2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * PURPOSE: System setup
5 * FILE: dll/win32/syssetup/security.c
9 /* INCLUDES *****************************************************************/
21 /* FUNCTIONS ****************************************************************/
24 SetAccountDomain(LPCWSTR DomainName
,
27 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo
= NULL
;
28 POLICY_ACCOUNT_DOMAIN_INFO Info
;
29 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
30 LSA_HANDLE PolicyHandle
;
32 SAM_HANDLE ServerHandle
= NULL
;
33 SAM_HANDLE DomainHandle
= NULL
;
34 DOMAIN_NAME_INFORMATION DomainNameInfo
;
38 DPRINT("SYSSETUP: SetAccountDomain\n");
40 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
41 ObjectAttributes
.Length
= sizeof(LSA_OBJECT_ATTRIBUTES
);
43 Status
= LsaOpenPolicy(NULL
,
45 POLICY_VIEW_LOCAL_INFORMATION
| POLICY_TRUST_ADMIN
,
47 if (Status
!= STATUS_SUCCESS
)
49 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status
);
53 Status
= LsaQueryInformationPolicy(PolicyHandle
,
54 PolicyAccountDomainInformation
,
56 if (Status
== STATUS_SUCCESS
&& OrigInfo
!= NULL
)
58 if (DomainName
== NULL
)
60 Info
.DomainName
.Buffer
= OrigInfo
->DomainName
.Buffer
;
61 Info
.DomainName
.Length
= OrigInfo
->DomainName
.Length
;
62 Info
.DomainName
.MaximumLength
= OrigInfo
->DomainName
.MaximumLength
;
66 Info
.DomainName
.Buffer
= (LPWSTR
)DomainName
;
67 Info
.DomainName
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
68 Info
.DomainName
.MaximumLength
= Info
.DomainName
.Length
+ sizeof(WCHAR
);
71 if (DomainSid
== NULL
)
72 Info
.DomainSid
= OrigInfo
->DomainSid
;
74 Info
.DomainSid
= DomainSid
;
78 Info
.DomainName
.Buffer
= (LPWSTR
)DomainName
;
79 Info
.DomainName
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
80 Info
.DomainName
.MaximumLength
= Info
.DomainName
.Length
+ sizeof(WCHAR
);
81 Info
.DomainSid
= DomainSid
;
84 Status
= LsaSetInformationPolicy(PolicyHandle
,
85 PolicyAccountDomainInformation
,
87 if (Status
!= STATUS_SUCCESS
)
89 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status
);
93 LsaFreeMemory(OrigInfo
);
95 LsaClose(PolicyHandle
);
97 DomainNameInfo
.DomainName
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
98 DomainNameInfo
.DomainName
.MaximumLength
= (wcslen(DomainName
) + 1) * sizeof(WCHAR
);
99 DomainNameInfo
.DomainName
.Buffer
= (LPWSTR
)DomainName
;
101 Status
= SamConnect(NULL
,
103 SAM_SERVER_CONNECT
| SAM_SERVER_LOOKUP_DOMAIN
,
105 if (NT_SUCCESS(Status
))
107 Status
= SamOpenDomain(ServerHandle
,
108 DOMAIN_WRITE_OTHER_PARAMETERS
,
111 if (NT_SUCCESS(Status
))
113 Status
= SamSetInformationDomain(DomainHandle
,
114 DomainNameInformation
,
115 (PVOID
)&DomainNameInfo
);
116 if (!NT_SUCCESS(Status
))
118 DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status
);
121 SamCloseHandle(DomainHandle
);
125 DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status
);
128 SamCloseHandle(ServerHandle
);
137 InstallBuiltinAccounts(VOID
)
139 LPWSTR BuiltinAccounts
[] = {
140 L
"S-1-1-0", /* Everyone */
141 L
"S-1-5-4", /* Interactive */
142 L
"S-1-5-6", /* Service */
143 L
"S-1-5-19", /* Local Service */
144 L
"S-1-5-20", /* Network Service */
145 L
"S-1-5-32-544", /* Administrators */
146 L
"S-1-5-32-545", /* Users */
147 L
"S-1-5-32-547", /* Power Users */
148 L
"S-1-5-32-551", /* Backup Operators */
149 L
"S-1-5-32-555"}; /* Remote Desktop Users */
150 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
152 LSA_HANDLE PolicyHandle
= NULL
;
153 LSA_HANDLE AccountHandle
= NULL
;
157 DPRINT("InstallBuiltinAccounts()\n");
159 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
161 Status
= LsaOpenPolicy(NULL
,
163 POLICY_CREATE_ACCOUNT
,
165 if (!NT_SUCCESS(Status
))
167 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status
);
171 for (i
= 0; i
< 10; i
++)
173 if (!ConvertStringSidToSid(BuiltinAccounts
[i
], &AccountSid
))
175 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", BuiltinAccounts
[i
], GetLastError());
179 Status
= LsaCreateAccount(PolicyHandle
,
183 if (NT_SUCCESS(Status
))
185 LsaClose(AccountHandle
);
188 LocalFree(AccountSid
);
191 LsaClose(PolicyHandle
);
197 InstallPrivileges(VOID
)
199 HINF hSecurityInf
= INVALID_HANDLE_VALUE
;
200 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
201 WCHAR szPrivilegeString
[256];
202 WCHAR szSidString
[256];
203 INFCONTEXT InfContext
;
205 PRIVILEGE_SET PrivilegeSet
;
208 LSA_HANDLE PolicyHandle
= NULL
;
209 LSA_HANDLE AccountHandle
;
211 DPRINT("InstallPrivileges()\n");
213 hSecurityInf
= SetupOpenInfFileW(L
"defltws.inf", //szNameBuffer,
217 if (hSecurityInf
== INVALID_HANDLE_VALUE
)
219 DPRINT1("SetupOpenInfFileW failed\n");
223 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
225 Status
= LsaOpenPolicy(NULL
,
227 POLICY_CREATE_ACCOUNT
,
229 if (!NT_SUCCESS(Status
))
231 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status
);
235 if (!SetupFindFirstLineW(hSecurityInf
,
240 DPRINT1("SetupFindfirstLineW failed\n");
244 PrivilegeSet
.PrivilegeCount
= 1;
245 PrivilegeSet
.Control
= 0;
249 /* Retrieve the privilege name */
250 if (!SetupGetStringFieldW(&InfContext
,
256 DPRINT1("SetupGetStringFieldW() failed\n");
259 DPRINT("Privilege: %S\n", szPrivilegeString
);
261 if (!LookupPrivilegeValueW(NULL
,
263 &(PrivilegeSet
.Privilege
[0].Luid
)))
265 DPRINT1("LookupPrivilegeNameW() failed\n");
269 PrivilegeSet
.Privilege
[0].Attributes
= 0;
271 for (i
= 0; i
< SetupGetFieldCount(&InfContext
); i
++)
273 if (!SetupGetStringFieldW(&InfContext
,
279 DPRINT1("SetupGetStringFieldW() failed\n");
282 DPRINT("SID: %S\n", szSidString
);
284 if (!ConvertStringSidToSid(szSidString
, &AccountSid
))
286 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", szSidString
, GetLastError());
290 Status
= LsaOpenAccount(PolicyHandle
,
292 ACCOUNT_VIEW
| ACCOUNT_ADJUST_PRIVILEGES
,
294 if (NT_SUCCESS(Status
))
296 Status
= LsaAddPrivilegesToAccount(AccountHandle
,
298 if (!NT_SUCCESS(Status
))
300 DPRINT1("LsaAddPrivilegesToAccount() failed (Status %08lx)\n", Status
);
303 LsaClose(AccountHandle
);
306 LocalFree(AccountSid
);
310 while (SetupFindNextLine(&InfContext
, &InfContext
));
313 if (PolicyHandle
!= NULL
)
314 LsaClose(PolicyHandle
);
316 if (hSecurityInf
!= INVALID_HANDLE_VALUE
)
317 SetupCloseInfFile(hSecurityInf
);
321 InstallSecurity(VOID
)
323 InstallBuiltinAccounts();
329 SetAdministratorPassword(LPCWSTR Password
)
331 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo
= NULL
;
332 PUSER_ACCOUNT_NAME_INFORMATION AccountNameInfo
= NULL
;
333 USER_SET_PASSWORD_INFORMATION PasswordInfo
;
334 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
335 LSA_HANDLE PolicyHandle
= NULL
;
336 SAM_HANDLE ServerHandle
= NULL
;
337 SAM_HANDLE DomainHandle
= NULL
;
338 SAM_HANDLE UserHandle
= NULL
;
341 DPRINT("SYSSETUP: SetAdministratorPassword(%p)\n", Password
);
343 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
344 ObjectAttributes
.Length
= sizeof(LSA_OBJECT_ATTRIBUTES
);
346 Status
= LsaOpenPolicy(NULL
,
348 POLICY_VIEW_LOCAL_INFORMATION
| POLICY_TRUST_ADMIN
,
350 if (Status
!= STATUS_SUCCESS
)
352 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status
);
356 Status
= LsaQueryInformationPolicy(PolicyHandle
,
357 PolicyAccountDomainInformation
,
359 if (!NT_SUCCESS(Status
))
361 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status
);
365 Status
= SamConnect(NULL
,
367 SAM_SERVER_CONNECT
| SAM_SERVER_LOOKUP_DOMAIN
,
369 if (!NT_SUCCESS(Status
))
371 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status
);
375 Status
= SamOpenDomain(ServerHandle
,
379 if (!NT_SUCCESS(Status
))
381 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status
);
385 Status
= SamOpenUser(DomainHandle
,
386 USER_FORCE_PASSWORD_CHANGE
| USER_READ_GENERAL
,
387 DOMAIN_USER_RID_ADMIN
,
389 if (!NT_SUCCESS(Status
))
391 DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status
);
395 RtlInitUnicodeString(&PasswordInfo
.Password
, Password
);
396 PasswordInfo
.PasswordExpired
= FALSE
;
398 Status
= SamSetInformationUser(UserHandle
,
399 UserSetPasswordInformation
,
400 (PVOID
)&PasswordInfo
);
401 if (!NT_SUCCESS(Status
))
403 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status
);
407 Status
= SamQueryInformationUser(UserHandle
,
408 UserAccountNameInformation
,
409 (PVOID
*)&AccountNameInfo
);
410 if (!NT_SUCCESS(Status
))
412 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status
);
416 AdminInfo
.Name
= RtlAllocateHeap(RtlGetProcessHeap(),
418 AccountNameInfo
->UserName
.Length
+ sizeof(WCHAR
));
419 if (AdminInfo
.Name
!= NULL
)
420 RtlCopyMemory(AdminInfo
.Name
,
421 AccountNameInfo
->UserName
.Buffer
,
422 AccountNameInfo
->UserName
.Length
);
424 AdminInfo
.Domain
= RtlAllocateHeap(RtlGetProcessHeap(),
426 OrigInfo
->DomainName
.Length
+ sizeof(WCHAR
));
427 if (AdminInfo
.Domain
!= NULL
)
428 RtlCopyMemory(AdminInfo
.Domain
,
429 OrigInfo
->DomainName
.Buffer
,
430 OrigInfo
->DomainName
.Length
);
432 AdminInfo
.Password
= RtlAllocateHeap(RtlGetProcessHeap(),
434 (wcslen(Password
) + 1) * sizeof(WCHAR
));
435 if (AdminInfo
.Password
!= NULL
)
436 wcscpy(AdminInfo
.Password
, Password
);
438 DPRINT("Administrator Name: %S\n", AdminInfo
.Name
);
439 DPRINT("Administrator Domain: %S\n", AdminInfo
.Domain
);
440 DPRINT("Administrator Password: %S\n", AdminInfo
.Password
);
443 if (AccountNameInfo
!= NULL
)
444 SamFreeMemory(AccountNameInfo
);
446 if (OrigInfo
!= NULL
)
447 LsaFreeMemory(OrigInfo
);
449 if (PolicyHandle
!= NULL
)
450 LsaClose(PolicyHandle
);
452 if (UserHandle
!= NULL
)
453 SamCloseHandle(UserHandle
);
455 if (DomainHandle
!= NULL
)
456 SamCloseHandle(DomainHandle
);
458 if (ServerHandle
!= NULL
)
459 SamCloseHandle(ServerHandle
);
461 DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status
);
468 SetAutoAdminLogon(VOID
)
470 WCHAR szAutoAdminLogon
[2];
476 lError
= RegOpenKeyExW(HKEY_LOCAL_MACHINE
,
477 L
"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
479 KEY_READ
| KEY_WRITE
,
481 if (lError
!= ERROR_SUCCESS
)
484 dwSize
= 2 * sizeof(WCHAR
);
485 lError
= RegQueryValueExW(hKey
,
489 (LPBYTE
)szAutoAdminLogon
,
491 if (lError
!= ERROR_SUCCESS
)
494 if (wcscmp(szAutoAdminLogon
, L
"1") == 0)
500 (LPBYTE
)AdminInfo
.Domain
,
501 (wcslen(AdminInfo
.Domain
) + 1) * sizeof(WCHAR
));
507 (LPBYTE
)AdminInfo
.Name
,
508 (wcslen(AdminInfo
.Name
) + 1) * sizeof(WCHAR
));
514 (LPBYTE
)AdminInfo
.Password
,
515 (wcslen(AdminInfo
.Password
) + 1) * sizeof(WCHAR
));