SeCaptureSubjectContext function

The SeCaptureSubjectContext routine captures the security context of the calling thread for access validation and auditing.

Syntax

void SeCaptureSubjectContext(
  PSECURITY_SUBJECT_CONTEXT SubjectContext
);

Parameters

SubjectContext

Pointer to a caller-allocated SECURITY_SUBJECT_CONTEXT structure.

Return Value

None

Remarks

The SeCaptureSubjectContext routine returns a pointer to a SECURITY_SUBJECT_CONTEXT structure, which contains references to access tokens. The contents of that structure can change. The SeLockSubjectContext routine locks the primary access token and any impersonation tokens associated with the structure.

When using routines that query token information, such as SeQueryAuthenticationIdToken, SeQuerySubjectContextToken, SeQueryInformationToken, and SePrivilegeCheck, more than once in the same security context, lock the subject context with SeLockSubjectContext to obtain consistent results.

File systems must call SeCaptureSubjectContext before performing access validation or generating audit messages. This is necessary to provide a consistent security context to routines such as SeQueryAuthenticationIdToken, SeQuerySubjectContextToken, and SePrivilegeCheck. After these operations have been performed, the captured context should be released as soon as possible by calling SeReleaseSubjectContext.

For more information about security and access control, see the documentation on these topics in the Microsoft Windows SDK.

Requirements

   
Target Platform Universal
Header ntifs.h (include Ntifs.h, Wdm.h)
Library NtosKrnl.lib
DLL NtosKrnl.exe
IRQL PASSIVE_LEVEL

See Also

SECURITY_SUBJECT_CONTEXT

SeLockSubjectContext

SePrivilegeCheck

SeQueryAuthenticationIdToken

SeQuerySubjectContextToken

SeReleaseSubjectContext

SeUnlockSubjectContext