SeCreateClientSecurity routine

The SeCreateClientSecurity routine initializes a security client context structure with the information needed to call SeImpersonateClientEx.

Syntax


NTSTATUS SeCreateClientSecurity(
  _In_  PETHREAD                     ClientThread,
  _In_  PSECURITY_QUALITY_OF_SERVICE ClientSecurityQos,
  _In_  BOOLEAN                      ServerIsRemote,
  _Out_ PSECURITY_CLIENT_CONTEXT     ClientContext
);

Parameters

ClientThread [in]

Pointer to the thread of the client to be impersonated.

ClientSecurityQos [in]

Pointer to a caller-allocated SECURITY_QUALITY_OF_SERVICE structure indicating what form of impersonation is to be performed.

ServerIsRemote [in]

Set to TRUE if the server of the client's request is remote.

ClientContext [out]

Pointer to a caller-allocated SECURITY_CLIENT_CONTEXT structure to be initialized.

Return value

Return codeDescription
STATUS_SUCCESS

The security client context was successfully initialized.

STATUS_BAD_IMPERSONATION_LEVEL

The client to be impersonated is currently impersonating a client of its own, and one of the following is true:

  • The client's effective token cannot be passed on for use by another server, because its impersonation level is SecurityAnonymous or SecurityIdentification.

  • ServerIsRemote is TRUE, and the client thread is impersonating its client at other than SecurityDelegation level.

 

Remarks

SeCreateClientSecurity initializes a client security context block to represent a client's security context.

If the ContextTrackingMode member of ClientSecurityQos is set to SECURITY_DYNAMIC_TRACKING and ServerIsRemote is set to FALSE, SeCreateClientSecurity uses a reference to the client's effective token. Otherwise, SeCreateClientSecurity creates a copy of the client's token.

Each call to SeCreateClientSecurity must be matched by a subsequent call to SeDeleteClientSecurity.

For more information about security and access control, see the documentation on these topics in the Microsoft Windows SDK.

Requirements

Target platform

Universal

Header

Ntifs.h (include Ntifs.h)

Library

NtosKrnl.lib

DLL

NtosKrnl.exe

IRQL

PASSIVE_LEVEL

See also

SeDeleteClientSecurity
SeImpersonateClientEx

 

 

Send comments about this topic to Microsoft

Show: