Is it possible to pass a security token from a driver to a process so that you can impersonate the user making the request from that process? For instance, say the driver is processing an IRP_MJ_CREATE request and the ClientToken in SubjectSecurityContext is set. If we were to delegate the handling of the request to a user-mode process, is it possible to have the user mode process impersonate the user associated with the ClientToken the driver has?
Absolutely you can do this.
See PsImpersonateClient and SeImpersonateClientEx for more information. In IRP_MJ_CREATE the simplest thing is to pick up a handle to the token and use that; if it is impersonating you use the thread token, otherwise you use the process token.
I’m sure I don’t need to caution you that you need to be cautious here because you are potentially creating a security hole if you are not careful.
Tony
OSR