projects / reactos.git / blob
? search:


644f3c979f998e21b7f4390dc595545ea5cc28c1
[reactos.git] / reactos / dll / win32 / syssetup / security.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * PURPOSE: System setup
5 * FILE: dll/win32/syssetup/security.c
6 * PROGRAMER: Eric Kohl
7 */
8
9 /* INCLUDES *****************************************************************/
10
11 #include "precomp.h"
12
13 #define NDEBUG
14 #include <debug.h>
15
16
17 /* FUNCTIONS ****************************************************************/
18
19 NTSTATUS
20 SetAccountDomain(LPCWSTR DomainName,
21 PSID DomainSid)
22 {
23 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
24 POLICY_ACCOUNT_DOMAIN_INFO Info;
25 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
26 LSA_HANDLE PolicyHandle;
27
28 SAM_HANDLE ServerHandle = NULL;
29 SAM_HANDLE DomainHandle = NULL;
30 DOMAIN_NAME_INFORMATION DomainNameInfo;
31
32 NTSTATUS Status;
33
34 DPRINT1("SYSSETUP: SetAccountDomain\n");
35
36 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
37 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
38
39 Status = LsaOpenPolicy(NULL,
40 &ObjectAttributes,
41 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
42 &PolicyHandle);
43 if (Status != STATUS_SUCCESS)
44 {
45 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
46 return Status;
47 }
48
49 Status = LsaQueryInformationPolicy(PolicyHandle,
50 PolicyAccountDomainInformation,
51 (PVOID *)&OrigInfo);
52 if (Status == STATUS_SUCCESS && OrigInfo != NULL)
53 {
54 if (DomainName == NULL)
55 {
56 Info.DomainName.Buffer = OrigInfo->DomainName.Buffer;
57 Info.DomainName.Length = OrigInfo->DomainName.Length;
58 Info.DomainName.MaximumLength = OrigInfo->DomainName.MaximumLength;
59 }
60 else
61 {
62 Info.DomainName.Buffer = (LPWSTR)DomainName;
63 Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
64 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
65 }
66
67 if (DomainSid == NULL)
68 Info.DomainSid = OrigInfo->DomainSid;
69 else
70 Info.DomainSid = DomainSid;
71 }
72 else
73 {
74 Info.DomainName.Buffer = (LPWSTR)DomainName;
75 Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
76 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
77 Info.DomainSid = DomainSid;
78 }
79
80 Status = LsaSetInformationPolicy(PolicyHandle,
81 PolicyAccountDomainInformation,
82 (PVOID)&Info);
83 if (Status != STATUS_SUCCESS)
84 {
85 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status);
86 }
87
88 if (OrigInfo != NULL)
89 LsaFreeMemory(OrigInfo);
90
91 LsaClose(PolicyHandle);
92
93 DomainNameInfo.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
94 DomainNameInfo.DomainName.MaximumLength = (wcslen(DomainName) + 1) * sizeof(WCHAR);
95 DomainNameInfo.DomainName.Buffer = (LPWSTR)DomainName;
96
97 Status = SamConnect(NULL,
98 &ServerHandle,
99 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
100 NULL);
101 if (NT_SUCCESS(Status))
102 {
103 Status = SamOpenDomain(ServerHandle,
104 DOMAIN_WRITE_OTHER_PARAMETERS,
105 Info.DomainSid,
106 &DomainHandle);
107 if (NT_SUCCESS(Status))
108 {
109 Status = SamSetInformationDomain(DomainHandle,
110 DomainNameInformation,
111 (PVOID)&DomainNameInfo);
112 if (!NT_SUCCESS(Status))
113 {
114 DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status);
115 }
116
117 SamCloseHandle(DomainHandle);
118 }
119 else
120 {
121 DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status);
122 }
123
124 SamCloseHandle(ServerHandle);
125 }
126
127 return Status;
128 }
129
130
131 static
132 VOID
133 InstallBuiltinAccounts(VOID)
134 {
135 LPWSTR BuiltinAccounts[] = {
136 L"S-1-1-0", /* Everyone */
137 L"S-1-5-4", /* Interactive */
138 L"S-1-5-6", /* Service */
139 L"S-1-5-19", /* Local Service */
140 L"S-1-5-20", /* Network Service */
141 L"S-1-5-32-544", /* Administrators */
142 L"S-1-5-32-545", /* Users */
143 L"S-1-5-32-547", /* Power Users */
144 L"S-1-5-32-551", /* Backup Operators */
145 L"S-1-5-32-555"}; /* Remote Desktop Users */
146 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
147 NTSTATUS Status;
148 LSA_HANDLE PolicyHandle = NULL;
149 LSA_HANDLE AccountHandle = NULL;
150 PSID AccountSid;
151 ULONG i;
152
153 DPRINT("InstallBuiltinAccounts()\n");
154
155 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
156
157 Status = LsaOpenPolicy(NULL,
158 &ObjectAttributes,
159 POLICY_CREATE_ACCOUNT,
160 &PolicyHandle);
161 if (!NT_SUCCESS(Status))
162 {
163 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
164 return;
165 }
166
167 for (i = 0; i < 10; i++)
168 {
169 ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid);
170
171 Status = LsaCreateAccount(PolicyHandle,
172 AccountSid,
173 0,
174 &AccountHandle);
175 if (NT_SUCCESS(Status))
176 {
177 LsaClose(AccountHandle);
178 }
179
180 LocalFree(AccountSid);
181 }
182
183 LsaClose(PolicyHandle);
184 }
185
186
187 static
188 VOID
189 InstallPrivileges(VOID)
190 {
191 HINF hSecurityInf = INVALID_HANDLE_VALUE;
192 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
193 WCHAR szPrivilegeString[256];
194 WCHAR szSidString[256];
195 INFCONTEXT InfContext;
196 DWORD i;
197 PRIVILEGE_SET PrivilegeSet;
198 PSID AccountSid;
199 NTSTATUS Status;
200 LSA_HANDLE PolicyHandle = NULL;
201 LSA_HANDLE AccountHandle;
202
203 DPRINT("InstallPrivileges()\n");
204
205 hSecurityInf = SetupOpenInfFileW(L"defltws.inf", //szNameBuffer,
206 NULL,
207 INF_STYLE_WIN4,
208 NULL);
209 if (hSecurityInf == INVALID_HANDLE_VALUE)
210 {
211 DPRINT1("SetupOpenInfFileW failed\n");
212 return;
213 }
214
215 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
216
217 Status = LsaOpenPolicy(NULL,
218 &ObjectAttributes,
219 POLICY_CREATE_ACCOUNT,
220 &PolicyHandle);
221 if (!NT_SUCCESS(Status))
222 {
223 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
224 goto done;
225 }
226
227 if (!SetupFindFirstLineW(hSecurityInf,
228 L"Privilege Rights",
229 NULL,
230 &InfContext))
231 {
232 DPRINT1("SetupFindfirstLineW failed\n");
233 goto done;
234 }
235
236 PrivilegeSet.PrivilegeCount = 1;
237 PrivilegeSet.Control = 0;
238
239 do
240 {
241 /* Retrieve the privilege name */
242 if (!SetupGetStringFieldW(&InfContext,
243 0,
244 szPrivilegeString,
245 256,
246 NULL))
247 {
248 DPRINT1("SetupGetStringFieldW() failed\n");
249 goto done;
250 }
251 DPRINT("Privilege: %S\n", szPrivilegeString);
252
253 if (!LookupPrivilegeValueW(NULL,
254 szPrivilegeString,
255 &(PrivilegeSet.Privilege[0].Luid)))
256 {
257 DPRINT1("LookupPrivilegeNameW() failed\n");
258 goto done;
259 }
260
261 PrivilegeSet.Privilege[0].Attributes = 0;
262
263 for (i = 0; i < SetupGetFieldCount(&InfContext); i++)
264 {
265 if (!SetupGetStringFieldW(&InfContext,
266 i + 1,
267 szSidString,
268 256,
269 NULL))
270 {
271 DPRINT1("SetupGetStringFieldW() failed\n");
272 goto done;
273 }
274 DPRINT("SID: %S\n", szSidString);
275
276 ConvertStringSidToSid(szSidString, &AccountSid);
277
278 Status = LsaOpenAccount(PolicyHandle,
279 AccountSid,
280 ACCOUNT_VIEW | ACCOUNT_ADJUST_PRIVILEGES,
281 &AccountHandle);
282 if (NT_SUCCESS(Status))
283 {
284 Status = LsaAddPrivilegesToAccount(AccountHandle,
285 &PrivilegeSet);
286 if (!NT_SUCCESS(Status))
287 {
288 DPRINT1("LsaAddPrivilegesToAccount() failed (Status %08lx)\n", Status);
289 }
290
291 LsaClose(AccountHandle);
292 }
293
294 LocalFree(AccountSid);
295 }
296
297 }
298 while (SetupFindNextLine(&InfContext, &InfContext));
299
300 done:
301 if (PolicyHandle != NULL)
302 LsaClose(PolicyHandle);
303
304 if (hSecurityInf != INVALID_HANDLE_VALUE)
305 SetupCloseInfFile(hSecurityInf);
306 }
307
308 VOID
309 InstallSecurity(VOID)
310 {
311 InstallBuiltinAccounts();
312 InstallPrivileges();
313 }
314
315
316 NTSTATUS
317 SetAdministratorPassword(LPCWSTR Password)
318 {
319 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
320 PUSER_ACCOUNT_NAME_INFORMATION AccountNameInfo = NULL;
321 USER_SET_PASSWORD_INFORMATION PasswordInfo;
322 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
323 LSA_HANDLE PolicyHandle = NULL;
324 SAM_HANDLE ServerHandle = NULL;
325 SAM_HANDLE DomainHandle = NULL;
326 SAM_HANDLE UserHandle = NULL;
327 NTSTATUS Status;
328
329 DPRINT1("SYSSETUP: SetAdministratorPassword(%S)\n", Password);
330
331 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
332 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
333
334 Status = LsaOpenPolicy(NULL,
335 &ObjectAttributes,
336 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
337 &PolicyHandle);
338 if (Status != STATUS_SUCCESS)
339 {
340 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
341 return Status;
342 }
343
344 Status = LsaQueryInformationPolicy(PolicyHandle,
345 PolicyAccountDomainInformation,
346 (PVOID *)&OrigInfo);
347 if (!NT_SUCCESS(Status))
348 {
349 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
350 goto done;
351 }
352
353 Status = SamConnect(NULL,
354 &ServerHandle,
355 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
356 NULL);
357 if (!NT_SUCCESS(Status))
358 {
359 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
360 goto done;
361 }
362
363 Status = SamOpenDomain(ServerHandle,
364 DOMAIN_LOOKUP,
365 OrigInfo->DomainSid,
366 &DomainHandle);
367 if (!NT_SUCCESS(Status))
368 {
369 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
370 goto done;
371 }
372
373 Status = SamOpenUser(DomainHandle,
374 USER_FORCE_PASSWORD_CHANGE | USER_READ_GENERAL,
375 DOMAIN_USER_RID_ADMIN,
376 &UserHandle);
377 if (!NT_SUCCESS(Status))
378 {
379 DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status);
380 goto done;
381 }
382
383 RtlInitUnicodeString(&PasswordInfo.Password, Password);
384 PasswordInfo.PasswordExpired = FALSE;
385
386 Status = SamSetInformationUser(UserHandle,
387 UserSetPasswordInformation,
388 (PVOID)&PasswordInfo);
389 if (!NT_SUCCESS(Status))
390 {
391 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status);
392 goto done;
393 }
394
395 Status = SamQueryInformationUser(UserHandle,
396 UserAccountNameInformation,
397 (PVOID*)&AccountNameInfo);
398 if (!NT_SUCCESS(Status))
399 {
400 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status);
401 goto done;
402 }
403
404 AdminInfo.Name = RtlAllocateHeap(RtlGetProcessHeap(),
405 HEAP_ZERO_MEMORY,
406 AccountNameInfo->UserName.Length + sizeof(WCHAR));
407 if (AdminInfo.Name != NULL)
408 RtlCopyMemory(AdminInfo.Name,
409 AccountNameInfo->UserName.Buffer,
410 AccountNameInfo->UserName.Length);
411
412 AdminInfo.Domain = RtlAllocateHeap(RtlGetProcessHeap(),
413 HEAP_ZERO_MEMORY,
414 OrigInfo->DomainName.Length + sizeof(WCHAR));
415 if (AdminInfo.Domain != NULL)
416 RtlCopyMemory(AdminInfo.Domain,
417 OrigInfo->DomainName.Buffer,
418 OrigInfo->DomainName.Length);
419
420 AdminInfo.Password = RtlAllocateHeap(RtlGetProcessHeap(),
421 0,
422 (wcslen(Password) + 1) * sizeof(WCHAR));
423 if (AdminInfo.Password != NULL)
424 wcscpy(AdminInfo.Password, Password);
425
426 DPRINT1("Administrator Name: %S\n", AdminInfo.Name);
427 DPRINT1("Administrator Domain: %S\n", AdminInfo.Domain);
428 DPRINT1("Administrator Password: %S\n", AdminInfo.Password);
429
430 done:
431 if (AccountNameInfo != NULL)
432 SamFreeMemory(AccountNameInfo);
433
434 if (OrigInfo != NULL)
435 LsaFreeMemory(OrigInfo);
436
437 if (PolicyHandle != NULL)
438 LsaClose(PolicyHandle);
439
440 if (UserHandle != NULL)
441 SamCloseHandle(UserHandle);
442
443 if (DomainHandle != NULL)
444 SamCloseHandle(DomainHandle);
445
446 if (ServerHandle != NULL)
447 SamCloseHandle(ServerHandle);
448
449 DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status);
450
451 return Status;
452 }
453
454
455 VOID
456 SetAutoAdminLogon(VOID)
457 {
458 WCHAR szAutoAdminLogon[2];
459 HKEY hKey = NULL;
460 DWORD dwType;
461 DWORD dwSize;
462 LONG lError;
463
464 lError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
465 L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
466 0,
467 KEY_READ | KEY_WRITE,
468 &hKey);
469 if (lError != ERROR_SUCCESS)
470 return;
471
472 dwSize = 2 * sizeof(WCHAR);
473 lError = RegQueryValueExW(hKey,
474 L"AutoAdminLogon",
475 NULL,
476 &dwType,
477 (LPBYTE)szAutoAdminLogon,
478 &dwSize);
479 if (lError != ERROR_SUCCESS)
480 goto done;
481
482 if (wcscmp(szAutoAdminLogon, L"1") == 0)
483 {
484 RegSetValueExW(hKey,
485 L"DefaultDomain",
486 0,
487 REG_SZ,
488 (LPBYTE)AdminInfo.Domain,
489 (wcslen(AdminInfo.Domain) + 1) * sizeof(WCHAR));
490
491 RegSetValueExW(hKey,
492 L"DefaultUserName",
493 0,
494 REG_SZ,
495 (LPBYTE)AdminInfo.Name,
496 (wcslen(AdminInfo.Name) + 1) * sizeof(WCHAR));
497
498 RegSetValueExW(hKey,
499 L"DefaultPassword",
500 0,
501 REG_SZ,
502 (LPBYTE)AdminInfo.Password,
503 (wcslen(AdminInfo.Password) + 1) * sizeof(WCHAR));
504 }
505
506 done:
507 if (hKey != NULL)
508 RegCloseKey(hKey);
509 }
510
511
512 /* EOF */
513
A free Windows-compatible Operating System