On Tue Aug 15 19:31:55 2023 +0000, Dmitry Timoshkov wrote:
This could use some tests. Unfortunately NtCreateToken() requires special priviledges and it's impossible to test from a normal user mode process under Windows. Right, it requires SE_CREATE_TOKEN_PRIVILEGE, which is not assigned by default. You'd need to assign it to the Administrators group for example (using the policy editor) and reboot. Then elevate and run the test.
I guess part of it could be tested indirectly via LogonUser(). When I looked into it this picture emerged: LogonUser() calls LsaLogonUser() which looks up the authentication provider, calls its LsaLogonUser() method and creates a token using returned token info. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/3505#note_42443