EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Implementing NTFS security

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#12221
Posted: 01/27/2010 14:07:06
by Laryn Fernandes (Basic support level)
Joined: 06/22/2009
Posts: 5

Hi,
We have a CBFS based implementation and now specifically need to address/implement NTFS security. In the C# Mapper example, I noticed that the two relevant calls are commented out, namely
mCbFs.OnGetFileSecurity = new CbFsGetFileSecurityEvent(CbFsGetFileSecurity);
mCbFs.OnSetFileSecurity = new CbFsSetFileSecurityEvent(CbFsSetFileSecurity);

Would you happen to have any sample code that will help me move forward with this task ?. If not, can you please point me in the correct direction (links, articles, other sample implementations) that will help achieve the same.

Thanks
~ Laryn
#12222
Posted: 01/27/2010 14:43:26
by Volodymyr Zinin (EldoS Corp.)

Hello,

Unfortunately we don't have any samples for this but we are going to add one in future.
In order to use the security in your FS you should save the data from the security descriptor during the OnSetFileSecurity callback processing and return a security descriptor from OnGetFileSecurity.
Then in the OnCreate/OnOpen callbacks call the system AccessCheck API. If the access check isn't granted then return the "access denied" error and as a result the originator of the request doesn't obtain a handle to the file being opened and won't be able to do any operations on the file.

Quote
Laryn Fernandes wrote:
If not, can you please point me in the correct direction (links, articles, other sample implementations) that will help achieve the same.

Look for SECURITY_DESCRIPTOR in MSDN. Also google for "Windows security model".

Reply

Statistics

Topic viewed 1524 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!