Export (0) Print
Expand All
Expand Minimize

LSA_TOKEN_INFORMATION_V2 structure

The LSA_TOKEN_INFORMATION_V2 structure contains information an authentication package can place in a Version 2 Windows token object and has superceded LSA_TOKEN_INFORMATION_V1.

The version 2 token information is used in most logons. The structure is identical to the LSA_TOKEN_INFORMATION_V1 structure, with the exception that the memory allocation is handled differently. The LSA_TOKEN_INFORMATION_V2 structure is intended to be allocated monolithically with the privileges, DACL, SIDs, and group array either part of the same allocation, or allocated and freed externally.

A Version 2 Windows token object stores all the information needed to build a token from the authentication package to the Local Security Authority (LSA). The LSA passes this information into the kernel to create a token object and to return a handle to that token object to the caller of LsaLogonUser.

Syntax


typedef struct _LSA_TOKEN_INFORMATION_V2 {
  LARGE_INTEGER       ExpirationTime;
  TOKEN_USER          User;
  PTOKEN_GROUPS       Groups;
  TOKEN_PRIMARY_GROUP PrimaryGroup;
  PTOKEN_PRIVILEGES   Privileges;
  TOKEN_OWNER         Owner;
  TOKEN_DEFAULT_DACL  DefaultDacl;
} LSA_TOKEN_INFORMATION_V2, *PLSA_TOKEN_INFORMATION_V2;

Members

ExpirationTime

Time at which the security context becomes not valid. Use a value in the distant future if the context never expires. The current version of the operating system kernel does not enforce this expiration time.

User

TOKEN_USER structure that contains the SID of the user logging on. The security identifier SID value is in a separately allocated block of memory.

Groups

TOKEN_GROUPS structure that contains the SIDs of groups the user is a member of. This should not include WORLD or other system-defined and system-assigned SIDs. These will be added automatically by the LSA.

Each SID is expected to be in a separately allocated block of memory. The TOKEN_GROUPS structure is also expected to be in a separately allocated block of memory. All of these memory blocks should be allocated by calling the AllocatePrivateHeap function.

PrimaryGroup

TOKEN_PRIMARY_GROUP structure that is used to establish the primary group of the user. This value does not have to correspond to one of the SIDs assigned to the user.

The SID pointed to by this structure is expected to be in a separately allocated block of memory.

This member is mandatory and must be filled in.

Privileges

TOKEN_PRIVILEGES structure that contains the privileges assigned to the user. This list of privileges will be augmented or overridden by any local security policy assigned privileges.

Each privilege is expected to be in a separately allocated block of memory. The TOKEN_PRIVILEGES structure is also expected to be in a separately allocated block of memory.

If there are no privileges to assign to the user, this member may be set to NULL.

Owner

TOKEN_OWNER structure. This member may be used to establish an explicit default owner. Normally, the user ID is used as the default owner. If another value is desired, it must be specified here.

The Owner.Sid member may be set to NULL to indicate there is no alternate default owner value.

DefaultDacl

TOKEN_DEFAULT_DACL structure. This member may be used to establish a default protection for the user. If no value is provided, a default protection that grants everyone all access will be established.

The DefaultDacl.DefaultDacl member may be set to NULL to indicate there is no default protection.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Ntsecpkg.h

 

 

Community Additions

ADD
Show:
© 2014 Microsoft