16 Aug
2023
16 Aug
'23
9:25 a.m.
On Tue Aug 15 19:31:55 2023 +0000, Dmitry Timoshkov wrote:
This could use some tests.
Unfortunately NtCreateToken() requires special priviledges and it's impossible to test from a normal user mode process under Windows.
Right, it requires SE_CREATE_TOKEN_PRIVILEGE, which is not assigned by default. You'd need to assign it to the Administrators group for example (using the policy editor) and reboot. Then elevate and run the test.
I guess part of it could be tested indirectly via LogonUser(). When I looked into it this picture emerged:
LogonUser() calls LsaLogonUser() which looks up the authentication provider, calls its LsaLogonUser() method and creates a token using returned token info.