Determining id associated with FS activity

How might a filter driver determine on whose behalf a particular FS request
is being carried out? I’m looking for something like a userId or something
that can lead to it. If there is something, is this information only
available at 'CREATE time?

Any pointers to resources would be helpful.

Brad


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Brad,

Usually, I suggest that people use the SID. The “trick” here is (as you
surmised) that the SID need only be correct during the IRP_MJ_CREATE
handling. Once the handle has been created (and the access
computed/granted) there’s no need to continue the impersonation (there is
one obscure case where the security credentials must also be correct -
rename, since this can cause a file to be deleted, which does require a
security check.)

I’ve posted sample code before, I’ll see if I can dig it up again.

Regards,

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: Brad Sahr [mailto:xxxxx@macromedia.com]
Sent: Thursday, January 11, 2001 4:31 PM
To: File Systems Developers
Subject: [ntfsd] Determining id associated with FS activity

How might a filter driver determine on whose behalf a particular FS request
is being carried out? I’m looking for something like a userId or something
that can lead to it. If there is something, is this information only
available at 'CREATE time?

Any pointers to resources would be helpful.

Brad


You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Tony,

Thank you for the help. I’ve located your sample code in the mailing list
back on June 22, 2000. What I didn’t understand was that it was a SID that I
was looking for. This made it easy to find your sample code.

Thanks again.

Brad

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Tony Mason
Sent: Thursday, January 11, 2001 8:56 PM
To: File Systems Developers
Subject: [ntfsd] RE: Determining id associated with FS activity

Brad,

Usually, I suggest that people use the SID. The “trick” here is (as you
surmised) that the SID need only be correct during the IRP_MJ_CREATE
handling. Once the handle has been created (and the access
computed/granted) there’s no need to continue the impersonation (there is
one obscure case where the security credentials must also be correct -
rename, since this can cause a file to be deleted, which does require a
security check.)

I’ve posted sample code before, I’ll see if I can dig it up again.

Regards,

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: Brad Sahr [mailto:xxxxx@macromedia.com]
Sent: Thursday, January 11, 2001 4:31 PM
To: File Systems Developers
Subject: [ntfsd] Determining id associated with FS activity

How might a filter driver determine on whose behalf a particular
FS request
is being carried out? I’m looking for something like a userId or something
that can lead to it. If there is something, is this information only
available at 'CREATE time?

Any pointers to resources would be helpful.

Brad


You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: xxxxx@macromedia.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com