EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Problem in the security update

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
Posted: 09/12/2010 23:50:45
by Naoki Takami (Standard support level)
Joined: 11/09/2009
Posts: 23

OS : Windows2008R1 SP2
CBFS: 3.0.78

When security information of the folder is updated, the following problem occurred.

Pattern 1: Empty folder
Dialogue of the error that "it cannot access", is indicated.
But, the correct data is set to the folder.

Pattern 2: The file is in the folder
Processing is usually completed. Dialogue is not indicated.
The correct data is set to the file.
But, the strange data is set to the folder. (The same data as file? )

Furthermore, this problem does not occur with WindowsXP.

When the person who has information concerning this problem is, please teach.
Posted: 09/13/2010 02:09:03
by Eugene Mayevski (EldoS Corp.)

If you have a license, please assign the license ticket to your user account before we continue. The ticket itself and the procedure of it's use are specified in the registration e-mail that was sent to you upon license purchase. If you don't have a license, it's time to purchase it.

Sincerely yours
Eugene Mayevski
Posted: 09/13/2010 02:51:07
by Naoki Takami (Standard support level)
Joined: 11/09/2009
Posts: 23

Thank you for the guide.
The ticket that our company bought was added to my account.
Please confirm it.
Posted: 09/13/2010 03:57:52
by Eugene Mayevski (EldoS Corp.)

Great, thank you. Now back to the problem.

I observed case 1 myself without any relation to CBFS. On our internal company server, when I visit certain folder in Explorer, I get Access Denied indication, but then I can navigate into the folder. So this seems to be permissions-related problem which has nothing to do with CBFS itself.

As for case 2, please explain what you mean by "But, the strange data is set to the folder. (The same data as file? )" . How is the data "set to the folder"?

Sincerely yours
Eugene Mayevski
Posted: 09/13/2010 22:24:29
by Naoki Takami (Standard support level)
Joined: 11/09/2009
Posts: 23

About pattern 1
I can change the authority of the folder.
However, only when this processing is executed for an empty folder, the dialog of warning is displayed.
There is a possibility that is the problem of the environment as said by you because this problem occurs by Windows2008, and it doesn't occur in XP.
I confirm this problem again after pattern 2 is solved.

About pattern 2
The data of SecurityDescriptor when the same authority is added in each pattern is appended to the file.
(What converted into the FileSystemSecurity class of C# is output.)
It turned out that the same data as the file was not specified from this content.
However, I am expecting the value of Z:\Pattern_2Dir is corresponding to Z:\Pattern_1.
This problem occurs by XP and 2008 both.

Yours sincerely,

[ Download ]
Posted: 09/14/2010 13:52:13
by Volodymyr Zinin (EldoS Corp.)

Could you please give us step-by-step instructions how to reproduce these patterns? It would be great if we could investigate the problems on one of the CallbackFS samples (perhaps with some modifications you specified).
Posted: 09/14/2010 19:53:58
by Naoki Takami (Standard support level)
Joined: 11/09/2009
Posts: 23

The cause turned out.
In the following codes, "Directory" was not set in Attributes in CbFsFileInfo.
Therefore, FileSecurity was applied to the folder.
        internal void CbFsSetFileSecurity(
            CallbackFileSystem sender,
            CbFsFileInfo fileInfo,
            IntPtr FileHandleContext,
            uint SecurityInformation,
            IntPtr SecurityDescriptor,
            uint Length)
            FileSystemSecurity fSecurity = null;
            AccessControlSections acs = convSecInf(SecurityInformation);//SecurityInfos is converted into AccessControlSections.
            byte[] buf = new byte[Length];
            Marshal.Copy(SecurityDescriptor, buf, 0, buf.Length);
            if ((fileInfo.Attributes & (int)FileAttributes.Directory)!=0)
                fSecurity = new DirectorySecurity();
                ((DirectorySecurity)fSecurity).SetSecurityDescriptorBinaryForm(buf, acs);
                fSecurity = new FileSecurity();
                ((FileSecurity)fSecurity).SetSecurityDescriptorBinaryForm(buf, acs);

            //Update Logic

It seems to have changed Attributes of the parents folder for some reasons.
What thought that I am doubtful about the reason is enumerated.
    Having returned it at the end of OnEnumerateDirectory was a file.
    Japanese was included in the file name.(With WindowsXP.)
Posted: 09/16/2010 14:26:24
by Volodymyr Zinin (EldoS Corp.)

Perhaps something is wrong in your callbacks implementation. Check if your code returns the same security descriptor data from the OnGetFileSecurity callback (I mean the same to the data that has been set in the OnSetFileSecurity callback before).

BTW the OnGetFileSecurity and OnSetFileSecurity callbacks are optional and can be not implemented at all. Of course in this case your file system won't support the Windows security.
Posted: 09/16/2010 19:26:39
by Naoki Takami (Standard support level)
Joined: 11/09/2009
Posts: 23

Yes, I also confirmed the thing with correct security descriptor data.
The cause of this problem is to be set a value not correct in attribute information. (Please read my last message in detail. )

Will it be a specification that a wrong value is set in CbFsFileInfo#Attributes?
Please teach the way of evasion if it is so.
Posted: 09/17/2010 10:53:29
by Volodymyr Zinin (EldoS Corp.)

Are you sure that the FileAttributes.Directory attribute has been specified for the directory before (in the OnGetFileInfo callback)? If you haven't set it there then it will be absent in the CbFsFileInfo parameter for the following callbacks associated with the processed file/directory.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.



Topic viewed 4185 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!