LSA_CREATE_TOKEN callback function (ntsecpkg.h)
The CreateToken function is used by SSP/APs to create tokens while processing calls to SpAcceptLsaModeContext.
Syntax
LSA_CREATE_TOKEN LsaCreateToken;
NTSTATUS LsaCreateToken(
[in] PLUID LogonId,
[in] PTOKEN_SOURCE TokenSource,
[in] SECURITY_LOGON_TYPE LogonType,
[in] SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
[in] LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
[in] PVOID TokenInformation,
[in] PTOKEN_GROUPS TokenGroups,
[in] PUNICODE_STRING AccountName,
[in] PUNICODE_STRING AuthorityName,
[in] PUNICODE_STRING Workstation,
[in] PUNICODE_STRING ProfilePath,
[out] PHANDLE Token,
[out] PNTSTATUS SubStatus
)
{...}
Parameters
[in] LogonId
Pointer to a logon session identifier for the new token. This identifier is obtained from a previous call to CreateLogonSession.
[in] TokenSource
Pointer to a TOKEN_SOURCE structure that specifies the source for this token. Specify the package name.
[in] LogonType
A SECURITY_LOGON_TYPE value that indicates the type of logon.
[in] ImpersonationLevel
A SECURITY_IMPERSONATION_LEVEL value that indicates the extent to which a server process can impersonate a client process.
[in] TokenInformationType
Specifies the type of structure in the TokenInformation parameter.
| Value | Meaning |
|---|---|
|
|
|
[in] TokenInformation
Pointer to the token information. The type of structure pointed to by TokenInformation is indicated by the TokenInformationType parameter.
If the structure pointed to by this parameter is an LSA_TOKEN_INFORMATION_V1 structure, the caller must allocate the memory for the Groups member of that structure by calling the AllocatePrivateHeap function.
[in] TokenGroups
Pointer to a TOKEN_GROUPS structure that specifies groups not contained in TokenInformation.
[in] AccountName
Pointer to a UNICODE_STRING structure that contains the name of the security principal. This information is used for auditing and name searches.
[in] AuthorityName
Pointer to a UNICODE_STRING structure that contains the name of the authority that validated the logon credentials, normally the Windows domain name.
[in] Workstation
Pointer to a UNICODE_STRING structure that contains the name of the client's workstation, normally a NetBIOS name.
[in] ProfilePath
Pointer to a UNICODE_STRING structure that contains the path to the user's profile, if any.
[out] Token
Pointer that receives the address of a handle to the new token. When you have finished using the handle, close it by calling the CloseHandle function.
[out] SubStatus
Pointer to a variable that receives error information.
Return value
If the function succeeds, the return value is STATUS_SUCCESS.
If the function fails, the return value is an NTSTATUS code that indicates the reason it failed.
Remarks
A pointer to the CreateToken function is available in the LSA_SECPKG_FUNCTION_TABLE structure received by the SpInitialize function.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps only] |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Target Platform | Windows |
| Header | ntsecpkg.h |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for