EldoS | Feel safer!

Software components for data protection, secure storage and transfer


Posted: 05/06/2016 02:58:43
by naohiro mizutani (Priority Standard support level)
Joined: 04/27/2016
Posts: 4


I have a question about the newly added "CbFsHandleInfo.GetCreatorToken".

What is the difference between the behavior of the "CbFsHandleInfo.GetCreatorToken" and "CallbackFileSystem.getOriginatorToken"?
If, whether it is better that the behavior is replaced if it is the same?

Thank you.

Best Regards,
naohiro mizutani
Posted: 05/06/2016 03:47:02
by Volodymyr Zinin (Team)

Usually it is the same. But there can be a rare situation when the handle is opened by one thread but then another thread (which is impersonated) uses the obtained handle to work with the file. In that case GetCreatorToken specifies a token for the thread (or for the whole process if the thread isn't impersonated) which opened the file, and GetOriginatorToken returns a token for the thread which is originator of the current callback.
In the case of the OnCreate and OnOpen callback both methods (GetCreatorToken and GetOriginatorToken) return the same token. And usually it is enough to check security restriction only in these callbacks. If these callbacks return error (ERROR_ACCESS_DENIED or another) than the originator of the file create/open request doesn't obtain a handle for the file and therefore won't be able to do any operations on it.



Topic viewed 2878 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!