CreateToken function
The CreateToken function is used by SSP/APs to create tokens while processing calls to SpAcceptLsaModeContext.
Syntax
NTSTATUS CreateToken( _In_ PLUID LogonId, _In_ PTOKEN_SOURCE TokenSource, _In_ SECURITY_LOGON_TYPE LogonType, _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, _In_ LSA_TOKEN_INFORMATION_TYPE TokenInformationType, _In_ PVOID TokenInformation, _In_ PTOKEN_GROUPS TokenGroups, _In_ PUNICODE_STRING AccountName, _In_ PUNICODE_STRING AuthorityName, _In_ PUNICODE_STRING Workstation, _In_ PUNICODE_STRING ProfilePath, _Out_ PHANDLE Token, _Out_ PNTSTATUS SubStatus );
Parameters
- LogonId [in]
-
Pointer to a logon session identifier for the new token. This identifier is obtained from a previous call to CreateLogonSession.
- TokenSource [in]
-
Pointer to a TOKEN_SOURCE structure that specifies the source for this token. Specify the package name.
- LogonType [in]
-
A SECURITY_LOGON_TYPE value that indicates the type of logon.
- ImpersonationLevel [in]
-
A SECURITY_IMPERSONATION_LEVEL value that indicates the extent to which a server process can impersonate a client process.
- TokenInformationType [in]
-
Specifies the type of structure in the TokenInformation parameter.
Value Meaning - LsaTokenInformationNull
- LsaTokenInformationV1
- TokenInformation [in]
-
Pointer to the token information. The type of structure pointed to by TokenInformation is indicated by the TokenInformationType parameter.
If the structure pointed to by this parameter is an LSA_TOKEN_INFORMATION_V1 structure, the caller must allocate the memory for the Groups member of that structure by calling the AllocatePrivateHeap function.
- TokenGroups [in]
-
Pointer to a TOKEN_GROUPS structure that specifies groups not contained in TokenInformation.
- AccountName [in]
-
Pointer to a UNICODE_STRING structure that contains the name of the security principal. This information is used for auditing and name searches.
- AuthorityName [in]
-
Pointer to a UNICODE_STRING structure that contains the name of the authority that validated the logon credentials, normally the Windows domain name.
- Workstation [in]
-
Pointer to a UNICODE_STRING structure that contains the name of the client's workstation, normally a NetBIOS name.
- ProfilePath [in]
-
Pointer to a UNICODE_STRING structure that contains the path to the user's profile, if any.
- Token [out]
-
Pointer that receives the address of a handle to the new token. When you have finished using the handle, close it by calling the CloseHandle function.
- SubStatus [out]
-
Pointer to a variable that receives error information.
Return value
If the function succeeds, the return value is STATUS_SUCCESS.
If the function fails, the return value is an NTSTATUS code that indicates the reason it failed.
Remarks
A pointer to the CreateToken function is available in the LSA_SECPKG_FUNCTION_TABLE structure received by the SpInitialize function.
Requirements
|
Minimum supported client |
Windows XP [desktop apps only] |
|---|---|
|
Minimum supported server |
Windows Server 2003 [desktop apps only] |
|
Header |
|
See also