Pblm with SecLookupAccountSid

Smitha_Chandran-2 · January 3, 2007, 5:15am

Hi,

The code is crashing while trying to get the username using SecLookupAccountSid() from the minifilter at IRP_MJ_CREATE routine. I have given below the piece of code. Can anyone please let me know where I am going wrong.

Thanks in advance,
Srinivasa Raghavan.

/* Code Piece */
{
ULONG nameLength = SECURITY_MAX_SID_SIZE + 100;
PUNICODE_STRING NameBuffer;
PACCESS_STATE pAS = Data->Iopb->Parameters.Create.SecurityContext->AccessState;
PACCESS_TOKEN pT = SeQuerySubjectContextToken(&pAS->SubjectSecurityContext);
TOKEN_USER tu = {0};
SID_NAME_USE siduser;
char buffer[SECURITY_MAX_SID_SIZE + 100] = {0};
tu.User.Sid = (PSID)buffer;
SeQueryInformationToken(pT, TokenUser, (PVOID)&tu);

DbgPrint(“Inside GetUserName %x”, tu.User.Sid);

NameBuffer = ExAllocatePoolWithTag(NonPagedPool, nameLength, ‘ARMG’);

if(NameBuffer != NULL)
{
SecLookupAccountSid(tu.User.Sid, &nameLength, NameBuffer, 0, NULL, &siduser);

ExFreePoolWithTag(NameBuffer, ‘ARMG’);
}
}

OSR_Community_User · January 3, 2007, 7:47pm

I would forget this API and would only deal with SIDs and not usernames in
the kernel.

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

wrote in message news:xxxxx@ntfsd…
> Hi,
>
> The code is crashing while trying to get the username using
SecLookupAccountSid() from the minifilter at IRP_MJ_CREATE routine. I have
given below the piece of code. Can anyone please let me know where I am going
wrong.
>
> Thanks in advance,
> Srinivasa Raghavan.
>
> /* Code Piece */
> {
> ULONG nameLength = SECURITY_MAX_SID_SIZE + 100;
> PUNICODE_STRING NameBuffer;
> PACCESS_STATE pAS =
Data->Iopb->Parameters.Create.SecurityContext->AccessState;
> PACCESS_TOKEN pT = SeQuerySubjectContextToken(&pAS->SubjectSecurityContext);
> TOKEN_USER tu = {0};
> SID_NAME_USE siduser;
> char buffer[SECURITY_MAX_SID_SIZE + 100] = {0};
> tu.User.Sid = (PSID)buffer;
> SeQueryInformationToken(pT, TokenUser, (PVOID)&tu);
>
> DbgPrint(“Inside GetUserName %x”, tu.User.Sid);
>
> NameBuffer = ExAllocatePoolWithTag(NonPagedPool, nameLength, ‘ARMG’);
>
> if(NameBuffer != NULL)
> {
> SecLookupAccountSid(tu.User.Sid, &nameLength, NameBuffer, 0, NULL,
&siduser);
>
> ExFreePoolWithTag(NameBuffer, ‘ARMG’);
> }
> }
>