[LSASRV][SYSSETUP]
[reactos.git] / reactos / dll / win32 / syssetup / security.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * PURPOSE: System setup
5 * FILE: dll/win32/syssetup/security.c
6 * PROGRAMER: Eric Kohl
7 */
8
9 /* INCLUDES *****************************************************************/
10
11 #include "precomp.h"
12
13 #define NDEBUG
14 #include <debug.h>
15
16
17 /* FUNCTIONS ****************************************************************/
18
19 NTSTATUS
20 SetAccountDomain(LPCWSTR DomainName,
21 PSID DomainSid)
22 {
23 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
24 POLICY_ACCOUNT_DOMAIN_INFO Info;
25 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
26 LSA_HANDLE PolicyHandle;
27 NTSTATUS Status;
28
29 DPRINT1("SYSSETUP: SetAccountDomain\n");
30
31 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
32 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
33
34 Status = LsaOpenPolicy(NULL,
35 &ObjectAttributes,
36 POLICY_TRUST_ADMIN,
37 &PolicyHandle);
38 if (Status != STATUS_SUCCESS)
39 {
40 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
41 return Status;
42 }
43
44 Status = LsaQueryInformationPolicy(PolicyHandle,
45 PolicyAccountDomainInformation,
46 (PVOID *)&OrigInfo);
47 if (Status == STATUS_SUCCESS && OrigInfo != NULL)
48 {
49 if (DomainName == NULL)
50 {
51 Info.DomainName.Buffer = OrigInfo->DomainName.Buffer;
52 Info.DomainName.Length = OrigInfo->DomainName.Length;
53 Info.DomainName.MaximumLength = OrigInfo->DomainName.MaximumLength;
54 }
55 else
56 {
57 Info.DomainName.Buffer = (LPWSTR)DomainName;
58 Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
59 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
60 }
61
62 if (DomainSid == NULL)
63 Info.DomainSid = OrigInfo->DomainSid;
64 else
65 Info.DomainSid = DomainSid;
66 }
67 else
68 {
69 Info.DomainName.Buffer = (LPWSTR)DomainName;
70 Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
71 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
72 Info.DomainSid = DomainSid;
73 }
74
75 Status = LsaSetInformationPolicy(PolicyHandle,
76 PolicyAccountDomainInformation,
77 (PVOID)&Info);
78 if (Status != STATUS_SUCCESS)
79 {
80 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status);
81 }
82
83 if (OrigInfo != NULL)
84 LsaFreeMemory(OrigInfo);
85
86 LsaClose(PolicyHandle);
87
88 return Status;
89 }
90
91
92 NTSTATUS
93 GetAccountDomainInfo(PPOLICY_ACCOUNT_DOMAIN_INFO *AccountDomainInfo)
94 {
95 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
96 LSA_HANDLE PolicyHandle;
97 NTSTATUS Status;
98
99 DPRINT1("SYSSETUP: GetAccountDomain\n");
100
101 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
102 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
103
104 Status = LsaOpenPolicy(NULL,
105 &ObjectAttributes,
106 POLICY_TRUST_ADMIN,
107 &PolicyHandle);
108 if (Status != STATUS_SUCCESS)
109 {
110 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
111 return Status;
112 }
113
114 Status = LsaQueryInformationPolicy(PolicyHandle,
115 PolicyAccountDomainInformation,
116 (PVOID *)AccountDomainInfo);
117
118 LsaClose(PolicyHandle);
119
120 return Status;
121 }
122
123
124 static
125 VOID
126 InstallBuiltinAccounts(VOID)
127 {
128 LPWSTR BuiltinAccounts[] = {
129 L"S-1-1-0", /* Everyone */
130 L"S-1-5-4", /* Interactive */
131 L"S-1-5-6", /* Service */
132 L"S-1-5-19", /* Local Service */
133 L"S-1-5-20", /* Network Service */
134 L"S-1-5-32-544", /* Administrators */
135 L"S-1-5-32-545", /* Users */
136 L"S-1-5-32-547", /* Power Users */
137 L"S-1-5-32-551", /* Backup Operators */
138 L"S-1-5-32-555"}; /* Remote Desktop Users */
139 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
140 NTSTATUS Status;
141 LSA_HANDLE PolicyHandle = NULL;
142 LSA_HANDLE AccountHandle = NULL;
143 PSID AccountSid;
144 ULONG i;
145
146 DPRINT("InstallBuiltinAccounts()\n");
147
148 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
149
150 Status = LsaOpenPolicy(NULL,
151 &ObjectAttributes,
152 POLICY_CREATE_ACCOUNT,
153 &PolicyHandle);
154 if (!NT_SUCCESS(Status))
155 {
156 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
157 return;
158 }
159
160 for (i = 0; i < 10; i++)
161 {
162 ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid);
163
164 Status = LsaCreateAccount(PolicyHandle,
165 AccountSid,
166 0,
167 &AccountHandle);
168 if (NT_SUCCESS(Status))
169 {
170 LsaClose(AccountHandle);
171 }
172
173 LocalFree(AccountSid);
174 }
175
176 LsaClose(PolicyHandle);
177 }
178
179
180 static
181 VOID
182 InstallPrivileges(VOID)
183 {
184 HINF hSecurityInf = INVALID_HANDLE_VALUE;
185 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
186 WCHAR szPrivilegeString[256];
187 WCHAR szSidString[256];
188 INFCONTEXT InfContext;
189 DWORD i;
190 PRIVILEGE_SET PrivilegeSet;
191 PSID AccountSid;
192 NTSTATUS Status;
193 LSA_HANDLE PolicyHandle = NULL;
194 LSA_HANDLE AccountHandle;
195
196 DPRINT("InstallPrivileges()\n");
197
198 hSecurityInf = SetupOpenInfFileW(L"defltws.inf", //szNameBuffer,
199 NULL,
200 INF_STYLE_WIN4,
201 NULL);
202 if (hSecurityInf == INVALID_HANDLE_VALUE)
203 {
204 DPRINT1("SetupOpenInfFileW failed\n");
205 return;
206 }
207
208 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
209
210 Status = LsaOpenPolicy(NULL,
211 &ObjectAttributes,
212 POLICY_CREATE_ACCOUNT,
213 &PolicyHandle);
214 if (!NT_SUCCESS(Status))
215 {
216 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
217 goto done;
218 }
219
220 if (!SetupFindFirstLineW(hSecurityInf,
221 L"Privilege Rights",
222 NULL,
223 &InfContext))
224 {
225 DPRINT1("SetupFindfirstLineW failed\n");
226 goto done;
227 }
228
229 PrivilegeSet.PrivilegeCount = 1;
230 PrivilegeSet.Control = 0;
231
232 do
233 {
234 /* Retrieve the privilege name */
235 if (!SetupGetStringFieldW(&InfContext,
236 0,
237 szPrivilegeString,
238 256,
239 NULL))
240 {
241 DPRINT1("SetupGetStringFieldW() failed\n");
242 goto done;
243 }
244 DPRINT("Privilege: %S\n", szPrivilegeString);
245
246 if (!LookupPrivilegeValueW(NULL,
247 szPrivilegeString,
248 &(PrivilegeSet.Privilege[0].Luid)))
249 {
250 DPRINT1("LookupPrivilegeNameW() failed\n");
251 goto done;
252 }
253
254 PrivilegeSet.Privilege[0].Attributes = 0;
255
256 for (i = 0; i < SetupGetFieldCount(&InfContext); i++)
257 {
258 if (!SetupGetStringFieldW(&InfContext,
259 i + 1,
260 szSidString,
261 256,
262 NULL))
263 {
264 DPRINT1("SetupGetStringFieldW() failed\n");
265 goto done;
266 }
267 DPRINT("SID: %S\n", szSidString);
268
269 ConvertStringSidToSid(szSidString, &AccountSid);
270
271 Status = LsaOpenAccount(PolicyHandle,
272 AccountSid,
273 ACCOUNT_VIEW | ACCOUNT_ADJUST_PRIVILEGES,
274 &AccountHandle);
275 if (NT_SUCCESS(Status))
276 {
277 Status = LsaAddPrivilegesToAccount(AccountHandle,
278 &PrivilegeSet);
279 if (!NT_SUCCESS(Status))
280 {
281 DPRINT1("LsaAddPrivilegesToAccount() failed (Status %08lx)\n", Status);
282 }
283
284 LsaClose(AccountHandle);
285 }
286
287 LocalFree(AccountSid);
288 }
289
290 }
291 while (SetupFindNextLine(&InfContext, &InfContext));
292
293 done:
294 if (PolicyHandle != NULL)
295 LsaClose(PolicyHandle);
296
297 if (hSecurityInf != INVALID_HANDLE_VALUE)
298 SetupCloseInfFile(hSecurityInf);
299 }
300
301 VOID
302 InstallSecurity(VOID)
303 {
304 InstallBuiltinAccounts();
305 InstallPrivileges();
306 }