EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Testing with File Service for MacIntosh

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#5761
Posted: 04/08/2008 04:09:48
by Søren Kristensen (Basic support level)
Joined: 03/04/2008
Posts: 62

Hi again

I still investigate if it is possible to get usernames or SID's to distinguish between users.

Using the code above ( having put it into its own functions where I print SID, username, threadId and calling event) to write user names I see different things. As I told you previuosly I need to distinguish between users in order to log on to my database.

I try to get the username from each callback event I get, and apparrently the first events I get when I connect to a share is GetVolumenSize and EnumerateDirectory.

    Sid = 0xe8eeb0, SYSTEM ThreadId : 0x7e8, Mesg: CbFsGetVolumeSize
    id = 0xe8eb74, SYSTEM ThreadId : 0x7e8, Mesg: CbFsEnumerateDirectory


I get two different SID's and this is evaluated to userName SYSTEM

Later on when I navigate through the directories I get the following


    Sid = 0xe8ee64, jens ThreadId : 0x7e8, Mesg: CbFsOpenDirectory


I now get a SID that is evaluated to Jens that is the user that connects to the share.

In this situation I am partly happy ( I have got a username) , but just to the moment I disconnect the drive and connects to the share with another user. When I now navigate I get the following:


    Sid = 0xe8ee64, hans ThreadId : 0x7e8, Mesg: CbFsOpenDirectory


My problem is now that the same sid 0xe8ee64 evaluates to two different users. How can that be. I should mention that sid is TokenUser->User.Sid from the example above.

Next from different callbacks I get different Sid's that are evaluated to SYSTEM.


    Sid = 0xe8eb74, SYSTEM ThreadId : 0x7e8, Mesg: CbFsEnumerateDirectory
    Sid = 0xe8eee0, SYSTEM ThreadId : 0x7e8, Mesg: CbFsCloseEnumeration
    Sid = 0xe8eeb0, SYSTEM ThreadId : 0x7e8, Mesg: CbFsGetVolumeSize
    Sid = 0xe8eeb0, SYSTEM ThreadId : 0x7e8, Mesg: CbFsGetVolumeSize
    Sid = 0xe8ee30, SYSTEM ThreadId : 0x7e8, Mesg: CbFsEnumerateNamedStreams
    Sid = 0xe8ef04, SYSTEM ThreadId : 0x7e8, Mesg: CbFsGetFileSecurity
    Sid = 0xe8ef04, SYSTEM ThreadId : 0x7e8, Mesg: CbFsGetFileSecurity
    Sid = 0xe8ee30, SYSTEM ThreadId : 0x7e8, Mesg: CbFsEnumerateNamedStreams
    Sid = 0xe8ef04, SYSTEM ThreadId : 0x7e8, Mesg: CbFsGetFileSecurity
    Sid = 0xe8ef04, SYSTEM ThreadId : 0x7e8, Mesg: CbFsGetFileSecurity
    Sid = 0xe8ee30, SYSTEM ThreadId : 0x7e8, Mesg: CbFsEnumerateNamedStreams
    Sid = 0xe8ef04, SYSTEM ThreadId : 0x7e8, Mesg: CbFsGetFileSecurity
    Sid = 0xe8ef04, SYSTEM ThreadId : 0x7e8, Mesg: CbFsGetFileSecurity


So until now I have no way to distinguish between different users doing different tasks!


You privuosly wrote
Quote

But for Mac shares it doesn't work well. The name is returned always as "SYSTEM"

I have obtained a user from a macshare using the code abobe.

Furthermore you have written in another thread:
Quote

We will add the parameters ShareAccess and DesiredAccess to the FileCreate/FileOpen callbacks in the version 1.5 of the product. I think it will be released in several weeks. Currently the only way is to open files for full access.

Do you have an aproximate date for the release of 1.5?

Regards Soren
#5774
Posted: 04/08/2008 07:47:41
by Volodymyr Zinin (EldoS Corp.)

Hello,

The most preferable places where a token must be obtained are OnCreate and OnOpen callbacks. Other requests can be called in the context of the system thread. If you want to prohibit access for a user then you should return an error from the OnCreate or OnOpen callback. In this case the user process won't obtain a handle for a file that it tries to open.
But if you want to restrict access for subsequent operations that will be performed after a file is opened, then in the Create/Open callbacks you should obtain the token using GetOriginatorToken and save it in the context associated with this open request and use it in subsequent calls (until OnClose request occurs). Currently there isn't any possibility to save such context (but perhaps we'll add it in the build 1.5) and also some types of callbacks aren't associated with users (for example when someone performs Read/Write on a memory mapped file, the subsequent OnRead/OnWrite callbacks will be called in the system memory manager context without binding to the user who opened the file).
Please tell me what do you want to achieve?

Quote
Søren Kristensen wrote:
My problem is now that the same sid 0xe8ee64 evaluates to two different users. How can that be. I should mention that sid is TokenUser->User.Sid from the example above.

A system gives this token and I don't know why the system assigns the same sid for both remote users. You can try to use a user name.

Quote
Søren Kristensen wrote:
Do you have an aproximate date for the release of 1.5?

I think that it will be done in a month.
#5775
Posted: 04/08/2008 08:08:37
by Søren Kristensen (Basic support level)
Joined: 03/04/2008
Posts: 62

Hi
Quote

Please tell me what do want to achieve?


I do have my information in a database, and depending on the user that logs into the system different virtual filesystems should be created. Therefore it is important that I can catch the username on the very first calback event from the user that connects to the share of the virtual filesystem, in order to get the information from the database that belongs to the specifik user.

I need the user in order to connect to the database. Each time a user connects, he will get his own connection to the database. These connections will be stored in a connection pool, and each time a user request acces from the database, I will find his connection in the connection pool and use that.

I do not know if this is clear enough, but if it is'nt just ask again and I will try to explain it in another way

Soren
#5778
Posted: 04/08/2008 13:41:14
by Volodymyr Zinin (EldoS Corp.)

I think that with the future build 1.5 you will be able to do this. There is a problem with the identification of users, but if it enough for you to differentiate them using a user name obtained from a token in the OnCreate/OnOpen callbacks then the problem doesn't exist.

Also there is another way to implement such ability. You can create for each user his own CallbackFS virtual storage. Then create an "invisible" mounting points to them and create SMB password protected shares (using the api NetShareAdd). If you want I can give you a code chunk that creates a share using an "invisible" mounting point.
#5780
Posted: 04/09/2008 01:04:29
by Søren Kristensen (Basic support level)
Joined: 03/04/2008
Posts: 62

Hi

I do'nt think the second solution can be used, as it is necessary for me to support both Windows and MAC users, and NetShareAdd only applies to SMB shares.

I have run in another problem, and that is that the license key we got for evaluation has expired, so I am not able to continue testing.

Could you please send me a new one?

Regards Soren
#5782
Posted: 04/09/2008 03:06:10
by Volodymyr Zinin (EldoS Corp.)

Quote
Søren Kristensen wrote:
I do'nt think the second solution can be used, as it is necessary for me to support both Windows and MAC users, and NetShareAdd only applies to SMB shares.

Perhaps there are some APIs to create MAC shares. Or there is a way to use windows shares by MAC users...
#5783
Posted: 04/09/2008 03:16:20
by Eugene Mayevski (EldoS Corp.)

Quote
Søren Kristensen wrote:
Could you please send me a new one?


Sent by e-mail


Sincerely yours
Eugene Mayevski
#5784
Posted: 04/09/2008 03:50:35
by Søren Kristensen (Basic support level)
Joined: 03/04/2008
Posts: 62

Quote

Sent by e-mail


I havent received anything yet!

/Soren
#5785
Posted: 04/09/2008 04:07:00
by Eugene Mayevski (EldoS Corp.)

Check your antispam filters. I can't post the key here for obvious reasons.


Sincerely yours
Eugene Mayevski
#5786
Posted: 04/09/2008 04:11:51
by Søren Kristensen (Basic support level)
Joined: 03/04/2008
Posts: 62

Hi again

Problem solved. The key was sent to my colleague that originally requested the key.

/Soren
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 24129 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!