As I understand, on Windows systems, a thread "gets" it’s own token, separate from the process’ token, upon impersonation.
One way to test that – the
GetTokenInformation WinApi, called with the
TokenType information class, retrieves the token type for a passed token. (if it exists/valid, of course)
My questions are regarding the purpose and lifetime of a thread’s access token, aka Impersonation Token –
- Is there any other scenario, besides impersonation, when a thread gets it’s own token?
- Does the token gets freed always upon impersonation end (
RevertToSelfcall) or are there scenarios when it’s lifetime might be prolonged and exceed a successful
- In which scenario will a
GetTokenInformationWinApi, called with the
TokenTypeinformation class return
ERROR_NO_TOKENand in which case will it return
TokenPrimary? I mean, as I understand an error will occur if I’ll call the WinApi upon
GetCurrentThreadToken(), if impersonation isn’t taking place. But why is
TokenImpersonationisn’t returned in that scenario? I mean, in a case there’s no thread token, the process token should be used – according to MSDN. Or am I missing something here?
Source: Windows Questions