NtCompareTokens function
The NtCompareTokens function compares two access tokens and determines whether they are equivalent with respect to a call to the AccessCheck function.
Syntax
NTSTATUS NTAPI NtCompareTokens( _In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal );
Parameters
- FirstTokenHandle [in]
-
A handle to the first access token to compare. The token must be open for TOKEN_QUERY access.
- SecondTokenHandle [in]
-
A handle to the second access token to compare. The token must be open for TOKEN_QUERY access.
- Equal [out]
-
A pointer to a variable that receives a value that indicates whether the tokens represented by the FirstTokenHandle and SecondTokenHandle parameters are equivalent.
Return value
If the function succeeds, the function returns STATUS_SUCCESS.
If the function fails, it returns an NTSTATUS error code.
Remarks
Two access control tokens are considered to be equivalent if all of the following conditions are true:
- Every security identifier (SID) that is present in either token is also present in the other token.
- Neither or both of the tokens are restricted.
- If both tokens are restricted, every SID that is restricted in one token is also restricted in the other token.
- Every privilege present in either token is also present in the other token.
This function has no associated import library or header file; you must call it using the LoadLibrary and GetProcAddress functions.
Requirements
|
Minimum supported client |
Windows XP [desktop apps only] |
|---|---|
|
Minimum supported server |
Windows Server 2003 [desktop apps only] |
|
Header |
|
|
DLL |
|