#include "precomp.h"
+#include <ntlsa.h>
+#include <ntsecapi.h>
+#include <ntsam.h>
+#include <sddl.h>
+
#define NDEBUG
#include <debug.h>
-
/* FUNCTIONS ****************************************************************/
NTSTATUS
NTSTATUS Status;
- DPRINT1("SYSSETUP: SetAccountDomain\n");
+ DPRINT("SYSSETUP: SetAccountDomain\n");
memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
}
+/* Hack */
+static
+NTSTATUS
+SetPrimaryDomain(LPCWSTR DomainName,
+ PSID DomainSid)
+{
+ PPOLICY_PRIMARY_DOMAIN_INFO OrigInfo = NULL;
+ POLICY_PRIMARY_DOMAIN_INFO Info;
+ LSA_OBJECT_ATTRIBUTES ObjectAttributes;
+ LSA_HANDLE PolicyHandle;
+ NTSTATUS Status;
+
+ DPRINT1("SYSSETUP: SetPrimaryDomain()\n");
+
+ memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
+ ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
+
+ Status = LsaOpenPolicy(NULL,
+ &ObjectAttributes,
+ POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
+ &PolicyHandle);
+ if (Status != STATUS_SUCCESS)
+ {
+ DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
+ return Status;
+ }
+
+ Status = LsaQueryInformationPolicy(PolicyHandle,
+ PolicyPrimaryDomainInformation,
+ (PVOID *)&OrigInfo);
+ if (Status == STATUS_SUCCESS && OrigInfo != NULL)
+ {
+ if (DomainName == NULL)
+ {
+ Info.Name.Buffer = OrigInfo->Name.Buffer;
+ Info.Name.Length = OrigInfo->Name.Length;
+ Info.Name.MaximumLength = OrigInfo->Name.MaximumLength;
+ }
+ else
+ {
+ Info.Name.Buffer = (LPWSTR)DomainName;
+ Info.Name.Length = wcslen(DomainName) * sizeof(WCHAR);
+ Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR);
+ }
+
+ if (DomainSid == NULL)
+ Info.Sid = OrigInfo->Sid;
+ else
+ Info.Sid = DomainSid;
+ }
+ else
+ {
+ Info.Name.Buffer = (LPWSTR)DomainName;
+ Info.Name.Length = wcslen(DomainName) * sizeof(WCHAR);
+ Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR);
+ Info.Sid = DomainSid;
+ }
+
+ Status = LsaSetInformationPolicy(PolicyHandle,
+ PolicyPrimaryDomainInformation,
+ (PVOID)&Info);
+ if (Status != STATUS_SUCCESS)
+ {
+ DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status);
+ }
+
+ if (OrigInfo != NULL)
+ LsaFreeMemory(OrigInfo);
+
+ LsaClose(PolicyHandle);
+
+ return Status;
+}
+
+
static
VOID
InstallBuiltinAccounts(VOID)
for (i = 0; i < 10; i++)
{
- ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid);
+ if (!ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid))
+ {
+ DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", BuiltinAccounts[i], GetLastError());
+ continue;
+ }
Status = LsaCreateAccount(PolicyHandle,
AccountSid,
}
DPRINT("SID: %S\n", szSidString);
- ConvertStringSidToSid(szSidString, &AccountSid);
+ if (!ConvertStringSidToSid(szSidString, &AccountSid))
+ {
+ DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", szSidString, GetLastError());
+ continue;
+ }
Status = LsaOpenAccount(PolicyHandle,
AccountSid,
SetupCloseInfFile(hSecurityInf);
}
+
VOID
InstallSecurity(VOID)
{
InstallBuiltinAccounts();
InstallPrivileges();
+
+ /* Hack */
+ SetPrimaryDomain(L"WORKGROUP", NULL);
}
SetAdministratorPassword(LPCWSTR Password)
{
PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
+ PUSER_ACCOUNT_NAME_INFORMATION AccountNameInfo = NULL;
USER_SET_PASSWORD_INFORMATION PasswordInfo;
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
LSA_HANDLE PolicyHandle = NULL;
SAM_HANDLE UserHandle = NULL;
NTSTATUS Status;
- DPRINT1("SYSSETUP: SetAdministratorPassword(%S)\n", Password);
+ DPRINT("SYSSETUP: SetAdministratorPassword(%p)\n", Password);
memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
}
Status = SamOpenUser(DomainHandle,
- USER_FORCE_PASSWORD_CHANGE,
- DOMAIN_USER_RID_ADMIN, /* 500 */
+ USER_FORCE_PASSWORD_CHANGE | USER_READ_GENERAL,
+ DOMAIN_USER_RID_ADMIN,
&UserHandle);
if (!NT_SUCCESS(Status))
{
goto done;
}
+ Status = SamQueryInformationUser(UserHandle,
+ UserAccountNameInformation,
+ (PVOID*)&AccountNameInfo);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status);
+ goto done;
+ }
+
+ AdminInfo.Name = RtlAllocateHeap(RtlGetProcessHeap(),
+ HEAP_ZERO_MEMORY,
+ AccountNameInfo->UserName.Length + sizeof(WCHAR));
+ if (AdminInfo.Name != NULL)
+ RtlCopyMemory(AdminInfo.Name,
+ AccountNameInfo->UserName.Buffer,
+ AccountNameInfo->UserName.Length);
+
+ AdminInfo.Domain = RtlAllocateHeap(RtlGetProcessHeap(),
+ HEAP_ZERO_MEMORY,
+ OrigInfo->DomainName.Length + sizeof(WCHAR));
+ if (AdminInfo.Domain != NULL)
+ RtlCopyMemory(AdminInfo.Domain,
+ OrigInfo->DomainName.Buffer,
+ OrigInfo->DomainName.Length);
+
+ AdminInfo.Password = RtlAllocateHeap(RtlGetProcessHeap(),
+ 0,
+ (wcslen(Password) + 1) * sizeof(WCHAR));
+ if (AdminInfo.Password != NULL)
+ wcscpy(AdminInfo.Password, Password);
+
+ DPRINT("Administrator Name: %S\n", AdminInfo.Name);
+ DPRINT("Administrator Domain: %S\n", AdminInfo.Domain);
+ DPRINT("Administrator Password: %S\n", AdminInfo.Password);
+
done:
+ if (AccountNameInfo != NULL)
+ SamFreeMemory(AccountNameInfo);
+
if (OrigInfo != NULL)
LsaFreeMemory(OrigInfo);
return Status;
}
+
+VOID
+SetAutoAdminLogon(VOID)
+{
+ WCHAR szAutoAdminLogon[2];
+ HKEY hKey = NULL;
+ DWORD dwType;
+ DWORD dwSize;
+ LONG lError;
+
+ lError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
+ L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
+ 0,
+ KEY_READ | KEY_WRITE,
+ &hKey);
+ if (lError != ERROR_SUCCESS)
+ return;
+
+ dwSize = 2 * sizeof(WCHAR);
+ lError = RegQueryValueExW(hKey,
+ L"AutoAdminLogon",
+ NULL,
+ &dwType,
+ (LPBYTE)szAutoAdminLogon,
+ &dwSize);
+ if (lError != ERROR_SUCCESS)
+ goto done;
+
+ if (wcscmp(szAutoAdminLogon, L"1") == 0)
+ {
+ RegSetValueExW(hKey,
+ L"DefaultDomain",
+ 0,
+ REG_SZ,
+ (LPBYTE)AdminInfo.Domain,
+ (wcslen(AdminInfo.Domain) + 1) * sizeof(WCHAR));
+
+ RegSetValueExW(hKey,
+ L"DefaultUserName",
+ 0,
+ REG_SZ,
+ (LPBYTE)AdminInfo.Name,
+ (wcslen(AdminInfo.Name) + 1) * sizeof(WCHAR));
+
+ RegSetValueExW(hKey,
+ L"DefaultPassword",
+ 0,
+ REG_SZ,
+ (LPBYTE)AdminInfo.Password,
+ (wcslen(AdminInfo.Password) + 1) * sizeof(WCHAR));
+ }
+
+done:
+ if (hKey != NULL)
+ RegCloseKey(hKey);
+}
+
+
/* EOF */