Partager via


LSA_TOKEN_INFORMATION_V1 structure

The LSA_TOKEN_INFORMATION_V1 structure contains information an authentication package can place in a Version 1 Windows token object.

The version 1 token information has been superceded by LSA_TOKEN_INFORMATION_V2 and LSA_TOKEN_INFORMATION_V3 structures.

A Version 1 Windows token object stores all the information needed to build a token from the authentication package to the Local Security Authority (LSA). The LSA passes this information into the kernel to create a token object and to return a handle to that token object to the caller of LsaLogonUser.

Syntax

typedef struct _LSA_TOKEN_INFORMATION_V1 {
  LARGE_INTEGER       ExpirationTime;
  TOKEN_USER          User;
  PTOKEN_GROUPS       Groups;
  TOKEN_PRIMARY_GROUP PrimaryGroup;
  PTOKEN_PRIVILEGES   Privileges;
  TOKEN_OWNER         Owner;
  TOKEN_DEFAULT_DACL  DefaultDacl;
} LSA_TOKEN_INFORMATION_V1, *PLSA_TOKEN_INFORMATION_V1;

Members

  • ExpirationTime
    Time at which the security context becomes not valid. Use a value in the distant future if the context never expires. The current version of the operating system kernel does not enforce this expiration time.

  • User
    TOKEN_USER structure that contains the SID of the user logging on. The security identifier SID value is in a separately allocated block of memory.

  • Groups
    TOKEN_GROUPS structure that contains the SIDs of groups the user is a member of. This should not include WORLD or other system-defined and system-assigned SIDs. These will be added automatically by the LSA.

    Each SID is expected to be in a separately allocated block of memory. The TOKEN_GROUPS structure is also expected to be in a separately allocated block of memory. All of these memory blocks should be allocated by calling the AllocatePrivateHeap function.

  • PrimaryGroup
    TOKEN_PRIMARY_GROUP structure that is used to establish the primary group of the user. This value does not have to correspond to one of the SIDs assigned to the user.

    The SID pointed to by this structure is expected to be in a separately allocated block of memory.

    This member is mandatory and must be filled in.

  • Privileges
    TOKEN_PRIVILEGES structure that contains the privileges assigned to the user. This list of privileges will be augmented or overridden by any local security policy assigned privileges.

    Each privilege is expected to be in a separately allocated block of memory. The TOKEN_PRIVILEGES structure is also expected to be in a separately allocated block of memory.

    If there are no privileges to assign to the user, this member may be set to NULL.

  • Owner
    TOKEN_OWNER structure. This member may be used to establish an explicit default owner. Normally, the user ID is used as the default owner. If another value is desired, it must be specified here.

    The Owner.Sid member may be set to NULL to indicate there is no alternate default owner value.

  • DefaultDacl
    TOKEN_DEFAULT_DACL structure. This member may be used to establish a default protection for the user. If no value is provided, a default protection that grants everyone all access will be established.

    The DefaultDacl.DefaultDacl member may be set to NULL to indicate there is no default protection.

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Ntsecpkg.h