hello all,
could some one please letme know how can i get session ir of user in the IRP_MJ_CREATE
of a TDI driver.
is there any API for structure variable for it?
regards
deep
hello,
i found this function
ZwQueryInformationToken () with “TokenSessionId” flag. is this a documented way of finding out the sessionid in terminal services environment?
regards
deep
hello,
thanks. i got the session id with above function
regards
deep
Why do you need to do this?
In general, directly groveling into tokens for the purposes of making an access check is not recommended. It’s very easy to write code that looks correct but opens up serious security holes when given an impersonation token, a token with a deny-only SID, etc.
- S
-----Original Message-----
From: xxxxx@yahoo.co.in
Sent: Thursday, September 10, 2009 22:56
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] obtaining Session ID in TDI driver
hello,
i found this function
ZwQueryInformationToken () with “TokenSessionId” flag. is this a documented way of finding out the sessionid in terminal services environment?
regards
deep
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
hello Ken,
i need this info to differentiate between 2 different remote sessions of a same user in the terminal server. if multiple sessions of same users are allowed on the terminal server.
i need to make policy decisions when users opens internet for browsing.
is there any other way by which i could get required information?
regards
deep
You mean that you need to differentiate the TCP/IP sockets used by each
session, right?
Not the session itself (which is also a TCP endpoint).
Where are you capturing this context (and/or applying the policy)? At
TDI_CONNECT or IRP_MJ_CREATE of the endpoint?
Perhaps you should be querying the SessionId of the current process at the
time this occurs. ZwQueryInformationProcess() perhaps?
(N.B. This is not a ‘documented’ function but you will find plenty of
information on it. The enumeration of the key input parameter is in the WDK
headers.)
Good Luck,
Dave Cattley
Consulting Engineer
Systems Software Development
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.co.in
Sent: Friday, September 11, 2009 1:44 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] obtaining Session ID in TDI driver
hello Ken,
i need this info to differentiate between 2 different remote sessions of a
same user in the terminal server. if multiple sessions of same users are
allowed on the terminal server.
i need to make policy decisions when users opens internet for browsing.
is there any other way by which i could get required information?
regards
deep
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
I solved similar problem in the past using below code. It was for w2k
and XP so check if there isn’t any problem in newer OS versions. All
functions seem documented:
if ((Token = PsReferencePrimaryToken(PsGetCurrentProcess())) !=
NULL) {
if ((Status = SeQueryAuthenticationIdToken(Token, LogonId)) ==
STATUS_SUCCESS) {
…
}
PsDereferencePrimaryToken(Token);
}
Error handling and traces omited. LogonId is what you want. It should
work if called in context of proper process i.e. IRP_MJ_CREATE handler.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.co.in
Sent: Friday, September 11, 2009 7:44 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] obtaining Session ID in TDI driverhello Ken,
i need this info to differentiate between 2 different remote
sessions of a same user in the terminal server. if multiple
sessions of same users are allowed on the terminal server.i need to make policy decisions when users opens internet for
browsing.is there any other way by which i could get required information?
regards
deep
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online
at http://www.osronline.com/page.cfm?name=ListServer
This is at least a bit safer as you can’t be tricked into granting access to a SecurityIdentification level impersonation token from another session.
- S
-----Original Message-----
From: Michal Vodicka
Sent: Friday, September 11, 2009 13:03
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] obtaining Session ID in TDI driver
I solved similar problem in the past using below code. It was for w2k
and XP so check if there isn’t any problem in newer OS versions. All
functions seem documented:
if ((Token = PsReferencePrimaryToken(PsGetCurrentProcess())) !=
NULL) {
if ((Status = SeQueryAuthenticationIdToken(Token, LogonId)) ==
STATUS_SUCCESS) {
…
}
PsDereferencePrimaryToken(Token);
}
Error handling and traces omited. LogonId is what you want. It should
work if called in context of proper process i.e. IRP_MJ_CREATE handler.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of
> xxxxx@yahoo.co.in
> Sent: Friday, September 11, 2009 7:44 PM
> To: Windows System Software Devs Interest List
> Subject: RE:[ntdev] obtaining Session ID in TDI driver
>
> hello Ken,
>
> i need this info to differentiate between 2 different remote
> sessions of a same user in the terminal server. if multiple
> sessions of same users are allowed on the terminal server.
>
> i need to make policy decisions when users opens internet for
> browsing.
>
> is there any other way by which i could get required information?
> regards
> deep
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online
> at http://www.osronline.com/page.cfm?name=ListServer
>
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
> if ((Token = PsReferencePrimaryToken(PsGetCurrentProcess())) !=
In MJ_CREATE path, it is better to use Parameters.Create.SecurityContext and to extract the token from there.
To allow impersonation, you will first need to try ClientToken, and, if it is NULL, try PrimaryToken.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
> -----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim
S. Shatskih
Sent: Friday, September 11, 2009 11:47 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] obtaining Session ID in TDI driver> if ((Token = PsReferencePrimaryToken(PsGetCurrentProcess())) !=
In MJ_CREATE path, it is better to use
Parameters.Create.SecurityContext and to extract the token from there.
Extracting token doesn’t seem to be documented and even if so, what is
the advantage in OP’s case?
BTW, the code I posted was called from IOCTL path so it couldn’t be used
there.
To allow impersonation, you will first need to try
ClientToken, and, if it is NULL, try PrimaryToken.
For OP’s purposes can be necessary to ignore impersonation. He wants to
detect logon session from which request was made and impersonation can
break it.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]