2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * PURPOSE: System setup
5 * FILE: dll/win32/syssetup/security.c
9 /* INCLUDES *****************************************************************/
21 /* FUNCTIONS ****************************************************************/
24 SetAccountDomain(LPCWSTR DomainName
,
27 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo
= NULL
;
28 POLICY_ACCOUNT_DOMAIN_INFO Info
;
29 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
30 LSA_HANDLE PolicyHandle
;
32 SAM_HANDLE ServerHandle
= NULL
;
33 SAM_HANDLE DomainHandle
= NULL
;
34 DOMAIN_NAME_INFORMATION DomainNameInfo
;
38 DPRINT1("SYSSETUP: SetAccountDomain\n");
40 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
41 ObjectAttributes
.Length
= sizeof(LSA_OBJECT_ATTRIBUTES
);
43 Status
= LsaOpenPolicy(NULL
,
45 POLICY_VIEW_LOCAL_INFORMATION
| POLICY_TRUST_ADMIN
,
47 if (Status
!= STATUS_SUCCESS
)
49 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status
);
53 Status
= LsaQueryInformationPolicy(PolicyHandle
,
54 PolicyAccountDomainInformation
,
56 if (Status
== STATUS_SUCCESS
&& OrigInfo
!= NULL
)
58 if (DomainName
== NULL
)
60 Info
.DomainName
.Buffer
= OrigInfo
->DomainName
.Buffer
;
61 Info
.DomainName
.Length
= OrigInfo
->DomainName
.Length
;
62 Info
.DomainName
.MaximumLength
= OrigInfo
->DomainName
.MaximumLength
;
66 Info
.DomainName
.Buffer
= (LPWSTR
)DomainName
;
67 Info
.DomainName
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
68 Info
.DomainName
.MaximumLength
= Info
.DomainName
.Length
+ sizeof(WCHAR
);
71 if (DomainSid
== NULL
)
72 Info
.DomainSid
= OrigInfo
->DomainSid
;
74 Info
.DomainSid
= DomainSid
;
78 Info
.DomainName
.Buffer
= (LPWSTR
)DomainName
;
79 Info
.DomainName
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
80 Info
.DomainName
.MaximumLength
= Info
.DomainName
.Length
+ sizeof(WCHAR
);
81 Info
.DomainSid
= DomainSid
;
84 Status
= LsaSetInformationPolicy(PolicyHandle
,
85 PolicyAccountDomainInformation
,
87 if (Status
!= STATUS_SUCCESS
)
89 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status
);
93 LsaFreeMemory(OrigInfo
);
95 LsaClose(PolicyHandle
);
97 DomainNameInfo
.DomainName
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
98 DomainNameInfo
.DomainName
.MaximumLength
= (wcslen(DomainName
) + 1) * sizeof(WCHAR
);
99 DomainNameInfo
.DomainName
.Buffer
= (LPWSTR
)DomainName
;
101 Status
= SamConnect(NULL
,
103 SAM_SERVER_CONNECT
| SAM_SERVER_LOOKUP_DOMAIN
,
105 if (NT_SUCCESS(Status
))
107 Status
= SamOpenDomain(ServerHandle
,
108 DOMAIN_WRITE_OTHER_PARAMETERS
,
111 if (NT_SUCCESS(Status
))
113 Status
= SamSetInformationDomain(DomainHandle
,
114 DomainNameInformation
,
115 (PVOID
)&DomainNameInfo
);
116 if (!NT_SUCCESS(Status
))
118 DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status
);
121 SamCloseHandle(DomainHandle
);
125 DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status
);
128 SamCloseHandle(ServerHandle
);
137 InstallBuiltinAccounts(VOID
)
139 LPWSTR BuiltinAccounts
[] = {
140 L
"S-1-1-0", /* Everyone */
141 L
"S-1-5-4", /* Interactive */
142 L
"S-1-5-6", /* Service */
143 L
"S-1-5-19", /* Local Service */
144 L
"S-1-5-20", /* Network Service */
145 L
"S-1-5-32-544", /* Administrators */
146 L
"S-1-5-32-545", /* Users */
147 L
"S-1-5-32-547", /* Power Users */
148 L
"S-1-5-32-551", /* Backup Operators */
149 L
"S-1-5-32-555"}; /* Remote Desktop Users */
150 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
152 LSA_HANDLE PolicyHandle
= NULL
;
153 LSA_HANDLE AccountHandle
= NULL
;
157 DPRINT("InstallBuiltinAccounts()\n");
159 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
161 Status
= LsaOpenPolicy(NULL
,
163 POLICY_CREATE_ACCOUNT
,
165 if (!NT_SUCCESS(Status
))
167 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status
);
171 for (i
= 0; i
< 10; i
++)
173 ConvertStringSidToSid(BuiltinAccounts
[i
], &AccountSid
);
175 Status
= LsaCreateAccount(PolicyHandle
,
179 if (NT_SUCCESS(Status
))
181 LsaClose(AccountHandle
);
184 LocalFree(AccountSid
);
187 LsaClose(PolicyHandle
);
193 InstallPrivileges(VOID
)
195 HINF hSecurityInf
= INVALID_HANDLE_VALUE
;
196 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
197 WCHAR szPrivilegeString
[256];
198 WCHAR szSidString
[256];
199 INFCONTEXT InfContext
;
201 PRIVILEGE_SET PrivilegeSet
;
204 LSA_HANDLE PolicyHandle
= NULL
;
205 LSA_HANDLE AccountHandle
;
207 DPRINT("InstallPrivileges()\n");
209 hSecurityInf
= SetupOpenInfFileW(L
"defltws.inf", //szNameBuffer,
213 if (hSecurityInf
== INVALID_HANDLE_VALUE
)
215 DPRINT1("SetupOpenInfFileW failed\n");
219 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
221 Status
= LsaOpenPolicy(NULL
,
223 POLICY_CREATE_ACCOUNT
,
225 if (!NT_SUCCESS(Status
))
227 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status
);
231 if (!SetupFindFirstLineW(hSecurityInf
,
236 DPRINT1("SetupFindfirstLineW failed\n");
240 PrivilegeSet
.PrivilegeCount
= 1;
241 PrivilegeSet
.Control
= 0;
245 /* Retrieve the privilege name */
246 if (!SetupGetStringFieldW(&InfContext
,
252 DPRINT1("SetupGetStringFieldW() failed\n");
255 DPRINT("Privilege: %S\n", szPrivilegeString
);
257 if (!LookupPrivilegeValueW(NULL
,
259 &(PrivilegeSet
.Privilege
[0].Luid
)))
261 DPRINT1("LookupPrivilegeNameW() failed\n");
265 PrivilegeSet
.Privilege
[0].Attributes
= 0;
267 for (i
= 0; i
< SetupGetFieldCount(&InfContext
); i
++)
269 if (!SetupGetStringFieldW(&InfContext
,
275 DPRINT1("SetupGetStringFieldW() failed\n");
278 DPRINT("SID: %S\n", szSidString
);
280 ConvertStringSidToSid(szSidString
, &AccountSid
);
282 Status
= LsaOpenAccount(PolicyHandle
,
284 ACCOUNT_VIEW
| ACCOUNT_ADJUST_PRIVILEGES
,
286 if (NT_SUCCESS(Status
))
288 Status
= LsaAddPrivilegesToAccount(AccountHandle
,
290 if (!NT_SUCCESS(Status
))
292 DPRINT1("LsaAddPrivilegesToAccount() failed (Status %08lx)\n", Status
);
295 LsaClose(AccountHandle
);
298 LocalFree(AccountSid
);
302 while (SetupFindNextLine(&InfContext
, &InfContext
));
305 if (PolicyHandle
!= NULL
)
306 LsaClose(PolicyHandle
);
308 if (hSecurityInf
!= INVALID_HANDLE_VALUE
)
309 SetupCloseInfFile(hSecurityInf
);
313 InstallSecurity(VOID
)
315 InstallBuiltinAccounts();
321 SetAdministratorPassword(LPCWSTR Password
)
323 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo
= NULL
;
324 PUSER_ACCOUNT_NAME_INFORMATION AccountNameInfo
= NULL
;
325 USER_SET_PASSWORD_INFORMATION PasswordInfo
;
326 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
327 LSA_HANDLE PolicyHandle
= NULL
;
328 SAM_HANDLE ServerHandle
= NULL
;
329 SAM_HANDLE DomainHandle
= NULL
;
330 SAM_HANDLE UserHandle
= NULL
;
333 DPRINT("SYSSETUP: SetAdministratorPassword(%p)\n", Password
);
335 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
336 ObjectAttributes
.Length
= sizeof(LSA_OBJECT_ATTRIBUTES
);
338 Status
= LsaOpenPolicy(NULL
,
340 POLICY_VIEW_LOCAL_INFORMATION
| POLICY_TRUST_ADMIN
,
342 if (Status
!= STATUS_SUCCESS
)
344 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status
);
348 Status
= LsaQueryInformationPolicy(PolicyHandle
,
349 PolicyAccountDomainInformation
,
351 if (!NT_SUCCESS(Status
))
353 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status
);
357 Status
= SamConnect(NULL
,
359 SAM_SERVER_CONNECT
| SAM_SERVER_LOOKUP_DOMAIN
,
361 if (!NT_SUCCESS(Status
))
363 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status
);
367 Status
= SamOpenDomain(ServerHandle
,
371 if (!NT_SUCCESS(Status
))
373 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status
);
377 Status
= SamOpenUser(DomainHandle
,
378 USER_FORCE_PASSWORD_CHANGE
| USER_READ_GENERAL
,
379 DOMAIN_USER_RID_ADMIN
,
381 if (!NT_SUCCESS(Status
))
383 DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status
);
387 RtlInitUnicodeString(&PasswordInfo
.Password
, Password
);
388 PasswordInfo
.PasswordExpired
= FALSE
;
390 Status
= SamSetInformationUser(UserHandle
,
391 UserSetPasswordInformation
,
392 (PVOID
)&PasswordInfo
);
393 if (!NT_SUCCESS(Status
))
395 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status
);
399 Status
= SamQueryInformationUser(UserHandle
,
400 UserAccountNameInformation
,
401 (PVOID
*)&AccountNameInfo
);
402 if (!NT_SUCCESS(Status
))
404 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status
);
408 AdminInfo
.Name
= RtlAllocateHeap(RtlGetProcessHeap(),
410 AccountNameInfo
->UserName
.Length
+ sizeof(WCHAR
));
411 if (AdminInfo
.Name
!= NULL
)
412 RtlCopyMemory(AdminInfo
.Name
,
413 AccountNameInfo
->UserName
.Buffer
,
414 AccountNameInfo
->UserName
.Length
);
416 AdminInfo
.Domain
= RtlAllocateHeap(RtlGetProcessHeap(),
418 OrigInfo
->DomainName
.Length
+ sizeof(WCHAR
));
419 if (AdminInfo
.Domain
!= NULL
)
420 RtlCopyMemory(AdminInfo
.Domain
,
421 OrigInfo
->DomainName
.Buffer
,
422 OrigInfo
->DomainName
.Length
);
424 AdminInfo
.Password
= RtlAllocateHeap(RtlGetProcessHeap(),
426 (wcslen(Password
) + 1) * sizeof(WCHAR
));
427 if (AdminInfo
.Password
!= NULL
)
428 wcscpy(AdminInfo
.Password
, Password
);
430 DPRINT("Administrator Name: %S\n", AdminInfo
.Name
);
431 DPRINT("Administrator Domain: %S\n", AdminInfo
.Domain
);
432 DPRINT("Administrator Password: %S\n", AdminInfo
.Password
);
435 if (AccountNameInfo
!= NULL
)
436 SamFreeMemory(AccountNameInfo
);
438 if (OrigInfo
!= NULL
)
439 LsaFreeMemory(OrigInfo
);
441 if (PolicyHandle
!= NULL
)
442 LsaClose(PolicyHandle
);
444 if (UserHandle
!= NULL
)
445 SamCloseHandle(UserHandle
);
447 if (DomainHandle
!= NULL
)
448 SamCloseHandle(DomainHandle
);
450 if (ServerHandle
!= NULL
)
451 SamCloseHandle(ServerHandle
);
453 DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status
);
460 SetAutoAdminLogon(VOID
)
462 WCHAR szAutoAdminLogon
[2];
468 lError
= RegOpenKeyExW(HKEY_LOCAL_MACHINE
,
469 L
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
471 KEY_READ
| KEY_WRITE
,
473 if (lError
!= ERROR_SUCCESS
)
476 dwSize
= 2 * sizeof(WCHAR
);
477 lError
= RegQueryValueExW(hKey
,
481 (LPBYTE
)szAutoAdminLogon
,
483 if (lError
!= ERROR_SUCCESS
)
486 if (wcscmp(szAutoAdminLogon
, L
"1") == 0)
492 (LPBYTE
)AdminInfo
.Domain
,
493 (wcslen(AdminInfo
.Domain
) + 1) * sizeof(WCHAR
));
499 (LPBYTE
)AdminInfo
.Name
,
500 (wcslen(AdminInfo
.Name
) + 1) * sizeof(WCHAR
));
506 (LPBYTE
)AdminInfo
.Password
,
507 (wcslen(AdminInfo
.Password
) + 1) * sizeof(WCHAR
));