Security Descriptor and DACL

vishnu_pv · February 10, 2011, 11:20am

Hi
Iam using a shared named event between my driver(display) and application. The event is created in the miniport using ZwCreateEvent. For the security descriptor, iam using RtlCreateSecurityDescriptor call followed by RtlSetDaclSecurityDescriptor. Iam using a NULL DACL in RtlSetDaclSecurityDescriptor which unconditionally grants access. Now i want to add security and not unconditionally grant access.

For this do i have to use RtlCreateACL, RtlAddAccessAllowedAce… or is there any other approach? Any sample code on how to use RtlAddAccessAllowedAce would be of great help.
I tried the other way using SDDL, But ConvertStringSecurityDescriptorToSecurityDescriptor function is a usermode call and i guess i cannot call from driver. Is there any kernel mode equivalent call?

Suggest me an easier approach.

Thanks

mm1 · February 10, 2011, 12:42pm

You might want to take a look at the ‘AclApi’ sample in the SDK:
src\security\authorization\aclapi.

Obviously, you’ll need to use the kernel mode equivalents of the API’s, but
conceptually, they are very similar.

Good luck,

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Thursday, February 10, 2011 11:21 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Security Descriptor and DACL

Hi
Iam using a shared named event between my driver(display) and application.
The event is created in the miniport using ZwCreateEvent. For the security
descriptor, iam using RtlCreateSecurityDescriptor call followed by
RtlSetDaclSecurityDescriptor. Iam using a NULL DACL in
RtlSetDaclSecurityDescriptor which unconditionally grants access. Now i want
to add security and not unconditionally grant access.

For this do i have to use RtlCreateACL, RtlAddAccessAllowedAce… or is
there any other approach? Any sample code on how to use
RtlAddAccessAllowedAce would be of great help.
I tried the other way using SDDL, But
ConvertStringSecurityDescriptorToSecurityDescriptor function is a usermode
call and i guess i cannot call from driver. Is there any kernel mode
equivalent call?

Suggest me an easier approach.

Thanks

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Peter_Viscarola_OSR · February 10, 2011, 12:53pm

Did you check The NT Insider:

http://www.osronline.com/article.cfm?id=23

SOME help there,

Peter
OSR

vishnu_pv · February 11, 2011, 12:14am

Thanks peter and mm for your replies. I will go through these links.

mm1 · February 11, 2011, 5:22pm

Not a problem.

Good luck,

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Friday, February 11, 2011 12:16 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Security Descriptor and DACL

Thanks peter and mm for your replies. I will go through these links.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer