Nightmare090197
asked on
Access to kernel driver event.
My NT driver create synchronization named event for notify user application. This work, but only for administrators group of users. Other users can't open this event (error code 5).
How create event with right security descriptor?
How create event with right security descriptor?
This one should create a 'guest' SID, try it...
PSID CreateUserSID ( void)
{
PSID psid;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
if ( !AllocateAndInitializeSid ( &SystemSidAuthority,
1,
DOMAIN_GROUP_RID_USERS,
0,
0,
0,
0,
0,
0,
0,
&psid
)
)
return ( NULL);
return ( psid);
}
PSID CreateUserSID ( void)
{
PSID psid;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
if ( !AllocateAndInitializeSid ( &SystemSidAuthority,
1,
DOMAIN_GROUP_RID_USERS,
0,
0,
0,
0,
0,
0,
0,
&psid
)
)
return ( NULL);
return ( psid);
}
ASKER
Who must create SID? User mode application? this is not network,
it's single NT workstation with many users, but only Administrators applications can open named event.
it's single NT workstation with many users, but only Administrators applications can open named event.
Your creator of the event should create the SID, which is always necessary, regardless whether there's a network or not.
ASKER
OK,
NT driver create named event.
It use IoCreateSynchronizationEve nt() for creating event. How do change security of this event?
NT driver create named event.
It use IoCreateSynchronizationEve
You should use 'NtSetSecutityObject()' to set the created SID for your event (i'm not _that_ familiar with kernel drivers, thus i can't offer an example ;-)
Ooops - 'NtSetSecutityObject()' should of course read 'NtSetSecurityObject()'
ASKER
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
Is this kernel function?
Well, it's a 'native' NT function exported by 'ntdll.h'...
ASKER
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
Is this kernel function?
I use other way:
Create an event in the application then pass this event to the driver via DeviceIOControl.
In driver:
ObReferenceObjectByHandle( hUserEvent ,
SYNCHRONIZE,
NULL,
KernelMode,
&pDeviceExtension->hEvent,
NULL
);
All works fine...
Create an event in the application then pass this event to the driver via DeviceIOControl.
In driver:
ObReferenceObjectByHandle(
SYNCHRONIZE,
NULL,
KernelMode,
&pDeviceExtension->hEvent,
NULL
);
All works fine...
ASKER
Thanks, I create SECURITY_DESCRIPTOR with DACL=NULL, and set one with NtSetSecurityObject(). This work.
Great! Do you think i may lock the Q?
Nightmare - Do you think i may lock the Q? ;-)
(Or are you on holiday? ;-)
(Or are you on holiday? ;-)
ASKER
Sure, thanks again :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER