Hi all,
I am trying filtering access in my file system filter requested by
LanmanServer.
I did start my driver from sfilter from NTIFS kit samples. I already can
filter IRP_MJ_CREATE access from
network looking for FILE_COMPLETE_IF_OPLOCKED flag at
“pStack->Parameters.Create.Options”. In this way I can deny access to open
file, but I can’t deny delete it.
I did put a “break point” at FastIoQueryNetworkOpenInfo and this
function is never called. Anyone knows how can I filter IRPs from
LanmanServer (SRV)? Any help or suggestion are very welcome.
Thanks in advance and sorry my poor English.
Fernando. xxxxx@scua.com.br
>I am trying filtering access in my file system filter requested by
LanmanServer.
I did start my driver from sfilter from NTIFS kit samples. I already can
filter IRP_MJ_CREATE access from
network looking for at
“pStack->Parameters.Create.Options”. In this way I can deny access to
open
file, but I can’t deny delete it.
Apparently LanmanServer sometimes doesn’t set FILE_COMPLETE_IF_OPLOCKED
flag so you missing some creates.
You can try to use information about security context instead.
Using SeQueryInformationToken with TokenSource as TokenInformationClass
will return information on how current user was logged in.
If SourceName is NtLmSsp it was logged-in via Lanmanager, User32
represents localy logged-in users.
Alexei.