OpenThreadToken
The OpenThreadToken
function opens the access token associated with a thread.
BOOL OpenThreadToken(
|
HANDLE ThreadHandle, |
// handle to thread |
|
DWORD DesiredAccess, |
// access to
process |
|
BOOL OpenAsSelf, |
// flag for process
or thread security |
|
PHANDLE TokenHandle |
// pointer to
handle to open access token |
|
); |
|
Parameters
ThreadHandle
Identifies
the thread whose access token is opened.
DesiredAccess
Specifies an
access mask that specifies the requested types of access to the access token.
These requested access types are reconciled against the token s discretionary
access-control list (ACL) to determine which accesses are granted or denied.
The following access rights have been defined for access tokens.
|
Value |
Meaning |
|
TOKEN_ADJUST_DEFAULT |
Required to
change the default ACL, primary group, or owner of an access token. |
|
TOKEN_ADJUST_GROUPS |
Required to
change the groups specified in an access token. |
|
TOKEN_ADJUST_PRIVILEGES |
Required to
change the privileges specified in an access token. |
|
TOKEN_ALL_ACCESS |
Combines
the STANDARD_RIGHTS_REQUIRED standard access rights and all individual access
rights for tokens. |
|
TOKEN_ASSIGN_PRIMARY |
Required to
attach a primary token to a process in addition to the SE_CREATE_TOKEN_NAME
privilege. |
|
TOKEN_DUPLICATE |
Required to
duplicate an access token. |
|
TOKEN_EXECUTE |
Combines
the STANDARD_RIGHTS_EXECUTE standard access rights and the TOKEN_IMPERSONATE access
right. |
|
TOKEN_IMPERSONATE |
Required to
attach an impersonation access token to a process. |
|
TOKEN_QUERY |
Required to
query the contents of an access token. |
|
TOKEN_QUERY_SOURCE |
Required to
query the source of an access token. |
|
TOKEN_READ |
Combines
the STANDARD_RIGHTS_READ standard access rights and the TOKEN_QUERY access
right. |
|
TOKEN_WRITE |
Combines
the STANDARD_RIGHTS_WRITE standard access rights and the
TOKEN_ADJUST_PRIVILEGES, TOKEN_ADJUST_GROUPS, and TOKEN_ADJUST_DEFAULT access
rights. |
OpenAsSelf
Specifies a
flag indicating whether the access check is to be made against the security context
of the thread calling the OpenThreadToken function or against the
security context of the process for the calling thread.
If this parameter is FALSE, the access check is performed using the
security context for the calling thread. If the thread is impersonating a
client, this security context can be that of a client process. If this
parameter is TRUE, the access check is made using the security context of the
process for the calling thread.
TokenHandle
Points to a
handle identifying the newly opened access token when the function returns.
Return Values
If the
function succeeds, the return value is nonzero.
If the
function fails, the return value is zero. To get extended error information,
call GetLastError.
Remarks
The OpenAsSelf
parameter allows a server process to open the access token for a client process
when the client process has specified the SecurityIdentification impersonation
level for the SECURITY_IMPERSONATION_LEVEL enumerated type. Without this
parameter, the calling process is not be able to open the client s access token
using the client s security context, because it is impossible to open
executive-level objects using the SecurityIdentification impersonation level.
See Also