EldoS | Feel safer!

Software components for data protection, secure storage and transfer

GetOriginator on Remote Machine Problem

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#13175
Posted: 05/03/2010 11:29:00
by Theo Z (Basic support level)
Joined: 05/03/2010
Posts: 26

Hello,

I have a problem using CallbackFilter to return the user name, the process and the workstation from another machine. It worked perfect on a local machine (where the CallbackFilter was running), but it didn't return the correct value when the event happened on another machine. I was using Windows 7 64-bit for the local machine and Windows XP 32-bit for the remote machine.

Here were my C# code which was called from OnOpenFileC delegate:

Code
// Get the user information with GetOriginatorToken
IntPtr orgToken = Sender.GetOriginatorToken();
WindowsIdentity wi = new WindowsIdentity(orgToken);
string userName = Path.GetFileName(wi.Name);

// Get the process information with GetOriginatorProcessName
string processName1 = "";
Sender.GetOriginatorProcessName(out processName1);

// Get the process and workstation information with GetOriginatorProcessId
uint processId = -1;
Sender.GetOriginatorProcessId(out processId);
Process process = Process.GetProcessById((int)processId);
string processName2 = process.ProcessName;
string workstationName = (process.MachineName == "." ? Environment.MachineName : process.MachineName);


Here were the results:
* userName variable contained a domain and user information from the local machine.
* processName1 variable contained an empty string.
* processName2 variable contained "System".
* workstationName variable contained workstation name from the local machine (i.e. process.MachineName returned ".").

My code above worked perfectly for local machine, but didn't work for remote machine.

I also have been searching this forum and seems like there were similar problem posted here:

https://www.eldos.com/forum/read.php?FID=13&TID=1143&MID=6279&sphrase_id=8180#message6279

Based on the post above, the features (at least for returning user information from another machine) should be supported.

Fyi, I was still using the demo version. My client planned to buy the library after I have finished reviewing it. So far, this is the only problem I have. The rest are working great!

Your help will be very appreciated.

Regards,
Theo
#13196
Posted: 05/05/2010 02:06:16
by Vladimir Cherniga (EldoS Corp.)

Hello,
we will check this issue shortly. Please specify what is the version of CallbackFilter did you use ?

Thanks,
Vladimir
#13203
Posted: 05/05/2010 08:38:13
by Theo Z (Basic support level)
Joined: 05/03/2010
Posts: 26

Thank you very much for your response.

I use CallbackFilter evaluation - Version 2.0.24 - Released March 15, 2010.

Please let me know if you need more information.

Regards,
Theo
#13205
Posted: 05/05/2010 10:23:51
by Vladimir Cherniga (EldoS Corp.)

Quote
Theo Zacharias wrote:
* processName1 variable contained an empty string.
* processName2 variable contained "System".


GetOriginatorProcessId and GetOriginatorProcessName can get information from the local computer only, this is a restriction from the operation system. In such cases you can get only the information about network file system driver thread, which is runs in a system context and don't belongs to any user mode process.
Quote
Theo Zacharias wrote:
* userName variable contained a domain and user information from the local machine

We recheck this issue but could you clarify from which callback did you obtain the OriginatorToken information: OnOpenFileC or OnPostOpenFileC.
Thanks.
#13206
Posted: 05/05/2010 11:01:39
by Theo Z (Basic support level)
Joined: 05/03/2010
Posts: 26

Thanks for your response.

Quote
GetOriginatorProcessId and GetOriginatorProcessName can get information from the local computer only, this is a restriction from the operation system. In such cases you can get only the information about network file system driver thread, which is runs in a system context and don't belongs to any user mode process.

Do you mean that there is no other way to get the process and the workstation name form the remote computer using the CallbackFilter library?

Quote
We recheck this issue but could you clarify from which callback did you obtain the OriginatorToken information: OnOpenFileC or OnPostOpenFileC.
Thanks.

I obtained the OriginatorToken information from the OnOpenFileC callback.
#13208
Posted: 05/05/2010 12:51:19
by Vladimir Cherniga (EldoS Corp.)

Quote
Theo Zacharias wrote:
Do you mean that there is no other way to get the process and the workstation name form the remote computer using the CallbackFilter library?


If you set a filter for a local drive or a local folder and get access to this resource through the network share then you cannot obtain any other information accept user access token. There is no any documented method to get remote process ID or workstaion.
#13209
Posted: 05/05/2010 14:20:44
by Eugene Mayevski (EldoS Corp.)

I'd add the following example:

consider you have a Web server which accepts anonymous requests and sends files in response. If you filter these requests, then all you get is Anonymous user and you can't control, what remote user accessed the data.


Sincerely yours
Eugene Mayevski
#13217
Posted: 05/06/2010 08:26:51
by Theo Z (Basic support level)
Joined: 05/03/2010
Posts: 26

Thank you very much for your explanation. It's clear for the process issue.

How about retrieving the user information from a remote machine using OriginatorToken issue? This should be supported, right? Can you reproduce the problem there?
#13219
Posted: 05/06/2010 08:36:01
by Vladimir Cherniga (EldoS Corp.)

If i am right you are set filter on a Windows 7 64-bit machine and filter file open events directed from Windows XP 32-bit machine to the network share on the first machine ?
#13221
Posted: 05/06/2010 08:49:12
by Theo Z (Basic support level)
Joined: 05/03/2010
Posts: 26

Thank you very much for you quick response.

Here's what I did:

I run the filter on Windows 7 64-bit and applied the filter to folder "c:\temp" which was shared. Then using explorer, I double-clicked file "c:\temp\test.txt" (which was located in the Windows 7 computer) from another computer running Windows XP 32-bit. The OnOpenFileC callback was called but the OriginatorToken method returned a domain and a user name from the Windows 7 computer.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 6824 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!