Access based file system directory enumeration

US 20070022091A1
Filed: 07/20/2005
Published: 01/25/2007
Est. Priority Date: 07/20/2005
Status: Abandoned Application

First Claim

Patent Images

1. A computer implemented method for providing a filtered file system directory listing on a host computer, the method comprising:

receiving, from a process associated with a user, a file system directory listing request for a directory stored within an NTFS type file system, wherein the user has a defined set of data object access permissions;

receiving a file system directory listing for the directory, wherein the file system directory listing includes a corresponding entry for each data object within at least one data object;

removing at least one entry within the file system directory listing by filtering out the at least one entry within the file system directory listing in response to the defined set of data object access permissions for the user prohibiting access to a corresponding data object that corresponds to the at least one entry within the file system directory listing, thereby creating a filtered file system directory; and

forwarding the filtered file system directory listing to the process, the filtered file system directory listing consisting of the file system directory listing with the at least one entry removed therefrom.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A filtered directory listing system includes a request interface that receives, from a process associated with a user that has a defined set of data object access permissions, a file system directory listing request for a directory stored within an NTFS type file system. The filtered directory listing system further includes a file system interface that receives a file system directory listing for the directory and a directory listing entry processor that determines at least one entry within the file system directory listing, where each of the at least one entry is for a data object to which the user is prohibited access. The filtered directory listing system also includes a filtered directory listing generator that generates a response that consists of the filtered file system directory listing for the directory, where the filtered file system directory listing consists of the file system directory listing with at least one entry removed therefrom.

Citations

20 Claims

1. A computer implemented method for providing a filtered file system directory listing on a host computer, the method comprising:
- receiving, from a process associated with a user, a file system directory listing request for a directory stored within an NTFS type file system, wherein the user has a defined set of data object access permissions;
  
  receiving a file system directory listing for the directory, wherein the file system directory listing includes a corresponding entry for each data object within at least one data object;
  
  removing at least one entry within the file system directory listing by filtering out the at least one entry within the file system directory listing in response to the defined set of data object access permissions for the user prohibiting access to a corresponding data object that corresponds to the at least one entry within the file system directory listing, thereby creating a filtered file system directory; and
  
  forwarding the filtered file system directory listing to the process, the filtered file system directory listing consisting of the file system directory listing with the at least one entry removed therefrom.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer implemented method of claim 1, wherein the removing at least one entry within the file system directory listing is based upon data contained within at least one access control list maintained by the NTFS type file system.
  - 3. The computer implemented method of claim 1, wherein the NTFS type file system is maintained on a stand-alone computing system.
  - 4. The computer implemented method of claim 1, wherein the removing at least one entry within the file system directory listing comprises comparing a user'"'"'s security identifier to data contained within an access control list associated with the corresponding data object.
  - 5. The computer implemented method of claim 1, wherein the removing at least one entry is performed in response to the defined set of data object access permission prohibiting read access to the corresponding data object.
  - 6. The computer implemented method of claim 1, further comprising:
    - defining at least one file system directory listing element type to be processed; and
      
      determining a set of entries within the file system directory listing that correspond to the at least one file system directory listing element type to be processed, and wherein the removing at least one entry within the file system directory listing only processes the set of entries.
  - 7. The computer implemented method of claim 6, wherein the at least one file system directory listing element type to be process includes files and directories, and excludes special directories and journal entries.

8. A filtered directory listing system, comprising:
- a request interface that receives, from a process associated with a user, a file system directory listing request for a directory stored within an NTFS type file system, wherein the user has a defined set of data object access permissions;
  
  a file system interface that receives a file system directory listing for the directory;
  
  a directory listing entry processor that removes at least one entry within the file system directory listing by filtering out the at least one entry within the file system directory listing in response to the defined set of data object access permissions for the user prohibiting access to a corresponding data object that corresponds to the at least one entry within the file system directory listing, thereby creating a filtered file system directory; and
  
  a filtered directory listing generator that forwards a filtered file system directory listing to the process, the filtered file system directory listing consisting of the file system directory listing with the at least one entry removed therefrom.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The filtered directory listing system of claim 8, wherein the directory listing entry processor removes at least one entry within the file system directory listing based upon data contained within at least one access control list maintained by the NTFS type file system.
  - 10. The filtered directory listing system of claim 8, wherein the NTFS type file system is maintained on a stand-alone computing system.
  - 11. The filtered directory listing system of claim 8, wherein the directory listing entry processor removes at least one entry within the file system directory listing by comparing a user'"'"'s security identifier to data contained within an access control list associated with the corresponding data object.
  - 12. The filtered directory listing system of claim 8, wherein the directory listing entry processor removes at least one entry is performed in response to the defined set of data object access permission prohibiting read access to the corresponding data object.
  - 13. The filtered directory listing system of claim 8, wherein the directory listing entry processor further:
    - defines at least one file system directory listing element type to be processed; and
      
      determines a set of entries within the file system directory listing that correspond to the at least one file system directory listing element type to be processed, and wherein the directory listing entry processor removes at least one entry within the file system directory listing by only processing the set of entries.
  - 14. The filtered directory listing system of claim 13, wherein the at least one file system directory listing element type to be process includes files and directories, and excludes special directories and journal entries.

15. A computer readable medium including a program which, when executed by a processor, performs operations for providing a filtered file system directory listing, the operations comprising:
- receiving, from a process associated with a user, a file system directory listing request for a directory stored within an NTFS type file system, wherein the user has a defined set of data object access permissions;
  
  receiving a file system directory listing for the directory, wherein the file system directory listing includes a corresponding entry for each data object within at least one data object;
  
  removing at least one entry within the file system directory listing by filtering out the at least one entry within the file system directory listing in response to the defined set of data object access permissions for the user prohibiting access to the at least one entry within the file system directory listing, thereby creating a filtered file system directory; and
  
  forwarding the filtered file system directory listing to the process, the filtered file system directory listing consisting of the file system directory listing with the at least one entry removed therefrom.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer readable medium of claim 15, wherein the operations for removing at least one entry within the file system directory listing remove based upon data contained within at least one access control list maintained by the NTFS type file system.
  - 17. The computer readable medium of claim 15, wherein the NTFS type file system is maintained on a stand-alone computing system.
  - 18. The computer readable medium of claim 15, wherein the operations for removing at least one entry within the file system directory listing comprise operations for comparing a user'"'"'s security identifier to data contained within an access control list associated with the corresponding data object.
  - 19. The computer readable medium of claim 15, further comprising operations for:
    - defining at least one file system directory listing element type to be processed; and
      
      determining a set of entries within the file system directory listing that correspond to the at least one file system directory listing element type to be processed, and wherein the removing at least one entry within the file system directory listing only processes the set of entries.
  - 20. The computer readable medium of claim 19, wherein the at least one file system directory listing element type to be process includes files and directories, and excludes special directories and journal entries.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ScriptLogic Corporation (Quest Software, Inc.)
Original Assignee
ScriptLogic Corporation (Quest Software, Inc.)
Inventors
Styles, Brian, Bucklew, Charles, Latchminsingh, Michael

Application Number

US11/186,320
Publication Number

US 20070022091A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6227 where protection concerns t...

Access based file system directory enumeration

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Access based file system directory enumeration

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links