NtCompareTokens function

The NtCompareTokens function compares two access tokens and determines whether they are equivalent with respect to a call to the AccessCheck function.

Syntax

NTSTATUS NTAPI NtCompareTokens(
  _In_  HANDLE   FirstTokenHandle,
  _In_  HANDLE   SecondTokenHandle,
  _Out_ PBOOLEAN Equal
);

Parameters

FirstTokenHandle [in]

A handle to the first access token to compare. The token must be open for TOKEN_QUERY access.

SecondTokenHandle [in]

A handle to the second access token to compare. The token must be open for TOKEN_QUERY access.

Equal [out]

A pointer to a variable that receives a value that indicates whether the tokens represented by the FirstTokenHandle and SecondTokenHandle parameters are equivalent.

Return value

If the function succeeds, the function returns STATUS_SUCCESS.

If the function fails, it returns an NTSTATUS error code.

Remarks

Two access control tokens are considered to be equivalent if all of the following conditions are true:

  • Every security identifier (SID) that is present in either token is also present in the other token.
  • Neither or both of the tokens are restricted.
  • If both tokens are restricted, every SID that is restricted in one token is also restricted in the other token.
  • Every privilege present in either token is also present in the other token.

This function has no associated import library or header file; you must call it using the LoadLibrary and GetProcAddress functions.

Requirements

Requirement Value
Minimum supported client
Windows XP [desktop apps only]
Minimum supported server
Windows Server 2003 [desktop apps only]
Header
Ntseapi.h
DLL
Ntdll.dll