The SeCaptureSubjectContext routine captures the security context of the calling thread for access validation and auditing.
void SeCaptureSubjectContext( PSECURITY_SUBJECT_CONTEXT SubjectContext );
Pointer to a caller-allocated SECURITY_SUBJECT_CONTEXT structure.
The SeCaptureSubjectContext routine returns a pointer to a SECURITY_SUBJECT_CONTEXT structure, which contains references to access tokens. The contents of that structure can change. The SeLockSubjectContext routine locks the primary access token and any impersonation tokens associated with the structure.
When using routines that query token information, such as SeQueryAuthenticationIdToken, SeQuerySubjectContextToken, SeQueryInformationToken, and SePrivilegeCheck, more than once in the same security context, lock the subject context with SeLockSubjectContext to obtain consistent results.
File systems must call SeCaptureSubjectContext before performing access validation or generating audit messages. This is necessary to provide a consistent security context to routines such as SeQueryAuthenticationIdToken, SeQuerySubjectContextToken, and SePrivilegeCheck. After these operations have been performed, the captured context should be released as soon as possible by calling SeReleaseSubjectContext.
For more information about security and access control, see the documentation on these topics in the Microsoft Windows SDK.
|Header||wdm.h (include Ntifs.h, Wdm.h)|