SeQuerySubjectContextToken macro (ntifs.h)

The SeQuerySubjectContextToken macro retrieves the access token for a security subject context.

Syntax

PACESS_TOKEN
SeQuerySubjectContextToken(SubjectContext);

Parameters

SubjectContext

[in] Pointer to an opaque SECURITY_SUBJECT_CONTEXT structure containing the subject context to query. This opaque structure was obtained from the operating system in a call to SeCaptureSubjectContextEx or SeCaptureSubjectContext. Drivers must not modify or try to directly access any members of this structure to make security decisions.

Return value

None

Remarks

SeQuerySubjectContextToken returns the effective token from SubjectContext. The effective token is the client token, if present; otherwise it is the primary (process) token.

SeQuerySubjectContextToken can return either a primary or impersonation token. Since drivers must not directly access any members of the SECURITY_SUBJECT_CONTEXT structure, you should first pass it to SeAccessCheck or SePrivilegeCheck to avoid security issues in authorization; for example, if this is an impersonation token, it requires an impersonation level of SecurityImpersonation or higher. Once you've confirmed authorization status, you can then pass the access token pointer returned by SeQuerySubjectContextToken to SeQueryInformationToken.

SeQuerySubjectContextToken does not affect the lock status or access token of the subject context.

For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.

Requirements

Requirement Value
Minimum supported client Windows 2000
Target Platform Desktop
Header ntifs.h (include Ntifs.h)
Library NtosKrnl.lib
DLL NtosKrnl.exe
IRQL PASSIVE_LEVEL

See also

PsDereferenceImpersonationToken

PsDereferencePrimaryToken

SECURITY_SUBJECT_CONTEXT

SeQueryAuthenticationIdToken

SeQueryInformationToken

SeTokenIsAdmin

SeTokenIsRestricted