LSA_TOKEN_INFORMATION_V1 structure (ntsecpkg.h)
The LSA_TOKEN_INFORMATION_V2 structure contains information an authentication package can place in a Version 2 Windows token object and has superceded LSA_TOKEN_INFORMATION_V1.
The version 2 token information is used in most logons. The structure is identical to the LSA_TOKEN_INFORMATION_V1 structure, with the exception that the memory allocation is handled differently. The LSA_TOKEN_INFORMATION_V2 structure is intended to be allocated monolithically with the privileges, DACL, SIDs, and group array either part of the same allocation, or allocated and freed externally.
A Version 2 Windows token object stores all the information needed to build a token from the authentication package to the Local Security Authority (LSA). The LSA passes this information into the kernel to create a token object and to return a handle to that token object to the caller of LsaLogonUser.
Syntax
typedef struct _LSA_TOKEN_INFORMATION_V1 {
LARGE_INTEGER ExpirationTime;
TOKEN_USER User;
PTOKEN_GROUPS Groups;
TOKEN_PRIMARY_GROUP PrimaryGroup;
PTOKEN_PRIVILEGES Privileges;
TOKEN_OWNER Owner;
TOKEN_DEFAULT_DACL DefaultDacl;
} LSA_TOKEN_INFORMATION_V1, *PLSA_TOKEN_INFORMATION_V1;
Members
ExpirationTime
Time at which the security context becomes not valid. Use a value in the distant future if the context never expires. The current version of the operating system kernel does not enforce this expiration time.
User
TOKEN_USER structure that contains the SID of the user logging on. The security identifier SID value is in a separately allocated block of memory.
Groups
TOKEN_GROUPS structure that contains the SIDs of groups the user is a member of. This should not include WORLD or other system-defined and system-assigned SIDs. These will be added automatically by the LSA.
Each SID is expected to be in a separately allocated block of memory. The TOKEN_GROUPS structure is also expected to be in a separately allocated block of memory. All of these memory blocks should be allocated by calling the AllocatePrivateHeap function.
PrimaryGroup
TOKEN_PRIMARY_GROUP structure that is used to establish the primary group of the user. This value does not have to correspond to one of the SIDs assigned to the user.
The SID pointed to by this structure is expected to be in a separately allocated block of memory.
This member is mandatory and must be filled in.
Privileges
TOKEN_PRIVILEGES structure that contains the privileges assigned to the user. This list of privileges will be augmented or overridden by any local security policy assigned privileges.
Each privilege is expected to be in a separately allocated block of memory. The TOKEN_PRIVILEGES structure is also expected to be in a separately allocated block of memory.
If there are no privileges to assign to the user, this member may be set to NULL.
Owner
TOKEN_OWNER structure. This member may be used to establish an explicit default owner. Normally, the user ID is used as the default owner. If another value is desired, it must be specified here.
The Owner.Sid member may be set to NULL to indicate there is no alternate default owner value.
DefaultDacl
TOKEN_DEFAULT_DACL structure. This member may be used to establish a default protection for the user. If no value is provided, a default protection that grants everyone all access will be established.
The DefaultDacl.DefaultDacl member may be set to NULL to indicate there is no default protection.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows XP [desktop apps only] |
Minimum supported server | Windows Server 2003 [desktop apps only] |
Header | ntsecpkg.h |