* sec_auth.cc (create_token): Add integrity level SID to token on

systems supporting that. Remove useless check for dynamically loading NtCreateToken function. * sec_helper.cc (mandatory_medium_integrity_sid): Define. (mandatory_high_integrity_sid): Define. (mandatory_system_integrity_sid): Define. * sec_helper.h (mandatory_medium_integrity_sid): Declare. (mandatory_high_integrity_sid): Declare. (mandatory_system_integrity_sid): Declare.
2008-04-22 10:45:34 +00:00
parent 1137c058e5
commit b1138f3d4b
4 changed files with 39 additions and 6 deletions
--- a/winsup/cygwin/sec_helper.cc
+++ b/winsup/cygwin/sec_helper.cc
@@ -60,6 +60,12 @@ MKSID (well_known_admins_sid, "S-1-5-32-544",
 				 DOMAIN_ALIAS_RID_ADMINS);
 MKSID (fake_logon_sid, "S-1-5-5-0-0",
       SECURITY_NT_AUTHORITY, 3, SECURITY_LOGON_IDS_RID, 0, 0);
+MKSID (mandatory_medium_integrity_sid, "S-1-16-8192",
+       SECURITY_MANDATORY_LABEL_AUTHORITY, 1, SECURITY_MANDATORY_MEDIUM_RID);
+MKSID (mandatory_high_integrity_sid, "S-1-16-12288",
+       SECURITY_MANDATORY_LABEL_AUTHORITY, 1, SECURITY_MANDATORY_HIGH_RID);
+MKSID (mandatory_system_integrity_sid, "S-1-16-16384",
+       SECURITY_MANDATORY_LABEL_AUTHORITY, 1, SECURITY_MANDATORY_SYSTEM_RID);

 bool
 cygpsid::operator== (const char *nsidstr) const