answer this message.
Hi ,
Is there any way to detect in a minifilter, whether a file operation is
initiated by the network redirector or not ?
I want to perform filtering operations, in a minifilter, only if the
file is opened through a network share. Is there any clean way of doing
this ? I don’t want to rely on some hacks that may not work sometimes
Thanks in advance.
NTFSD is sponsored by OSR
For our schedule debugging and file system seminars (including our new
fs mini-filter seminar) visit:
http://www.osr.com/seminars
You are currently subscribed to ntfsd as: xxxxx@baesystems.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************
thanks for your advice.
Searching the fourm , i found this code:
HANDLE TokenHandle = NULL;
NTSTATUS Status = ZwOpenThreadToken((HANDLE)-2,
STANDARD_RIGHTS_READ, FALSE, &TokenHandle);
if (NT_SUCCESS(Status))
{
ULONG ResultLength;
TOKEN_TYPE TType;
Status = ZwQueryInformationToken(TokenHandle, TokenType, &TType,
sizeof(TOKEN_TYPE), &ResultLength);
if (NT_SUCCESS(Status))
{
if (TType == TokenImpersonation)
{
bServerCall = TRUE;
}
}
ZwClose(TokenHandle);
}
http://www.osronline.com/showThread.cfm?link=55754
Is this code ok to detect network calls during create requests in a minifilter ?
No, query TokenGroups and scan for “Network” group ID
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntfsd…
> thanks for your advice.
>
> Searching the fourm , i found this code:
>
> HANDLE TokenHandle = NULL;
> NTSTATUS Status = ZwOpenThreadToken((HANDLE)-2,
> STANDARD_RIGHTS_READ, FALSE, &TokenHandle);
> if (NT_SUCCESS(Status))
> {
> ULONG ResultLength;
> TOKEN_TYPE TType;
> Status = ZwQueryInformationToken(TokenHandle, TokenType, &TType,
> sizeof(TOKEN_TYPE), &ResultLength);
> if (NT_SUCCESS(Status))
> {
> if (TType == TokenImpersonation)
> {
> bServerCall = TRUE;
> }
> }
> ZwClose(TokenHandle);
> }
>
> http://www.osronline.com/showThread.cfm?link=55754
>
> Is this code ok to detect network calls during create requests in a
minifilter ?
>
>
He wants to know from the other end of the connection - i.e. is the caller
above him providing a network share, not is the filesystem volume below him
a network share.
On Feb 6, 2008 2:56 AM, Oliver, Jonathan (UK) <
xxxxx@baesystems.com> wrote:
In your InstanceSetup method, only attach when VolumeDeviceType ==
FILE_DEVICE_NETWORK_FILE_SYSTEM-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: 05 February 2008 23:50
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Detect Network file operations in minifilter*** WARNING ***
This mail has originated outside your organization, either from an
external partner or the Global Internet.
Keep this in mind if you answer this message.Hi ,
Is there any way to detect in a minifilter, whether a file operation is
initiated by the network redirector or not ?I want to perform filtering operations, in a minifilter, only if the
file is opened through a network share. Is there any clean way of doing
this ? I don’t want to rely on some hacks that may not work sometimesThanks in advance.
NTFSD is sponsored by OSR
For our schedule debugging and file system seminars (including our new
fs mini-filter seminar) visit:
http://www.osr.com/seminarsYou are currently subscribed to ntfsd as: xxxxx@baesystems.com
To unsubscribe send a blank email to xxxxx@lists.osr.com********************************************************************
This email and any attachments are confidential to the intended
recipient and may also be privileged. If you are not the intended
recipient please delete it from your system and notify the sender.
You should not copy it or use it for any purpose nor disclose or
distribute its contents to any other person.
********************************************************************
NTFSD is sponsored by OSR
For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminarsYou are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
–
Mark Roddy