Access to kernel driver event.

My NT driver create synchronization named event for notify user application. This work, but only for administrators group of users. Other users can't open this event (error code 5).
How create event with right security descriptor?
Nightmare090197Asked:
Who is Participating?
 
jkrConnect With a Mentor Commented:
Thanx & happy new year ;-)
0
 
Nightmare090197Author Commented:
Edited text of question
0
 
jkrCommented:
This one should create a 'guest' SID, try it...

PSID CreateUserSID ( void)
{
    PSID                        psid;

    SID_IDENTIFIER_AUTHORITY    SystemSidAuthority  =   SECURITY_NT_AUTHORITY;

    if  (   !AllocateAndInitializeSid   (   &SystemSidAuthority,
                                            1,
                                            DOMAIN_GROUP_RID_USERS,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            0,
                                            &psid
                                        )
        )
        return ( NULL);

    return ( psid);
}

0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Nightmare090197Author Commented:
Who must create SID? User mode application? this is not network,
it's single NT workstation with many users, but only Administrators applications can open named event.
0
 
jkrCommented:
Your creator of the event should create the SID, which is always necessary, regardless whether there's a network or not.
0
 
Nightmare090197Author Commented:
OK,
NT driver create named event.
It use IoCreateSynchronizationEvent() for creating event. How do change security of this event?
0
 
jkrCommented:
You should use 'NtSetSecutityObject()' to set the created SID for your event (i'm not _that_ familiar with kernel drivers, thus i can't offer an example ;-)
0
 
jkrCommented:
Ooops - 'NtSetSecutityObject()' should of course read 'NtSetSecurityObject()'
0
 
Nightmare090197Author Commented:
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
0
 
jkrCommented:
Well, it's a 'native' NT function exported by 'ntdll.h'...
0
 
Nightmare090197Author Commented:
I can't find NtSetSecurityObject()in NT DDK documentation.
Is this kernel function?
0
 
iviCommented:
I use other way:
Create an event in the application then pass this event to the driver via DeviceIOControl.
In driver:
 ObReferenceObjectByHandle(hUserEvent,
                           SYNCHRONIZE,
                           NULL,
                           KernelMode,
                           &pDeviceExtension->hEvent,
                           NULL
                           );

All works fine...
0
 
Nightmare090197Author Commented:
Thanks, I create SECURITY_DESCRIPTOR with DACL=NULL, and set one with NtSetSecurityObject(). This work.
0
 
jkrCommented:
Great! Do you think i may lock the Q?
0
 
jkrCommented:
Nightmare - Do you think i may lock the Q? ;-)
(Or are you on holiday? ;-)
0
 
Nightmare090197Author Commented:
Sure, thanks again :)
0
All Courses

From novice to tech pro — start learning today.