Hi,
I am trying to find the SID of a remote user.
I am using the filespy example, and looking in User mode at the reported
thread ID of shared files that where accessed by a remote user. When trying
to get the thread’s Token via the OpenThreadToken( htr, TOKEN_QUERY, FALSE,
&ht ) call it fails constantly with error 1008 (ERROR_NO_TOKEN) which
implies that the thread does not impersonate.
I will appreciate any help in solving the problem.
Thanks,
Rani.
Rani:
The procedure I use that works fine is:
-
Call PsReferenceImpersonationToken() If null, then the thread is not
impersonating.
-
If the thread is the system process, then call SeQueryInformationToken()
for TokenSource.
-
If the TokenSource is “NtLmSsp”, then this is a remote user (per the IFS
FAQ from osronline.com).
-
Call SeQueryInformationToken() for TokenUser.
-
Get a copy of the SID for your own use (RtlLengthSid(),
ExAllocatePoolWithTag(), RtlCopySid() – be sure to de-allocate it when
you’re done with it).
-
Call PsDereferenceImpersonationToken() when you’re done with the token.
You must be in the correct user context, too. I only call this during the
pre-Create and pre-SetInformation callbacks in my minifilter driver.
HTH,
Ken
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ran M. Bittmann
Sent: Sunday, February 27, 2005 7:28 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] SID of a remote user.
Hi,
I am trying to find the SID of a remote user.
I am using the filespy example, and looking in User mode at the reported
thread ID of shared files that where accessed by a remote user. When trying
to get the thread’s Token via the OpenThreadToken( htr, TOKEN_QUERY, FALSE,
&ht ) call it fails constantly with error 1008 (ERROR_NO_TOKEN) which
implies that the thread does not impersonate.
I will appreciate any help in solving the problem.
Thanks,
Rani.
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com