SeQueryAuthenticationIdToken failed with code 0xC000005F

OSR_Community_User · January 22, 2002, 7:44pm

In order to get the user name in a driver, I use the above API.
However, in some situations, it fails with the code 0xC000005F
(STATUS_NO_SUCH_LOGON_SESSION)
I moved the processing from the IRP_MJ_CREATE handler to a worker
thread, that I wait for. This eliminates the problem on NT, but still if
a computer accesses an NT computer over the network, the NT computer
will fail the SeQueryAuthenticationIdToken with 0xC000005F.
Any ideas?

–
Kind regards, Dejan M. www.alfasp.com
E-mail: xxxxx@alfasp.com ICQ#: 56570367
Alfa File Monitor - File monitoring library for Win32 developers.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa Registry Monitor - Registry monitoring library for Win32
developers.
Alfa Registry Protector - Registry protection library for Win32
developers.

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · January 23, 2002, 6:54am

Use first Impersonation token, then, if it is NULL, use Primary token.

Max

----- Original Message -----
From: “Dejan Maksimovic”
To: “File Systems Developers”
Sent: Wednesday, January 23, 2002 3:41 AM
Subject: [ntfsd] SeQueryAuthenticationIdToken failed with code 0xC000005F

>
> In order to get the user name in a driver, I use the above API.
> However, in some situations, it fails with the code 0xC000005F
> (STATUS_NO_SUCH_LOGON_SESSION)
> I moved the processing from the IRP_MJ_CREATE handler to a worker
> thread, that I wait for. This eliminates the problem on NT, but still if
> a computer accesses an NT computer over the network, the NT computer
> will fail the SeQueryAuthenticationIdToken with 0xC000005F.
> Any ideas?
>
> –
> Kind regards, Dejan M. www.alfasp.com
> E-mail: xxxxx@alfasp.com ICQ#: 56570367
> Alfa File Monitor - File monitoring library for Win32 developers.
> Alfa File Protector - File protection and hiding library for Win32
> developers.
> Alfa Registry Monitor - Registry monitoring library for Win32
> developers.
> Alfa Registry Protector - Registry protection library for Win32
> developers.
>
>
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>

—
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · January 23, 2002, 2:37pm

What makes you think I’m not? I am (that’s why i query the user
name
only in the IRP_MJ_CREATE), so that’s not the problem.

“Maxim S. Shatskih” wrote:

Use first Impersonation token, then, if it is NULL, use Primary token.

–
Kind regards, Dejan M. www.alfasp.com
E-mail: xxxxx@alfasp.com ICQ#: 56570367
Alfa File Monitor - File monitoring library for Win32 developers.
Alfa File Protector - File protection and hiding library for Win32
developers.

Alfa Registry Monitor - Registry monitoring library for Win32
developers.
Alfa Registry Protector - Registry protection library for Win32
developers.

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · January 23, 2002, 5:28pm

Strange. This autumn I had a project with a filesystem accessed by SRV - all Sexxx token-related functions worked fine.
I used IO_SECURITY_CONTEXT from CREATE IRP, not the thread’s tokens. I used first Impersonation, then Primary token (SRV’s requests
always have Impersonation one).
SeQueryAuthenticationIdToken was fine. All SID queries were also fine.

Max

----- Original Message -----
From: “Dejan Maksimovic”
To: “File Systems Developers”
Sent: Wednesday, January 23, 2002 10:34 PM
Subject: [ntfsd] Re: SeQueryAuthenticationIdToken failed with code 0xC000005F

>
> What makes you think I’m not? I am (that’s why i query the user
> name
> only in the IRP_MJ_CREATE), so that’s not the problem.
>
> “Maxim S. Shatskih” wrote:
>
> > Use first Impersonation token, then, if it is NULL, use Primary token.
>
> –
> Kind regards, Dejan M. www.alfasp.com
> E-mail: xxxxx@alfasp.com ICQ#: 56570367
> Alfa File Monitor - File monitoring library for Win32 developers.
> Alfa File Protector - File protection and hiding library for Win32
> developers.
>
> Alfa Registry Monitor - Registry monitoring library for Win32
> developers.
> Alfa Registry Protector - Registry protection library for Win32
> developers.
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>

—
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · January 23, 2002, 5:44pm

This is what I do:
lpToken = IrpSp->Parameters.Create…ClientToken? ClientToken : PrimaryToken
The lpToken is never NULL, I check this.
However, the SeQueryAuthenticationIdToken fails.
It doesn’t fail always, but in some cases only! It works fine on Win2K machines, but if the driver is running on WinNT, and any
computer tried to access files on that WinNT computer, the driver signals that SeQAIT failed with code 0xC000005F.
The entire code is below, after the message.

Regards, Dejan.

“Maxim S. Shatskih” wrote:

Strange. This autumn I had a project with a filesystem accessed by SRV - all Sexxx token-related functions worked fine.
I used IO_SECURITY_CONTEXT from CREATE IRP, not the thread’s tokens. I used first Impersonation, then Primary token (SRV’s requests
always have Impersonation one).
SeQueryAuthenticationIdToken was fine. All SID queries were also fine.

void AlfaFMUserWorkRoutine(PUSER_WORK lpWork)
{
LUID idLuid;
PSecurityUserData lpUser;
NTSTATUS ntRes;

if(ServiceLoaded) // System seems to hang if a query is made during boot time:-) Nothing strange, I guess, as LSA certainly isn’t
loaded at this time.
{
// lpWork->lpToken is taken from Create IRP fields.
if(!lpWork->lpToken)
{
goto NoId;
}
if(!NT_SUCCESS(ntRes = SeQueryAuthenticationIdToken(lpWork->lpToken,
&idLuid)))
{
DbgPrint(“SeQuery failed with code %p\n”, ntRes);
goto NoId;
}
if(!NT_SUCCESS(ntRes = GetSecurityUserInfo(&idLuid,
UNDERSTANDS_LONG_NAMES,
&lpUser)))
{
goto NoId;
}
// At this point I just convert the UNICODE to ANSI strings.
…
// After conversion:
LsaNameId:
LsaFreeReturnBuffer(lpUser);
}
NoId:
KeSetEvent(&lpWork->lpEvent, 0, FALSE);
}

–
Kind regards, Dejan M. www.alfasp.com
E-mail: xxxxx@alfasp.com ICQ#: 56570367
Alfa File Monitor - File monitoring library for Win32 developers.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa Registry Monitor - Registry monitoring library for Win32 developers.
Alfa Registry Protector - Registry protection library for Win32 developers.

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com