Dejan,
The approach that I’ve always taken to this is to capture the SID of the
caller during the IRP_MJ_CREATE handling.
Here is the code that we routinely use. It does not use the ACCESS_TOKEN in
the IRP and it can be called successfully in the IRP_MJ_CREATE entry path
because you’re a highest level driver (and hence guaranteed to be called at
IRQL_PASSIVE_LEVEL) and you are called with correct security context.
//
// Demonstrate how to retrieve the SID for the caller. Typically, this
information is
// sent to the user application for further processing. We’ve included
it here
// simply to demonstrate how to retrieve this information.
//
// The approach we use is to first try and open the thread token. If
that fails, we
// open the process token (which always works) and then use the token
handle (in either
// case) to query the SID information for the token.
//
code = ZwOpenThreadToken(NtCurrentThread(), TOKEN_READ, TRUE, &handle);
if (code == STATUS_NO_TOKEN) {
//
// Since we don’t have a thread level token we’ll use the process
// level token. This is the common case (in fact) since the only
// time a thread has a token is when it is impersonating.
//
code = ZwOpenProcessToken(NtCurrentProcess(), TOKEN_READ, &handle);
}
ASSERT(NT_SUCCESS(code));
//
// Retrieve the user information from the token. Note that this can be
used to query
// twice (once to get the size of the needed buffer.) For this example
we’ve allocated
// a buffer that should always be large enough.
//
code = ZwQueryInformationToken(handle, TokenUser, buffer,
sizeof(buffer), &tokenInfoLength);
//
// This call should always work.
//
ASSERT(NT_SUCCESS(code));
//
// For this example, we print out the SID contents. If you wanted to
pass it to the user
// mode caller, you’d copy it into their buffer (wherever you’d like!)
//
DbgPrint((“*** BEGIN SID Dump ***”));
DbgPrint(“Caller’s SID (Revision %u, SubAuthorityCount %u):\n”,
sid->Revision,
sid->SubAuthorityCount);
DbgPrint(“\tIdentifierAuthority = %u-%u-%u-%u-%u-%u\n”,
sid->IdentifierAuthority.Value[0],
sid->IdentifierAuthority.Value[1],
sid->IdentifierAuthority.Value[2],
sid->IdentifierAuthority.Value[3],
sid->IdentifierAuthority.Value[4],
sid->IdentifierAuthority.Value[5]);
if (sid->SubAuthorityCount) {
DbgPrint(“\tSubAuthority =”);
for (index = 0; index < sid->SubAuthorityCount;index++) {
if (index) {
DbgPrint(“-”);
}
DbgPrint(“%u”, sid->SubAuthority[index]);
}
DbgPrint(“\n”);
}
DbgPrint((“*** END SID Dump ***”));
I thought I’d previously provided this code sample; perhaps this doesn’t
work for your case for some reason?
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
-----Original Message-----
From: Dejan Maksimovic [mailto:xxxxx@alfasp.com]
Sent: Tuesday, August 21, 2001 8:42 PM
To: File Systems Developers
Subject: [ntfsd] Getting user name
Hi,
I’ve seen two posts on this subject, but no answers (they were
dated 1997-1998), so I’m asking the question.
How do I get the name of the user accessing a file? Some code
samples would be appreciated.
–
Kind regards, Dejan M. CEO Alfa Co. www.alfasp.com
E-mail: xxxxx@alfasp.com
ICQ#: 56570367
Professional file&system related components and libraries for Win32
developers.
Alfa File Monitor - #1 file monitoring system for Win32 developers.
Alfa File Protector - #1 file protection and hiding system for Win32
developers.
Alfa Units - #1 file and system handling units for Delphi.
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com