From: SMTP%"zong@memco.co.il" 19-OCT-1997 19:10:59.46 To: ntfsd@atria.com CC: Subj: Re: session info Return-Path: owner-ntfsd@atria.com Received: by arisia.gce.com (UCX V4.1-12C, OpenVMS V7.1 VAX); Sun, 19 Oct 1997 19:10:37 -0400 Received: from gw.atria.com (gw.atria.com [192.88.237.2]) by bort.mv.net (8.8.5/mem-951016) with SMTP id HAA10372 for ; Fri, 17 Oct 1997 07:15:53 -0400 (EDT) Received: by gw.atria.com id Fri, 17 Oct 1997 03:12:43 -0400 Received: from memco.co.il by gw.atria.com id Fri, 17 Oct 1997 03:12:37 -0400 Received: from saab (memco.co.il [memco.co.il]) by memco.co.il (8.7.5/8.7.3) with SMTP id JAA29256 for ; Fri, 17 Oct 1997 09:12:25 +0200 Message-Id: <3.0.1.32.19971014100856.00980310@memco.co.il> X-Sender: zong@memco.co.il X-Mailer: Windows Eudora Light Version 3.0.1 (32) Date: Tue, 14 Oct 1997 10:08:56 +0200 To: ntfsd@atria.com From: Yaniv Azriel Subject: Re: session info Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-ntfsd@atria.com Precedence: bulk Briefly: Use GetIrpRequestor() for the originating process, and the originating thread from the irp itself. This is important since the context can change. ZwOpenThread gives you handle to thread ZwOpenThreadToken given you the token ZwQueryInformationToken gives you user, owner etc If ZwOpenThreadToken fails then the therad has no distinct token, ie. there was no impresonation. You fall back to the process token (ZwOpenProcess etc). So, you should end up with up to 4 SIDs: user/owner x thread/process. Good luck - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [ To unsubscribe, send email to ntfsd-request@atria.com with body UNSUBSCRIBE (the subject is ignored). ]