ecf892d8666953755e205109dc1737de85db5388
[reactos.git] / reactos / dll / win32 / syssetup / security.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * PURPOSE: System setup
5 * FILE: dll/win32/syssetup/security.c
6 * PROGRAMER: Eric Kohl
7 */
8
9 /* INCLUDES *****************************************************************/
10
11 #include "precomp.h"
12
13 #define NDEBUG
14 #include <debug.h>
15
16
17 /* FUNCTIONS ****************************************************************/
18
19 NTSTATUS
20 SetAccountDomain(LPCWSTR DomainName,
21 PSID DomainSid)
22 {
23 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
24 POLICY_ACCOUNT_DOMAIN_INFO Info;
25 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
26 LSA_HANDLE PolicyHandle;
27 NTSTATUS Status;
28
29 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
30 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
31
32 Status = LsaOpenPolicy(NULL,
33 &ObjectAttributes,
34 POLICY_TRUST_ADMIN,
35 &PolicyHandle);
36 if (Status != STATUS_SUCCESS)
37 {
38 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
39 return Status;
40 }
41
42 Status = LsaQueryInformationPolicy(PolicyHandle,
43 PolicyAccountDomainInformation,
44 (PVOID *)&OrigInfo);
45 if (Status == STATUS_SUCCESS && OrigInfo != NULL)
46 {
47 if (DomainName == NULL)
48 {
49 Info.DomainName.Buffer = OrigInfo->DomainName.Buffer;
50 Info.DomainName.Length = OrigInfo->DomainName.Length;
51 Info.DomainName.MaximumLength = OrigInfo->DomainName.MaximumLength;
52 }
53 else
54 {
55 Info.DomainName.Buffer = (LPWSTR)DomainName;
56 Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
57 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
58 }
59
60 if (DomainSid == NULL)
61 Info.DomainSid = OrigInfo->DomainSid;
62 else
63 Info.DomainSid = DomainSid;
64 }
65 else
66 {
67 Info.DomainName.Buffer = (LPWSTR)DomainName;
68 Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
69 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
70 Info.DomainSid = DomainSid;
71 }
72
73 Status = LsaSetInformationPolicy(PolicyHandle,
74 PolicyAccountDomainInformation,
75 (PVOID)&Info);
76 if (Status != STATUS_SUCCESS)
77 {
78 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status);
79 }
80
81 if (OrigInfo != NULL)
82 LsaFreeMemory(OrigInfo);
83
84 LsaClose(PolicyHandle);
85
86 return Status;
87 }
88
89
90 static
91 VOID
92 InstallBuiltinAccounts(VOID)
93 {
94 LPWSTR BuiltinAccounts[] = {
95 L"S-1-1-0", /* Everyone */
96 L"S-1-5-4", /* Interactive */
97 L"S-1-5-6", /* Service */
98 L"S-1-5-19", /* Local Service */
99 L"S-1-5-20", /* Network Service */
100 L"S-1-5-32-544", /* Administrators */
101 L"S-1-5-32-545", /* Users */
102 L"S-1-5-32-547", /* Power Users */
103 L"S-1-5-32-551", /* Backup Operators */
104 L"S-1-5-32-555"}; /* Remote Desktop Users */
105 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
106 NTSTATUS Status;
107 LSA_HANDLE PolicyHandle = NULL;
108 LSA_HANDLE AccountHandle = NULL;
109 PSID AccountSid;
110 ULONG i;
111
112 DPRINT("InstallBuiltinAccounts()\n");
113
114 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
115
116 Status = LsaOpenPolicy(NULL,
117 &ObjectAttributes,
118 POLICY_CREATE_ACCOUNT,
119 &PolicyHandle);
120 if (!NT_SUCCESS(Status))
121 {
122 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
123 return;
124 }
125
126 for (i = 0; i < 10; i++)
127 {
128 ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid);
129
130 Status = LsaCreateAccount(PolicyHandle,
131 AccountSid,
132 0,
133 &AccountHandle);
134 if (NT_SUCCESS(Status))
135 {
136 LsaClose(AccountHandle);
137 }
138
139 LocalFree(AccountSid);
140 }
141
142 LsaClose(PolicyHandle);
143 }
144
145
146 static
147 VOID
148 InstallPrivileges(VOID)
149 {
150 HINF hSecurityInf = INVALID_HANDLE_VALUE;
151 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
152 WCHAR szPrivilegeString[256];
153 WCHAR szSidString[256];
154 INFCONTEXT InfContext;
155 DWORD i;
156 PRIVILEGE_SET PrivilegeSet;
157 PSID AccountSid;
158 NTSTATUS Status;
159 LSA_HANDLE PolicyHandle = NULL;
160 LSA_HANDLE AccountHandle;
161
162 DPRINT("InstallPrivileges()\n");
163
164 hSecurityInf = SetupOpenInfFileW(L"defltws.inf", //szNameBuffer,
165 NULL,
166 INF_STYLE_WIN4,
167 NULL);
168 if (hSecurityInf == INVALID_HANDLE_VALUE)
169 {
170 DPRINT1("SetupOpenInfFileW failed\n");
171 return;
172 }
173
174 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
175
176 Status = LsaOpenPolicy(NULL,
177 &ObjectAttributes,
178 POLICY_CREATE_ACCOUNT,
179 &PolicyHandle);
180 if (!NT_SUCCESS(Status))
181 {
182 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
183 goto done;
184 }
185
186 if (!SetupFindFirstLineW(hSecurityInf,
187 L"Privilege Rights",
188 NULL,
189 &InfContext))
190 {
191 DPRINT1("SetupFindfirstLineW failed\n");
192 goto done;
193 }
194
195 PrivilegeSet.PrivilegeCount = 1;
196 PrivilegeSet.Control = 0;
197
198 do
199 {
200 /* Retrieve the privilege name */
201 if (!SetupGetStringFieldW(&InfContext,
202 0,
203 szPrivilegeString,
204 256,
205 NULL))
206 {
207 DPRINT1("SetupGetStringFieldW() failed\n");
208 goto done;
209 }
210 DPRINT("Privilege: %S\n", szPrivilegeString);
211
212 if (!LookupPrivilegeValueW(NULL,
213 szPrivilegeString,
214 &(PrivilegeSet.Privilege[0].Luid)))
215 {
216 DPRINT1("LookupPrivilegeNameW() failed\n");
217 goto done;
218 }
219
220 PrivilegeSet.Privilege[0].Attributes = 0;
221
222 for (i = 0; i < SetupGetFieldCount(&InfContext); i++)
223 {
224 if (!SetupGetStringFieldW(&InfContext,
225 i + 1,
226 szSidString,
227 256,
228 NULL))
229 {
230 DPRINT1("SetupGetStringFieldW() failed\n");
231 goto done;
232 }
233 DPRINT("SID: %S\n", szSidString);
234
235 ConvertStringSidToSid(szSidString, &AccountSid);
236
237 Status = LsaOpenAccount(PolicyHandle,
238 AccountSid,
239 ACCOUNT_VIEW | ACCOUNT_ADJUST_PRIVILEGES,
240 &AccountHandle);
241 if (NT_SUCCESS(Status))
242 {
243 Status = LsaAddPrivilegesToAccount(AccountHandle,
244 &PrivilegeSet);
245 if (!NT_SUCCESS(Status))
246 {
247 DPRINT1("LsaAddPrivilegesToAccount() failed (Status %08lx)\n", Status);
248 }
249
250 LsaClose(AccountHandle);
251 }
252
253 LocalFree(AccountSid);
254 }
255
256 }
257 while (SetupFindNextLine(&InfContext, &InfContext));
258
259 done:
260 if (PolicyHandle != NULL)
261 LsaClose(PolicyHandle);
262
263 if (hSecurityInf != INVALID_HANDLE_VALUE)
264 SetupCloseInfFile(hSecurityInf);
265 }
266
267 VOID
268 InstallSecurity(VOID)
269 {
270 InstallBuiltinAccounts();
271 InstallPrivileges();
272 }