From cd9f22e9e5857e0235fbd70ff7908e8840168c09 Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Mon, 28 May 2018 19:26:02 +0200 Subject: [PATCH] [SYSSETUP][INF] Add the 'Registry Values' section to the default security settings and apply it to the registry --- dll/win32/syssetup/security.c | 222 +++++++++++++++++++++++++++++++++- media/inf/defltws.inf | 17 +++ 2 files changed, 235 insertions(+), 4 deletions(-) diff --git a/dll/win32/syssetup/security.c b/dll/win32/syssetup/security.c index 221d0152af8..385fde1b36f 100644 --- a/dll/win32/syssetup/security.c +++ b/dll/win32/syssetup/security.c @@ -245,7 +245,7 @@ InstallBuiltinAccounts(VOID) return; } - for (i = 0; i < 10; i++) + for (i = 0; i < ARRAYSIZE(BuiltinAccounts); i++) { if (!ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid)) { @@ -314,7 +314,7 @@ InstallPrivileges(VOID) NULL, &InfContext)) { - DPRINT1("SetupFindfirstLineW failed\n"); + DPRINT1("SetupFindFirstLineW failed\n"); goto done; } @@ -324,7 +324,7 @@ InstallPrivileges(VOID) if (!SetupGetStringFieldW(&InfContext, 0, szPrivilegeString, - 256, + ARRAYSIZE(szPrivilegeString), NULL)) { DPRINT1("SetupGetStringFieldW() failed\n"); @@ -337,7 +337,7 @@ InstallPrivileges(VOID) if (!SetupGetStringFieldW(&InfContext, i + 1, szSidString, - 256, + ARRAYSIZE(szSidString), NULL)) { DPRINT1("SetupGetStringFieldW() failed\n"); @@ -400,11 +400,225 @@ done: } +static +VOID +ApplyRegistryValues(VOID) +{ + HINF hSecurityInf = INVALID_HANDLE_VALUE; + WCHAR szRegistryPath[MAX_PATH]; + WCHAR szRootName[MAX_PATH]; + WCHAR szKeyName[MAX_PATH]; + WCHAR szValueName[MAX_PATH]; + INFCONTEXT InfContext; + DWORD dwLength, dwType; + HKEY hRootKey, hKey; + PWSTR Ptr1, Ptr2; + DWORD dwError; + PVOID pBuffer; + + DPRINT("ApplyRegistryValues()\n"); + + hSecurityInf = SetupOpenInfFileW(L"defltws.inf", //szNameBuffer, + NULL, + INF_STYLE_WIN4, + NULL); + if (hSecurityInf == INVALID_HANDLE_VALUE) + { + DPRINT1("SetupOpenInfFileW failed\n"); + return; + } + + if (!SetupFindFirstLineW(hSecurityInf, + L"Registry Values", + NULL, + &InfContext)) + { + DPRINT1("SetupFindFirstLineW failed\n"); + goto done; + } + + do + { + /* Retrieve the privilege name */ + if (!SetupGetStringFieldW(&InfContext, + 0, + szRegistryPath, + ARRAYSIZE(szRegistryPath), + NULL)) + { + DPRINT1("SetupGetStringFieldW() failed\n"); + goto done; + } + + DPRINT("RegistryPath: %S\n", szRegistryPath); + + Ptr1 = wcschr(szRegistryPath, L'\\'); + Ptr2 = wcsrchr(szRegistryPath, L'\\'); + if (Ptr1 != NULL && Ptr2 != NULL && Ptr1 != Ptr2) + { + dwLength = (DWORD)(((ULONG_PTR)Ptr1 - (ULONG_PTR)szRegistryPath) / sizeof(WCHAR)); + wcsncpy(szRootName, szRegistryPath, dwLength); + szRootName[dwLength] = UNICODE_NULL; + + Ptr1++; + dwLength = (DWORD)(((ULONG_PTR)Ptr2 - (ULONG_PTR)Ptr1) / sizeof(WCHAR)); + wcsncpy(szKeyName, Ptr1, dwLength); + szKeyName[dwLength] = UNICODE_NULL; + + Ptr2++; + wcscpy(szValueName, Ptr2); + + DPRINT("RootName: %S\n", szRootName); + DPRINT("KeyName: %S\n", szKeyName); + DPRINT("ValueName: %S\n", szValueName); + + if (_wcsicmp(szRootName, L"Machine") == 0) + { + hRootKey = HKEY_LOCAL_MACHINE; + } + else + { + DPRINT1("Unsupported root key %S\n", szRootName); + break; + } + + if (!SetupGetIntField(&InfContext, + 1, + (PINT)&dwType)) + { + DPRINT1("Failed to create the key %S (Error %lu)\n", szKeyName, dwError); + break; + } + + if (dwType != REG_SZ && dwType != REG_EXPAND_SZ && dwType != REG_BINARY && + dwType != REG_DWORD && dwType != REG_MULTI_SZ) + { + DPRINT1("Invalid value type %lu\n", dwType); + break; + } + + dwLength = 0; + switch (dwType) + { + case REG_SZ: + case REG_EXPAND_SZ: + SetupGetStringField(&InfContext, + 2, + NULL, + 0, + &dwLength); + dwLength *= sizeof(WCHAR); + break; + + case REG_BINARY: + SetupGetBinaryField(&InfContext, + 2, + NULL, + 0, + &dwLength); + break; + + case REG_DWORD: + dwLength = sizeof(INT); + break; + + case REG_MULTI_SZ: + SetupGetMultiSzField(&InfContext, + 2, + NULL, + 0, + &dwLength); + dwLength *= sizeof(WCHAR); + break; + } + + if (dwLength == 0) + { + DPRINT1("Failed to determine the required buffer size!\n"); + break; + } + + dwError = RegCreateKeyExW(hRootKey, + szKeyName, + 0, + NULL, + REG_OPTION_NON_VOLATILE, + KEY_WRITE, + NULL, + &hKey, + NULL); + if (dwError != ERROR_SUCCESS) + { + DPRINT1("Failed to create the key %S (Error %lu)\n", szKeyName, dwError); + break; + } + + pBuffer = HeapAlloc(GetProcessHeap(), 0, dwLength); + if (pBuffer) + { + switch (dwType) + { + case REG_SZ: + case REG_EXPAND_SZ: + SetupGetStringField(&InfContext, + 2, + pBuffer, + dwLength / sizeof(WCHAR), + &dwLength); + dwLength *= sizeof(WCHAR); + break; + + case REG_BINARY: + SetupGetBinaryField(&InfContext, + 2, + pBuffer, + dwLength, + &dwLength); + break; + + case REG_DWORD: + SetupGetIntField(&InfContext, + 2, + pBuffer); + break; + + case REG_MULTI_SZ: + SetupGetMultiSzField(&InfContext, + 2, + pBuffer, + dwLength / sizeof(WCHAR), + &dwLength); + dwLength *= sizeof(WCHAR); + break; + } + + RegSetValueEx(hKey, + szValueName, + 0, + dwType, + pBuffer, + dwLength); + + HeapFree(GetProcessHeap(), 0, pBuffer); + } + + RegCloseKey(hKey); + } + } + while (SetupFindNextLine(&InfContext, &InfContext)); + +done: + if (hSecurityInf != INVALID_HANDLE_VALUE) + SetupCloseInfFile(hSecurityInf); +} + + VOID InstallSecurity(VOID) { InstallBuiltinAccounts(); InstallPrivileges(); + ApplyRegistryValues(); /* Hack */ SetPrimaryDomain(L"WORKGROUP", NULL); diff --git a/media/inf/defltws.inf b/media/inf/defltws.inf index cccca5babac..a2039441f3a 100644 --- a/media/inf/defltws.inf +++ b/media/inf/defltws.inf @@ -44,3 +44,20 @@ SeSystemTimePrivilege = *S-1-5-32-544 SeTakeOwnershipPrivilege = *S-1-5-32-544 SeTcbPrivilege = SeUndockPrivilege = *S-1-5-32-544, *S-1-5-32-545 + + +[Registry Values] +; Full registry path = Type, Value +; +; Type: +; 1: REG_SZ +; 2: REG_EXPAND_SZ +; 3: REG_BINARY +; 4: REG_DWORD +; 7: REG_MULTI_SZ + +MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName = 4, 0 +MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption = 1, "" +MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText = 7, "" +MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon = 4, 1 +MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon = 4, 1 \ No newline at end of file -- 2.17.1