projects / reactos.git / blob
? search:


ff2c329dc2e97cabec55ea1724a3ddf17db326a7
[reactos.git] / dll / win32 / syssetup / security.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * PURPOSE: System setup
5 * FILE: dll/win32/syssetup/security.c
6 * PROGRAMER: Eric Kohl
7 */
8
9 /* INCLUDES *****************************************************************/
10
11 #include "precomp.h"
12
13 #include <ntlsa.h>
14 #include <ntsecapi.h>
15 #include <ntsam.h>
16 #include <sddl.h>
17
18 #define NDEBUG
19 #include <debug.h>
20
21 /* FUNCTIONS ****************************************************************/
22
23 NTSTATUS
24 WINAPI
25 SetAccountsDomainSid(
26 PSID DomainSid,
27 LPCWSTR DomainName)
28 {
29 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
30 POLICY_ACCOUNT_DOMAIN_INFO Info;
31 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
32 LSA_HANDLE PolicyHandle;
33
34 SAM_HANDLE ServerHandle = NULL;
35 SAM_HANDLE DomainHandle = NULL;
36 DOMAIN_NAME_INFORMATION DomainNameInfo;
37
38 NTSTATUS Status;
39
40 DPRINT("SYSSETUP: SetAccountsDomainSid\n");
41
42 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
43 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
44
45 Status = LsaOpenPolicy(NULL,
46 &ObjectAttributes,
47 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
48 &PolicyHandle);
49 if (Status != STATUS_SUCCESS)
50 {
51 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
52 return Status;
53 }
54
55 Status = LsaQueryInformationPolicy(PolicyHandle,
56 PolicyAccountDomainInformation,
57 (PVOID *)&OrigInfo);
58 if (Status == STATUS_SUCCESS && OrigInfo != NULL)
59 {
60 if (DomainName == NULL)
61 {
62 Info.DomainName.Buffer = OrigInfo->DomainName.Buffer;
63 Info.DomainName.Length = OrigInfo->DomainName.Length;
64 Info.DomainName.MaximumLength = OrigInfo->DomainName.MaximumLength;
65 }
66 else
67 {
68 Info.DomainName.Buffer = (LPWSTR)DomainName;
69 Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
70 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
71 }
72
73 if (DomainSid == NULL)
74 Info.DomainSid = OrigInfo->DomainSid;
75 else
76 Info.DomainSid = DomainSid;
77 }
78 else
79 {
80 Info.DomainName.Buffer = (LPWSTR)DomainName;
81 Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
82 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
83 Info.DomainSid = DomainSid;
84 }
85
86 Status = LsaSetInformationPolicy(PolicyHandle,
87 PolicyAccountDomainInformation,
88 (PVOID)&Info);
89 if (Status != STATUS_SUCCESS)
90 {
91 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status);
92 }
93
94 if (OrigInfo != NULL)
95 LsaFreeMemory(OrigInfo);
96
97 LsaClose(PolicyHandle);
98
99 DomainNameInfo.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
100 DomainNameInfo.DomainName.MaximumLength = (wcslen(DomainName) + 1) * sizeof(WCHAR);
101 DomainNameInfo.DomainName.Buffer = (LPWSTR)DomainName;
102
103 Status = SamConnect(NULL,
104 &ServerHandle,
105 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
106 NULL);
107 if (NT_SUCCESS(Status))
108 {
109 Status = SamOpenDomain(ServerHandle,
110 DOMAIN_WRITE_OTHER_PARAMETERS,
111 Info.DomainSid,
112 &DomainHandle);
113 if (NT_SUCCESS(Status))
114 {
115 Status = SamSetInformationDomain(DomainHandle,
116 DomainNameInformation,
117 (PVOID)&DomainNameInfo);
118 if (!NT_SUCCESS(Status))
119 {
120 DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status);
121 }
122
123 SamCloseHandle(DomainHandle);
124 }
125 else
126 {
127 DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status);
128 }
129
130 SamCloseHandle(ServerHandle);
131 }
132
133 return Status;
134 }
135
136
137 /* Hack */
138 static
139 NTSTATUS
140 SetPrimaryDomain(LPCWSTR DomainName,
141 PSID DomainSid)
142 {
143 PPOLICY_PRIMARY_DOMAIN_INFO OrigInfo = NULL;
144 POLICY_PRIMARY_DOMAIN_INFO Info;
145 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
146 LSA_HANDLE PolicyHandle;
147 NTSTATUS Status;
148
149 DPRINT1("SYSSETUP: SetPrimaryDomain()\n");
150
151 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
152 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
153
154 Status = LsaOpenPolicy(NULL,
155 &ObjectAttributes,
156 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
157 &PolicyHandle);
158 if (Status != STATUS_SUCCESS)
159 {
160 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
161 return Status;
162 }
163
164 Status = LsaQueryInformationPolicy(PolicyHandle,
165 PolicyPrimaryDomainInformation,
166 (PVOID *)&OrigInfo);
167 if (Status == STATUS_SUCCESS && OrigInfo != NULL)
168 {
169 if (DomainName == NULL)
170 {
171 Info.Name.Buffer = OrigInfo->Name.Buffer;
172 Info.Name.Length = OrigInfo->Name.Length;
173 Info.Name.MaximumLength = OrigInfo->Name.MaximumLength;
174 }
175 else
176 {
177 Info.Name.Buffer = (LPWSTR)DomainName;
178 Info.Name.Length = wcslen(DomainName) * sizeof(WCHAR);
179 Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR);
180 }
181
182 if (DomainSid == NULL)
183 Info.Sid = OrigInfo->Sid;
184 else
185 Info.Sid = DomainSid;
186 }
187 else
188 {
189 Info.Name.Buffer = (LPWSTR)DomainName;
190 Info.Name.Length = wcslen(DomainName) * sizeof(WCHAR);
191 Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR);
192 Info.Sid = DomainSid;
193 }
194
195 Status = LsaSetInformationPolicy(PolicyHandle,
196 PolicyPrimaryDomainInformation,
197 (PVOID)&Info);
198 if (Status != STATUS_SUCCESS)
199 {
200 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status);
201 }
202
203 if (OrigInfo != NULL)
204 LsaFreeMemory(OrigInfo);
205
206 LsaClose(PolicyHandle);
207
208 return Status;
209 }
210
211
212 static
213 VOID
214 InstallBuiltinAccounts(VOID)
215 {
216 LPWSTR BuiltinAccounts[] = {
217 L"S-1-1-0", /* Everyone */
218 L"S-1-5-4", /* Interactive */
219 L"S-1-5-6", /* Service */
220 L"S-1-5-19", /* Local Service */
221 L"S-1-5-20", /* Network Service */
222 L"S-1-5-32-544", /* Administrators */
223 L"S-1-5-32-545", /* Users */
224 L"S-1-5-32-547", /* Power Users */
225 L"S-1-5-32-551", /* Backup Operators */
226 L"S-1-5-32-555"}; /* Remote Desktop Users */
227 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
228 NTSTATUS Status;
229 LSA_HANDLE PolicyHandle = NULL;
230 LSA_HANDLE AccountHandle = NULL;
231 PSID AccountSid;
232 ULONG i;
233
234 DPRINT("InstallBuiltinAccounts()\n");
235
236 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
237
238 Status = LsaOpenPolicy(NULL,
239 &ObjectAttributes,
240 POLICY_CREATE_ACCOUNT,
241 &PolicyHandle);
242 if (!NT_SUCCESS(Status))
243 {
244 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
245 return;
246 }
247
248 for (i = 0; i < ARRAYSIZE(BuiltinAccounts); i++)
249 {
250 if (!ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid))
251 {
252 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", BuiltinAccounts[i], GetLastError());
253 continue;
254 }
255
256 Status = LsaCreateAccount(PolicyHandle,
257 AccountSid,
258 0,
259 &AccountHandle);
260 if (NT_SUCCESS(Status))
261 {
262 LsaClose(AccountHandle);
263 }
264
265 LocalFree(AccountSid);
266 }
267
268 LsaClose(PolicyHandle);
269 }
270
271
272 static
273 VOID
274 InstallPrivileges(
275 HINF hSecurityInf)
276 {
277 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
278 WCHAR szPrivilegeString[256];
279 WCHAR szSidString[256];
280 INFCONTEXT InfContext;
281 DWORD i;
282 PSID AccountSid = NULL;
283 NTSTATUS Status;
284 LSA_HANDLE PolicyHandle = NULL;
285 LSA_UNICODE_STRING RightString, AccountName;
286 PLSA_REFERENCED_DOMAIN_LIST ReferencedDomains = NULL;
287 PLSA_TRANSLATED_SID2 Sids = NULL;
288
289 DPRINT("InstallPrivileges()\n");
290
291 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
292
293 Status = LsaOpenPolicy(NULL,
294 &ObjectAttributes,
295 POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES,
296 &PolicyHandle);
297 if (!NT_SUCCESS(Status))
298 {
299 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
300 goto done;
301 }
302
303 if (!SetupFindFirstLineW(hSecurityInf,
304 L"Privilege Rights",
305 NULL,
306 &InfContext))
307 {
308 DPRINT1("SetupFindFirstLineW failed\n");
309 goto done;
310 }
311
312 do
313 {
314 /* Retrieve the privilege name */
315 if (!SetupGetStringFieldW(&InfContext,
316 0,
317 szPrivilegeString,
318 ARRAYSIZE(szPrivilegeString),
319 NULL))
320 {
321 DPRINT1("SetupGetStringFieldW() failed\n");
322 goto done;
323 }
324 DPRINT("Privilege: %S\n", szPrivilegeString);
325
326 for (i = 0; i < SetupGetFieldCount(&InfContext); i++)
327 {
328 if (!SetupGetStringFieldW(&InfContext,
329 i + 1,
330 szSidString,
331 ARRAYSIZE(szSidString),
332 NULL))
333 {
334 DPRINT1("SetupGetStringFieldW() failed\n");
335 goto done;
336 }
337 DPRINT("SID: %S\n", szSidString);
338
339 if (szSidString[0] == UNICODE_NULL)
340 continue;
341
342 if (szSidString[0] == L'*')
343 {
344 DPRINT("Account Sid: %S\n", &szSidString[1]);
345
346 if (!ConvertStringSidToSid(&szSidString[1], &AccountSid))
347 {
348 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", szSidString, GetLastError());
349 continue;
350 }
351 }
352 else
353 {
354 DPRINT("Account name: %S\n", szSidString);
355
356 ReferencedDomains = NULL;
357 Sids = NULL;
358 RtlInitUnicodeString(&AccountName, szSidString);
359 Status = LsaLookupNames2(PolicyHandle,
360 0,
361 1,
362 &AccountName,
363 &ReferencedDomains,
364 &Sids);
365 if (ReferencedDomains != NULL)
366 {
367 LsaFreeMemory(ReferencedDomains);
368 }
369
370 if (!NT_SUCCESS(Status))
371 {
372 DPRINT1("LsaLookupNames2() failed (Status 0x%08lx)\n", Status);
373
374 if (Sids != NULL)
375 {
376 LsaFreeMemory(Sids);
377 Sids = NULL;
378 }
379
380 continue;
381 }
382 }
383
384 RtlInitUnicodeString(&RightString, szPrivilegeString);
385 Status = LsaAddAccountRights(PolicyHandle,
386 (AccountSid != NULL) ? AccountSid : Sids[0].Sid,
387 &RightString,
388 1);
389 if (!NT_SUCCESS(Status))
390 {
391 DPRINT1("LsaAddAccountRights() failed (Status %08lx)\n", Status);
392 }
393
394 if (Sids != NULL)
395 {
396 LsaFreeMemory(Sids);
397 Sids = NULL;
398 }
399
400 if (AccountSid != NULL)
401 {
402 LocalFree(AccountSid);
403 AccountSid = NULL;
404 }
405 }
406
407 }
408 while (SetupFindNextLine(&InfContext, &InfContext));
409
410 done:
411 if (PolicyHandle != NULL)
412 LsaClose(PolicyHandle);
413 }
414
415
416 static
417 VOID
418 ApplyRegistryValues(
419 HINF hSecurityInf)
420 {
421 WCHAR szRegistryPath[MAX_PATH];
422 WCHAR szRootName[MAX_PATH];
423 WCHAR szKeyName[MAX_PATH];
424 WCHAR szValueName[MAX_PATH];
425 INFCONTEXT InfContext;
426 DWORD dwLength, dwType;
427 HKEY hRootKey, hKey;
428 PWSTR Ptr1, Ptr2;
429 DWORD dwError;
430 PVOID pBuffer;
431
432 DPRINT("ApplyRegistryValues()\n");
433
434 if (!SetupFindFirstLineW(hSecurityInf,
435 L"Registry Values",
436 NULL,
437 &InfContext))
438 {
439 DPRINT1("SetupFindFirstLineW failed\n");
440 return;
441 }
442
443 do
444 {
445 /* Retrieve the privilege name */
446 if (!SetupGetStringFieldW(&InfContext,
447 0,
448 szRegistryPath,
449 ARRAYSIZE(szRegistryPath),
450 NULL))
451 {
452 DPRINT1("SetupGetStringFieldW() failed\n");
453 return;
454 }
455
456 DPRINT("RegistryPath: %S\n", szRegistryPath);
457
458 Ptr1 = wcschr(szRegistryPath, L'\\');
459 Ptr2 = wcsrchr(szRegistryPath, L'\\');
460 if (Ptr1 != NULL && Ptr2 != NULL && Ptr1 != Ptr2)
461 {
462 dwLength = (DWORD)(((ULONG_PTR)Ptr1 - (ULONG_PTR)szRegistryPath) / sizeof(WCHAR));
463 wcsncpy(szRootName, szRegistryPath, dwLength);
464 szRootName[dwLength] = UNICODE_NULL;
465
466 Ptr1++;
467 dwLength = (DWORD)(((ULONG_PTR)Ptr2 - (ULONG_PTR)Ptr1) / sizeof(WCHAR));
468 wcsncpy(szKeyName, Ptr1, dwLength);
469 szKeyName[dwLength] = UNICODE_NULL;
470
471 Ptr2++;
472 wcscpy(szValueName, Ptr2);
473
474 DPRINT("RootName: %S\n", szRootName);
475 DPRINT("KeyName: %S\n", szKeyName);
476 DPRINT("ValueName: %S\n", szValueName);
477
478 if (_wcsicmp(szRootName, L"Machine") == 0)
479 {
480 hRootKey = HKEY_LOCAL_MACHINE;
481 }
482 else
483 {
484 DPRINT1("Unsupported root key %S\n", szRootName);
485 break;
486 }
487
488 if (!SetupGetIntField(&InfContext,
489 1,
490 (PINT)&dwType))
491 {
492 DPRINT1("Failed to get key type (Error %lu)\n", GetLastError());
493 break;
494 }
495
496 if (dwType != REG_SZ && dwType != REG_EXPAND_SZ && dwType != REG_BINARY &&
497 dwType != REG_DWORD && dwType != REG_MULTI_SZ)
498 {
499 DPRINT1("Invalid value type %lu\n", dwType);
500 break;
501 }
502
503 dwLength = 0;
504 switch (dwType)
505 {
506 case REG_SZ:
507 case REG_EXPAND_SZ:
508 SetupGetStringField(&InfContext,
509 2,
510 NULL,
511 0,
512 &dwLength);
513 dwLength *= sizeof(WCHAR);
514 break;
515
516 case REG_BINARY:
517 SetupGetBinaryField(&InfContext,
518 2,
519 NULL,
520 0,
521 &dwLength);
522 break;
523
524 case REG_DWORD:
525 dwLength = sizeof(INT);
526 break;
527
528 case REG_MULTI_SZ:
529 SetupGetMultiSzField(&InfContext,
530 2,
531 NULL,
532 0,
533 &dwLength);
534 dwLength *= sizeof(WCHAR);
535 break;
536 }
537
538 if (dwLength == 0)
539 {
540 DPRINT1("Failed to determine the required buffer size!\n");
541 break;
542 }
543
544 dwError = RegCreateKeyExW(hRootKey,
545 szKeyName,
546 0,
547 NULL,
548 REG_OPTION_NON_VOLATILE,
549 KEY_WRITE,
550 NULL,
551 &hKey,
552 NULL);
553 if (dwError != ERROR_SUCCESS)
554 {
555 DPRINT1("Failed to create the key %S (Error %lu)\n", szKeyName, dwError);
556 break;
557 }
558
559 pBuffer = HeapAlloc(GetProcessHeap(), 0, dwLength);
560 if (pBuffer)
561 {
562 switch (dwType)
563 {
564 case REG_SZ:
565 case REG_EXPAND_SZ:
566 SetupGetStringField(&InfContext,
567 2,
568 pBuffer,
569 dwLength / sizeof(WCHAR),
570 &dwLength);
571 dwLength *= sizeof(WCHAR);
572 break;
573
574 case REG_BINARY:
575 SetupGetBinaryField(&InfContext,
576 2,
577 pBuffer,
578 dwLength,
579 &dwLength);
580 break;
581
582 case REG_DWORD:
583 SetupGetIntField(&InfContext,
584 2,
585 pBuffer);
586 break;
587
588 case REG_MULTI_SZ:
589 SetupGetMultiSzField(&InfContext,
590 2,
591 pBuffer,
592 dwLength / sizeof(WCHAR),
593 &dwLength);
594 dwLength *= sizeof(WCHAR);
595 break;
596 }
597
598 RegSetValueEx(hKey,
599 szValueName,
600 0,
601 dwType,
602 pBuffer,
603 dwLength);
604
605 HeapFree(GetProcessHeap(), 0, pBuffer);
606 }
607
608 RegCloseKey(hKey);
609 }
610 }
611 while (SetupFindNextLine(&InfContext, &InfContext));
612 }
613
614
615 static
616 VOID
617 ApplyEventlogSettings(
618 _In_ HINF hSecurityInf,
619 _In_ PWSTR pszSectionName,
620 _In_ PWSTR pszLogName)
621 {
622 INFCONTEXT InfContext;
623 HKEY hServiceKey = NULL, hLogKey = NULL;
624 DWORD dwValue, dwError;
625 BOOL bValueSet;
626
627 DPRINT("ApplyEventlogSettings(%p %S %S)\n",
628 hSecurityInf, pszSectionName, pszLogName);
629
630 dwError = RegCreateKeyExW(HKEY_LOCAL_MACHINE,
631 L"System\\CurrentControlSet\\Services\\Eventlog",
632 0,
633 NULL,
634 REG_OPTION_NON_VOLATILE,
635 KEY_WRITE,
636 NULL,
637 &hServiceKey,
638 NULL);
639 if (dwError != ERROR_SUCCESS)
640 {
641 DPRINT1("Failed to create the Eventlog Service key (Error %lu)\n", dwError);
642 return;
643 }
644
645 dwError = RegCreateKeyExW(hServiceKey,
646 pszLogName,
647 0,
648 NULL,
649 REG_OPTION_NON_VOLATILE,
650 KEY_WRITE,
651 NULL,
652 &hLogKey,
653 NULL);
654 if (dwError != ERROR_SUCCESS)
655 {
656 DPRINT1("Failed to create the key %S (Error %lu)\n", pszLogName, dwError);
657 RegCloseKey(hServiceKey);
658 return;
659 }
660
661 if (SetupFindFirstLineW(hSecurityInf,
662 pszSectionName,
663 L"MaximumLogSize",
664 &InfContext))
665 {
666 DPRINT("MaximumLogSize\n");
667 dwValue = 0;
668 SetupGetIntField(&InfContext,
669 1,
670 (PINT)&dwValue);
671
672 DPRINT("MaximumLogSize: %lu (kByte)\n", dwValue);
673 if (dwValue >= 64 && dwValue <= 4194240)
674 {
675 dwValue *= 1024;
676
677 DPRINT("MaxSize: %lu\n", dwValue);
678 RegSetValueEx(hLogKey,
679 L"MaxSize",
680 0,
681 REG_DWORD,
682 (LPBYTE)&dwValue,
683 sizeof(dwValue));
684 }
685 }
686
687 if (SetupFindFirstLineW(hSecurityInf,
688 pszSectionName,
689 L"AuditLogRetentionPeriod",
690 &InfContext))
691 {
692 bValueSet = FALSE;
693 dwValue = 0;
694 SetupGetIntField(&InfContext,
695 1,
696 (PINT)&dwValue);
697 if (dwValue == 0)
698 {
699 bValueSet = TRUE;
700 }
701 else if (dwValue == 1)
702 {
703 if (SetupFindFirstLineW(hSecurityInf,
704 pszSectionName,
705 L"RetentionDays",
706 &InfContext))
707 {
708 SetupGetIntField(&InfContext,
709 1,
710 (PINT)&dwValue);
711 dwValue *= 86400;
712 bValueSet = TRUE;
713 }
714 }
715 else if (dwValue == 2)
716 {
717 dwValue = (DWORD)-1;
718 bValueSet = TRUE;
719 }
720
721 if (bValueSet)
722 {
723 DPRINT("Retention: %lu\n", dwValue);
724 RegSetValueEx(hLogKey,
725 L"Retention",
726 0,
727 REG_DWORD,
728 (LPBYTE)&dwValue,
729 sizeof(dwValue));
730 }
731 }
732
733 if (SetupFindFirstLineW(hSecurityInf,
734 pszSectionName,
735 L"RestrictGuestAccess",
736 &InfContext))
737 {
738 dwValue = 0;
739 SetupGetIntField(&InfContext,
740 1,
741 (PINT)&dwValue);
742 if (dwValue == 0 || dwValue == 1)
743 {
744 DPRINT("RestrictGuestAccess: %lu\n", dwValue);
745 RegSetValueEx(hLogKey,
746 L"RestrictGuestAccess",
747 0,
748 REG_DWORD,
749 (LPBYTE)&dwValue,
750 sizeof(dwValue));
751 }
752 }
753
754 RegCloseKey(hLogKey);
755 RegCloseKey(hServiceKey);
756 }
757
758
759 static
760 VOID
761 ApplyAuditEvents(
762 _In_ HINF hSecurityInf)
763 {
764 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
765 INFCONTEXT InfContext;
766 WCHAR szOptionName[256];
767 INT nValue;
768 LSA_HANDLE PolicyHandle = NULL;
769 POLICY_AUDIT_EVENTS_INFO AuditInfo;
770 PULONG AuditOptions = NULL;
771 NTSTATUS Status;
772
773 DPRINT("ApplyAuditEvents(%p)\n", hSecurityInf);
774
775 if (!SetupFindFirstLineW(hSecurityInf,
776 L"Event Audit",
777 NULL,
778 &InfContext))
779 {
780 DPRINT1("SetupFindFirstLineW failed\n");
781 return;
782 }
783
784 ZeroMemory(&ObjectAttributes, sizeof(LSA_OBJECT_ATTRIBUTES));
785
786 Status = LsaOpenPolicy(NULL,
787 &ObjectAttributes,
788 POLICY_SET_AUDIT_REQUIREMENTS,
789 &PolicyHandle);
790 if (!NT_SUCCESS(Status))
791 {
792 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
793 return;
794 }
795
796 AuditOptions = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
797 (AuditCategoryAccountLogon + 1) * sizeof(ULONG));
798 if (AuditOptions == NULL)
799 {
800 DPRINT1("Failed to allocate the auditiing options array!\n");
801 goto done;
802 }
803
804 AuditInfo.AuditingMode = TRUE;
805 AuditInfo.EventAuditingOptions = AuditOptions;
806 AuditInfo.MaximumAuditEventCount = AuditCategoryAccountLogon + 1;
807
808 do
809 {
810 /* Retrieve the group name */
811 if (!SetupGetStringFieldW(&InfContext,
812 0,
813 szOptionName,
814 ARRAYSIZE(szOptionName),
815 NULL))
816 {
817 DPRINT1("SetupGetStringFieldW() failed\n");
818 continue;
819 }
820
821 DPRINT("Option: '%S'\n", szOptionName);
822
823 if (!SetupGetIntField(&InfContext,
824 1,
825 &nValue))
826 {
827 DPRINT1("SetupGetStringFieldW() failed\n");
828 continue;
829 }
830
831 DPRINT("Value: %d\n", nValue);
832
833 if ((nValue < POLICY_AUDIT_EVENT_UNCHANGED) || (nValue > POLICY_AUDIT_EVENT_NONE))
834 {
835 DPRINT1("Invalid audit option!\n");
836 continue;
837 }
838
839 if (_wcsicmp(szOptionName, L"AuditSystemEvents") == 0)
840 {
841 AuditOptions[AuditCategorySystem] = (ULONG)nValue;
842 }
843 else if (_wcsicmp(szOptionName, L"AuditLogonEvents") == 0)
844 {
845 AuditOptions[AuditCategoryLogon] = (ULONG)nValue;
846 }
847 else if (_wcsicmp(szOptionName, L"AuditObjectAccess") == 0)
848 {
849 AuditOptions[AuditCategoryObjectAccess] = (ULONG)nValue;
850 }
851 else if (_wcsicmp(szOptionName, L"AuditPrivilegeUse") == 0)
852 {
853 AuditOptions[AuditCategoryPrivilegeUse] = (ULONG)nValue;
854 }
855 else if (_wcsicmp(szOptionName, L"AuditProcessTracking") == 0)
856 {
857 AuditOptions[AuditCategoryDetailedTracking] = (ULONG)nValue;
858 }
859 else if (_wcsicmp(szOptionName, L"AuditPolicyChange") == 0)
860 {
861 AuditOptions[AuditCategoryPolicyChange] = (ULONG)nValue;
862 }
863 else if (_wcsicmp(szOptionName, L"AuditAccountManage") == 0)
864 {
865 AuditOptions[AuditCategoryAccountManagement] = (ULONG)nValue;
866 }
867 else if (_wcsicmp(szOptionName, L"AuditDSAccess") == 0)
868 {
869 AuditOptions[AuditCategoryDirectoryServiceAccess] = (ULONG)nValue;
870 }
871 else if (_wcsicmp(szOptionName, L"AuditAccountLogon") == 0)
872 {
873 AuditOptions[AuditCategoryAccountLogon] = (ULONG)nValue;
874 }
875 else
876 {
877 DPRINT1("Invalid auditing option '%S'\n", szOptionName);
878 }
879 }
880 while (SetupFindNextLine(&InfContext, &InfContext));
881
882 Status = LsaSetInformationPolicy(PolicyHandle,
883 PolicyAuditEventsInformation,
884 (PVOID)&AuditInfo);
885 if (Status != STATUS_SUCCESS)
886 {
887 DPRINT1("LsaSetInformationPolicy() failed (Status 0x%08lx)\n", Status);
888 }
889
890 done:
891 if (AuditOptions != NULL)
892 HeapFree(GetProcessHeap(), 0, AuditOptions);
893
894 if (PolicyHandle != NULL)
895 LsaClose(PolicyHandle);
896 }
897
898
899 VOID
900 InstallSecurity(VOID)
901 {
902 HINF hSecurityInf;
903 PWSTR pszSecurityInf;
904
905 // if (IsServer())
906 // pszSecurityInf = L"defltsv.inf";
907 // else
908 pszSecurityInf = L"defltwk.inf";
909
910 InstallBuiltinAccounts();
911
912 hSecurityInf = SetupOpenInfFileW(pszSecurityInf,
913 NULL,
914 INF_STYLE_WIN4,
915 NULL);
916 if (hSecurityInf != INVALID_HANDLE_VALUE)
917 {
918 InstallPrivileges(hSecurityInf);
919 ApplyRegistryValues(hSecurityInf);
920
921 ApplyEventlogSettings(hSecurityInf, L"Application Log", L"Application");
922 ApplyEventlogSettings(hSecurityInf, L"Security Log", L"Security");
923 ApplyEventlogSettings(hSecurityInf, L"System Log", L"System");
924
925 ApplyAuditEvents(hSecurityInf);
926
927 SetupCloseInfFile(hSecurityInf);
928 }
929
930 /* Hack */
931 SetPrimaryDomain(L"WORKGROUP", NULL);
932 }
933
934
935 NTSTATUS
936 SetAdministratorPassword(LPCWSTR Password)
937 {
938 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
939 PUSER_ACCOUNT_NAME_INFORMATION AccountNameInfo = NULL;
940 USER_SET_PASSWORD_INFORMATION PasswordInfo;
941 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
942 LSA_HANDLE PolicyHandle = NULL;
943 SAM_HANDLE ServerHandle = NULL;
944 SAM_HANDLE DomainHandle = NULL;
945 SAM_HANDLE UserHandle = NULL;
946 NTSTATUS Status;
947
948 DPRINT("SYSSETUP: SetAdministratorPassword(%p)\n", Password);
949
950 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
951 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
952
953 Status = LsaOpenPolicy(NULL,
954 &ObjectAttributes,
955 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
956 &PolicyHandle);
957 if (Status != STATUS_SUCCESS)
958 {
959 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
960 return Status;
961 }
962
963 Status = LsaQueryInformationPolicy(PolicyHandle,
964 PolicyAccountDomainInformation,
965 (PVOID *)&OrigInfo);
966 if (!NT_SUCCESS(Status))
967 {
968 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
969 goto done;
970 }
971
972 Status = SamConnect(NULL,
973 &ServerHandle,
974 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
975 NULL);
976 if (!NT_SUCCESS(Status))
977 {
978 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
979 goto done;
980 }
981
982 Status = SamOpenDomain(ServerHandle,
983 DOMAIN_LOOKUP,
984 OrigInfo->DomainSid,
985 &DomainHandle);
986 if (!NT_SUCCESS(Status))
987 {
988 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
989 goto done;
990 }
991
992 Status = SamOpenUser(DomainHandle,
993 USER_FORCE_PASSWORD_CHANGE | USER_READ_GENERAL,
994 DOMAIN_USER_RID_ADMIN,
995 &UserHandle);
996 if (!NT_SUCCESS(Status))
997 {
998 DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status);
999 goto done;
1000 }
1001
1002 RtlInitUnicodeString(&PasswordInfo.Password, Password);
1003 PasswordInfo.PasswordExpired = FALSE;
1004
1005 Status = SamSetInformationUser(UserHandle,
1006 UserSetPasswordInformation,
1007 (PVOID)&PasswordInfo);
1008 if (!NT_SUCCESS(Status))
1009 {
1010 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status);
1011 goto done;
1012 }
1013
1014 Status = SamQueryInformationUser(UserHandle,
1015 UserAccountNameInformation,
1016 (PVOID*)&AccountNameInfo);
1017 if (!NT_SUCCESS(Status))
1018 {
1019 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status);
1020 goto done;
1021 }
1022
1023 AdminInfo.Name = RtlAllocateHeap(RtlGetProcessHeap(),
1024 HEAP_ZERO_MEMORY,
1025 AccountNameInfo->UserName.Length + sizeof(WCHAR));
1026 if (AdminInfo.Name != NULL)
1027 RtlCopyMemory(AdminInfo.Name,
1028 AccountNameInfo->UserName.Buffer,
1029 AccountNameInfo->UserName.Length);
1030
1031 AdminInfo.Domain = RtlAllocateHeap(RtlGetProcessHeap(),
1032 HEAP_ZERO_MEMORY,
1033 OrigInfo->DomainName.Length + sizeof(WCHAR));
1034 if (AdminInfo.Domain != NULL)
1035 RtlCopyMemory(AdminInfo.Domain,
1036 OrigInfo->DomainName.Buffer,
1037 OrigInfo->DomainName.Length);
1038
1039 AdminInfo.Password = RtlAllocateHeap(RtlGetProcessHeap(),
1040 0,
1041 (wcslen(Password) + 1) * sizeof(WCHAR));
1042 if (AdminInfo.Password != NULL)
1043 wcscpy(AdminInfo.Password, Password);
1044
1045 DPRINT("Administrator Name: %S\n", AdminInfo.Name);
1046 DPRINT("Administrator Domain: %S\n", AdminInfo.Domain);
1047 DPRINT("Administrator Password: %S\n", AdminInfo.Password);
1048
1049 done:
1050 if (AccountNameInfo != NULL)
1051 SamFreeMemory(AccountNameInfo);
1052
1053 if (OrigInfo != NULL)
1054 LsaFreeMemory(OrigInfo);
1055
1056 if (PolicyHandle != NULL)
1057 LsaClose(PolicyHandle);
1058
1059 if (UserHandle != NULL)
1060 SamCloseHandle(UserHandle);
1061
1062 if (DomainHandle != NULL)
1063 SamCloseHandle(DomainHandle);
1064
1065 if (ServerHandle != NULL)
1066 SamCloseHandle(ServerHandle);
1067
1068 DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status);
1069
1070 return Status;
1071 }
1072
1073
1074 VOID
1075 SetAutoAdminLogon(VOID)
1076 {
1077 WCHAR szAutoAdminLogon[2];
1078 HKEY hKey = NULL;
1079 DWORD dwType;
1080 DWORD dwSize;
1081 LONG lError;
1082
1083 lError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
1084 L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
1085 0,
1086 KEY_READ | KEY_WRITE,
1087 &hKey);
1088 if (lError != ERROR_SUCCESS)
1089 return;
1090
1091 dwSize = 2 * sizeof(WCHAR);
1092 lError = RegQueryValueExW(hKey,
1093 L"AutoAdminLogon",
1094 NULL,
1095 &dwType,
1096 (LPBYTE)szAutoAdminLogon,
1097 &dwSize);
1098 if (lError != ERROR_SUCCESS)
1099 goto done;
1100
1101 if (wcscmp(szAutoAdminLogon, L"1") == 0)
1102 {
1103 RegSetValueExW(hKey,
1104 L"DefaultDomainName",
1105 0,
1106 REG_SZ,
1107 (LPBYTE)AdminInfo.Domain,
1108 (wcslen(AdminInfo.Domain) + 1) * sizeof(WCHAR));
1109
1110 RegSetValueExW(hKey,
1111 L"DefaultUserName",
1112 0,
1113 REG_SZ,
1114 (LPBYTE)AdminInfo.Name,
1115 (wcslen(AdminInfo.Name) + 1) * sizeof(WCHAR));
1116
1117 RegSetValueExW(hKey,
1118 L"DefaultPassword",
1119 0,
1120 REG_SZ,
1121 (LPBYTE)AdminInfo.Password,
1122 (wcslen(AdminInfo.Password) + 1) * sizeof(WCHAR));
1123 }
1124
1125 done:
1126 if (hKey != NULL)
1127 RegCloseKey(hKey);
1128 }
1129
1130
1131 /* EOF */
1132
A free Windows-compatible Operating System