[PATCH 2/3] ntdll: Support TokenIntegrityLevel [try2]
Detlef Riekenberg
wine.dev at web.de
Mon Jul 30 11:08:34 CDT 2012
Needed by the Office 2013 web installer.
The static table info_len is used to reuse the buffer length checking code.
We do not use Integrity escalation / UAC in Wine, so always returning
administrative integrity level works good enough.
For a test, i returned SECURITY_MANDATORY_MEDIUM_RID, and the installer
failed with a Dialog "Administrative Privileges Required"
I hope, that hardcoding the binary sid and using memcpy is acceptable.
try 2 with the comments from nikolay
--
By by ... Detlef
---
dlls/ntdll/nt.c | 16 +++++++++++++++-
1 files changed, 15 insertions(+), 1 deletions(-)
diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
index cc35815..775b6f1 100644
--- a/dlls/ntdll/nt.c
+++ b/dlls/ntdll/nt.c
@@ -276,7 +276,7 @@ NTSTATUS WINAPI NtQueryInformationToken(
0, /* TokenAccessInformation */
0, /* TokenVirtualizationAllowed */
0, /* TokenVirtualizationEnabled */
- 0, /* TokenIntegrityLevel */
+ sizeof(TOKEN_MANDATORY_LABEL) + sizeof(SID), /* TokenIntegrityLevel [sizeof(SID) includes one SubAuthority] */
0, /* TokenUIAccess */
0, /* TokenMandatoryPolicy */
0 /* TokenLogonSid */
@@ -507,6 +507,20 @@ NTSTATUS WINAPI NtQueryInformationToken(
FIXME("QueryInformationToken( ..., TokenSessionId, ...) semi-stub\n");
}
break;
+ case TokenIntegrityLevel:
+ {
+ /* report always "S-1-16-12288" (high mandatory level) for now */
+ static const SID high_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY},
+ {SECURITY_MANDATORY_HIGH_RID}};
+
+ TOKEN_MANDATORY_LABEL *tml = tokeninfo;
+ PSID psid = tml + 1;
+
+ tml->Label.Sid = psid;
+ tml->Label.Attributes = SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED;
+ memcpy(psid, &high_level, sizeof(SID));
+ }
+ break;
default:
{
ERR("Unhandled Token Information class %d!\n", tokeninfoclass);
--
1.7.5.4
More information about the wine-patches
mailing list