Link to home
Start Free TrialLog in
Avatar of Nightmare090197
Nightmare090197

asked on

Access to kernel driver event.

My NT driver create synchronization named event for notify user application. This work, but only for administrators group of users. Other users can't open this event (error code 5).
How create event with right security descriptor?
Avatar of Nightmare090197
Nightmare090197

ASKER

Edited text of question
Avatar of jkr
This one should create a 'guest' SID, try it...

PSID CreateUserSID ( void)
{
    PSID                        psid;

    SID_IDENTIFIER_AUTHORITY    SystemSidAuthority  =   SECURITY_NT_AUTHORITY;

    if  (   !AllocateAndInitializeSid   (   &SystemSidAuthority,
                                            1,
                                            DOMAIN_GROUP_RID_USERS,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            &psid
                                        )
        )
        return ( NULL);

    return ( psid);
}

Who must create SID? User mode application? this is not network,
it's single NT workstation with many users, but only Administrators applications can open named event.
Your creator of the event should create the SID, which is always necessary, regardless whether there's a network or not.
OK,
NT driver create named event.
It use IoCreateSynchronizationEvent() for creating event. How do change security of this event?
You should use 'NtSetSecutityObject()' to set the created SID for your event (i'm not _that_ familiar with kernel drivers, thus i can't offer an example ;-)
Ooops - 'NtSetSecutityObject()' should of course read 'NtSetSecurityObject()'
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
Well, it's a 'native' NT function exported by 'ntdll.h'...
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
I use other way:
Create an event in the application then pass this event to the driver via DeviceIOControl.
In driver:
 ObReferenceObjectByHandle(hUserEvent,
                           SYNCHRONIZE,
                           NULL,
                           KernelMode,
                           &pDeviceExtension->hEvent,
                           NULL
                           );

All works fine...
Thanks, I create SECURITY_DESCRIPTOR with DACL=NULL, and set one with NtSetSecurityObject(). This work.
Great! Do you think i may lock the Q?
Nightmare - Do you think i may lock the Q? ;-)
(Or are you on holiday? ;-)
Sure, thanks again :)
ASKER CERTIFIED SOLUTION
Avatar of jkr
jkr
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial