- BYTE LocalSystemBuffer[SECURITY_MAX_SID_SIZE];
- BYTE InteractiveBuffer[SECURITY_MAX_SID_SIZE];
- PSID pLocalSystemSid = (PSID)&LocalSystemBuffer;
- PSID pInteractiveSid = (PSID)InteractiveBuffer;
- DWORD SidSize, AclSize;
- PACL pDefaultAcl = NULL;
- PACL pUserDesktopAcl = NULL;
- SECURITY_DESCRIPTOR DefaultSecurityDescriptor;
- SECURITY_ATTRIBUTES DefaultSecurity;
- SECURITY_DESCRIPTOR UserDesktopSecurityDescriptor;
- SECURITY_ATTRIBUTES UserDesktopSecurity;
- BOOL ret = FALSE;
-
- /*
- * Prepare information for ACLs we will apply
- */
- SidSize = SECURITY_MAX_SID_SIZE;
- if (!CreateWellKnownSid(WinLocalSystemSid, NULL, pLocalSystemSid, &SidSize))
- {
- ERR("WL: CreateWellKnownSid() failed (error %lu)\n", GetLastError());
- goto cleanup;
- }
- SidSize = SECURITY_MAX_SID_SIZE;
- if (!CreateWellKnownSid(WinInteractiveSid, NULL, pInteractiveSid, &SidSize))
- {
- ERR("WL: CreateWellKnownSid() failed (error %lu)\n", GetLastError());
- goto cleanup;
- }
-
- AclSize = sizeof(ACL)
- + FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(pLocalSystemSid)
- + FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(pInteractiveSid);
- pDefaultAcl = HeapAlloc(GetProcessHeap(), 0, AclSize);
- pUserDesktopAcl = HeapAlloc(GetProcessHeap(), 0, AclSize);
- if (!pDefaultAcl || !pUserDesktopAcl)
- {
- ERR("WL: HeapAlloc() failed\n");
- goto cleanup;
- }
-
- if (!InitializeAcl(pDefaultAcl, AclSize, ACL_REVISION)
- || !InitializeAcl(pUserDesktopAcl, AclSize, ACL_REVISION))
- {
- ERR("WL: InitializeAcl() failed (error %lu)\n", GetLastError());
- goto cleanup;
- }
-
- /*
- * Create default ACL (window station, winlogon desktop, screen saver desktop)
- */
- if (!AddAccessAllowedAce(pDefaultAcl, ACL_REVISION, GENERIC_ALL, pLocalSystemSid)
- || !AddAccessAllowedAce(pDefaultAcl, ACL_REVISION, GENERIC_READ, pInteractiveSid))
- {
- ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
- goto cleanup;
- }
-
- /*
- * Create the default security descriptor
- */
- if (!InitializeSecurityDescriptor(&DefaultSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
- {
- ERR("WL: InitializeSecurityDescriptor() failed (error %lu)\n", GetLastError());
- goto cleanup;
- }
-
- if (!SetSecurityDescriptorDacl(&DefaultSecurityDescriptor, TRUE, pDefaultAcl, FALSE))
- {
- ERR("WL: SetSecurityDescriptorDacl() failed (error %lu)\n", GetLastError());
- goto cleanup;
- }
-
- DefaultSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
- DefaultSecurity.lpSecurityDescriptor = &DefaultSecurityDescriptor;
- DefaultSecurity.bInheritHandle = TRUE;
-
- /*
- * Create user desktop ACL
- */
- if (!AddAccessAllowedAce(pUserDesktopAcl, ACL_REVISION, GENERIC_ALL, pLocalSystemSid)
- || !AddAccessAllowedAce(pUserDesktopAcl, ACL_REVISION, GENERIC_ALL, pInteractiveSid))
- {
- ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
- goto cleanup;
- }
-
- /*
- * Create the user desktop security descriptor
- */
- if (!InitializeSecurityDescriptor(&UserDesktopSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
- {
- ERR("WL: InitializeSecurityDescriptor() failed (error %lu)\n", GetLastError());
- goto cleanup;
- }
-
- if (!SetSecurityDescriptorDacl(&UserDesktopSecurityDescriptor, TRUE, pUserDesktopAcl, FALSE))
- {
- ERR("WL: SetSecurityDescriptorDacl() failed (error %lu)\n", GetLastError());
- goto cleanup;
- }
-
- UserDesktopSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
- UserDesktopSecurity.lpSecurityDescriptor = &UserDesktopSecurityDescriptor;
- UserDesktopSecurity.bInheritHandle = TRUE;
-
- /*
- * Create the interactive window station
- */
- Session->InteractiveWindowStationName = L"WinSta0";
- Session->InteractiveWindowStation = CreateWindowStationW(
- Session->InteractiveWindowStationName,
- 0,
- GENERIC_ALL,
- &DefaultSecurity);
- if (!Session->InteractiveWindowStation)
- {
- ERR("WL: Failed to create window station (%lu)\n", GetLastError());
- goto cleanup;
- }
- if (!SetProcessWindowStation(Session->InteractiveWindowStation))
- {
- ERR("WL: SetProcessWindowStation() failed (error %lu)\n", GetLastError());
- goto cleanup;
- }
-
- /*
- * Create the application desktop
- */
- Session->ApplicationDesktop = CreateDesktopW(
- L"Default",
- NULL,
- NULL,
- 0, /* FIXME: Add DF_ALLOWOTHERACCOUNTHOOK flag? */
- GENERIC_ALL,
- &UserDesktopSecurity);
- if (!Session->ApplicationDesktop)
- {
- ERR("WL: Failed to create Default desktop (%lu)\n", GetLastError());
- goto cleanup;
- }
-
- /*
- * Create the winlogon desktop
- */
- Session->WinlogonDesktop = CreateDesktopW(
- L"Winlogon",
- NULL,
- NULL,
- 0,
- GENERIC_ALL,
- &DefaultSecurity);
- if (!Session->WinlogonDesktop)
- {
- ERR("WL: Failed to create Winlogon desktop (%lu)\n", GetLastError());
- goto cleanup;
- }
-
- /*
- * Create the screen saver desktop
- */
- Session->ScreenSaverDesktop = CreateDesktopW(
- L"Screen-Saver",
- NULL,
- NULL,
- 0,
- GENERIC_ALL,
- &DefaultSecurity);
- if(!Session->ScreenSaverDesktop)
- {
- ERR("WL: Failed to create Screen-Saver desktop (%lu)\n", GetLastError());
- goto cleanup;
- }
-
- /*
- * Switch to winlogon desktop
- */
- if (!SetThreadDesktop(Session->WinlogonDesktop) ||
- !SwitchDesktop(Session->WinlogonDesktop))
- {
- ERR("WL: Cannot switch to Winlogon desktop (%lu)\n", GetLastError());
- goto cleanup;
- }
-
- ret = TRUE;
+ BYTE LocalSystemBuffer[SECURITY_MAX_SID_SIZE];
+ BYTE InteractiveBuffer[SECURITY_MAX_SID_SIZE];
+ PSID pLocalSystemSid = (PSID)&LocalSystemBuffer;
+ PSID pInteractiveSid = (PSID)InteractiveBuffer;
+ DWORD SidSize, AclSize;
+ PACL pDefaultAcl = NULL;
+ PACL pUserDesktopAcl = NULL;
+ SECURITY_DESCRIPTOR DefaultSecurityDescriptor;
+ SECURITY_ATTRIBUTES DefaultSecurity;
+ SECURITY_DESCRIPTOR UserDesktopSecurityDescriptor;
+ SECURITY_ATTRIBUTES UserDesktopSecurity;
+ BOOL ret = FALSE;
+
+ /*
+ * Prepare information for ACLs we will apply
+ */
+ SidSize = SECURITY_MAX_SID_SIZE;
+ if (!CreateWellKnownSid(WinLocalSystemSid, NULL, pLocalSystemSid, &SidSize))
+ {
+ ERR("WL: CreateWellKnownSid() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
+ SidSize = SECURITY_MAX_SID_SIZE;
+ if (!CreateWellKnownSid(WinInteractiveSid, NULL, pInteractiveSid, &SidSize))
+ {
+ ERR("WL: CreateWellKnownSid() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
+
+ AclSize = sizeof(ACL)
+ + FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(pLocalSystemSid)
+ + FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(pInteractiveSid);
+ pDefaultAcl = HeapAlloc(GetProcessHeap(), 0, AclSize);
+ pUserDesktopAcl = HeapAlloc(GetProcessHeap(), 0, AclSize);
+ if (!pDefaultAcl || !pUserDesktopAcl)
+ {
+ ERR("WL: HeapAlloc() failed\n");
+ goto cleanup;
+ }
+
+ if (!InitializeAcl(pDefaultAcl, AclSize, ACL_REVISION)
+ || !InitializeAcl(pUserDesktopAcl, AclSize, ACL_REVISION))
+ {
+ ERR("WL: InitializeAcl() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
+
+ /*
+ * Create default ACL (window station, winlogon desktop, screen saver desktop)
+ */
+ if (!AddAccessAllowedAce(pDefaultAcl, ACL_REVISION, GENERIC_ALL, pLocalSystemSid)
+ || !AddAccessAllowedAce(pDefaultAcl, ACL_REVISION, GENERIC_READ, pInteractiveSid))
+ {
+ ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
+
+ /*
+ * Create the default security descriptor
+ */
+ if (!InitializeSecurityDescriptor(&DefaultSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
+ {
+ ERR("WL: InitializeSecurityDescriptor() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
+
+ if (!SetSecurityDescriptorDacl(&DefaultSecurityDescriptor, TRUE, pDefaultAcl, FALSE))
+ {
+ ERR("WL: SetSecurityDescriptorDacl() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
+
+ DefaultSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
+ DefaultSecurity.lpSecurityDescriptor = &DefaultSecurityDescriptor;
+ DefaultSecurity.bInheritHandle = TRUE;
+
+ /*
+ * Create user desktop ACL
+ */
+ if (!AddAccessAllowedAce(pUserDesktopAcl, ACL_REVISION, GENERIC_ALL, pLocalSystemSid)
+ || !AddAccessAllowedAce(pUserDesktopAcl, ACL_REVISION, GENERIC_ALL, pInteractiveSid))
+ {
+ ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
+
+ /*
+ * Create the user desktop security descriptor
+ */
+ if (!InitializeSecurityDescriptor(&UserDesktopSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
+ {
+ ERR("WL: InitializeSecurityDescriptor() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
+
+ if (!SetSecurityDescriptorDacl(&UserDesktopSecurityDescriptor, TRUE, pUserDesktopAcl, FALSE))
+ {
+ ERR("WL: SetSecurityDescriptorDacl() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
+
+ UserDesktopSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
+ UserDesktopSecurity.lpSecurityDescriptor = &UserDesktopSecurityDescriptor;
+ UserDesktopSecurity.bInheritHandle = TRUE;
+
+ /*
+ * Create the interactive window station
+ */
+ Session->InteractiveWindowStationName = L"WinSta0";
+ Session->InteractiveWindowStation = CreateWindowStationW(
+ Session->InteractiveWindowStationName,
+ 0,
+ GENERIC_ALL,
+ &DefaultSecurity);
+ if (!Session->InteractiveWindowStation)
+ {
+ ERR("WL: Failed to create window station (%lu)\n", GetLastError());
+ goto cleanup;
+ }
+ if (!SetProcessWindowStation(Session->InteractiveWindowStation))
+ {
+ ERR("WL: SetProcessWindowStation() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
+
+ /*
+ * Create the application desktop
+ */
+ Session->ApplicationDesktop = CreateDesktopW(
+ L"Default",
+ NULL,
+ NULL,
+ 0, /* FIXME: Add DF_ALLOWOTHERACCOUNTHOOK flag? */
+ GENERIC_ALL,
+ &UserDesktopSecurity);
+ if (!Session->ApplicationDesktop)
+ {
+ ERR("WL: Failed to create Default desktop (%lu)\n", GetLastError());
+ goto cleanup;
+ }
+
+ /*
+ * Create the winlogon desktop
+ */
+ Session->WinlogonDesktop = CreateDesktopW(
+ L"Winlogon",
+ NULL,
+ NULL,
+ 0,
+ GENERIC_ALL,
+ &DefaultSecurity);
+ if (!Session->WinlogonDesktop)
+ {
+ ERR("WL: Failed to create Winlogon desktop (%lu)\n", GetLastError());
+ goto cleanup;
+ }
+
+ /*
+ * Create the screen saver desktop
+ */
+ Session->ScreenSaverDesktop = CreateDesktopW(
+ L"Screen-Saver",
+ NULL,
+ NULL,
+ 0,
+ GENERIC_ALL,
+ &DefaultSecurity);
+ if(!Session->ScreenSaverDesktop)
+ {
+ ERR("WL: Failed to create Screen-Saver desktop (%lu)\n", GetLastError());
+ goto cleanup;
+ }
+
+ /*
+ * Switch to winlogon desktop
+ */
+ if (!SetThreadDesktop(Session->WinlogonDesktop) ||
+ !SwitchDesktop(Session->WinlogonDesktop))
+ {
+ ERR("WL: Cannot switch to Winlogon desktop (%lu)\n", GetLastError());
+ goto cleanup;
+ }
+
+ ret = TRUE;