From: Detlef Riekenberg <wine.dev@web.de>
Subject: [PATCH 2/3] ntdll: Support TokenIntegrityLevel in NtQueryInformationToken
Message-Id: <1343517841-26500-2-git-send-email-wine.dev@web.de>
Date: Sun, 29 Jul 2012 01:24:00 +0200

Needed by the Office 2013 web installer.

The static table info_len is used to reuse the buffer length checking code.

We do not use Integrity escalation / UAC in Wine, so always returning
administrative integrity level works good enough.

For a test, i returned SECURITY_MANDATORY_MEDIUM_RID, and the installer
failed with a Dialog "Administrative Privileges Required"

I hope, that hardcoding the binary sid and using memcopy is acceptable.

In a different patch version, i build the SID element by element,
but that code looked worse.

A test in the next patch make sure, that the used binary sid is correcd.

--
By by ... Detlef
---
 dlls/ntdll/nt.c |   18 +++++++++++++++++-
 1 files changed, 17 insertions(+), 1 deletions(-)

diff --git a/dlls/ntdll/nt.c b/dlls/ntdll/nt.c
index cc35815..d37f2fe 100644
--- a/dlls/ntdll/nt.c
+++ b/dlls/ntdll/nt.c
@@ -276,7 +276,7 @@ NTSTATUS WINAPI NtQueryInformationToken(
         0,    /* TokenAccessInformation */
         0,    /* TokenVirtualizationAllowed */
         0,    /* TokenVirtualizationEnabled */
-        0,    /* TokenIntegrityLevel */
+        sizeof(TOKEN_MANDATORY_LABEL) + sizeof(SID), /* TokenIntegrityLevel [sizeof(SID) includes one SubAuthority] */
         0,    /* TokenUIAccess */
         0,    /* TokenMandatoryPolicy */
         0     /* TokenLogonSid */
@@ -507,6 +507,22 @@ NTSTATUS WINAPI NtQueryInformationToken(
             FIXME("QueryInformationToken( ..., TokenSessionId, ...) semi-stub\n");
         }
         break;
+    case TokenIntegrityLevel:
+        {
+            /* report always "S-1-16-12288" (high mandatory level) */
+            static BYTE high_level[] = {1,              /* SID_VERSION */
+                                        1,              /* One SubAuthority entry */
+                                        0,0,0,0,0,16,   /* SECURITY_MANDATORY_LABEL_AUTHORITY */
+                                        0,0x30,0,0};    /* SECURITY_MANDATORY_HIGH_RID */
+
+            TOKEN_MANDATORY_LABEL *tml = tokeninfo;
+            PSID psid = tml + 1;
+
+            tml->Label.Sid = psid;
+            tml->Label.Attributes = SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED;
+            memcpy(psid, high_level, sizeof(high_level));
+        }
+        break;
     default:
         {
             ERR("Unhandled Token Information class %d!\n", tokeninfoclass);
-- 
1.7.5.4