nt_token

Struct Token

Source 
pub struct Token { /* private fields */ }
Expand description

Borrowed, zero‑cost view of a token HANDLE (like Path).

Implementations§

Source§

impl Token

Source

pub unsafe fn new(handle: &HANDLE) -> &Self

Source

pub fn handle(&self) -> HANDLE

Raw handle (borrowed).

Source

pub fn duplicate( &self, access: TOKEN_ACCESS_MASK, token_type: TOKEN_TYPE, imp_level: SECURITY_IMPERSONATION_LEVEL, ) -> Result<OwnedToken>

Duplicate the referenced token.

Source

pub fn is_elevated(&self) -> Result<bool>

Is the token elevated (Vista+ UAC)?

Source

pub fn integrity_level(&self) -> Result<Sid>

Return the integrity-level SID.

Source

pub fn groups(&self) -> Result<Vec<Group>>

Enumerate group SIDs (TokenGroups).

Source

pub fn capabilities(&self) -> Result<Vec<Group>>

Enumerate capability SIDs (TokenCapabilities).

Source

pub fn logon_sid(&self) -> Result<Vec<Group>>

Enumerate the logon SID (TokenLogonSid). Typically returns a single entry.

Source

pub fn restricted_sids(&self) -> Result<Vec<Group>>

Enumerate restricted SIDs (TokenRestrictedSids).

Source

pub fn device_groups(&self) -> Result<Vec<Group>>

Enumerate device group SIDs (TokenDeviceGroups).

Source

pub fn restricted_device_groups(&self) -> Result<Vec<Group>>

Enumerate restricted device group SIDs (TokenRestrictedDeviceGroups).

Source

pub fn linked_token(&self) -> Result<OwnedToken>

For filtered admin tokens, return the linked administrator token.

Source

pub fn elevation_type(&self) -> Result<TOKEN_ELEVATION_TYPE>

Retrieve the token’s elevation type (default, limited, or full).

Source

pub fn impersonation_level(&self) -> Result<SECURITY_IMPERSONATION_LEVEL>

Retrieve the impersonation level (only valid for impersonation tokens).

Source

pub fn has_restrictions(&self) -> Result<bool>

Does the token have any restrictions (sandboxed / filtered token)?

Source

pub fn virtualization_allowed(&self) -> Result<bool>

Is process virtualization allowed for this token (UAC file/registry virtualization)?

Source

pub fn virtualization_enabled(&self) -> Result<bool>

Is process virtualization currently enabled for this token?

Source

pub fn is_app_container(&self) -> Result<bool>

Is this token an AppContainer token?

Source

pub fn is_primary(&self) -> Result<bool>

Is this a primary token (TokenPrimary) as opposed to an impersonation token?

Source

pub fn user(&self) -> Result<Sid>

Return the token’s primary user SID.

Source

pub fn primary_group(&self) -> Result<Sid>

Return the token’s primary group SID.

Source

pub fn owner(&self) -> Result<Sid>

Return the token’s owner SID.

Source

pub fn privileges(&self) -> Result<Vec<Privilege>>

Enumerate privileges contained in the token.

Source

pub fn adjust_privileges(&self, privs: &[Privilege]) -> Result<()>

Adjust multiple privileges in one go. The token must have TOKEN_ADJUST_PRIVILEGES access. Each Privilege decides whether it should be enabled (Privilege::new(name, true)) or disabled (Privilege::new(name, false)).

Source

pub fn check_membership(&self, sid: &Sid) -> Result<bool>

Check whether this token contains the specified SID (group membership).

Source

pub fn ui_access(&self) -> Result<bool>

Does the token have UIAccess privilege (non-elevated UI automation)?

Source

pub fn app_container_sid(&self) -> Result<Option<Sid>>

Return the app-container SID associated with this token, or None if the token is not an AppContainer.

Source

pub fn app_container_number(&self) -> Result<u32>

Return the app-container number assigned by the system.

Source

pub fn adjust_groups(&self, groups: &[Group]) -> Result<()>

Adjust multiple group states in one go. The token must have TOKEN_ADJUST_GROUPS access. Each Group instance specifies the desired attribute flags for an existing SID in the token. For example, to enable a group, include the SE_GROUP_ENABLED attribute; to disable it, omit that flag. Analogous to adjust_privileges.

Source

pub fn create_restricted_token( &self, flags: CREATE_RESTRICTED_TOKEN_FLAGS, sids_to_disable: &[Group], privileges_to_delete: &[Privilege], sids_to_restrict: &[Group], ) -> Result<OwnedToken>

Create a restricted token derived from this token. flags is a bitmask of CREATE_RESTRICTED_TOKEN_* constants (e.g. DISABLE_MAX_PRIVILEGE). The various slices correspond to the parameters of the Win32 CreateRestrictedToken API.

Trait Implementations§

Source§

impl Clone for Token

Source§

fn clone(&self) -> Token

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Token

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'a> From<&'a OwnedToken> for Token

Source§

fn from(tok: &'a OwnedToken) -> Self

Converts to this type from the input type.
Source§

impl Copy for Token

Auto Trait Implementations§

§

impl Freeze for Token

§

impl RefUnwindSafe for Token

§

impl !Send for Token

§

impl !Sync for Token

§

impl Unpin for Token

§

impl UnwindSafe for Token

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.