2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * PURPOSE: System setup
5 * FILE: dll/win32/syssetup/security.c
9 /* INCLUDES *****************************************************************/
17 /* FUNCTIONS ****************************************************************/
20 SetAccountDomain(LPCWSTR DomainName
,
23 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo
= NULL
;
24 POLICY_ACCOUNT_DOMAIN_INFO Info
;
25 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
26 LSA_HANDLE PolicyHandle
;
28 SAM_HANDLE ServerHandle
= NULL
;
29 SAM_HANDLE DomainHandle
= NULL
;
30 DOMAIN_NAME_INFORMATION DomainNameInfo
;
34 DPRINT1("SYSSETUP: SetAccountDomain\n");
36 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
37 ObjectAttributes
.Length
= sizeof(LSA_OBJECT_ATTRIBUTES
);
39 Status
= LsaOpenPolicy(NULL
,
41 POLICY_VIEW_LOCAL_INFORMATION
| POLICY_TRUST_ADMIN
,
43 if (Status
!= STATUS_SUCCESS
)
45 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status
);
49 Status
= LsaQueryInformationPolicy(PolicyHandle
,
50 PolicyAccountDomainInformation
,
52 if (Status
== STATUS_SUCCESS
&& OrigInfo
!= NULL
)
54 if (DomainName
== NULL
)
56 Info
.DomainName
.Buffer
= OrigInfo
->DomainName
.Buffer
;
57 Info
.DomainName
.Length
= OrigInfo
->DomainName
.Length
;
58 Info
.DomainName
.MaximumLength
= OrigInfo
->DomainName
.MaximumLength
;
62 Info
.DomainName
.Buffer
= (LPWSTR
)DomainName
;
63 Info
.DomainName
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
64 Info
.DomainName
.MaximumLength
= Info
.DomainName
.Length
+ sizeof(WCHAR
);
67 if (DomainSid
== NULL
)
68 Info
.DomainSid
= OrigInfo
->DomainSid
;
70 Info
.DomainSid
= DomainSid
;
74 Info
.DomainName
.Buffer
= (LPWSTR
)DomainName
;
75 Info
.DomainName
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
76 Info
.DomainName
.MaximumLength
= Info
.DomainName
.Length
+ sizeof(WCHAR
);
77 Info
.DomainSid
= DomainSid
;
80 Status
= LsaSetInformationPolicy(PolicyHandle
,
81 PolicyAccountDomainInformation
,
83 if (Status
!= STATUS_SUCCESS
)
85 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status
);
89 LsaFreeMemory(OrigInfo
);
91 LsaClose(PolicyHandle
);
93 DomainNameInfo
.DomainName
.Length
= wcslen(DomainName
) * sizeof(WCHAR
);
94 DomainNameInfo
.DomainName
.MaximumLength
= (wcslen(DomainName
) + 1) * sizeof(WCHAR
);
95 DomainNameInfo
.DomainName
.Buffer
= (LPWSTR
)DomainName
;
97 Status
= SamConnect(NULL
,
99 SAM_SERVER_CONNECT
| SAM_SERVER_LOOKUP_DOMAIN
,
101 if (NT_SUCCESS(Status
))
103 Status
= SamOpenDomain(ServerHandle
,
104 DOMAIN_WRITE_OTHER_PARAMETERS
,
107 if (NT_SUCCESS(Status
))
109 Status
= SamSetInformationDomain(DomainHandle
,
110 DomainNameInformation
,
111 (PVOID
)&DomainNameInfo
);
112 if (!NT_SUCCESS(Status
))
114 DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status
);
117 SamCloseHandle(DomainHandle
);
121 DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status
);
124 SamCloseHandle(ServerHandle
);
133 InstallBuiltinAccounts(VOID
)
135 LPWSTR BuiltinAccounts
[] = {
136 L
"S-1-1-0", /* Everyone */
137 L
"S-1-5-4", /* Interactive */
138 L
"S-1-5-6", /* Service */
139 L
"S-1-5-19", /* Local Service */
140 L
"S-1-5-20", /* Network Service */
141 L
"S-1-5-32-544", /* Administrators */
142 L
"S-1-5-32-545", /* Users */
143 L
"S-1-5-32-547", /* Power Users */
144 L
"S-1-5-32-551", /* Backup Operators */
145 L
"S-1-5-32-555"}; /* Remote Desktop Users */
146 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
148 LSA_HANDLE PolicyHandle
= NULL
;
149 LSA_HANDLE AccountHandle
= NULL
;
153 DPRINT("InstallBuiltinAccounts()\n");
155 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
157 Status
= LsaOpenPolicy(NULL
,
159 POLICY_CREATE_ACCOUNT
,
161 if (!NT_SUCCESS(Status
))
163 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status
);
167 for (i
= 0; i
< 10; i
++)
169 ConvertStringSidToSid(BuiltinAccounts
[i
], &AccountSid
);
171 Status
= LsaCreateAccount(PolicyHandle
,
175 if (NT_SUCCESS(Status
))
177 LsaClose(AccountHandle
);
180 LocalFree(AccountSid
);
183 LsaClose(PolicyHandle
);
189 InstallPrivileges(VOID
)
191 HINF hSecurityInf
= INVALID_HANDLE_VALUE
;
192 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
193 WCHAR szPrivilegeString
[256];
194 WCHAR szSidString
[256];
195 INFCONTEXT InfContext
;
197 PRIVILEGE_SET PrivilegeSet
;
200 LSA_HANDLE PolicyHandle
= NULL
;
201 LSA_HANDLE AccountHandle
;
203 DPRINT("InstallPrivileges()\n");
205 hSecurityInf
= SetupOpenInfFileW(L
"defltws.inf", //szNameBuffer,
209 if (hSecurityInf
== INVALID_HANDLE_VALUE
)
211 DPRINT1("SetupOpenInfFileW failed\n");
215 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
217 Status
= LsaOpenPolicy(NULL
,
219 POLICY_CREATE_ACCOUNT
,
221 if (!NT_SUCCESS(Status
))
223 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status
);
227 if (!SetupFindFirstLineW(hSecurityInf
,
232 DPRINT1("SetupFindfirstLineW failed\n");
236 PrivilegeSet
.PrivilegeCount
= 1;
237 PrivilegeSet
.Control
= 0;
241 /* Retrieve the privilege name */
242 if (!SetupGetStringFieldW(&InfContext
,
248 DPRINT1("SetupGetStringFieldW() failed\n");
251 DPRINT("Privilege: %S\n", szPrivilegeString
);
253 if (!LookupPrivilegeValueW(NULL
,
255 &(PrivilegeSet
.Privilege
[0].Luid
)))
257 DPRINT1("LookupPrivilegeNameW() failed\n");
261 PrivilegeSet
.Privilege
[0].Attributes
= 0;
263 for (i
= 0; i
< SetupGetFieldCount(&InfContext
); i
++)
265 if (!SetupGetStringFieldW(&InfContext
,
271 DPRINT1("SetupGetStringFieldW() failed\n");
274 DPRINT("SID: %S\n", szSidString
);
276 ConvertStringSidToSid(szSidString
, &AccountSid
);
278 Status
= LsaOpenAccount(PolicyHandle
,
280 ACCOUNT_VIEW
| ACCOUNT_ADJUST_PRIVILEGES
,
282 if (NT_SUCCESS(Status
))
284 Status
= LsaAddPrivilegesToAccount(AccountHandle
,
286 if (!NT_SUCCESS(Status
))
288 DPRINT1("LsaAddPrivilegesToAccount() failed (Status %08lx)\n", Status
);
291 LsaClose(AccountHandle
);
294 LocalFree(AccountSid
);
298 while (SetupFindNextLine(&InfContext
, &InfContext
));
301 if (PolicyHandle
!= NULL
)
302 LsaClose(PolicyHandle
);
304 if (hSecurityInf
!= INVALID_HANDLE_VALUE
)
305 SetupCloseInfFile(hSecurityInf
);
309 InstallSecurity(VOID
)
311 InstallBuiltinAccounts();
317 SetAdministratorPassword(LPCWSTR Password
)
319 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo
= NULL
;
320 USER_SET_PASSWORD_INFORMATION PasswordInfo
;
321 LSA_OBJECT_ATTRIBUTES ObjectAttributes
;
322 LSA_HANDLE PolicyHandle
= NULL
;
323 SAM_HANDLE ServerHandle
= NULL
;
324 SAM_HANDLE DomainHandle
= NULL
;
325 SAM_HANDLE UserHandle
= NULL
;
328 DPRINT1("SYSSETUP: SetAdministratorPassword(%S)\n", Password
);
330 memset(&ObjectAttributes
, 0, sizeof(LSA_OBJECT_ATTRIBUTES
));
331 ObjectAttributes
.Length
= sizeof(LSA_OBJECT_ATTRIBUTES
);
333 Status
= LsaOpenPolicy(NULL
,
335 POLICY_VIEW_LOCAL_INFORMATION
| POLICY_TRUST_ADMIN
,
337 if (Status
!= STATUS_SUCCESS
)
339 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status
);
343 Status
= LsaQueryInformationPolicy(PolicyHandle
,
344 PolicyAccountDomainInformation
,
346 if (!NT_SUCCESS(Status
))
348 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status
);
352 Status
= SamConnect(NULL
,
354 SAM_SERVER_CONNECT
| SAM_SERVER_LOOKUP_DOMAIN
,
356 if (!NT_SUCCESS(Status
))
358 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status
);
362 Status
= SamOpenDomain(ServerHandle
,
366 if (!NT_SUCCESS(Status
))
368 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status
);
372 Status
= SamOpenUser(DomainHandle
,
373 USER_FORCE_PASSWORD_CHANGE
,
374 DOMAIN_USER_RID_ADMIN
, /* 500 */
376 if (!NT_SUCCESS(Status
))
378 DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status
);
382 RtlInitUnicodeString(&PasswordInfo
.Password
, Password
);
383 PasswordInfo
.PasswordExpired
= FALSE
;
385 Status
= SamSetInformationUser(UserHandle
,
386 UserSetPasswordInformation
,
387 (PVOID
)&PasswordInfo
);
388 if (!NT_SUCCESS(Status
))
390 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status
);
395 if (OrigInfo
!= NULL
)
396 LsaFreeMemory(OrigInfo
);
398 if (PolicyHandle
!= NULL
)
399 LsaClose(PolicyHandle
);
401 if (UserHandle
!= NULL
)
402 SamCloseHandle(UserHandle
);
404 if (DomainHandle
!= NULL
)
405 SamCloseHandle(DomainHandle
);
407 if (ServerHandle
!= NULL
)
408 SamCloseHandle(ServerHandle
);
410 DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status
);