SeCreateClientSecurity routine

The SeCreateClientSecurity routine initializes a security client context structure with the information needed to call SeImpersonateClientEx.

Syntax


NTSTATUS SeCreateClientSecurity(
  _In_   PETHREAD ClientThread,
  _In_   PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
  _In_   BOOLEAN ServerIsRemote,
  _Out_  PSECURITY_CLIENT_CONTEXT ClientContext
);

Parameters

ClientThread [in]

Pointer to the thread of the client to be impersonated.

ClientSecurityQos [in]

Pointer to a caller-allocated SECURITY_QUALITY_OF_SERVICE structure indicating what form of impersonation is to be performed.

ServerIsRemote [in]

Set to TRUE if the server of the client's request is remote.

ClientContext [out]

Pointer to a caller-allocated SECURITY_CLIENT_CONTEXT structure to be initialized.

Return value

Return codeDescription
STATUS_SUCCESS

The security client context was successfully initialized.

STATUS_BAD_IMPERSONATION_LEVEL

The client to be impersonated is currently impersonating a client of its own, and one of the following is true:

  • The client's effective token cannot be passed on for use by another server, because its impersonation level is SecurityAnonymous or SecurityIdentification.

  • ServerIsRemote is TRUE, and the client thread is impersonating its client at other than SecurityDelegation level.

 

Remarks

SeCreateClientSecurity initializes a client security context block to represent a client's security context.

If the ContextTrackingMode member of ClientSecurityQos is set to SECURITY_DYNAMIC_TRACKING and ServerIsRemote is set to FALSE, SeCreateClientSecurity uses a reference to the client's effective token. Otherwise, SeCreateClientSecurity creates a copy of the client's token.

Each call to SeCreateClientSecurity must be matched by a subsequent call to SeDeleteClientSecurity.

For more information about security and access control, see the documentation on these topics in the Microsoft Windows SDK.

Requirements

Header

Ntifs.h (include Ntifs.h)

Library

Ntoskrnl.lib

IRQL

PASSIVE_LEVEL

See also

SeDeleteClientSecurity
SeImpersonateClientEx

 

 

Send comments about this topic to Microsoft

Show:
© 2014 Microsoft