EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Testing with File Service for MacIntosh

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#5787
Posted: 04/09/2008 04:12:35
by Eugene Mayevski (EldoS Corp.)

Exactly :). I noticed this myself now.


Sincerely yours
Eugene Mayevski
#5819
Posted: 04/10/2008 02:50:28
by Søren Kristensen (Basic support level)
Joined: 03/04/2008
Posts: 62

Hi


In a previous answer you stated

Quote

There are three place from which GetOriginatorToken obtains token (in relevance order):
1. From the security context that is associated with the create/open request passed to the driver.
Here a code chunk from the driver that performs it:
Token = SeQuerySubjectContextToken(&IrpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext);
2 and 3. If a token is necessary in other callbacks (not in the OnCreate/OnOpen) then it's obtained from originator thread (i.e. impersonation token). And if the impersonation token doesn't exist then a token is obtained from originator process.


I have been testing and added some logging to see what happens. I print out thw Sid, SidNameUse, Name, Tokenstype thread and function from where I log. (Note that CbFsOpenDirectory is from the directory part of CbFsOpenFile. As you see below it is not always I get the Name. Apparently I get to different TokenTypes, when I call CbFsOpenFile, so it is difficult for me to use it.


Sid = 0xe8ee64, SidNameUse = 1 hans TokenType = TokenImpersonation ThreadId : 0x980, Mesg: CbFsOpenDirectory
...........
Sid = 0xe8ee64, SidNameUse = 5 SYSTEM TokenType = TokenPrimary ThreadId : 0x980, Mesg: CbFsOpenDirectory

From this it seems that I need the impersonation token which is not the first one that is searched.

/Soren
#5823
Posted: 04/10/2008 07:07:52
by Søren Kristensen (Basic support level)
Joined: 03/04/2008
Posts: 62

Hi again

We have just had a meeting regarding the CallBack File System. We are not sure if it is possible for us to implement the solution we want to. In basis we do have the following three issues:

1: We are not able to identify the username

2: It is not possible for us to identify from where callbacks comes. There is no unique identifier that we can use to trace from where the calls comes

3: We do not know for which purpose a file is opened (sharing mode) (you previously told me that it will be available in version 1.5)

In order to decide wheter we should continue, we would like to have a phone conference if it is possible. If so, in which timezone are you located, and when will it be possible for you to have such a conference.

Regards Soren
#5827
Posted: 04/10/2008 08:47:10
by Eugene Mayevski (EldoS Corp.)

Sharing mode will be available in 1.5. This has been already implemented, but this is a breaking change that we don't want to make in a build update.

As for questions 1 and 2 - if this is not possible, there's nothing we can do for you. In this case you need to write your own File Services modules for Windows and for Mac and control the communications yourself. Then you would be able to solve your task. All in all, it's not our limitation but the way the OS works.

So I don't see what we would need to discuss by phone.


Sincerely yours
Eugene Mayevski
#5830
Posted: 04/10/2008 09:08:54
by Volodymyr Zinin (EldoS Corp.)

Quote
Søren Kristensen wrote:
I have been testing and added some logging to see what happens. I print out thw Sid, SidNameUse, Name, Tokenstype thread and function from where I log. (Note that CbFsOpenDirectory is from the directory part of CbFsOpenFile. As you see below it is not always I get the Name. Apparently I get to different TokenTypes, when I call CbFsOpenFile, so it is difficult for me to use it.

Sid = 0xe8ee64, SidNameUse = 1 hans TokenType = TokenImpersonation ThreadId : 0x980, Mesg: CbFsOpenDirectory ........... Sid = 0xe8ee64, SidNameUse = 5 SYSTEM TokenType = TokenPrimary ThreadId : 0x980, Mesg: CbFsOpenDirectory

The second request is really called in the context of the system process (its originator doesn't have an impersonation token). And I think that an originator of the request isn't a remote user. Perhaps some system component called it or some file system filter (antivirus, etc).

Quote
Søren Kristensen wrote:
From this it seems that I need the impersonation token which is not the first one that is searched.

An impersonation token is always checked before a primary one.
Also by EldoS: SecureBlackbox
200+ components and classes for digital security, signing, encryption and secure networking.

Reply

Statistics

Topic viewed 24161 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!