Getting the user name of the current thread

OSR_Community_User · February 9, 2001, 7:08am

Hi all,

I am developing a file system filter driver. I need to know the user name
associated with each request inside my filter driver. Is there any kernel
mode routine available for getting the user name associated with the current
thread. ( In the user mode we have the GetUserName function. I need a
similar one in kernel mode.)

In the case of a IRP_MJ_CREATE request, we get a SecurityContext field in
the IO_STACK_LOCATION. Is there any way to get User Name from this
information?.

Any useful hints in this direction will be most helpful.

Regards,
Mini

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · February 9, 2001, 9:16am

You can use
SeQuerySubjectContextToken(&pSecCtxt->AccessState->SubjectSecurityContext);
to get a PACCESS_TOKEN, which you can then pass to
SeQueryInformationToken(), which will allocate a buffer and return it to
you. This TOKEN_USER buffer will contain a SID.

You must free the memory returned to you by SeQueryInformationToken().

You can use RtlValidSid to validate the SID. You can also pass the SID to
user space where LookupAccountSid() can be used to get the account (user)
name.

Brad

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of MINI MOL
Sent: Friday, February 09, 2001 6:03 AM
To: File Systems Developers
Subject: [ntfsd] Getting the user name of the current thread

Hi all,

I am developing a file system filter driver. I need to know the user name
associated with each request inside my filter driver. Is there any kernel
mode routine available for getting the user name associated with
the current
thread. ( In the user mode we have the GetUserName function. I need a
similar one in kernel mode.)

In the case of a IRP_MJ_CREATE request, we get a SecurityContext field in
the IO_STACK_LOCATION. Is there any way to get User Name from this
information?.

Any useful hints in this direction will be most helpful.

Regards,
Mini

You are currently subscribed to ntfsd as: xxxxx@macromedia.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · February 13, 2001, 5:59am

Hi,

Thank you very much for the information.
But here we need a switch to the user mode to get the username. I would like
to know whether there is a way to accompolish the same in kernel mode
itself.

I have read in MSDN that there is support for sspi(Security Service Provider
Interface) in both kernel mode and user mode. We can get the username using
the QueryCredentialsAttributes function. I’ve tried out a program in user
mode . I successfully got the user name in Win2K, but in NT the error code
is that QueryCredentialsAttributes function is not supported. Is it due to
any mistake in my part?

I tried the same thing in kernel mode in Win2K. Here the function
QueryCredentialsAttributes returns the error code c000005
(ACCESS_VIOLATION). Seems it is due to some mistake in my part. If any body
out there have already tried out these, please help. But in NT, it seems
QueryCredentialsAttributes attributes function is not supported.

The sspi function prototypes are given in ntifs.h.

My original requirement is to find a solution to get the user name of the
current thread in my filter driver workable in both Windows NT and 2K in
kernel mode itself.Any suggestions in this direction will be most helpful.

Regards,
Mini

-----Original Message-----
From: Brad Sahr [mailto:xxxxx@macromedia.com]
Sent: Friday, February 09, 2001 7:43 PM
To: File Systems Developers
Subject: [ntfsd] RE: Getting the user name of the current thread

You can use
SeQuerySubjectContextToken(&pSecCtxt->AccessState->SubjectSecurityContext);
to get a PACCESS_TOKEN, which you can then pass to
SeQueryInformationToken(), which will allocate a buffer and return it to
you. This TOKEN_USER buffer will contain a SID.

You must free the memory returned to you by SeQueryInformationToken().

You can use RtlValidSid to validate the SID. You can also pass the SID to
user space where LookupAccountSid() can be used to get the account (user)
name.

Brad

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of MINI MOL
Sent: Friday, February 09, 2001 6:03 AM
To: File Systems Developers
Subject: [ntfsd] Getting the user name of the current thread

Hi all,

I am developing a file system filter driver. I need to know the user name
associated with each request inside my filter driver. Is there any kernel
mode routine available for getting the user name associated with
the current
thread. ( In the user mode we have the GetUserName function. I need a
similar one in kernel mode.)

In the case of a IRP_MJ_CREATE request, we get a SecurityContext field in
the IO_STACK_LOCATION. Is there any way to get User Name from this
information?.

Any useful hints in this direction will be most helpful.

Regards,
Mini

You are currently subscribed to ntfsd as: xxxxx@macromedia.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntfsd as: xxxxx@nestec.net
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com