SeQueryInformationToken function

The SeQueryInformationToken routine retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.

Syntax

NTKERNELAPI NTSTATUS SeQueryInformationToken(
  PACCESS_TOKEN           Token,
  TOKEN_INFORMATION_CLASS TokenInformationClass,
  PVOID                   *TokenInformation
);

Parameters

Token

A pointer to an access token from which information is to be retrieved. If TokenInformationClass is set to TokenSource, the handle must have TOKEN_QUERY_SOURCE access. For all other TokenInformationClass values, the handle must have TOKEN_QUERY access.

TokenInformationClass

A value from the TOKEN_INFORMATION_CLASS enumerated type that identifies the type of information to be retrieved.

TokenInformation

If STATUS_SUCCESS is returned, TokenInformation receives a pointer to a location that contains the address of a buffer that holds the requested information. The format of this information buffer depends upon the value of TokenInformationClass, as shown in the following table. Be aware that the buffer is allocated by SeQueryInformationToken from paged pool. This buffer must eventually be freed by the caller by using ExFreePool.

Value Description
TokenDefaultDacl The buffer receives a TOKEN_DEFAULT_DACL structure that contains the default DACL for newly created objects.
TokenGroups The buffer receives a TOKEN_GROUPS structure that contains the group accounts associated with the token.
TokenImpersonationLevel The buffer receives a SECURITY_IMPERSONATION_LEVEL value which indicates the impersonation level of the token. If the access token is not an impersonation token, the call to SeQueryInformationToken fails.
TokenOwner The buffer receives a TOKEN_OWNER structure that contains the default owner security identifier (SID) for newly created objects.
TokenPrimaryGroup The buffer receives a TOKEN_PRIMARY_GROUP structure that contains the default primary group SID for newly created objects.
TokenPrivileges The buffer receives a TOKEN_PRIVILEGES structure that contains the token's privileges.
TokenSessionId The buffer receives a DWORD value (not a pointer to it) that indicates the Terminal Services session identifier that is associated with the token. If the token is associated with the Terminal Server console session, the session identifier is zero. A nonzero session identifier indicates a Terminal Services client session. In a non-Terminal Services environment, the session identifier is zero.
TokenSource The buffer receives a TOKEN_SOURCE structure that contains the source of the token. TOKEN_QUERY_SOURCE access is needed to retrieve this information.
TokenStatistics The buffer receives a TOKEN_STATISTICS structure that contains various token statistics.
TokenType The buffer receives a TOKEN_TYPE value that indicates whether the token is a primary or impersonation token.
TokenUser The buffer receives a TOKEN_USER structure that contains the token's user account.
TokenIntegrityLevel The buffer receives a DWORD value (not a pointer to it) that specifies the token’s integrity level.

Return Value

Return code Description
STATUS_SUCCESS
The call to SeQueryInformationToken succeeded.
STATUS_INVALID_INFO_CLASS
An invalid value was supplied for TokenInformationClass.

Remarks

For more information about security and access control, see the documentation about these topics in the Microsoft Windows SDK.

Requirements

   
Minimum supported client This routine is available on Microsoft Windows 2000 and later versions of the operating system.
Target Platform Universal
Header ntifs.h (include Ntifs.h)
Library NtosKrnl.lib
DLL NtosKrnl.exe
IRQL PASSIVE_LEVEL

See Also

PsDereferenceImpersonationToken

PsDereferencePrimaryToken

SECURITY_IMPERSONATION_LEVEL

SID

SeQueryAuthenticationIdToken

SeQuerySubjectContextToken

SeTokenIsAdmin

SeTokenIsRestricted

TOKEN_DEFAULT_DACL

TOKEN_GROUPS

TOKEN_INFORMATION_CLASS

TOKEN_OWNER

TOKEN_PRIMARY_GROUP

TOKEN_PRIVILEGES

TOKEN_SOURCE

TOKEN_STATISTICS

TOKEN_TYPE

TOKEN_USER