I think the following three Zw* calls should be enough to get whatever you
need:
NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken(HANDLE Thread, ACCESS_MASK
AccessMask, BOOLEAN OpenAsSelf, PHANDLE Token);
NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken(IN HANDLE ProcessHandle, IN
ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle);
NTSYSAPI NTSTATUS NTAPI ZwQueryInformationToken(IN HANDLE TokenHandle, IN
TOKEN_INFORMATION_CLASS TokenInformationClass, OUT PVOID TokenInformation,
IN ULONG TokenInformationLength, OUT PULONG ReturnLength);
-----Original Message-----
From: Svante Moren [mailto:xxxxx@abaris.se]
Sent: Monday, March 26, 2001 6:14 AM
To: File Systems Developers
Subject: [ntfsd] Retrieving security information regarding thread
calling IRP_MJ_C REATE
Hi all!
In my driver I need to do something like the following when processing a
IRP_MJ_CREATE:
SECURITY_SUBJECT_CONTEXT stSubject;
PACCESS_TOKEN ptoken;
PTOKEN_OWNER pstTokenOwner = NULL;
SeCaptureSubjectContext(&stSubject);
SeLockSubjectContext(&stSubject);
ptoken = SeQuerySubjectContextToken(&stSubject);
status = SeQueryInformationToken(ptoken, TokenOwner,
&pstTokenOwner);
However, since SeQueryInformationToken() isn’t present in NT4 I need some
other means of accomplishing the same task. I’m greatful for any hints.
/Svante
You are currently subscribed to ntfsd as: xxxxx@ntpsoftware.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com