Is SL_FORCE_ACCESS_CHECK set in the IoStackLocation->Flags field? If
so, you should substitute in UserMode anyway. Here’s the example in FAT
(create.c):
Status = FatExplicitDeviceAccessGranted( IrpContext,
Vcb->Vpb->RealDevice,
IrpSp->Parameters.Create.SecurityContext->AccessState,
(KPROCESSOR_MODE)(
FlagOn( IrpSp->Flags, SL_FORCE_ACCESS_CHECK ) ?
UserMode :
IrpContext->OriginatingIrp->RequestorMode ));
Not exactly obvious, but this IS the check. Otherwise, remote calls
will always be granted (which is obviously not what you want.)
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
Looking forward to seeing you at the next OSR File Systems class in
Boston, MA April 18-21, 2006 (note new date - MS scheduled plugfest the
same week again.)
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dejan Maksimovic
Sent: Thursday, March 09, 2006 3:32 PM
To: ntfsd redirect
Subject: [ntfsd] RequestorMode for network access
Hi,
I’m using SeAccessCheck for security checks in a FSF driver.
One of the parameters for this function is the processor mode
(kernel/user). I pass Data->RequestorMode for this. However, for network
I/O this field is always KernelMode - thus the function always allows
access.
Is there another field I should look at, or a different function
I should use instead?
–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com