Shared folders

NTFSD
1

hi all

I have got few questions regarding Shared folders.

  1. Is there a way to differentiate if the IRP_MJ_CREATE is from local
    machine or remote machine when accessing a file in shared folder?

  2. When a shared file is accessed from remote machine how to get the user
    name? Im getting the Access token of the IRP_MJ_CREATE, but in IFS is there
    a call similar to “LookupAccountName” ?

  3. Im not getting the complete path of the file when it is accessed from
    remote machine. Is there a way to extract the complete file path from the
    File object?

regards
VC

2

(1) There are a number of techniques; I generally look for impersonation
in the system process because this catches multiple file server
implementations (versus looking to see if the token was constructed by
CIFS, another technique that has been previously described).

(2) Is there anything wrong with using SecLookupAccountName?

(3) You’ll have to either query the file system or put the pieces
together (use FileObject->RelatedFileObject for the lead-up part).
Filter Manager provides some of this information as well.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the next OSR File Systems class in Los
Angeles, CA October 24-27, 2005.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of vishnu P
Sent: Thursday, October 20, 2005 12:22 AM
To: ntfsd redirect
Subject: [ntfsd] Shared folders

hi all

I have got few questions regarding Shared folders.

  1. Is there a way to differentiate if the IRP_MJ_CREATE is from local
    machine or remote machine when accessing a file in shared folder?

  2. When a shared file is accessed from remote machine how to get the
    user
    name? Im getting the Access token of the IRP_MJ_CREATE, but in IFS is
    there
    a call similar to “LookupAccountName” ?

  3. Im not getting the complete path of the file when it is accessed from
    remote machine. Is there a way to extract the complete file path from
    the
    File object?

regards
VC

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

3

> 1. Is there a way to differentiate if the IRP_MJ_CREATE is from local

machine or remote machine when accessing a file in shared folder?

Check the token groups in Parameters.Create.SecurityContext, and see if NETWORK
pseudo-group is present.

  1. When a shared file is accessed from remote machine how to get the user
    name? Im getting the Access token of the IRP_MJ_CREATE, but in IFS is
    there
    a call similar to “LookupAccountName” ?

No. Deal with SIDs only in kernel code, forget the names.

  1. Im not getting the complete path of the file when it is accessed from
    remote machine. Is there a way to extract the complete file path from the
    File object?

You will have a relative open, where ->RelatedFileObject is a share root.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com