2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * PURPOSE: System setup
5 * FILE: dll/win32/syssetup/security.c
9 /* INCLUDES *****************************************************************/
21 /* FUNCTIONS ****************************************************************/
29 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo
= NULL
;
30 POLICY_ACCOUNT_DOMAIN_INFO Info
;
31 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
32 LSA_HANDLE PolicyHandle
;
34 SAM_HANDLE ServerHandle
= NULL
;
35 SAM_HANDLE DomainHandle
= NULL
;
36 DOMAIN_NAME_INFORMATION DomainNameInfo
;
40 DPRINT("SYSSETUP: SetAccountsDomainSid\n");
42 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
43 ObjectAttributes
.Length
= sizeof(LSA_OBJECT_ATTRIBUTES
);
45 Status
= LsaOpenPolicy(NULL
,
47 POLICY_VIEW_LOCAL_INFORMATION
| POLICY_TRUST_ADMIN
,
49 if (Status
!= STATUS_SUCCESS
)
51 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status
);
55 Status
= LsaQueryInformationPolicy(PolicyHandle
,
56 PolicyAccountDomainInformation
,
58 if (Status
== STATUS_SUCCESS
&& OrigInfo
!= NULL
)
60 if (DomainName
== NULL
)
62 Info
.DomainName
.Buffer
= OrigInfo
->DomainName
.Buffer
;
63 Info
.DomainName
.Length
= OrigInfo
->DomainName
.Length
;
64 Info
.DomainName
.MaximumLength
= OrigInfo
->DomainName
.MaximumLength
;
68 Info
.DomainName
.Buffer
= (LPWSTR
)DomainName
;
69 Info
.DomainName
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
70 Info
.DomainName
.MaximumLength
= Info
.DomainName
.Length
+ sizeof(WCHAR
);
73 if (DomainSid
== NULL
)
74 Info
.DomainSid
= OrigInfo
->DomainSid
;
76 Info
.DomainSid
= DomainSid
;
80 Info
.DomainName
.Buffer
= (LPWSTR
)DomainName
;
81 Info
.DomainName
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
82 Info
.DomainName
.MaximumLength
= Info
.DomainName
.Length
+ sizeof(WCHAR
);
83 Info
.DomainSid
= DomainSid
;
86 Status
= LsaSetInformationPolicy(PolicyHandle
,
87 PolicyAccountDomainInformation
,
89 if (Status
!= STATUS_SUCCESS
)
91 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status
);
95 LsaFreeMemory(OrigInfo
);
97 LsaClose(PolicyHandle
);
99 DomainNameInfo
.DomainName
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
100 DomainNameInfo
.DomainName
.MaximumLength
= (wcslen(DomainName
) + 1) * sizeof(WCHAR
);
101 DomainNameInfo
.DomainName
.Buffer
= (LPWSTR
)DomainName
;
103 Status
= SamConnect(NULL
,
105 SAM_SERVER_CONNECT
| SAM_SERVER_LOOKUP_DOMAIN
,
107 if (NT_SUCCESS(Status
))
109 Status
= SamOpenDomain(ServerHandle
,
110 DOMAIN_WRITE_OTHER_PARAMETERS
,
113 if (NT_SUCCESS(Status
))
115 Status
= SamSetInformationDomain(DomainHandle
,
116 DomainNameInformation
,
117 (PVOID
)&DomainNameInfo
);
118 if (!NT_SUCCESS(Status
))
120 DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status
);
123 SamCloseHandle(DomainHandle
);
127 DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status
);
130 SamCloseHandle(ServerHandle
);
140 SetPrimaryDomain(LPCWSTR DomainName
,
143 PPOLICY_PRIMARY_DOMAIN_INFO OrigInfo
= NULL
;
144 POLICY_PRIMARY_DOMAIN_INFO Info
;
145 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
146 LSA_HANDLE PolicyHandle
;
149 DPRINT1("SYSSETUP: SetPrimaryDomain()\n");
151 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
152 ObjectAttributes
.Length
= sizeof(LSA_OBJECT_ATTRIBUTES
);
154 Status
= LsaOpenPolicy(NULL
,
156 POLICY_VIEW_LOCAL_INFORMATION
| POLICY_TRUST_ADMIN
,
158 if (Status
!= STATUS_SUCCESS
)
160 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status
);
164 Status
= LsaQueryInformationPolicy(PolicyHandle
,
165 PolicyPrimaryDomainInformation
,
167 if (Status
== STATUS_SUCCESS
&& OrigInfo
!= NULL
)
169 if (DomainName
== NULL
)
171 Info
.Name
.Buffer
= OrigInfo
->Name
.Buffer
;
172 Info
.Name
.Length
= OrigInfo
->Name
.Length
;
173 Info
.Name
.MaximumLength
= OrigInfo
->Name
.MaximumLength
;
177 Info
.Name
.Buffer
= (LPWSTR
)DomainName
;
178 Info
.Name
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
179 Info
.Name
.MaximumLength
= Info
.Name
.Length
+ sizeof(WCHAR
);
182 if (DomainSid
== NULL
)
183 Info
.Sid
= OrigInfo
->Sid
;
185 Info
.Sid
= DomainSid
;
189 Info
.Name
.Buffer
= (LPWSTR
)DomainName
;
190 Info
.Name
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
191 Info
.Name
.MaximumLength
= Info
.Name
.Length
+ sizeof(WCHAR
);
192 Info
.Sid
= DomainSid
;
195 Status
= LsaSetInformationPolicy(PolicyHandle
,
196 PolicyPrimaryDomainInformation
,
198 if (Status
!= STATUS_SUCCESS
)
200 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status
);
203 if (OrigInfo
!= NULL
)
204 LsaFreeMemory(OrigInfo
);
206 LsaClose(PolicyHandle
);
214 InstallBuiltinAccounts(VOID
)
216 LPWSTR BuiltinAccounts
[] = {
217 L
"S-1-1-0", /* Everyone */
218 L
"S-1-5-4", /* Interactive */
219 L
"S-1-5-6", /* Service */
220 L
"S-1-5-19", /* Local Service */
221 L
"S-1-5-20", /* Network Service */
222 L
"S-1-5-32-544", /* Administrators */
223 L
"S-1-5-32-545", /* Users */
224 L
"S-1-5-32-547", /* Power Users */
225 L
"S-1-5-32-551", /* Backup Operators */
226 L
"S-1-5-32-555"}; /* Remote Desktop Users */
227 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
229 LSA_HANDLE PolicyHandle
= NULL
;
230 LSA_HANDLE AccountHandle
= NULL
;
234 DPRINT("InstallBuiltinAccounts()\n");
236 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
238 Status
= LsaOpenPolicy(NULL
,
240 POLICY_CREATE_ACCOUNT
,
242 if (!NT_SUCCESS(Status
))
244 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status
);
248 for (i
= 0; i
< 10; i
++)
250 if (!ConvertStringSidToSid(BuiltinAccounts
[i
], &AccountSid
))
252 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", BuiltinAccounts
[i
], GetLastError());
256 Status
= LsaCreateAccount(PolicyHandle
,
260 if (NT_SUCCESS(Status
))
262 LsaClose(AccountHandle
);
265 LocalFree(AccountSid
);
268 LsaClose(PolicyHandle
);
274 InstallPrivileges(VOID
)
276 HINF hSecurityInf
= INVALID_HANDLE_VALUE
;
277 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
278 WCHAR szPrivilegeString
[256];
279 WCHAR szSidString
[256];
280 INFCONTEXT InfContext
;
282 PSID AccountSid
= NULL
;
284 LSA_HANDLE PolicyHandle
= NULL
;
285 LSA_UNICODE_STRING RightString
;
286 PLSA_TRANSLATED_SID2 Sids
= NULL
;
288 DPRINT("InstallPrivileges()\n");
290 hSecurityInf
= SetupOpenInfFileW(L
"defltws.inf", //szNameBuffer,
294 if (hSecurityInf
== INVALID_HANDLE_VALUE
)
296 DPRINT1("SetupOpenInfFileW failed\n");
300 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
302 Status
= LsaOpenPolicy(NULL
,
304 POLICY_CREATE_ACCOUNT
| POLICY_LOOKUP_NAMES
,
306 if (!NT_SUCCESS(Status
))
308 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status
);
312 if (!SetupFindFirstLineW(hSecurityInf
,
317 DPRINT1("SetupFindfirstLineW failed\n");
323 /* Retrieve the privilege name */
324 if (!SetupGetStringFieldW(&InfContext
,
330 DPRINT1("SetupGetStringFieldW() failed\n");
333 DPRINT("Privilege: %S\n", szPrivilegeString
);
335 for (i
= 0; i
< SetupGetFieldCount(&InfContext
); i
++)
337 if (!SetupGetStringFieldW(&InfContext
,
343 DPRINT1("SetupGetStringFieldW() failed\n");
346 DPRINT("SID: %S\n", szSidString
);
348 if (szSidString
[0] == UNICODE_NULL
)
351 if (szSidString
[0] == L
'*')
353 DPRINT("Account Sid: %S\n", &szSidString
[1]);
355 if (!ConvertStringSidToSid(&szSidString
[1], &AccountSid
))
357 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", szSidString
, GetLastError());
363 DPRINT("Account name: %S\n", szSidString
);
368 RtlInitUnicodeString(&RightString
, szPrivilegeString
);
369 Status
= LsaAddAccountRights(PolicyHandle
,
370 (AccountSid
!= NULL
) ? AccountSid
: Sids
[0].Sid
,
373 if (!NT_SUCCESS(Status
))
375 DPRINT1("LsaAddAccountRights() failed (Status %08lx)\n", Status
);
384 if (AccountSid
!= NULL
)
386 LocalFree(AccountSid
);
392 while (SetupFindNextLine(&InfContext
, &InfContext
));
395 if (PolicyHandle
!= NULL
)
396 LsaClose(PolicyHandle
);
398 if (hSecurityInf
!= INVALID_HANDLE_VALUE
)
399 SetupCloseInfFile(hSecurityInf
);
404 InstallSecurity(VOID
)
406 InstallBuiltinAccounts();
410 SetPrimaryDomain(L
"WORKGROUP", NULL
);
415 SetAdministratorPassword(LPCWSTR Password
)
417 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo
= NULL
;
418 PUSER_ACCOUNT_NAME_INFORMATION AccountNameInfo
= NULL
;
419 USER_SET_PASSWORD_INFORMATION PasswordInfo
;
420 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
421 LSA_HANDLE PolicyHandle
= NULL
;
422 SAM_HANDLE ServerHandle
= NULL
;
423 SAM_HANDLE DomainHandle
= NULL
;
424 SAM_HANDLE UserHandle
= NULL
;
427 DPRINT("SYSSETUP: SetAdministratorPassword(%p)\n", Password
);
429 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
430 ObjectAttributes
.Length
= sizeof(LSA_OBJECT_ATTRIBUTES
);
432 Status
= LsaOpenPolicy(NULL
,
434 POLICY_VIEW_LOCAL_INFORMATION
| POLICY_TRUST_ADMIN
,
436 if (Status
!= STATUS_SUCCESS
)
438 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status
);
442 Status
= LsaQueryInformationPolicy(PolicyHandle
,
443 PolicyAccountDomainInformation
,
445 if (!NT_SUCCESS(Status
))
447 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status
);
451 Status
= SamConnect(NULL
,
453 SAM_SERVER_CONNECT
| SAM_SERVER_LOOKUP_DOMAIN
,
455 if (!NT_SUCCESS(Status
))
457 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status
);
461 Status
= SamOpenDomain(ServerHandle
,
465 if (!NT_SUCCESS(Status
))
467 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status
);
471 Status
= SamOpenUser(DomainHandle
,
472 USER_FORCE_PASSWORD_CHANGE
| USER_READ_GENERAL
,
473 DOMAIN_USER_RID_ADMIN
,
475 if (!NT_SUCCESS(Status
))
477 DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status
);
481 RtlInitUnicodeString(&PasswordInfo
.Password
, Password
);
482 PasswordInfo
.PasswordExpired
= FALSE
;
484 Status
= SamSetInformationUser(UserHandle
,
485 UserSetPasswordInformation
,
486 (PVOID
)&PasswordInfo
);
487 if (!NT_SUCCESS(Status
))
489 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status
);
493 Status
= SamQueryInformationUser(UserHandle
,
494 UserAccountNameInformation
,
495 (PVOID
*)&AccountNameInfo
);
496 if (!NT_SUCCESS(Status
))
498 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status
);
502 AdminInfo
.Name
= RtlAllocateHeap(RtlGetProcessHeap(),
504 AccountNameInfo
->UserName
.Length
+ sizeof(WCHAR
));
505 if (AdminInfo
.Name
!= NULL
)
506 RtlCopyMemory(AdminInfo
.Name
,
507 AccountNameInfo
->UserName
.Buffer
,
508 AccountNameInfo
->UserName
.Length
);
510 AdminInfo
.Domain
= RtlAllocateHeap(RtlGetProcessHeap(),
512 OrigInfo
->DomainName
.Length
+ sizeof(WCHAR
));
513 if (AdminInfo
.Domain
!= NULL
)
514 RtlCopyMemory(AdminInfo
.Domain
,
515 OrigInfo
->DomainName
.Buffer
,
516 OrigInfo
->DomainName
.Length
);
518 AdminInfo
.Password
= RtlAllocateHeap(RtlGetProcessHeap(),
520 (wcslen(Password
) + 1) * sizeof(WCHAR
));
521 if (AdminInfo
.Password
!= NULL
)
522 wcscpy(AdminInfo
.Password
, Password
);
524 DPRINT("Administrator Name: %S\n", AdminInfo
.Name
);
525 DPRINT("Administrator Domain: %S\n", AdminInfo
.Domain
);
526 DPRINT("Administrator Password: %S\n", AdminInfo
.Password
);
529 if (AccountNameInfo
!= NULL
)
530 SamFreeMemory(AccountNameInfo
);
532 if (OrigInfo
!= NULL
)
533 LsaFreeMemory(OrigInfo
);
535 if (PolicyHandle
!= NULL
)
536 LsaClose(PolicyHandle
);
538 if (UserHandle
!= NULL
)
539 SamCloseHandle(UserHandle
);
541 if (DomainHandle
!= NULL
)
542 SamCloseHandle(DomainHandle
);
544 if (ServerHandle
!= NULL
)
545 SamCloseHandle(ServerHandle
);
547 DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status
);
554 SetAutoAdminLogon(VOID
)
556 WCHAR szAutoAdminLogon
[2];
562 lError
= RegOpenKeyExW(HKEY_LOCAL_MACHINE
,
563 L
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
565 KEY_READ
| KEY_WRITE
,
567 if (lError
!= ERROR_SUCCESS
)
570 dwSize
= 2 * sizeof(WCHAR
);
571 lError
= RegQueryValueExW(hKey
,
575 (LPBYTE
)szAutoAdminLogon
,
577 if (lError
!= ERROR_SUCCESS
)
580 if (wcscmp(szAutoAdminLogon
, L
"1") == 0)
583 L
"DefaultDomainName",
586 (LPBYTE
)AdminInfo
.Domain
,
587 (wcslen(AdminInfo
.Domain
) + 1) * sizeof(WCHAR
));
593 (LPBYTE
)AdminInfo
.Name
,
594 (wcslen(AdminInfo
.Name
) + 1) * sizeof(WCHAR
));
600 (LPBYTE
)AdminInfo
.Password
,
601 (wcslen(AdminInfo
.Password
) + 1) * sizeof(WCHAR
));