PrivilegeCheck
The PrivilegeCheck
function tests the security context represented by a specific access token to
discover whether it contains the specified privileges. This function is
typically called by a server application to check the privileges of a client s
access token.
BOOL PrivilegeCheck(
|
HANDLE ClientToken, |
// handle of
client s access token |
|
PPRIVILEGE_SET RequiredPrivileges, |
// address of
privileges |
|
LPBOOL pfResult |
// address of flag
for result |
|
); |
|
Parameters
ClientToken
Identifies an
access token representing a client process. This handle must have been obtained
by opening the token of a thread impersonating the client. The token must be
open for TOKEN_QUERY access.
RequiredPrivileges
Points to a PRIVILEGE_SET structure specifying the
privileges required.
The specified access token is checked to see which of the specified
privileges are present. When a privilege specified in the PRIVILEGE_SET
structure is found in the access token, the function sets the SE_PRIVILEGE_USED_FOR_ACCESS
attribute for that privilege in the corresponding LUID_AND_ATTRIBUTES structure.
pfResult
Points to a
flag the function sets to indicate whether the access token contains any or all
of the specified privileges. If PRIVILEGE_SET_ALL_NECESSARY is specified in the
Control member of the PRIVILEGE_SET structure pointed to by the RequiredPrivileges
parameter, this flag is TRUE only if all requested privileges are present in
the access token. If PRIVILEGE_SET_ALL_NECESSARY is not specified, and if any
of the privileges are present, this flag is TRUE.
Return Values
If the
function succeeds, the return value is nonzero.
If the
function fails, the return value is zero. To get extended error information,
call GetLastError.
See Also