Export (0) Print
Expand All

ZwSetInformationToken routine

The ZwSetInformationToken routine modifies information in a specified token. The calling process must have appropriate access rights to set the information.

Syntax


NTSTATUS ZwSetInformationToken(
  _In_  HANDLE TokenHandle,
  _In_  TOKEN_INFORMATION_CLASS TokenInformationClass,
  _In_  PVOID TokenInformation,
  _In_  ULONG TokenInformationLength
);

Parameters

TokenHandle [in]

Handle for an access token in which information is to be modified.

TokenInformationClass [in]

A value from the TOKEN_INFORMATION_CLASS enumerated type identifying the type of information to be modified. The possible values for this parameter are listed in the TokenInformationClass Value column of the table shown in the description of the TokenInformation parameter.

TokenInformation [in]

Pointer to a caller-supplied buffer containing the information to be modified in the token. The structure of the information in this buffer depends upon the value of TokenInformationClass, as shown in the following table. All structures must be aligned on a 32-bit boundary.

TokenInformationClass valueEffect on TokenInformation buffer

TokenDefaultDacl

The buffer contains a TOKEN_DEFAULT_DACL structure specifying the default DACL for newly created objects. TOKEN_ADJUST_DEFAULT access is required to set this information. The buffer contents are not validated for structural correctness or consistency.

TokenGroups

Not a valid information class. This information is read-only.

TokenOwner

The buffer contains a TOKEN_OWNER structure specifying the default owner SID for newly created objects. TOKEN_ADJUST_DEFAULT access is required to set this information. The owner values that may be specified are restricted to the user and group IDs with an attribute indicating they can be assigned as the owner of objects.

TokenPrimaryGroup

The buffer contains a TOKEN_PRIMARY_GROUP structure specifying the default primary group SID for newly created objects. TOKEN_ADJUST_DEFAULT access is required to set this information. Must be one of the group IDs already in the token.

TokenPrivileges

Not a valid information class. This information is read-only.

TokenSource

Not a valid information class. This information is read-only.

TokenStatistics

Not a valid information class. This information is read-only.

TokenUser

Not a valid information class. This information is read-only.

 

TokenInformationLength [in]

Size, in bytes, of the structure passed in the TokenInformation buffer. Must be greater than or equal to the minimum value given in the following table.

TokenInformationClass valueMinimum TokenInformationLength

TokenDefaultDacl

sizeof(TOKEN_DEFAULT_DACL)

TokenOwner

sizeof(TOKEN_OWNER)

TokenPrimaryGroup

sizeof(TOKEN_PRIMARY_GROUP)

 

Return value

ZwSetInformationToken returns STATUS_SUCCESS or an appropriate error status. Possible error status codes include the following:

Return codeDescription
STATUS_ACCESS_DENIED

TokenHandle did not have the required access.

STATUS_ALLOTTED_SPACE_EXCEEDED

The space allotted for storage of the default discretionary access control and the primary group ID is not large enough to accept the new value of one of these fields.

STATUS_INFO_LENGTH_MISMATCH

The value of TokenInformationLength was less than the required minimum.

STATUS_INSUFFICIENT_RESOURCES

The specified default owner's security information could not be captured.

STATUS_INVALID_HANDLE

TokenHandle was not a valid handle.

STATUS_INVALID_INFO_CLASS

TokenInformationClass was not a valid token information class.

STATUS_INVALID_OWNER

The caller cannot set the specified ID to be an owner (or default owner) of an object.

STATUS_INVALID_PRIMARY_GROUP

The caller cannot set the specified ID to be the primary group of an object.

STATUS_INVALID_SID

The specified default owner's security information was not valid.

STATUS_OBJECT_TYPE_MISMATCH

TokenHandle was not a token handle.

 

Remarks

For more information about security and access control, see the documentation on these topics in the Windows SDK.

Note  If the call to the ZwSetInformationToken function occurs in user mode, you should use the name "NtSetInformationToken" instead of "ZwSetInformationToken".

Requirements

Version

Available in Windows 7 and later versions of Windows.

Header

Ntifs.h (include Ntifs.h)

Library

Ntoskrnl.lib

IRQL

PASSIVE_LEVEL

DDI compliance rules

PowerIrpDDis, HwStorPortProhibitedDDIs

See also

PsDereferenceImpersonationToken
PsDereferencePrimaryToken
SECURITY_IMPERSONATION_LEVEL
SeQueryAuthenticationIdToken
SeQuerySubjectContextToken
SeTokenIsAdmin
SeTokenIsRestricted
SID
TOKEN_DEFAULT_DACL
TOKEN_GROUPS
TOKEN_INFORMATION_CLASS
TOKEN_OWNER
TOKEN_PRIMARY_GROUP
TOKEN_PRIVILEGES
TOKEN_SOURCE
TOKEN_STATISTICS
TOKEN_TYPE
TOKEN_USER
ZwQueryInformationToken

 

 

Send comments about this topic to Microsoft

Show:
© 2014 Microsoft