SeCaptureSubjectContext routine

The SeCaptureSubjectContext routine captures the security context of the calling thread for access validation and auditing.

Syntax


VOID SeCaptureSubjectContext(
  _Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext
);

Parameters

SubjectContext [out]

Pointer to a caller-allocated SECURITY_SUBJECT_CONTEXT structure.

Return value

None

Remarks

The SeCaptureSubjectContext routine returns a pointer to a SECURITY_SUBJECT_CONTEXT structure, which contains references to access tokens. The contents of that structure can change. The SeLockSubjectContext routine locks the primary access token and any impersonation tokens associated with the structure.

When using routines that query token information, such as SeQueryAuthenticationIdToken, SeQuerySubjectContextToken, SeQueryInformationToken, and SePrivilegeCheck, more than once in the same security context, lock the subject context with SeLockSubjectContext to obtain consistent results.

File systems must call SeCaptureSubjectContext before performing access validation or generating audit messages. This is necessary to provide a consistent security context to routines such as SeQueryAuthenticationIdToken, SeQuerySubjectContextToken, and SePrivilegeCheck. After these operations have been performed, the captured context should be released as soon as possible by calling SeReleaseSubjectContext.

For more information about security and access control, see the documentation on these topics in the Microsoft Windows SDK.

Requirements

Target platform

Universal

Header

Ntifs.h (include Ntifs.h)

Library

NtosKrnl.lib

DLL

NtosKrnl.exe

IRQL

PASSIVE_LEVEL

See also

SECURITY_SUBJECT_CONTEXT
SeLockSubjectContext
SePrivilegeCheck
SeQueryAuthenticationIdToken
SeQuerySubjectContextToken
SeReleaseSubjectContext
SeUnlockSubjectContext

 

 

Send comments about this topic to Microsoft

Show: