Impersonation question

Hi,

I do have a filter driver. The filter is called in the security-context of the calling thread…I assume this is correct so far.

Can I capture the security information of the calling thread inside the filter and assign it to a different user-mode thread? And if the answer is “yes”: what functions must I use?

Any hints will be appreciated.

Thanks
Frank

SeCreateClientSecurity/SeImpersonateClient/PsRevertToSelf/SeDeleteClient
Security. All available on NT4 through XP.

  • Nicholas Ryan

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@clever.ms
Sent: Friday, November 15, 2002 1:12 AM
To: File Systems Developers
Subject: [ntfsd] Impersonation question

Hi,

I do have a filter driver. The filter is called in the
security-context of the calling thread…I assume this is
correct so far.

Can I capture the security information of the calling thread
inside the filter and assign it to a different user-mode
thread? And if the answer is “yes”: what functions must I use?

Any hints will be appreciated.

Thanks
Frank


You are currently subscribed to ntfsd as: xxxxx@nryan.com
To unsubscribe send a blank email to %%email.unsub%%

Check out FileDisk at:

http://www.acc.umu.se/~bosse/

It uses the SeImpersonateClient() and associated APIs to do exactly what
you need. Basically what you do is save off the security client context
of the thread you want to impersonate, then in another thread call
SeImpersonateClient() to impersonate the first thread and when you’re
done impersonating call RevertToSelf() (at least I think that’s the name
of the function). Look at FileDisk’s source to find out for sure.

Nate Bushman

-----Original Message-----
From: xxxxx@clever.ms [mailto:xxxxx@clever.ms]
Sent: Friday, November 15, 2002 2:12 AM
To: File Systems Developers
Subject: [ntfsd] Impersonation question

Hi,

I do have a filter driver. The filter is called in the security-context
of the calling thread…I assume this is correct so far.

Can I capture the security information of the calling thread inside the
filter and assign it to a different user-mode thread? And if the answer
is “yes”: what functions must I use?

Any hints will be appreciated.

Thanks
Frank


You are currently subscribed to ntfsd as: xxxxx@powerquest.com
To unsubscribe send a blank email to %%email.unsub%%

This program was stolen from me. And I am going to respond to every
mention of it on this list.

BTW: It is better to have an associated service that logs in to the
proper account to get permissions and use a worker thread in that
process’s context; I guess the thief has modified the code.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Nate Bushman
Sent: Friday, November 15, 2002 1:40 PM
To: File Systems Developers
Subject: [ntfsd] RE: Impersonation question

Check out FileDisk at:

http://www.acc.umu.se/~bosse/

It uses the SeImpersonateClient() and associated APIs to do exactly what
you need. Basically what you do is save off the security client context
of the thread you want to impersonate, then in another thread call
SeImpersonateClient() to impersonate the first thread and when you’re
done impersonating call RevertToSelf() (at least I think that’s the name
of the function). Look at FileDisk’s source to find out for sure.

Nate Bushman

-----Original Message-----
From: xxxxx@clever.ms [mailto:xxxxx@clever.ms]
Sent: Friday, November 15, 2002 2:12 AM
To: File Systems Developers
Subject: [ntfsd] Impersonation question

Hi,

I do have a filter driver. The filter is called in the security-context
of the calling thread…I assume this is correct so far.

Can I capture the security information of the calling thread inside the
filter and assign it to a different user-mode thread? And if the answer
is “yes”: what functions must I use?

Any hints will be appreciated.

Thanks
Frank


You are currently subscribed to ntfsd as: xxxxx@powerquest.com
To unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
To unsubscribe send a blank email to %%email.unsub%%

Have you complained to the university that hosts the download site?

-----Original Message-----
From: Jamey Kirby [mailto:xxxxx@storagecraft.com]
Sent: Saturday, November 16, 2002 7:08 PM
To: File Systems Developers
Subject: [ntfsd] RE: Impersonation question

This program was stolen from me. And I am going to respond to every
mention of it on this list.

BTW: It is better to have an associated service that logs in to the
proper account to get permissions and use a worker thread in that
process’s context; I guess the thief has modified the code.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Nate Bushman
Sent: Friday, November 15, 2002 1:40 PM
To: File Systems Developers
Subject: [ntfsd] RE: Impersonation question

Check out FileDisk at:

http://www.acc.umu.se/~bosse/

It uses the SeImpersonateClient() and associated APIs to do exactly what
you need. Basically what you do is save off the security client context
of the thread you want to impersonate, then in another thread call
SeImpersonateClient() to impersonate the first thread and when you’re
done impersonating call RevertToSelf() (at least I think that’s the name
of the function). Look at FileDisk’s source to find out for sure.

Nate Bushman

-----Original Message-----
From: xxxxx@clever.ms [mailto:xxxxx@clever.ms]
Sent: Friday, November 15, 2002 2:12 AM
To: File Systems Developers
Subject: [ntfsd] Impersonation question

Hi,

I do have a filter driver. The filter is called in the security-context
of the calling thread…I assume this is correct so far.

Can I capture the security information of the calling thread inside the
filter and assign it to a different user-mode thread? And if the answer
is “yes”: what functions must I use?

Any hints will be appreciated.

Thanks
Frank


You are currently subscribed to ntfsd as: xxxxx@powerquest.com To
unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to ntfsd as: xxxxx@storagecraft.com To
unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to ntfsd as: xxxxx@basistech.com To
unsubscribe send a blank email to %%email.unsub%%

Hi,

I solved my problem (once more)… thanks to the list.

Cheers!
Frank

“File Systems Developers” wrote:
> SeCreateClientSecurity/SeImpersonateClient/PsRevertToSelf/SeDeleteClient
> Security. All available on NT4 through XP.
>
> - Nicholas Ryan
>
>
>
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@clever.ms
> > Sent: Friday, November 15, 2002 1:12 AM
> > To: File Systems Developers
> > Subject: [ntfsd] Impersonation question
> >
> >
> > Hi,
> >
> > I do have a filter driver. The filter is called in the
> > security-context of the calling thread…I assume this is
> > correct so far.
> >
> > Can I capture the security information of the calling thread
> > inside the filter and assign it to a different user-mode
> > thread? And if the answer is “yes”: what functions must I use?
> >
> > Any hints will be appreciated.
> >
> > Thanks
> > Frank
> >
> >
> >
> > —
> > You are currently subscribed to ntfsd as: xxxxx@nryan.com
> > To unsubscribe send a blank email to %%email.unsub%%
> >
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@clever.ms
> To unsubscribe send a blank email to %%email.unsub%%