LSA_CREATE_TOKEN callback function (ntsecpkg.h)

The CreateToken function is used by SSP/APs to create tokens while processing calls to SpAcceptLsaModeContext.

Syntax

LSA_CREATE_TOKEN LsaCreateToken;

NTSTATUS LsaCreateToken(
  [in]  PLUID LogonId,
  [in]  PTOKEN_SOURCE TokenSource,
  [in]  SECURITY_LOGON_TYPE LogonType,
  [in]  SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
  [in]  LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
  [in]  PVOID TokenInformation,
  [in]  PTOKEN_GROUPS TokenGroups,
  [in]  PUNICODE_STRING AccountName,
  [in]  PUNICODE_STRING AuthorityName,
  [in]  PUNICODE_STRING Workstation,
  [in]  PUNICODE_STRING ProfilePath,
  [out] PHANDLE Token,
  [out] PNTSTATUS SubStatus
)
{...}

Parameters

[in] LogonId

Pointer to a logon session identifier for the new token. This identifier is obtained from a previous call to CreateLogonSession.

[in] TokenSource

Pointer to a TOKEN_SOURCE structure that specifies the source for this token. Specify the package name.

[in] LogonType

A SECURITY_LOGON_TYPE value that indicates the type of logon.

[in] ImpersonationLevel

A SECURITY_IMPERSONATION_LEVEL value that indicates the extent to which a server process can impersonate a client process.

[in] TokenInformationType

Specifies the type of structure in the TokenInformation parameter.

Value Meaning
LsaTokenInformationNull

LSA_TOKEN_INFORMATION_NULL

LsaTokenInformationV1

LSA_TOKEN_INFORMATION_V1

[in] TokenInformation

Pointer to the token information. The type of structure pointed to by TokenInformation is indicated by the TokenInformationType parameter.

If the structure pointed to by this parameter is an LSA_TOKEN_INFORMATION_V1 structure, the caller must allocate the memory for the Groups member of that structure by calling the AllocatePrivateHeap function.

[in] TokenGroups

Pointer to a TOKEN_GROUPS structure that specifies groups not contained in TokenInformation.

[in] AccountName

Pointer to a UNICODE_STRING structure that contains the name of the security principal. This information is used for auditing and name searches.

[in] AuthorityName

Pointer to a UNICODE_STRING structure that contains the name of the authority that validated the logon credentials, normally the Windows domain name.

[in] Workstation

Pointer to a UNICODE_STRING structure that contains the name of the client's workstation, normally a NetBIOS name.

[in] ProfilePath

Pointer to a UNICODE_STRING structure that contains the path to the user's profile, if any.

[out] Token

Pointer that receives the address of a handle to the new token. When you have finished using the handle, close it by calling the CloseHandle function.

[out] SubStatus

Pointer to a variable that receives error information.

Return value

If the function succeeds, the return value is STATUS_SUCCESS.

If the function fails, the return value is an NTSTATUS code that indicates the reason it failed.

Remarks

A pointer to the CreateToken function is available in the LSA_SECPKG_FUNCTION_TABLE structure received by the SpInitialize function.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header ntsecpkg.h

See also

LSA_SECPKG_FUNCTION_TABLE

SpAcceptLsaModeContext

SpInitialize