Hi,
I need to find out which user has started IRP_MJ_SET_INFORMATION. Either user name or it’s SID.
I know that security descriptor of IRP_MJ_CREATE can give me the user SID, but I have not found a way to get the same information from IRP_MJ_SET_INFORMATION.
Thanks for you help
Payman
Hi,
Use the SID for the user associated with the current thread.
–
Slava Imameyev, xxxxx@hotmail.com
Capture that information when the file is opened. Trying to do it at
the time the set information is done will lead to incorrect information
in a number of cases, notably in the case of the srv.sys driver - its
threads run in system process context without impersonation except for
create and rename operations.
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
Tony,
I think what you are saying is that I should save the SID data when I’m getting IRP_MJ_CREATE. My question is that if I can be sure that I don’t get IRP_MJ_CREATE from the another user. Like following situation:
IRP_MJ_CREATE (from user1, save it’s SID)
.
.
IRP_MJ_CREATE (from user2, save it’s SID)
.
.
IRP_MJ_SET_INFORMATION (from user1)
Now I would wrongly link this IRP to user 2. How Can I handle this situation?
Thanks
Payman
If what you describe is happening, your implementation is broken, since
each create will be against a different file object and you’d be
confusing the data associated with each one.
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
Tony,
I’m new in the driver field. What I described just hypothetical. Are you saying that scenario can’t be happening.?
Could you give me some pointer on how to implement saving the SID during the IRP_MJ_CREATE and using it later on when I get the IRP_MJ_SET_INFORMATION
Thanks again
Payman
Hi,
use contexts to save your data related to file (stream). Look at
http://msdn2.microsoft.com/en-us/library/aa488223.aspx
Jan
wrote in message news:xxxxx@ntfsd…
> Tony,
> I’m new in the driver field. What I described just hypothetical. Are you
saying that scenario can’t be happening.?
> Could you give me some pointer on how to implement saving the SID during
the IRP_MJ_CREATE and using it later on when I get the
IRP_MJ_SET_INFORMATION
>
> Thanks again
> Payman
>
Thank you very much guys.
Payman
> I know that security descriptor of IRP_MJ_CREATE can give me the user SID,
Normally, all checks for a SID must be done in CREATE path only.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
> IRP_MJ_CREATE (from user1, save it’s SID)
.
.
IRP_MJ_CREATE (from user2, save it’s SID)
.
.
IRP_MJ_SET_INFORMATION (from user1)Now I would wrongly link this IRP to user 2. How Can I handle this
situation?
File object is the key. Associate your security context with the file object.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com