Remote caller ....again

OSR_Community_User · December 3, 2003, 12:50pm

Hi everybody,

My name is Lucian Mocanasu and I’ve been working for some time on a file
system filter. I would really appreciate some help from you on the
following matter: if a file is accessed from a remote machine I would like
to get the SID used by the remote caller (and also the machine from which
the call originated). I’m currently using the well known method of SID
retrieval/storing on IRP_MJ_CREATE, but it seems it is not enough for my
needs; I would like to be able to get this information every time an
operation is performed on the file on behalf of that user. I was wondering
if there is any accessible structure/function which keeps/interfaces a
correspondence between the file object(or handle) and a network
connection, a logon session ID, etc…

Thank you.
Lucian Mocanasu

OSR_Community_User · December 3, 2003, 3:06pm

> the call originated). I’m currently using the well known method of SID

retrieval/storing on IRP_MJ_CREATE, but it seems it is not enough for my
needs; I would like to be able to get this information every time an
operation is performed on the file on behalf of that user. I was wondering

You cannot. Cache flushes have lost the user context completely.

CREATE is the only place where you can get the user identity. Just store it in
a container indexed by the file object pointer.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

OSR_Community_User · December 4, 2003, 3:35am

I see. Thank you.

Best regards,

Lucian Mocanasu - GFI Software Ltd. - www.gfi.com
Messaging, Content Security & Network security software
GFI: FAXmaker - LANguard - MailSecurity - DownloadSecurity

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Wednesday, December 03, 2003 10:09 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] Re: Remote caller …again

the call originated). I’m currently using the well known method of SID
retrieval/storing on IRP_MJ_CREATE, but it seems it is not enough for my
needs; I would like to be able to get this information every time an
operation is performed on the file on behalf of that user. I was wondering

You cannot. Cache flushes have lost the user context completely.

CREATE is the only place where you can get the user identity. Just store it
in
a container indexed by the file object pointer.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@gfitemasoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · December 4, 2003, 11:27pm

I wonder how to get remote caller’s network address. This is very useful.
Any idea?