NtCompareTokens function
The NtCompareTokens function compares two access tokens and determines whether they are equivalent with respect to a call to the AccessCheck function.
Syntax
NTSTATUS NTAPI NtCompareTokens(
_In_ HANDLE FirstTokenHandle,
_In_ HANDLE SecondTokenHandle,
_Out_ PBOOLEAN Equal
);
Parameters
-
FirstTokenHandle [in]
-
A handle to the first access token to compare. The token must be open for TOKEN_QUERY access.
-
SecondTokenHandle [in]
-
A handle to the second access token to compare. The token must be open for TOKEN_QUERY access.
-
Equal [out]
-
A pointer to a variable that receives a value that indicates whether the tokens represented by the FirstTokenHandle and SecondTokenHandle parameters are equivalent.
Return value
If the function succeeds, the function returns STATUS_SUCCESS.
If the function fails, it returns an NTSTATUS error code.
Remarks
Two access control tokens are considered to be equivalent if all of the following conditions are true:
- Every security identifier (SID) that is present in either token is also present in the other token.
- Neither or both of the tokens are restricted.
- If both tokens are restricted, every SID that is restricted in one token is also restricted in the other token.
- Every privilege present in either token is also present in the other token.
This function has no associated import library or header file; you must call it using the LoadLibrary and GetProcAddress functions.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows XP [desktop apps only] |
| Minimum supported server |
Windows Server 2003 [desktop apps only] |
| Header |
|
| DLL |
|