projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[THEMES]
[reactos.git] / reactos / dll / win32 / syssetup / security.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * PURPOSE: System setup
5 * FILE: dll/win32/syssetup/security.c
6 * PROGRAMER: Eric Kohl
7 */
8
9 /* INCLUDES *****************************************************************/
10
11 #include "precomp.h"
12
13 #define NDEBUG
14 #include <debug.h>
15
16
17 /* FUNCTIONS ****************************************************************/
18
19 NTSTATUS
20 SetAccountDomain(LPCWSTR DomainName,
21 PSID DomainSid)
22 {
23 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
24 POLICY_ACCOUNT_DOMAIN_INFO Info;
25 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
26 LSA_HANDLE PolicyHandle;
27
28 SAM_HANDLE ServerHandle = NULL;
29 SAM_HANDLE DomainHandle = NULL;
30 DOMAIN_NAME_INFORMATION DomainNameInfo;
31
32 NTSTATUS Status;
33
34 DPRINT1("SYSSETUP: SetAccountDomain\n");
35
36 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
37 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
38
39 Status = LsaOpenPolicy(NULL,
40 &ObjectAttributes,
41 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
42 &PolicyHandle);
43 if (Status != STATUS_SUCCESS)
44 {
45 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
46 return Status;
47 }
48
49 Status = LsaQueryInformationPolicy(PolicyHandle,
50 PolicyAccountDomainInformation,
51 (PVOID *)&OrigInfo);
52 if (Status == STATUS_SUCCESS && OrigInfo != NULL)
53 {
54 if (DomainName == NULL)
55 {
56 Info.DomainName.Buffer = OrigInfo->DomainName.Buffer;
57 Info.DomainName.Length = OrigInfo->DomainName.Length;
58 Info.DomainName.MaximumLength = OrigInfo->DomainName.MaximumLength;
59 }
60 else
61 {
62 Info.DomainName.Buffer = (LPWSTR)DomainName;
63 Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
64 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
65 }
66
67 if (DomainSid == NULL)
68 Info.DomainSid = OrigInfo->DomainSid;
69 else
70 Info.DomainSid = DomainSid;
71 }
72 else
73 {
74 Info.DomainName.Buffer = (LPWSTR)DomainName;
75 Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
76 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
77 Info.DomainSid = DomainSid;
78 }
79
80 Status = LsaSetInformationPolicy(PolicyHandle,
81 PolicyAccountDomainInformation,
82 (PVOID)&Info);
83 if (Status != STATUS_SUCCESS)
84 {
85 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status);
86 }
87
88 if (OrigInfo != NULL)
89 LsaFreeMemory(OrigInfo);
90
91 LsaClose(PolicyHandle);
92
93 DomainNameInfo.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
94 DomainNameInfo.DomainName.MaximumLength = (wcslen(DomainName) + 1) * sizeof(WCHAR);
95 DomainNameInfo.DomainName.Buffer = (LPWSTR)DomainName;
96
97 Status = SamConnect(NULL,
98 &ServerHandle,
99 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
100 NULL);
101 if (NT_SUCCESS(Status))
102 {
103 Status = SamOpenDomain(ServerHandle,
104 DOMAIN_WRITE_OTHER_PARAMETERS,
105 Info.DomainSid,
106 &DomainHandle);
107 if (NT_SUCCESS(Status))
108 {
109 Status = SamSetInformationDomain(DomainHandle,
110 DomainNameInformation,
111 (PVOID)&DomainNameInfo);
112 if (!NT_SUCCESS(Status))
113 {
114 DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status);
115 }
116
117 SamCloseHandle(DomainHandle);
118 }
119 else
120 {
121 DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status);
122 }
123
124 SamCloseHandle(ServerHandle);
125 }
126
127 return Status;
128 }
129
130
131 static
132 VOID
133 InstallBuiltinAccounts(VOID)
134 {
135 LPWSTR BuiltinAccounts[] = {
136 L"S-1-1-0", /* Everyone */
137 L"S-1-5-4", /* Interactive */
138 L"S-1-5-6", /* Service */
139 L"S-1-5-19", /* Local Service */
140 L"S-1-5-20", /* Network Service */
141 L"S-1-5-32-544", /* Administrators */
142 L"S-1-5-32-545", /* Users */
143 L"S-1-5-32-547", /* Power Users */
144 L"S-1-5-32-551", /* Backup Operators */
145 L"S-1-5-32-555"}; /* Remote Desktop Users */
146 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
147 NTSTATUS Status;
148 LSA_HANDLE PolicyHandle = NULL;
149 LSA_HANDLE AccountHandle = NULL;
150 PSID AccountSid;
151 ULONG i;
152
153 DPRINT("InstallBuiltinAccounts()\n");
154
155 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
156
157 Status = LsaOpenPolicy(NULL,
158 &ObjectAttributes,
159 POLICY_CREATE_ACCOUNT,
160 &PolicyHandle);
161 if (!NT_SUCCESS(Status))
162 {
163 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
164 return;
165 }
166
167 for (i = 0; i < 10; i++)
168 {
169 ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid);
170
171 Status = LsaCreateAccount(PolicyHandle,
172 AccountSid,
173 0,
174 &AccountHandle);
175 if (NT_SUCCESS(Status))
176 {
177 LsaClose(AccountHandle);
178 }
179
180 LocalFree(AccountSid);
181 }
182
183 LsaClose(PolicyHandle);
184 }
185
186
187 static
188 VOID
189 InstallPrivileges(VOID)
190 {
191 HINF hSecurityInf = INVALID_HANDLE_VALUE;
192 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
193 WCHAR szPrivilegeString[256];
194 WCHAR szSidString[256];
195 INFCONTEXT InfContext;
196 DWORD i;
197 PRIVILEGE_SET PrivilegeSet;
198 PSID AccountSid;
199 NTSTATUS Status;
200 LSA_HANDLE PolicyHandle = NULL;
201 LSA_HANDLE AccountHandle;
202
203 DPRINT("InstallPrivileges()\n");
204
205 hSecurityInf = SetupOpenInfFileW(L"defltws.inf", //szNameBuffer,
206 NULL,
207 INF_STYLE_WIN4,
208 NULL);
209 if (hSecurityInf == INVALID_HANDLE_VALUE)
210 {
211 DPRINT1("SetupOpenInfFileW failed\n");
212 return;
213 }
214
215 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
216
217 Status = LsaOpenPolicy(NULL,
218 &ObjectAttributes,
219 POLICY_CREATE_ACCOUNT,
220 &PolicyHandle);
221 if (!NT_SUCCESS(Status))
222 {
223 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
224 goto done;
225 }
226
227 if (!SetupFindFirstLineW(hSecurityInf,
228 L"Privilege Rights",
229 NULL,
230 &InfContext))
231 {
232 DPRINT1("SetupFindfirstLineW failed\n");
233 goto done;
234 }
235
236 PrivilegeSet.PrivilegeCount = 1;
237 PrivilegeSet.Control = 0;
238
239 do
240 {
241 /* Retrieve the privilege name */
242 if (!SetupGetStringFieldW(&InfContext,
243 0,
244 szPrivilegeString,
245 256,
246 NULL))
247 {
248 DPRINT1("SetupGetStringFieldW() failed\n");
249 goto done;
250 }
251 DPRINT("Privilege: %S\n", szPrivilegeString);
252
253 if (!LookupPrivilegeValueW(NULL,
254 szPrivilegeString,
255 &(PrivilegeSet.Privilege[0].Luid)))
256 {
257 DPRINT1("LookupPrivilegeNameW() failed\n");
258 goto done;
259 }
260
261 PrivilegeSet.Privilege[0].Attributes = 0;
262
263 for (i = 0; i < SetupGetFieldCount(&InfContext); i++)
264 {
265 if (!SetupGetStringFieldW(&InfContext,
266 i + 1,
267 szSidString,
268 256,
269 NULL))
270 {
271 DPRINT1("SetupGetStringFieldW() failed\n");
272 goto done;
273 }
274 DPRINT("SID: %S\n", szSidString);
275
276 ConvertStringSidToSid(szSidString, &AccountSid);
277
278 Status = LsaOpenAccount(PolicyHandle,
279 AccountSid,
280 ACCOUNT_VIEW | ACCOUNT_ADJUST_PRIVILEGES,
281 &AccountHandle);
282 if (NT_SUCCESS(Status))
283 {
284 Status = LsaAddPrivilegesToAccount(AccountHandle,
285 &PrivilegeSet);
286 if (!NT_SUCCESS(Status))
287 {
288 DPRINT1("LsaAddPrivilegesToAccount() failed (Status %08lx)\n", Status);
289 }
290
291 LsaClose(AccountHandle);
292 }
293
294 LocalFree(AccountSid);
295 }
296
297 }
298 while (SetupFindNextLine(&InfContext, &InfContext));
299
300 done:
301 if (PolicyHandle != NULL)
302 LsaClose(PolicyHandle);
303
304 if (hSecurityInf != INVALID_HANDLE_VALUE)
305 SetupCloseInfFile(hSecurityInf);
306 }
307
308 VOID
309 InstallSecurity(VOID)
310 {
311 InstallBuiltinAccounts();
312 InstallPrivileges();
313 }
314
315
316 NTSTATUS
317 SetAdministratorPassword(LPCWSTR Password)
318 {
319 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
320 USER_SET_PASSWORD_INFORMATION PasswordInfo;
321 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
322 LSA_HANDLE PolicyHandle = NULL;
323 SAM_HANDLE ServerHandle = NULL;
324 SAM_HANDLE DomainHandle = NULL;
325 SAM_HANDLE UserHandle = NULL;
326 NTSTATUS Status;
327
328 DPRINT1("SYSSETUP: SetAdministratorPassword(%S)\n", Password);
329
330 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
331 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
332
333 Status = LsaOpenPolicy(NULL,
334 &ObjectAttributes,
335 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
336 &PolicyHandle);
337 if (Status != STATUS_SUCCESS)
338 {
339 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
340 return Status;
341 }
342
343 Status = LsaQueryInformationPolicy(PolicyHandle,
344 PolicyAccountDomainInformation,
345 (PVOID *)&OrigInfo);
346 if (!NT_SUCCESS(Status))
347 {
348 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
349 goto done;
350 }
351
352 Status = SamConnect(NULL,
353 &ServerHandle,
354 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
355 NULL);
356 if (!NT_SUCCESS(Status))
357 {
358 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
359 goto done;
360 }
361
362 Status = SamOpenDomain(ServerHandle,
363 DOMAIN_LOOKUP,
364 OrigInfo->DomainSid,
365 &DomainHandle);
366 if (!NT_SUCCESS(Status))
367 {
368 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
369 goto done;
370 }
371
372 Status = SamOpenUser(DomainHandle,
373 USER_FORCE_PASSWORD_CHANGE,
374 DOMAIN_USER_RID_ADMIN, /* 500 */
375 &UserHandle);
376 if (!NT_SUCCESS(Status))
377 {
378 DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status);
379 goto done;
380 }
381
382 RtlInitUnicodeString(&PasswordInfo.Password, Password);
383 PasswordInfo.PasswordExpired = FALSE;
384
385 Status = SamSetInformationUser(UserHandle,
386 UserSetPasswordInformation,
387 (PVOID)&PasswordInfo);
388 if (!NT_SUCCESS(Status))
389 {
390 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status);
391 goto done;
392 }
393
394 done:
395 if (OrigInfo != NULL)
396 LsaFreeMemory(OrigInfo);
397
398 if (PolicyHandle != NULL)
399 LsaClose(PolicyHandle);
400
401 if (UserHandle != NULL)
402 SamCloseHandle(UserHandle);
403
404 if (DomainHandle != NULL)
405 SamCloseHandle(DomainHandle);
406
407 if (ServerHandle != NULL)
408 SamCloseHandle(ServerHandle);
409
410 DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status);
411
412 return Status;
413 }
414
415 /* EOF */
416
A free Windows-compatible Operating System