SeQuerySubjectContextToken macro (ntifs.h)
The SeQuerySubjectContextToken macro retrieves the access token for a security subject context.
Syntax
PACESS_TOKEN
SeQuerySubjectContextToken(SubjectContext);
Parameters
SubjectContext
[in] Pointer to an opaque SECURITY_SUBJECT_CONTEXT structure containing the subject context to query. This opaque structure was obtained from the operating system in a call to SeCaptureSubjectContextEx or SeCaptureSubjectContext. Drivers must not modify or try to directly access any members of this structure to make security decisions.
Return value
None
Remarks
SeQuerySubjectContextToken returns the effective token from SubjectContext. The effective token is the client token, if present; otherwise it is the primary (process) token.
SeQuerySubjectContextToken can return either a primary or impersonation token. Since drivers must not directly access any members of the SECURITY_SUBJECT_CONTEXT structure, you should first pass it to SeAccessCheck or SePrivilegeCheck to avoid security issues in authorization; for example, if this is an impersonation token, it requires an impersonation level of SecurityImpersonation or higher. Once you've confirmed authorization status, you can then pass the access token pointer returned by SeQuerySubjectContextToken to SeQueryInformationToken.
SeQuerySubjectContextToken does not affect the lock status or access token of the subject context.
For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 2000 |
| Target Platform | Desktop |
| Header | ntifs.h (include Ntifs.h) |
| Library | NtosKrnl.lib |
| DLL | NtosKrnl.exe |
| IRQL | PASSIVE_LEVEL |