GetTokenInformation

The GetTokenInformation function retrieves a specified type of information about an access token. The calling process must have appropriate access rights to obtain the information.

BOOL GetTokenInformation(
  HANDLE TokenHandle,       // handle of access token
  TOKEN_INFORMATION_CLASS TokenInformationClass,
                            // type of information to retrieve
  LPVOID TokenInformation,  // address of retrieved information
  DWORD TokenInformationLength,
                            // size of information buffer
  PDWORD ReturnLength       // address of required buffer size
);
 

Parameters

TokenHandle
Identifies an access token from which information is retrieved. If TokenInformationClass specifies TokenSource, the handle must have TOKEN_QUERY_SOURCE access. For all other TokenInformationClass values, the handle must have TOKEN_QUERY access.
TokenInformationClass
Specifies a value from the TOKEN_INFORMATION_CLASS enumerated type identifying the type of information the function retrieves.
TokenInformation
Pointer to a buffer the function fills with the requested information. The structure put into this buffer depends upon the type of information specified by the TokenInformationClass parameter, as shown in the following list:
Token Information Class Structure Returned
TokenUser The buffer receives a TOKEN_USER structure containing the token's user account.
TokenGroups The buffer receives a TOKEN_GROUPS structure containing the group accounts associated with the token.
TokenPrivileges The buffer receives a TOKEN_PRIVILEGES structure containing the token's privileges.
TokenOwner The buffer receives a TOKEN_OWNER structure containing the default owner SID for newly created objects.
TokenPrimaryGroup The buffer receives a TOKEN_PRIMARY_GROUP structure containing the default primary group SID for newly created objects.
TokenDefaultDacl The buffer receives a TOKEN_DEFAULT_DACL structure containing the default DACL for newly created objects.
TokenSource The buffer receives a TOKEN_SOURCE structure containing the source of the token. TOKEN_QUERY_SOURCE access is needed to retrieve this information.
TokenType The buffer receives a TOKEN_TYPE value indicating whether the token is a primary or impersonation token.
TokenImpersonationLevel The buffer receives a SECURITY_IMPERSONATION_LEVEL value indicating the impersonation level of the token. If the access token is not an impersonation token, the function fails.
TokenStatistics The buffer receives a TOKEN_STATISTICS structure containing various token statistics.
TokenRestrictedSids The buffer receives a TOKEN_GROUPS structure containing the list of restricting SIDs in a restricted token.

TokenInformationLength
Specifies the size, in bytes, of the buffer pointed to by the TokenInformation parameter.
ReturnLength
Pointer to a variable receiving the actual number of bytes needed for the buffer pointed to by the TokenInformation parameter. If this value is larger than the value specified in the TokenInformationLength parameter, the function fails and stores no data in the buffer.

If the value of the TokenInformationClass parameter is TokenDefaultDacl and the token has no default DACL, the function sets the variable pointed to by ReturnLength to sizeof(TOKEN_DEFAULT_DACL) and sets the DefaultDacl member of the TOKEN_DEFAULT_DACL structure to NULL.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

QuickInfo

  Windows NT: Requires version 3.1 or later.
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in winbase.h.
  Import Library: Use advapi32.lib.

See Also

Access Control Overview, Access Control Functions, AdjustTokenGroups, AdjustTokenPrivileges, OpenProcessToken, OpenThreadToken, SetTokenInformation, SECURITY_IMPERSONATION_LEVEL, TOKEN_DEFAULT_DACL, TOKEN_GROUPS, TOKEN_INFORMATION_CLASS, TOKEN_OWNER, TOKEN_PRIMARY_GROUP, TOKEN_PRIVILEGES, TOKEN_SOURCE, TOKEN_STATISTICS, TOKEN_TYPE, TOKEN_USER