SeQueryInformationToken function (ntifs.h)
The SeQueryInformationToken routine retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.
Syntax
NTSTATUS SeQueryInformationToken(
[in] PACCESS_TOKEN Token,
[in] TOKEN_INFORMATION_CLASS TokenInformationClass,
[out] PVOID *TokenInformation
);
Parameters
[in] Token
A pointer to an access token from which information is to be retrieved. If TokenInformationClass is set to TokenSource, the handle must have TOKEN_QUERY_SOURCE access. For all other TokenInformationClass values, the handle must have TOKEN_QUERY access.
[in] TokenInformationClass
A value from the TOKEN_INFORMATION_CLASS enumerated type that identifies the type of information to be retrieved.
[out] TokenInformation
If STATUS_SUCCESS is returned, TokenInformation receives a pointer to a location that contains the address of a buffer that holds the requested information. The format of this information buffer depends upon the value of TokenInformationClass, as shown in the following table. Be aware that the buffer is allocated by SeQueryInformationToken from paged pool. This buffer must eventually be freed by the caller by using ExFreePool.
| Value | Description |
|---|---|
| TokenDefaultDacl | The buffer receives a TOKEN_DEFAULT_DACL structure that contains the default DACL for newly created objects. |
| TokenGroups | The buffer receives a TOKEN_GROUPS structure that contains the group accounts associated with the token. |
| TokenImpersonationLevel | The buffer receives a SECURITY_IMPERSONATION_LEVEL value which indicates the impersonation level of the token. If the access token is not an impersonation token, the call to SeQueryInformationToken fails. |
| TokenOwner | The buffer receives a TOKEN_OWNER structure that contains the default owner security identifier (SID) for newly created objects. |
| TokenPrimaryGroup | The buffer receives a TOKEN_PRIMARY_GROUP structure that contains the default primary group SID for newly created objects. |
| TokenPrivileges | The buffer receives a TOKEN_PRIVILEGES structure that contains the token's privileges. |
| TokenSessionId | The buffer receives a DWORD value (not a pointer to it) that indicates the Terminal Services session identifier that is associated with the token. If the token is associated with the Terminal Server console session, the session identifier is zero. A nonzero session identifier indicates a Terminal Services client session. In a non-Terminal Services environment, the session identifier is zero. |
| TokenSource | The buffer receives a TOKEN_SOURCE structure that contains the source of the token. TOKEN_QUERY_SOURCE access is needed to retrieve this information. |
| TokenStatistics | The buffer receives a TOKEN_STATISTICS structure that contains various token statistics. |
| TokenType | The buffer receives a TOKEN_TYPE value that indicates whether the token is a primary or impersonation token. |
| TokenUser | The buffer receives a TOKEN_USER structure that contains the token's user account. |
| TokenIntegrityLevel | The buffer receives a DWORD value (not a pointer to it) that specifies the token’s integrity level. |
Return value
| Return code | Description |
|---|---|
|
The call to SeQueryInformationToken succeeded. |
|
An invalid value was supplied for TokenInformationClass. |
Remarks
For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 2000 |
| Target Platform | Universal |
| Header | ntifs.h (include Ntifs.h) |
| Library | NtosKrnl.lib |
| DLL | NtosKrnl.exe |
| IRQL | PASSIVE_LEVEL |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for