Owner SID of FILE

NTFSD
1

RE: [ntfsd] Re: Owner SID of FILEHi, Joel,

I try to use your code to extract the file owner SID, however, I don’t know how I can set your parameter void * Buff and int * BuffLen in FaGetFileSecurity.

I try to use ExAllocatePool to allocate Buff in NonPagedPool, but I don’t the size of it, i.e, I can’t set the buffer size, can you give me some guidance?

Thanks a lot.

Bill
----- Original Message -----
From: Smith, Joel
Newsgroups: ntfsd
To: File Systems Developers
Sent: Friday, February 15, 2002 1:35 PM
Subject: Re: Owner SID of FILE

Stephan,
You could give this a try.

-Joel

NTSTATUS FaGetFileSecurity(
PFILE_OBJECT File,
PDEVICE_OBJECT NextDev,
SECURITY_INFORMATION Info,
void *Buff,
int *BuffLen
)
{
KEVENT Event;
IO_STATUS_BLOCK Stat;
PIRP Irp;
PIO_STACK_LOCATION Stack;
NTSTATUS Ret;

//initialize event to signal completion
KeInitializeEvent(&Event, SynchronizationEvent, FALSE);

//allocate a new irp
Irp = IoAllocateIrp(NextDev->StackSize, FALSE);
if (Irp) {
//set a completion routine to free the irp
IoSetCompletionRoutine(Irp, FaDefaultComplete, 0, TRUE, TRUE, TRUE);

//setup the irp
Irp->UserEvent = &Event;
Irp->UserBuffer = Buff;
Irp->UserIosb = &Stat;
Irp->Tail.Overlay.Thread = PsGetCurrentThread();
Irp->Tail.Overlay.OriginalFileObject = File;
Irp->RequestorMode = KernelMode;
Irp->Flags |= IRP_SYNCHRONOUS_API;

//Set up the I/O stack location.
Stack = IoGetNextIrpStackLocation(Irp);
Stack->MajorFunction = IRP_MJ_QUERY_SECURITY;
Stack->DeviceObject = NextDev;
Stack->FileObject = File;
Stack->Parameters.QuerySecurity.Length = *BuffLen;
Stack->Parameters.QuerySecurity.SecurityInformation = Info;

//Send it to the FSD
Ret = IoCallDriver(NextDev, Irp);
if (Ret == STATUS_PENDING) {
KeWaitForSingleObject(&Event, Executive, KernelMode, TRUE, NULL);
Ret = Stat.Status;
}
*BuffLen = Stat.Information;
}
else
Ret = STATUS_INSUFFICIENT_RESOURCES;

return Ret;
}

NTSTATUS FaDefaultComplete(
PDEVICE_OBJECT Dev,
PIRP Irp,
PVOID Ctx
)
{
PMDL Mdl, NextMdl;

*Irp->UserIosb = Irp->IoStatus;

//if there is an MDL, we must unmap/unlock it
Mdl = Irp->MdlAddress;
while (Mdl != NULL) {
MmUnlockPages(Mdl);
NextMdl = Mdl->Next;
IoFreeMdl(Mdl);
Mdl = NextMdl;
}

// Set the user event - wakes up the mainline code doing this.
KeSetEvent(Irp->UserEvent, 0, FALSE);

// Free the IRP now that we are done with it.
IoFreeIrp(Irp);

return STATUS_MORE_PROCESSING_REQUIRED;
}

-----Original Message-----
From: xxxxx@amsjv.com [mailto:xxxxx@amsjv.com]
Sent: Thursday, February 14, 2002 8:01 PM
To: File Systems Developers
Subject: [ntfsd] Re: Owner SID of FILE

Thanks for the reply, however I do not have much experience in creating my
own IRP’s, I have taken on the source of a filter driver, from a colleague
who has left. That is why I was hoping to use the ZwQuerySecurityObject.
I keep getting invalid parameter being returned, I am wondering if this is
because I do not have SeSecurityPrivilege for the thread.

Apart from this I am completely stuck. I thought it would be quite easy to
get the Owner SID for a file, it seems that I am wrong. I have look
through all the archives trying different search entries.

Stephan Boome
xxxxx@amsjv.com

You are currently subscribed to ntfsd as: xxxxx@ntpsoftware.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

2

Hi Bill

I haven’t done this in a while - but If I recall correctly, just pass in a reasonable buffer. BuffLen is an in/out parameter. Initialize BuffLen to the size of your buffer. After the function completes, BuffLen should contain the size that was/is required to fulfill the request.
Make sure you test it out, though - like I said, I haven’t done this in a while :wink:

-Joel

-----Original Message-----
From: Yong Deng [mailto:xxxxx@hotmail.com]
Sent: 11 September 2003 16:53
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Owner SID of FILE

Hi, Joel,

I try to use your code to extract the file owner SID, however, I don’t know how I can set your parameter void * Buff and int * BuffLen in FaGetFileSecurity.

I try to use ExAllocatePool to allocate Buff in NonPagedPool, but I don’t the size of it, i.e, I can’t set the buffer size, can you give me some guidance?

Thanks a lot.

Bill

----- Original Message -----
From: Smith, mailto:xxxxx Joel
Newsgroups: ntfsd
To: File Systems Developers mailto:xxxxx
Sent: Friday, February 15, 2002 1:35 PM
Subject: Re: Owner SID of FILE

Stephan,
You could give this a try.

-Joel

NTSTATUS FaGetFileSecurity(
PFILE_OBJECT File,
PDEVICE_OBJECT NextDev,
SECURITY_INFORMATION Info,
void *Buff,
int *BuffLen
)
{
KEVENT Event;
IO_STATUS_BLOCK Stat;
PIRP Irp;
PIO_STACK_LOCATION Stack;
NTSTATUS Ret;

//initialize event to signal completion
KeInitializeEvent(&Event, SynchronizationEvent, FALSE);

//allocate a new irp
Irp = IoAllocateIrp(NextDev->StackSize, FALSE);
if (Irp) {
//set a completion routine to free the irp
IoSetCompletionRoutine(Irp, FaDefaultComplete, 0, TRUE, TRUE, TRUE);

//setup the irp
Irp->UserEvent = &Event;
Irp->UserBuffer = Buff;
Irp->UserIosb = &Stat;
Irp->Tail.Overlay.Thread = PsGetCurrentThread();
Irp->Tail.Overlay.OriginalFileObject = File;
Irp->RequestorMode = KernelMode;
Irp->Flags |= IRP_SYNCHRONOUS_API;

//Set up the I/O stack location.
Stack = IoGetNextIrpStackLocation(Irp);
Stack->MajorFunction = IRP_MJ_QUERY_SECURITY;
Stack->DeviceObject = NextDev;
Stack->FileObject = File;
Stack->Parameters.QuerySecurity.Length = *BuffLen;
Stack->Parameters.QuerySecurity.SecurityInformation = Info;

//Send it to the FSD
Ret = IoCallDriver(NextDev, Irp);
if (Ret == STATUS_PENDING) {
KeWaitForSingleObject(&Event, Executive, KernelMode, TRUE, NULL);
Ret = Stat.Status;
}
*BuffLen = Stat.Information;
}
else
Ret = STATUS_INSUFFICIENT_RESOURCES;

return Ret;
}

NTSTATUS FaDefaultComplete(
PDEVICE_OBJECT Dev,
PIRP Irp,
PVOID Ctx
)
{
PMDL Mdl, NextMdl;

Irp->UserIosb = Irp->IoStatus;

//if there is an MDL, we must unmap/unlock it
Mdl = Irp->MdlAddress;
while (Mdl != NULL) {
MmUnlockPages(Mdl);
NextMdl = Mdl->Next;
IoFreeMdl(Mdl);
Mdl = NextMdl;
}

// Set the user event - wakes up the mainline code doing this.
KeSetEvent(Irp->UserEvent, 0, FALSE);

// Free the IRP now that we are done with it.
IoFreeIrp(Irp);

return STATUS_MORE_PROCESSING_REQUIRED;
}

-----Original Message-----
From: xxxxx@amsjv.com [mailto:xxxxx@amsjv.com]
Sent: Thursday, February 14, 2002 8:01 PM
To: File Systems Developers
Subject: [ntfsd] Re: Owner SID of FILE

Thanks for the reply, however I do not have much experience in creating my
own IRP’s, I have taken on the source of a filter driver, from a colleague
who has left. That is why I was hoping to use the ZwQuerySecurityObject.
I keep getting invalid parameter being returned, I am wondering if this is
because I do not have SeSecurityPrivilege for the thread.

Apart from this I am completely stuck. I thought it would be quite easy to
get the Owner SID for a file, it seems that I am wrong. I have look
through all the archives trying different search entries.

Stephan Boome
xxxxx@amsjv.com


You are currently subscribed to ntfsd as: xxxxx@ntpsoftware.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

b<?箷 ?\???&vڵ?j?zTS?z?j?(tm):.z?>???m???>??zf?-?%y??z??w]9?S?S?l???</mailto:xxxxx></mailto:xxxxx>