2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * PURPOSE: System setup
5 * FILE: dll/win32/syssetup/security.c
9 /* INCLUDES *****************************************************************/
21 /* FUNCTIONS ****************************************************************/
29 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo
= NULL
;
30 POLICY_ACCOUNT_DOMAIN_INFO Info
;
31 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
32 LSA_HANDLE PolicyHandle
;
34 SAM_HANDLE ServerHandle
= NULL
;
35 SAM_HANDLE DomainHandle
= NULL
;
36 DOMAIN_NAME_INFORMATION DomainNameInfo
;
40 DPRINT("SYSSETUP: SetAccountsDomainSid\n");
42 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
43 ObjectAttributes
.Length
= sizeof(LSA_OBJECT_ATTRIBUTES
);
45 Status
= LsaOpenPolicy(NULL
,
47 POLICY_VIEW_LOCAL_INFORMATION
| POLICY_TRUST_ADMIN
,
49 if (Status
!= STATUS_SUCCESS
)
51 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status
);
55 Status
= LsaQueryInformationPolicy(PolicyHandle
,
56 PolicyAccountDomainInformation
,
58 if (Status
== STATUS_SUCCESS
&& OrigInfo
!= NULL
)
60 if (DomainName
== NULL
)
62 Info
.DomainName
.Buffer
= OrigInfo
->DomainName
.Buffer
;
63 Info
.DomainName
.Length
= OrigInfo
->DomainName
.Length
;
64 Info
.DomainName
.MaximumLength
= OrigInfo
->DomainName
.MaximumLength
;
68 Info
.DomainName
.Buffer
= (LPWSTR
)DomainName
;
69 Info
.DomainName
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
70 Info
.DomainName
.MaximumLength
= Info
.DomainName
.Length
+ sizeof(WCHAR
);
73 if (DomainSid
== NULL
)
74 Info
.DomainSid
= OrigInfo
->DomainSid
;
76 Info
.DomainSid
= DomainSid
;
80 Info
.DomainName
.Buffer
= (LPWSTR
)DomainName
;
81 Info
.DomainName
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
82 Info
.DomainName
.MaximumLength
= Info
.DomainName
.Length
+ sizeof(WCHAR
);
83 Info
.DomainSid
= DomainSid
;
86 Status
= LsaSetInformationPolicy(PolicyHandle
,
87 PolicyAccountDomainInformation
,
89 if (Status
!= STATUS_SUCCESS
)
91 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status
);
95 LsaFreeMemory(OrigInfo
);
97 LsaClose(PolicyHandle
);
99 DomainNameInfo
.DomainName
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
100 DomainNameInfo
.DomainName
.MaximumLength
= (wcslen(DomainName
) + 1) * sizeof(WCHAR
);
101 DomainNameInfo
.DomainName
.Buffer
= (LPWSTR
)DomainName
;
103 Status
= SamConnect(NULL
,
105 SAM_SERVER_CONNECT
| SAM_SERVER_LOOKUP_DOMAIN
,
107 if (NT_SUCCESS(Status
))
109 Status
= SamOpenDomain(ServerHandle
,
110 DOMAIN_WRITE_OTHER_PARAMETERS
,
113 if (NT_SUCCESS(Status
))
115 Status
= SamSetInformationDomain(DomainHandle
,
116 DomainNameInformation
,
117 (PVOID
)&DomainNameInfo
);
118 if (!NT_SUCCESS(Status
))
120 DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status
);
123 SamCloseHandle(DomainHandle
);
127 DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status
);
130 SamCloseHandle(ServerHandle
);
140 SetPrimaryDomain(LPCWSTR DomainName
,
143 PPOLICY_PRIMARY_DOMAIN_INFO OrigInfo
= NULL
;
144 POLICY_PRIMARY_DOMAIN_INFO Info
;
145 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
146 LSA_HANDLE PolicyHandle
;
149 DPRINT1("SYSSETUP: SetPrimaryDomain()\n");
151 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
152 ObjectAttributes
.Length
= sizeof(LSA_OBJECT_ATTRIBUTES
);
154 Status
= LsaOpenPolicy(NULL
,
156 POLICY_VIEW_LOCAL_INFORMATION
| POLICY_TRUST_ADMIN
,
158 if (Status
!= STATUS_SUCCESS
)
160 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status
);
164 Status
= LsaQueryInformationPolicy(PolicyHandle
,
165 PolicyPrimaryDomainInformation
,
167 if (Status
== STATUS_SUCCESS
&& OrigInfo
!= NULL
)
169 if (DomainName
== NULL
)
171 Info
.Name
.Buffer
= OrigInfo
->Name
.Buffer
;
172 Info
.Name
.Length
= OrigInfo
->Name
.Length
;
173 Info
.Name
.MaximumLength
= OrigInfo
->Name
.MaximumLength
;
177 Info
.Name
.Buffer
= (LPWSTR
)DomainName
;
178 Info
.Name
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
179 Info
.Name
.MaximumLength
= Info
.Name
.Length
+ sizeof(WCHAR
);
182 if (DomainSid
== NULL
)
183 Info
.Sid
= OrigInfo
->Sid
;
185 Info
.Sid
= DomainSid
;
189 Info
.Name
.Buffer
= (LPWSTR
)DomainName
;
190 Info
.Name
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
191 Info
.Name
.MaximumLength
= Info
.Name
.Length
+ sizeof(WCHAR
);
192 Info
.Sid
= DomainSid
;
195 Status
= LsaSetInformationPolicy(PolicyHandle
,
196 PolicyPrimaryDomainInformation
,
198 if (Status
!= STATUS_SUCCESS
)
200 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status
);
203 if (OrigInfo
!= NULL
)
204 LsaFreeMemory(OrigInfo
);
206 LsaClose(PolicyHandle
);
214 InstallBuiltinAccounts(VOID
)
216 LPWSTR BuiltinAccounts
[] = {
217 L
"S-1-1-0", /* Everyone */
218 L
"S-1-5-4", /* Interactive */
219 L
"S-1-5-6", /* Service */
220 L
"S-1-5-19", /* Local Service */
221 L
"S-1-5-20", /* Network Service */
222 L
"S-1-5-32-544", /* Administrators */
223 L
"S-1-5-32-545", /* Users */
224 L
"S-1-5-32-547", /* Power Users */
225 L
"S-1-5-32-551", /* Backup Operators */
226 L
"S-1-5-32-555"}; /* Remote Desktop Users */
227 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
229 LSA_HANDLE PolicyHandle
= NULL
;
230 LSA_HANDLE AccountHandle
= NULL
;
234 DPRINT("InstallBuiltinAccounts()\n");
236 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
238 Status
= LsaOpenPolicy(NULL
,
240 POLICY_CREATE_ACCOUNT
,
242 if (!NT_SUCCESS(Status
))
244 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status
);
248 for (i
= 0; i
< ARRAYSIZE(BuiltinAccounts
); i
++)
250 if (!ConvertStringSidToSid(BuiltinAccounts
[i
], &AccountSid
))
252 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", BuiltinAccounts
[i
], GetLastError());
256 Status
= LsaCreateAccount(PolicyHandle
,
260 if (NT_SUCCESS(Status
))
262 LsaClose(AccountHandle
);
265 LocalFree(AccountSid
);
268 LsaClose(PolicyHandle
);
277 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
278 WCHAR szPrivilegeString
[256];
279 WCHAR szSidString
[256];
280 INFCONTEXT InfContext
;
282 PSID AccountSid
= NULL
;
284 LSA_HANDLE PolicyHandle
= NULL
;
285 LSA_UNICODE_STRING RightString
;
286 PLSA_TRANSLATED_SID2 Sids
= NULL
;
288 DPRINT("InstallPrivileges()\n");
290 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
292 Status
= LsaOpenPolicy(NULL
,
294 POLICY_CREATE_ACCOUNT
| POLICY_LOOKUP_NAMES
,
296 if (!NT_SUCCESS(Status
))
298 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status
);
302 if (!SetupFindFirstLineW(hSecurityInf
,
307 DPRINT1("SetupFindFirstLineW failed\n");
313 /* Retrieve the privilege name */
314 if (!SetupGetStringFieldW(&InfContext
,
317 ARRAYSIZE(szPrivilegeString
),
320 DPRINT1("SetupGetStringFieldW() failed\n");
323 DPRINT("Privilege: %S\n", szPrivilegeString
);
325 for (i
= 0; i
< SetupGetFieldCount(&InfContext
); i
++)
327 if (!SetupGetStringFieldW(&InfContext
,
330 ARRAYSIZE(szSidString
),
333 DPRINT1("SetupGetStringFieldW() failed\n");
336 DPRINT("SID: %S\n", szSidString
);
338 if (szSidString
[0] == UNICODE_NULL
)
341 if (szSidString
[0] == L
'*')
343 DPRINT("Account Sid: %S\n", &szSidString
[1]);
345 if (!ConvertStringSidToSid(&szSidString
[1], &AccountSid
))
347 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", szSidString
, GetLastError());
353 DPRINT("Account name: %S\n", szSidString
);
358 RtlInitUnicodeString(&RightString
, szPrivilegeString
);
359 Status
= LsaAddAccountRights(PolicyHandle
,
360 (AccountSid
!= NULL
) ? AccountSid
: Sids
[0].Sid
,
363 if (!NT_SUCCESS(Status
))
365 DPRINT1("LsaAddAccountRights() failed (Status %08lx)\n", Status
);
374 if (AccountSid
!= NULL
)
376 LocalFree(AccountSid
);
382 while (SetupFindNextLine(&InfContext
, &InfContext
));
385 if (PolicyHandle
!= NULL
)
386 LsaClose(PolicyHandle
);
395 WCHAR szRegistryPath
[MAX_PATH
];
396 WCHAR szRootName
[MAX_PATH
];
397 WCHAR szKeyName
[MAX_PATH
];
398 WCHAR szValueName
[MAX_PATH
];
399 INFCONTEXT InfContext
;
400 DWORD dwLength
, dwType
;
406 DPRINT("ApplyRegistryValues()\n");
408 if (!SetupFindFirstLineW(hSecurityInf
,
413 DPRINT1("SetupFindFirstLineW failed\n");
419 /* Retrieve the privilege name */
420 if (!SetupGetStringFieldW(&InfContext
,
423 ARRAYSIZE(szRegistryPath
),
426 DPRINT1("SetupGetStringFieldW() failed\n");
430 DPRINT("RegistryPath: %S\n", szRegistryPath
);
432 Ptr1
= wcschr(szRegistryPath
, L
'\\');
433 Ptr2
= wcsrchr(szRegistryPath
, L
'\\');
434 if (Ptr1
!= NULL
&& Ptr2
!= NULL
&& Ptr1
!= Ptr2
)
436 dwLength
= (DWORD
)(((ULONG_PTR
)Ptr1
- (ULONG_PTR
)szRegistryPath
) / sizeof(WCHAR
));
437 wcsncpy(szRootName
, szRegistryPath
, dwLength
);
438 szRootName
[dwLength
] = UNICODE_NULL
;
441 dwLength
= (DWORD
)(((ULONG_PTR
)Ptr2
- (ULONG_PTR
)Ptr1
) / sizeof(WCHAR
));
442 wcsncpy(szKeyName
, Ptr1
, dwLength
);
443 szKeyName
[dwLength
] = UNICODE_NULL
;
446 wcscpy(szValueName
, Ptr2
);
448 DPRINT("RootName: %S\n", szRootName
);
449 DPRINT("KeyName: %S\n", szKeyName
);
450 DPRINT("ValueName: %S\n", szValueName
);
452 if (_wcsicmp(szRootName
, L
"Machine") == 0)
454 hRootKey
= HKEY_LOCAL_MACHINE
;
458 DPRINT1("Unsupported root key %S\n", szRootName
);
462 if (!SetupGetIntField(&InfContext
,
466 DPRINT1("Failed to create the key %S (Error %lu)\n", szKeyName
, dwError
);
470 if (dwType
!= REG_SZ
&& dwType
!= REG_EXPAND_SZ
&& dwType
!= REG_BINARY
&&
471 dwType
!= REG_DWORD
&& dwType
!= REG_MULTI_SZ
)
473 DPRINT1("Invalid value type %lu\n", dwType
);
482 SetupGetStringField(&InfContext
,
487 dwLength
*= sizeof(WCHAR
);
491 SetupGetBinaryField(&InfContext
,
499 dwLength
= sizeof(INT
);
503 SetupGetMultiSzField(&InfContext
,
508 dwLength
*= sizeof(WCHAR
);
514 DPRINT1("Failed to determine the required buffer size!\n");
518 dwError
= RegCreateKeyExW(hRootKey
,
522 REG_OPTION_NON_VOLATILE
,
527 if (dwError
!= ERROR_SUCCESS
)
529 DPRINT1("Failed to create the key %S (Error %lu)\n", szKeyName
, dwError
);
533 pBuffer
= HeapAlloc(GetProcessHeap(), 0, dwLength
);
540 SetupGetStringField(&InfContext
,
543 dwLength
/ sizeof(WCHAR
),
545 dwLength
*= sizeof(WCHAR
);
549 SetupGetBinaryField(&InfContext
,
557 SetupGetIntField(&InfContext
,
563 SetupGetMultiSzField(&InfContext
,
566 dwLength
/ sizeof(WCHAR
),
568 dwLength
*= sizeof(WCHAR
);
579 HeapFree(GetProcessHeap(), 0, pBuffer
);
585 while (SetupFindNextLine(&InfContext
, &InfContext
));
590 InstallSecurity(VOID
)
592 HINF hSecurityInf
= INVALID_HANDLE_VALUE
;
593 PWSTR pszSecurityInf
;
596 // pszSecurityInf = L"defltsv.inf";
598 pszSecurityInf
= L
"defltws.inf";
600 InstallBuiltinAccounts();
602 hSecurityInf
= SetupOpenInfFileW(pszSecurityInf
,
606 if (hSecurityInf
== INVALID_HANDLE_VALUE
)
608 DPRINT1("SetupOpenInfFileW failed\n");
612 InstallPrivileges(hSecurityInf
);
613 ApplyRegistryValues(hSecurityInf
);
615 SetupCloseInfFile(hSecurityInf
);
618 SetPrimaryDomain(L
"WORKGROUP", NULL
);
623 SetAdministratorPassword(LPCWSTR Password
)
625 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo
= NULL
;
626 PUSER_ACCOUNT_NAME_INFORMATION AccountNameInfo
= NULL
;
627 USER_SET_PASSWORD_INFORMATION PasswordInfo
;
628 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
629 LSA_HANDLE PolicyHandle
= NULL
;
630 SAM_HANDLE ServerHandle
= NULL
;
631 SAM_HANDLE DomainHandle
= NULL
;
632 SAM_HANDLE UserHandle
= NULL
;
635 DPRINT("SYSSETUP: SetAdministratorPassword(%p)\n", Password
);
637 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
638 ObjectAttributes
.Length
= sizeof(LSA_OBJECT_ATTRIBUTES
);
640 Status
= LsaOpenPolicy(NULL
,
642 POLICY_VIEW_LOCAL_INFORMATION
| POLICY_TRUST_ADMIN
,
644 if (Status
!= STATUS_SUCCESS
)
646 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status
);
650 Status
= LsaQueryInformationPolicy(PolicyHandle
,
651 PolicyAccountDomainInformation
,
653 if (!NT_SUCCESS(Status
))
655 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status
);
659 Status
= SamConnect(NULL
,
661 SAM_SERVER_CONNECT
| SAM_SERVER_LOOKUP_DOMAIN
,
663 if (!NT_SUCCESS(Status
))
665 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status
);
669 Status
= SamOpenDomain(ServerHandle
,
673 if (!NT_SUCCESS(Status
))
675 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status
);
679 Status
= SamOpenUser(DomainHandle
,
680 USER_FORCE_PASSWORD_CHANGE
| USER_READ_GENERAL
,
681 DOMAIN_USER_RID_ADMIN
,
683 if (!NT_SUCCESS(Status
))
685 DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status
);
689 RtlInitUnicodeString(&PasswordInfo
.Password
, Password
);
690 PasswordInfo
.PasswordExpired
= FALSE
;
692 Status
= SamSetInformationUser(UserHandle
,
693 UserSetPasswordInformation
,
694 (PVOID
)&PasswordInfo
);
695 if (!NT_SUCCESS(Status
))
697 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status
);
701 Status
= SamQueryInformationUser(UserHandle
,
702 UserAccountNameInformation
,
703 (PVOID
*)&AccountNameInfo
);
704 if (!NT_SUCCESS(Status
))
706 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status
);
710 AdminInfo
.Name
= RtlAllocateHeap(RtlGetProcessHeap(),
712 AccountNameInfo
->UserName
.Length
+ sizeof(WCHAR
));
713 if (AdminInfo
.Name
!= NULL
)
714 RtlCopyMemory(AdminInfo
.Name
,
715 AccountNameInfo
->UserName
.Buffer
,
716 AccountNameInfo
->UserName
.Length
);
718 AdminInfo
.Domain
= RtlAllocateHeap(RtlGetProcessHeap(),
720 OrigInfo
->DomainName
.Length
+ sizeof(WCHAR
));
721 if (AdminInfo
.Domain
!= NULL
)
722 RtlCopyMemory(AdminInfo
.Domain
,
723 OrigInfo
->DomainName
.Buffer
,
724 OrigInfo
->DomainName
.Length
);
726 AdminInfo
.Password
= RtlAllocateHeap(RtlGetProcessHeap(),
728 (wcslen(Password
) + 1) * sizeof(WCHAR
));
729 if (AdminInfo
.Password
!= NULL
)
730 wcscpy(AdminInfo
.Password
, Password
);
732 DPRINT("Administrator Name: %S\n", AdminInfo
.Name
);
733 DPRINT("Administrator Domain: %S\n", AdminInfo
.Domain
);
734 DPRINT("Administrator Password: %S\n", AdminInfo
.Password
);
737 if (AccountNameInfo
!= NULL
)
738 SamFreeMemory(AccountNameInfo
);
740 if (OrigInfo
!= NULL
)
741 LsaFreeMemory(OrigInfo
);
743 if (PolicyHandle
!= NULL
)
744 LsaClose(PolicyHandle
);
746 if (UserHandle
!= NULL
)
747 SamCloseHandle(UserHandle
);
749 if (DomainHandle
!= NULL
)
750 SamCloseHandle(DomainHandle
);
752 if (ServerHandle
!= NULL
)
753 SamCloseHandle(ServerHandle
);
755 DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status
);
762 SetAutoAdminLogon(VOID
)
764 WCHAR szAutoAdminLogon
[2];
770 lError
= RegOpenKeyExW(HKEY_LOCAL_MACHINE
,
771 L
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
773 KEY_READ
| KEY_WRITE
,
775 if (lError
!= ERROR_SUCCESS
)
778 dwSize
= 2 * sizeof(WCHAR
);
779 lError
= RegQueryValueExW(hKey
,
783 (LPBYTE
)szAutoAdminLogon
,
785 if (lError
!= ERROR_SUCCESS
)
788 if (wcscmp(szAutoAdminLogon
, L
"1") == 0)
791 L
"DefaultDomainName",
794 (LPBYTE
)AdminInfo
.Domain
,
795 (wcslen(AdminInfo
.Domain
) + 1) * sizeof(WCHAR
));
801 (LPBYTE
)AdminInfo
.Name
,
802 (wcslen(AdminInfo
.Name
) + 1) * sizeof(WCHAR
));
808 (LPBYTE
)AdminInfo
.Password
,
809 (wcslen(AdminInfo
.Password
) + 1) * sizeof(WCHAR
));