[PATCH 2/3] ntdll: Support TokenIntegrityLevel in NtQueryInformationToken
Detlef Riekenberg
wine.dev at web.de
Sat Jul 28 18:24:00 CDT 2012
Needed by the Office 2013 web installer.
The static table info_len is used to reuse the buffer length checking code.
We do not use Integrity escalation / UAC in Wine, so always returning
administrative integrity level works good enough.
For a test, i returned SECURITY_MANDATORY_MEDIUM_RID, and the installer
failed with a Dialog "Administrative Privileges Required"
I hope, that hardcoding the binary sid and using memcopy is acceptable.
In a different patch version, i build the SID element by element,
but that code looked worse.
A test in the next patch make sure, that the used binary sid is correcd.
--
By by ... Detlef
---
dlls/ntdll/nt.c | 18 +++++++++++++++++-
1 files changed, 17 insertions(+), 1 deletions(-)
diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
index cc35815..d37f2fe 100644
--- a/dlls/ntdll/nt.c
+++ b/dlls/ntdll/nt.c
@@ -276,7 +276,7 @@ NTSTATUS WINAPI NtQueryInformationToken(
0, /* TokenAccessInformation */
0, /* TokenVirtualizationAllowed */
0, /* TokenVirtualizationEnabled */
- 0, /* TokenIntegrityLevel */
+ sizeof(TOKEN_MANDATORY_LABEL) + sizeof(SID), /* TokenIntegrityLevel [sizeof(SID) includes one SubAuthority] */
0, /* TokenUIAccess */
0, /* TokenMandatoryPolicy */
0 /* TokenLogonSid */
@@ -507,6 +507,22 @@ NTSTATUS WINAPI NtQueryInformationToken(
FIXME("QueryInformationToken( ..., TokenSessionId, ...) semi-stub\n");
}
break;
+ case TokenIntegrityLevel:
+ {
+ /* report always "S-1-16-12288" (high mandatory level) */
+ static BYTE high_level[] = {1, /* SID_VERSION */
+ 1, /* One SubAuthority entry */
+ 0,0,0,0,0,16, /* SECURITY_MANDATORY_LABEL_AUTHORITY */
+ 0,0x30,0,0}; /* SECURITY_MANDATORY_HIGH_RID */
+
+ TOKEN_MANDATORY_LABEL *tml = tokeninfo;
+ PSID psid = tml + 1;
+
+ tml->Label.Sid = psid;
+ tml->Label.Attributes = SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED;
+ memcpy(psid, high_level, sizeof(high_level));
+ }
+ break;
default:
{
ERR("Unhandled Token Information class %d!\n", tokeninfoclass);
--
1.7.5.4
More information about the wine-patches
mailing list