System and method for providing private session-based access to a redirected USB device or local device
First Claim
1. A method for restricting access to a device from a server, the method comprising:
- intercepting, at the server, a request to create a symbolic link;
determining that the intercepted request corresponds to a device object associated with a device remote to the server by;
traversing a device stack associated with the device object to identify a lowest bus driver associated with the device object; and
determining, based on the identified bus driver, that the device associated with the device object is remote to the server and connected locally to a client that is remote to the server;
obtaining configuration data of the device;
creating the symbolic link in an object manager namespace of the server based on the configuration data for the device;
creating the symbolic link in a local namespace associated with a first user session if the configuration data of the device indicates that access to the device is to be restricted;
receiving, at the server, a request including the created symbolic link from a second user session;
determining whether the created symbolic link is in a local namespace associated with the second user session or in a global namespace; and
blocking the received request upon determining that the created symbolic link is not in the local namespace associated with the second user session and not in the global namespace.
16 Assignments
0 Petitions
Accused Products
Abstract
Restricting access to a device from a server, where the device is remote to the server and is connected locally to a client that is remote to the server, is described. The operations may include facilitating interception, at the server, of a function call to create a symbolic link; facilitating determination that the intercepted function call to create the symbolic link corresponds to a device object associated with the device that is remote to the server and is connected locally to a client that is remote to the server; facilitating obtaining configuration data indicating whether access to the device is to be restricted; and facilitating creation of the symbolic link in a local namespace of an object manager namespace of the server, upon obtaining configuration data indicating that access to the device is to be restricted.
27 Citations
15 Claims
-
1. A method for restricting access to a device from a server, the method comprising:
-
intercepting, at the server, a request to create a symbolic link; determining that the intercepted request corresponds to a device object associated with a device remote to the server by; traversing a device stack associated with the device object to identify a lowest bus driver associated with the device object; and determining, based on the identified bus driver, that the device associated with the device object is remote to the server and connected locally to a client that is remote to the server; obtaining configuration data of the device; creating the symbolic link in an object manager namespace of the server based on the configuration data for the device; creating the symbolic link in a local namespace associated with a first user session if the configuration data of the device indicates that access to the device is to be restricted; receiving, at the server, a request including the created symbolic link from a second user session; determining whether the created symbolic link is in a local namespace associated with the second user session or in a global namespace; and blocking the received request upon determining that the created symbolic link is not in the local namespace associated with the second user session and not in the global namespace. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory machine-readable storage medium encoded with instructions executable by one or more processors to perform one or more operations, the one or more operations comprising:
-
intercepting, at the server, a request to create a symbolic link; determining that the intercepted request corresponds to a device object associated with a device remote to the server by; traversing a device stack associated with the device object to identify a lowest bus driver associated with the device object; and determining, based on the identified bus driver, that the device associated with the device object is remote to the server and connected locally to a client that is remote to the server; obtaining configuration data of the device; creating the symbolic link in an object manager namespace of the server based on the configuration data for the device; creating the symbolic link in a local namespace associated with a first user session if the configuration data of the device indicates that access to the device is to be restricted; receiving, at the server, a request including the created symbolic link from a second user session; determining whether the created symbolic link is in a local namespace associated with the second user session or in a global namespace; and blocking the received request upon determining that the created symbolic link is not in the local namespace associated with the second user session and not in the global namespace. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A hardware apparatus, comprising:
-
a processor; and a memory encoded with instructions executable by the processor to perform one or more operations comprising; intercepting, at the server, a request to create a symbolic link; determining that the intercepted request corresponds to a device object associated with a device remote to the server by; traversing a device stack associated with the device object to identify a lowest bus driver associated with the device object; and determining, based on the identified bus driver, that the device associated with the device object is remote to the server and connected locally to a client that is remote to the server; obtaining configuration data of the device; creating the symbolic link in an object manager namespace of the server based on the configuration data for the device; creating the symbolic link in a local namespace associated with a first user session if the configuration data of the device indicates that access to the device is to be restricted;
receiving, at the server, a request including the created symbolic link from a second user session;determining whether the created symbolic link is in a local namespace associated with the second user session or in a global namespace; and blocking the received request upon determining that the created symbolic link is not in the local namespace associated with the second user session and not in the global namespace. - View Dependent Claims (12, 13, 14, 15)
-
Specification