none
Check in IRP_MJ_CREATE if allowed access RRS feed

  • Question

  • Hello,
    In my disk filesystem in IRP_MJ_CREATE i'am a (PACL or PSECURITY_DESCRIPTOR) extracted from my fat ,How do i check if a 'windows user logged' is authorized access of the file ?

    Solution : I capture PACCESS_TOKEN in SECURITY_SUBJECT_CONTEXT::client token from _IO_STACK_LOCATION::Create::SecurityContext::AccessState::SubjectSecurityContext::ClientToken;
    AND i call SeQueryInformationToken with TokenOwner for get SID , and browse the PACL extracted from my fat for compare SID of each PACL by SID extracted from ClientToken.
    I have not yet test this option.
    It is good ?

    if no then how ?????

    Thank.



    • Edited by Sizy458 Friday, August 23, 2019 8:45 AM
    Friday, August 23, 2019 8:43 AM

All replies

  • Solution purpose :
    i capture from my fat data PACL and data SID of owner and group , in my kernel driver
    i create SECURITY_DESCRIPTOR with SIDs and PACE added.
    i call SeAccessCheck.

    It's good ?
    Thank.
    Sunday, August 25, 2019 8:43 AM