* sec_auth.cc (create_token): Add integrity level SID to token on

systems supporting that.  Remove useless check for dynamically loading
	NtCreateToken function.
	* sec_helper.cc (mandatory_medium_integrity_sid): Define.
	(mandatory_high_integrity_sid): Define.
	(mandatory_system_integrity_sid): Define.
	* sec_helper.h (mandatory_medium_integrity_sid): Declare.
	(mandatory_high_integrity_sid): Declare.
	(mandatory_system_integrity_sid): Declare.
This commit is contained in:
Corinna Vinschen
2008-04-22 10:45:34 +00:00
parent 1137c058e5
commit b1138f3d4b
4 changed files with 39 additions and 6 deletions

View File

@@ -60,6 +60,12 @@ MKSID (well_known_admins_sid, "S-1-5-32-544",
DOMAIN_ALIAS_RID_ADMINS);
MKSID (fake_logon_sid, "S-1-5-5-0-0",
SECURITY_NT_AUTHORITY, 3, SECURITY_LOGON_IDS_RID, 0, 0);
MKSID (mandatory_medium_integrity_sid, "S-1-16-8192",
SECURITY_MANDATORY_LABEL_AUTHORITY, 1, SECURITY_MANDATORY_MEDIUM_RID);
MKSID (mandatory_high_integrity_sid, "S-1-16-12288",
SECURITY_MANDATORY_LABEL_AUTHORITY, 1, SECURITY_MANDATORY_HIGH_RID);
MKSID (mandatory_system_integrity_sid, "S-1-16-16384",
SECURITY_MANDATORY_LABEL_AUTHORITY, 1, SECURITY_MANDATORY_SYSTEM_RID);
bool
cygpsid::operator== (const char *nsidstr) const