1 /* 2 * COPYRIGHT: See COPYING in the top level directory 3 * PROJECT: ReactOS system libraries 4 * PURPOSE: System setup 5 * FILE: dll/win32/syssetup/security.c 6 * PROGRAMER: Eric Kohl 7 */ 8 9 /* INCLUDES *****************************************************************/ 10 11 #include "precomp.h" 12 13 #include <ntlsa.h> 14 #include <ntsecapi.h> 15 #include <ntsam.h> 16 #include <sddl.h> 17 18 #define NDEBUG 19 #include <debug.h> 20 21 #define TICKS_PER_DAY -864000000000LL 22 #define TICKS_PER_MINUTE -600000000LL 23 24 /* FUNCTIONS ****************************************************************/ 25 26 NTSTATUS 27 WINAPI 28 SetAccountsDomainSid( 29 PSID DomainSid, 30 LPCWSTR DomainName) 31 { 32 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; 33 POLICY_ACCOUNT_DOMAIN_INFO Info; 34 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 35 LSA_HANDLE PolicyHandle; 36 37 SAM_HANDLE ServerHandle = NULL; 38 SAM_HANDLE DomainHandle = NULL; 39 DOMAIN_NAME_INFORMATION DomainNameInfo; 40 41 SIZE_T DomainNameLength = 0; 42 NTSTATUS Status; 43 44 DPRINT("SYSSETUP: SetAccountsDomainSid\n"); 45 46 if (DomainName != NULL) 47 { 48 DomainNameLength = wcslen(DomainName); 49 if (DomainNameLength > UNICODE_STRING_MAX_CHARS) 50 { 51 return STATUS_INVALID_PARAMETER; 52 } 53 } 54 55 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 56 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 57 58 Status = LsaOpenPolicy(NULL, 59 &ObjectAttributes, 60 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 61 &PolicyHandle); 62 if (Status != STATUS_SUCCESS) 63 { 64 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status); 65 return Status; 66 } 67 68 Status = LsaQueryInformationPolicy(PolicyHandle, 69 PolicyAccountDomainInformation, 70 (PVOID *)&OrigInfo); 71 if (Status == STATUS_SUCCESS && OrigInfo != NULL) 72 { 73 if (DomainName == NULL) 74 { 75 Info.DomainName.Buffer = OrigInfo->DomainName.Buffer; 76 Info.DomainName.Length = OrigInfo->DomainName.Length; 77 Info.DomainName.MaximumLength = OrigInfo->DomainName.MaximumLength; 78 } 79 else 80 { 81 Info.DomainName.Buffer = (LPWSTR)DomainName; 82 Info.DomainName.Length = DomainNameLength * sizeof(WCHAR); 83 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR); 84 } 85 86 if (DomainSid == NULL) 87 Info.DomainSid = OrigInfo->DomainSid; 88 else 89 Info.DomainSid = DomainSid; 90 } 91 else 92 { 93 Info.DomainName.Buffer = (LPWSTR)DomainName; 94 Info.DomainName.Length = DomainNameLength * sizeof(WCHAR); 95 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR); 96 Info.DomainSid = DomainSid; 97 } 98 99 Status = LsaSetInformationPolicy(PolicyHandle, 100 PolicyAccountDomainInformation, 101 (PVOID)&Info); 102 if (Status != STATUS_SUCCESS) 103 { 104 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status); 105 } 106 107 if (OrigInfo != NULL) 108 LsaFreeMemory(OrigInfo); 109 110 LsaClose(PolicyHandle); 111 112 DomainNameInfo.DomainName.Length = DomainNameLength * sizeof(WCHAR); 113 DomainNameInfo.DomainName.MaximumLength = DomainNameInfo.DomainName.Length + sizeof(WCHAR); 114 DomainNameInfo.DomainName.Buffer = (LPWSTR)DomainName; 115 116 Status = SamConnect(NULL, 117 &ServerHandle, 118 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, 119 NULL); 120 if (NT_SUCCESS(Status)) 121 { 122 Status = SamOpenDomain(ServerHandle, 123 DOMAIN_WRITE_OTHER_PARAMETERS, 124 Info.DomainSid, 125 &DomainHandle); 126 if (NT_SUCCESS(Status)) 127 { 128 Status = SamSetInformationDomain(DomainHandle, 129 DomainNameInformation, 130 &DomainNameInfo); 131 if (!NT_SUCCESS(Status)) 132 { 133 DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status); 134 } 135 136 SamCloseHandle(DomainHandle); 137 } 138 else 139 { 140 DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status); 141 } 142 143 SamCloseHandle(ServerHandle); 144 } 145 146 return Status; 147 } 148 149 150 /* Hack */ 151 static 152 NTSTATUS 153 SetPrimaryDomain(LPCWSTR DomainName, 154 PSID DomainSid) 155 { 156 PPOLICY_PRIMARY_DOMAIN_INFO OrigInfo = NULL; 157 POLICY_PRIMARY_DOMAIN_INFO Info; 158 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 159 LSA_HANDLE PolicyHandle; 160 SIZE_T DomainNameLength = 0; 161 NTSTATUS Status; 162 163 DPRINT1("SYSSETUP: SetPrimaryDomain()\n"); 164 165 if (DomainName != NULL) 166 { 167 DomainNameLength = wcslen(DomainName); 168 if (DomainNameLength > UNICODE_STRING_MAX_CHARS) 169 { 170 return STATUS_INVALID_PARAMETER; 171 } 172 } 173 174 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 175 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 176 177 Status = LsaOpenPolicy(NULL, 178 &ObjectAttributes, 179 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 180 &PolicyHandle); 181 if (Status != STATUS_SUCCESS) 182 { 183 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status); 184 return Status; 185 } 186 187 Status = LsaQueryInformationPolicy(PolicyHandle, 188 PolicyPrimaryDomainInformation, 189 (PVOID *)&OrigInfo); 190 if (Status == STATUS_SUCCESS && OrigInfo != NULL) 191 { 192 if (DomainName == NULL) 193 { 194 Info.Name.Buffer = OrigInfo->Name.Buffer; 195 Info.Name.Length = OrigInfo->Name.Length; 196 Info.Name.MaximumLength = OrigInfo->Name.MaximumLength; 197 } 198 else 199 { 200 Info.Name.Buffer = (LPWSTR)DomainName; 201 Info.Name.Length = DomainNameLength * sizeof(WCHAR); 202 Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR); 203 } 204 205 if (DomainSid == NULL) 206 Info.Sid = OrigInfo->Sid; 207 else 208 Info.Sid = DomainSid; 209 } 210 else 211 { 212 Info.Name.Buffer = (LPWSTR)DomainName; 213 Info.Name.Length = DomainNameLength * sizeof(WCHAR); 214 Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR); 215 Info.Sid = DomainSid; 216 } 217 218 Status = LsaSetInformationPolicy(PolicyHandle, 219 PolicyPrimaryDomainInformation, 220 (PVOID)&Info); 221 if (Status != STATUS_SUCCESS) 222 { 223 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status); 224 } 225 226 if (OrigInfo != NULL) 227 LsaFreeMemory(OrigInfo); 228 229 LsaClose(PolicyHandle); 230 231 return Status; 232 } 233 234 235 static 236 VOID 237 InstallBuiltinAccounts(VOID) 238 { 239 LPWSTR BuiltinAccounts[] = { 240 L"S-1-1-0", /* Everyone */ 241 L"S-1-5-4", /* Interactive */ 242 L"S-1-5-6", /* Service */ 243 L"S-1-5-19", /* Local Service */ 244 L"S-1-5-20", /* Network Service */ 245 L"S-1-5-32-544", /* Administrators */ 246 L"S-1-5-32-545", /* Users */ 247 L"S-1-5-32-547", /* Power Users */ 248 L"S-1-5-32-551", /* Backup Operators */ 249 L"S-1-5-32-555"}; /* Remote Desktop Users */ 250 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 251 NTSTATUS Status; 252 LSA_HANDLE PolicyHandle = NULL; 253 LSA_HANDLE AccountHandle = NULL; 254 PSID AccountSid; 255 ULONG i; 256 257 DPRINT("InstallBuiltinAccounts()\n"); 258 259 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 260 261 Status = LsaOpenPolicy(NULL, 262 &ObjectAttributes, 263 POLICY_CREATE_ACCOUNT, 264 &PolicyHandle); 265 if (!NT_SUCCESS(Status)) 266 { 267 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status); 268 return; 269 } 270 271 for (i = 0; i < ARRAYSIZE(BuiltinAccounts); i++) 272 { 273 if (!ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid)) 274 { 275 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", BuiltinAccounts[i], GetLastError()); 276 continue; 277 } 278 279 Status = LsaCreateAccount(PolicyHandle, 280 AccountSid, 281 0, 282 &AccountHandle); 283 if (NT_SUCCESS(Status)) 284 { 285 LsaClose(AccountHandle); 286 } 287 288 LocalFree(AccountSid); 289 } 290 291 LsaClose(PolicyHandle); 292 } 293 294 295 static 296 VOID 297 InstallPrivileges( 298 HINF hSecurityInf) 299 { 300 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 301 WCHAR szPrivilegeString[256]; 302 WCHAR szSidString[256]; 303 INFCONTEXT InfContext; 304 DWORD i; 305 PSID AccountSid = NULL; 306 NTSTATUS Status; 307 LSA_HANDLE PolicyHandle = NULL; 308 LSA_UNICODE_STRING RightString, AccountName; 309 PLSA_REFERENCED_DOMAIN_LIST ReferencedDomains = NULL; 310 PLSA_TRANSLATED_SID2 Sids = NULL; 311 312 DPRINT("InstallPrivileges()\n"); 313 314 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 315 316 Status = LsaOpenPolicy(NULL, 317 &ObjectAttributes, 318 POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES, 319 &PolicyHandle); 320 if (!NT_SUCCESS(Status)) 321 { 322 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status); 323 goto done; 324 } 325 326 if (!SetupFindFirstLineW(hSecurityInf, 327 L"Privilege Rights", 328 NULL, 329 &InfContext)) 330 { 331 DPRINT1("SetupFindFirstLineW failed\n"); 332 goto done; 333 } 334 335 do 336 { 337 /* Retrieve the privilege name */ 338 if (!SetupGetStringFieldW(&InfContext, 339 0, 340 szPrivilegeString, 341 ARRAYSIZE(szPrivilegeString), 342 NULL)) 343 { 344 DPRINT1("SetupGetStringFieldW() failed\n"); 345 goto done; 346 } 347 DPRINT("Privilege: %S\n", szPrivilegeString); 348 349 for (i = 0; i < SetupGetFieldCount(&InfContext); i++) 350 { 351 if (!SetupGetStringFieldW(&InfContext, 352 i + 1, 353 szSidString, 354 ARRAYSIZE(szSidString), 355 NULL)) 356 { 357 DPRINT1("SetupGetStringFieldW() failed\n"); 358 goto done; 359 } 360 DPRINT("SID: %S\n", szSidString); 361 362 if (szSidString[0] == UNICODE_NULL) 363 continue; 364 365 if (szSidString[0] == L'*') 366 { 367 DPRINT("Account Sid: %S\n", &szSidString[1]); 368 369 if (!ConvertStringSidToSid(&szSidString[1], &AccountSid)) 370 { 371 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", szSidString, GetLastError()); 372 continue; 373 } 374 } 375 else 376 { 377 DPRINT("Account name: %S\n", szSidString); 378 379 ReferencedDomains = NULL; 380 Sids = NULL; 381 RtlInitUnicodeString(&AccountName, szSidString); 382 Status = LsaLookupNames2(PolicyHandle, 383 0, 384 1, 385 &AccountName, 386 &ReferencedDomains, 387 &Sids); 388 if (ReferencedDomains != NULL) 389 { 390 LsaFreeMemory(ReferencedDomains); 391 } 392 393 if (!NT_SUCCESS(Status)) 394 { 395 DPRINT1("LsaLookupNames2() failed (Status 0x%08lx)\n", Status); 396 397 if (Sids != NULL) 398 { 399 LsaFreeMemory(Sids); 400 Sids = NULL; 401 } 402 403 continue; 404 } 405 } 406 407 RtlInitUnicodeString(&RightString, szPrivilegeString); 408 Status = LsaAddAccountRights(PolicyHandle, 409 (AccountSid != NULL) ? AccountSid : Sids[0].Sid, 410 &RightString, 411 1); 412 if (!NT_SUCCESS(Status)) 413 { 414 DPRINT1("LsaAddAccountRights() failed (Status %08lx)\n", Status); 415 } 416 417 if (Sids != NULL) 418 { 419 LsaFreeMemory(Sids); 420 Sids = NULL; 421 } 422 423 if (AccountSid != NULL) 424 { 425 LocalFree(AccountSid); 426 AccountSid = NULL; 427 } 428 } 429 430 } 431 while (SetupFindNextLine(&InfContext, &InfContext)); 432 433 done: 434 if (PolicyHandle != NULL) 435 LsaClose(PolicyHandle); 436 } 437 438 439 static 440 VOID 441 ApplyRegistryValues( 442 HINF hSecurityInf) 443 { 444 WCHAR szRegistryPath[MAX_PATH]; 445 WCHAR szRootName[MAX_PATH]; 446 WCHAR szKeyName[MAX_PATH]; 447 WCHAR szValueName[MAX_PATH]; 448 INFCONTEXT InfContext; 449 DWORD dwLength, dwType; 450 HKEY hRootKey, hKey; 451 PWSTR Ptr1, Ptr2; 452 DWORD dwError; 453 PVOID pBuffer; 454 455 DPRINT("ApplyRegistryValues()\n"); 456 457 if (!SetupFindFirstLineW(hSecurityInf, 458 L"Registry Values", 459 NULL, 460 &InfContext)) 461 { 462 DPRINT1("SetupFindFirstLineW failed\n"); 463 return; 464 } 465 466 do 467 { 468 /* Retrieve the privilege name */ 469 if (!SetupGetStringFieldW(&InfContext, 470 0, 471 szRegistryPath, 472 ARRAYSIZE(szRegistryPath), 473 NULL)) 474 { 475 DPRINT1("SetupGetStringFieldW() failed\n"); 476 return; 477 } 478 479 DPRINT("RegistryPath: %S\n", szRegistryPath); 480 481 Ptr1 = wcschr(szRegistryPath, L'\\'); 482 Ptr2 = wcsrchr(szRegistryPath, L'\\'); 483 if (Ptr1 != NULL && Ptr2 != NULL && Ptr1 != Ptr2) 484 { 485 dwLength = (DWORD)(((ULONG_PTR)Ptr1 - (ULONG_PTR)szRegistryPath) / sizeof(WCHAR)); 486 wcsncpy(szRootName, szRegistryPath, dwLength); 487 szRootName[dwLength] = UNICODE_NULL; 488 489 Ptr1++; 490 dwLength = (DWORD)(((ULONG_PTR)Ptr2 - (ULONG_PTR)Ptr1) / sizeof(WCHAR)); 491 wcsncpy(szKeyName, Ptr1, dwLength); 492 szKeyName[dwLength] = UNICODE_NULL; 493 494 Ptr2++; 495 wcscpy(szValueName, Ptr2); 496 497 DPRINT("RootName: %S\n", szRootName); 498 DPRINT("KeyName: %S\n", szKeyName); 499 DPRINT("ValueName: %S\n", szValueName); 500 501 if (_wcsicmp(szRootName, L"Machine") == 0) 502 { 503 hRootKey = HKEY_LOCAL_MACHINE; 504 } 505 else 506 { 507 DPRINT1("Unsupported root key %S\n", szRootName); 508 break; 509 } 510 511 if (!SetupGetIntField(&InfContext, 512 1, 513 (PINT)&dwType)) 514 { 515 DPRINT1("Failed to get key type (Error %lu)\n", GetLastError()); 516 break; 517 } 518 519 if (dwType != REG_SZ && dwType != REG_EXPAND_SZ && dwType != REG_BINARY && 520 dwType != REG_DWORD && dwType != REG_MULTI_SZ) 521 { 522 DPRINT1("Invalid value type %lu\n", dwType); 523 break; 524 } 525 526 dwLength = 0; 527 switch (dwType) 528 { 529 case REG_SZ: 530 case REG_EXPAND_SZ: 531 SetupGetStringField(&InfContext, 532 2, 533 NULL, 534 0, 535 &dwLength); 536 dwLength *= sizeof(WCHAR); 537 break; 538 539 case REG_BINARY: 540 SetupGetBinaryField(&InfContext, 541 2, 542 NULL, 543 0, 544 &dwLength); 545 break; 546 547 case REG_DWORD: 548 dwLength = sizeof(INT); 549 break; 550 551 case REG_MULTI_SZ: 552 SetupGetMultiSzField(&InfContext, 553 2, 554 NULL, 555 0, 556 &dwLength); 557 dwLength *= sizeof(WCHAR); 558 break; 559 } 560 561 if (dwLength == 0) 562 { 563 DPRINT1("Failed to determine the required buffer size!\n"); 564 break; 565 } 566 567 dwError = RegCreateKeyExW(hRootKey, 568 szKeyName, 569 0, 570 NULL, 571 REG_OPTION_NON_VOLATILE, 572 KEY_WRITE, 573 NULL, 574 &hKey, 575 NULL); 576 if (dwError != ERROR_SUCCESS) 577 { 578 DPRINT1("Failed to create the key %S (Error %lu)\n", szKeyName, dwError); 579 break; 580 } 581 582 pBuffer = HeapAlloc(GetProcessHeap(), 0, dwLength); 583 if (pBuffer) 584 { 585 switch (dwType) 586 { 587 case REG_SZ: 588 case REG_EXPAND_SZ: 589 SetupGetStringField(&InfContext, 590 2, 591 pBuffer, 592 dwLength / sizeof(WCHAR), 593 &dwLength); 594 dwLength *= sizeof(WCHAR); 595 break; 596 597 case REG_BINARY: 598 SetupGetBinaryField(&InfContext, 599 2, 600 pBuffer, 601 dwLength, 602 &dwLength); 603 break; 604 605 case REG_DWORD: 606 SetupGetIntField(&InfContext, 607 2, 608 pBuffer); 609 break; 610 611 case REG_MULTI_SZ: 612 SetupGetMultiSzField(&InfContext, 613 2, 614 pBuffer, 615 dwLength / sizeof(WCHAR), 616 &dwLength); 617 dwLength *= sizeof(WCHAR); 618 break; 619 } 620 621 RegSetValueEx(hKey, 622 szValueName, 623 0, 624 dwType, 625 pBuffer, 626 dwLength); 627 628 HeapFree(GetProcessHeap(), 0, pBuffer); 629 } 630 631 RegCloseKey(hKey); 632 } 633 } 634 while (SetupFindNextLine(&InfContext, &InfContext)); 635 } 636 637 638 static 639 VOID 640 ApplyEventlogSettings( 641 _In_ HINF hSecurityInf, 642 _In_ PWSTR pszSectionName, 643 _In_ PWSTR pszLogName) 644 { 645 INFCONTEXT InfContext; 646 HKEY hServiceKey = NULL, hLogKey = NULL; 647 DWORD dwValue, dwError; 648 BOOL bValueSet; 649 650 DPRINT("ApplyEventlogSettings(%p %S %S)\n", 651 hSecurityInf, pszSectionName, pszLogName); 652 653 dwError = RegCreateKeyExW(HKEY_LOCAL_MACHINE, 654 L"System\\CurrentControlSet\\Services\\Eventlog", 655 0, 656 NULL, 657 REG_OPTION_NON_VOLATILE, 658 KEY_WRITE, 659 NULL, 660 &hServiceKey, 661 NULL); 662 if (dwError != ERROR_SUCCESS) 663 { 664 DPRINT1("Failed to create the Eventlog Service key (Error %lu)\n", dwError); 665 return; 666 } 667 668 dwError = RegCreateKeyExW(hServiceKey, 669 pszLogName, 670 0, 671 NULL, 672 REG_OPTION_NON_VOLATILE, 673 KEY_WRITE, 674 NULL, 675 &hLogKey, 676 NULL); 677 if (dwError != ERROR_SUCCESS) 678 { 679 DPRINT1("Failed to create the key %S (Error %lu)\n", pszLogName, dwError); 680 RegCloseKey(hServiceKey); 681 return; 682 } 683 684 if (SetupFindFirstLineW(hSecurityInf, 685 pszSectionName, 686 L"MaximumLogSize", 687 &InfContext)) 688 { 689 DPRINT("MaximumLogSize\n"); 690 dwValue = 0; 691 SetupGetIntField(&InfContext, 692 1, 693 (PINT)&dwValue); 694 695 DPRINT("MaximumLogSize: %lu (kByte)\n", dwValue); 696 if (dwValue >= 64 && dwValue <= 4194240) 697 { 698 dwValue *= 1024; 699 700 DPRINT("MaxSize: %lu\n", dwValue); 701 RegSetValueEx(hLogKey, 702 L"MaxSize", 703 0, 704 REG_DWORD, 705 (LPBYTE)&dwValue, 706 sizeof(dwValue)); 707 } 708 } 709 710 if (SetupFindFirstLineW(hSecurityInf, 711 pszSectionName, 712 L"AuditLogRetentionPeriod", 713 &InfContext)) 714 { 715 bValueSet = FALSE; 716 dwValue = 0; 717 SetupGetIntField(&InfContext, 718 1, 719 (PINT)&dwValue); 720 if (dwValue == 0) 721 { 722 bValueSet = TRUE; 723 } 724 else if (dwValue == 1) 725 { 726 if (SetupFindFirstLineW(hSecurityInf, 727 pszSectionName, 728 L"RetentionDays", 729 &InfContext)) 730 { 731 SetupGetIntField(&InfContext, 732 1, 733 (PINT)&dwValue); 734 dwValue *= 86400; 735 bValueSet = TRUE; 736 } 737 } 738 else if (dwValue == 2) 739 { 740 dwValue = (DWORD)-1; 741 bValueSet = TRUE; 742 } 743 744 if (bValueSet) 745 { 746 DPRINT("Retention: %lu\n", dwValue); 747 RegSetValueEx(hLogKey, 748 L"Retention", 749 0, 750 REG_DWORD, 751 (LPBYTE)&dwValue, 752 sizeof(dwValue)); 753 } 754 } 755 756 if (SetupFindFirstLineW(hSecurityInf, 757 pszSectionName, 758 L"RestrictGuestAccess", 759 &InfContext)) 760 { 761 dwValue = 0; 762 SetupGetIntField(&InfContext, 763 1, 764 (PINT)&dwValue); 765 if (dwValue == 0 || dwValue == 1) 766 { 767 DPRINT("RestrictGuestAccess: %lu\n", dwValue); 768 RegSetValueEx(hLogKey, 769 L"RestrictGuestAccess", 770 0, 771 REG_DWORD, 772 (LPBYTE)&dwValue, 773 sizeof(dwValue)); 774 } 775 } 776 777 RegCloseKey(hLogKey); 778 RegCloseKey(hServiceKey); 779 } 780 781 782 static 783 VOID 784 ApplyPasswordSettings( 785 _In_ HINF hSecurityInf, 786 _In_ PWSTR pszSectionName) 787 { 788 INFCONTEXT InfContext; 789 PDOMAIN_PASSWORD_INFORMATION PasswordInfo = NULL; 790 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; 791 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 792 LSA_HANDLE PolicyHandle = NULL; 793 SAM_HANDLE ServerHandle = NULL; 794 SAM_HANDLE DomainHandle = NULL; 795 INT nValue; 796 NTSTATUS Status; 797 798 DPRINT("ApplyPasswordSettings()\n"); 799 800 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 801 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 802 803 Status = LsaOpenPolicy(NULL, 804 &ObjectAttributes, 805 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 806 &PolicyHandle); 807 if (Status != STATUS_SUCCESS) 808 { 809 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status); 810 return; 811 } 812 813 Status = LsaQueryInformationPolicy(PolicyHandle, 814 PolicyAccountDomainInformation, 815 (PVOID *)&OrigInfo); 816 if (!NT_SUCCESS(Status)) 817 { 818 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status); 819 goto done; 820 } 821 822 Status = SamConnect(NULL, 823 &ServerHandle, 824 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, 825 NULL); 826 if (!NT_SUCCESS(Status)) 827 { 828 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status); 829 goto done; 830 } 831 832 Status = SamOpenDomain(ServerHandle, 833 DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS, 834 OrigInfo->DomainSid, 835 &DomainHandle); 836 if (!NT_SUCCESS(Status)) 837 { 838 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status); 839 goto done; 840 } 841 842 Status = SamQueryInformationDomain(DomainHandle, 843 DomainPasswordInformation, 844 (PVOID*)&PasswordInfo); 845 if (!NT_SUCCESS(Status)) 846 { 847 DPRINT1("SamQueryInformationDomain() failed (Status %08lx)\n", Status); 848 goto done; 849 } 850 851 DPRINT("MaximumPasswordAge (OldValue) : 0x%I64x\n", PasswordInfo->MaxPasswordAge.QuadPart); 852 if (SetupFindFirstLineW(hSecurityInf, 853 pszSectionName, 854 L"MaximumPasswordAge", 855 &InfContext)) 856 { 857 if (SetupGetIntField(&InfContext, 1, &nValue)) 858 { 859 DPRINT("Value: %ld\n", nValue); 860 if (nValue == -1) 861 { 862 PasswordInfo->MaxPasswordAge.QuadPart = 0x8000000000000000; 863 } 864 else if ((nValue >= 1) && (nValue < 1000)) 865 { 866 PasswordInfo->MaxPasswordAge.QuadPart = (LONGLONG)nValue * TICKS_PER_DAY; 867 } 868 DPRINT("MaximumPasswordAge (NewValue) : 0x%I64x\n", PasswordInfo->MaxPasswordAge.QuadPart); 869 } 870 } 871 872 DPRINT("MinimumPasswordAge (OldValue) : 0x%I64x\n", PasswordInfo->MinPasswordAge.QuadPart); 873 if (SetupFindFirstLineW(hSecurityInf, 874 pszSectionName, 875 L"MinimumPasswordAge", 876 &InfContext)) 877 { 878 if (SetupGetIntField(&InfContext, 1, &nValue)) 879 { 880 DPRINT("Wert: %ld\n", nValue); 881 if ((nValue >= 0) && (nValue < 1000)) 882 { 883 if (PasswordInfo->MaxPasswordAge.QuadPart < (LONGLONG)nValue * TICKS_PER_DAY) 884 PasswordInfo->MinPasswordAge.QuadPart = (LONGLONG)nValue * TICKS_PER_DAY; 885 } 886 DPRINT("MinimumPasswordAge (NewValue) : 0x%I64x\n", PasswordInfo->MinPasswordAge.QuadPart); 887 } 888 } 889 890 DPRINT("MinimumPasswordLength (OldValue) : %lu\n", PasswordInfo->MinPasswordLength); 891 if (SetupFindFirstLineW(hSecurityInf, 892 pszSectionName, 893 L"MinimumPasswordLength", 894 &InfContext)) 895 { 896 if (SetupGetIntField(&InfContext, 1, &nValue)) 897 { 898 DPRINT("Value: %ld\n", nValue); 899 if ((nValue >= 0) && (nValue <= 65535)) 900 { 901 PasswordInfo->MinPasswordLength = nValue; 902 } 903 DPRINT("MinimumPasswordLength (NewValue) : %lu\n", PasswordInfo->MinPasswordLength); 904 } 905 } 906 907 DPRINT("PasswordHistoryLength (OldValue) : %lu\n", PasswordInfo->PasswordHistoryLength); 908 if (SetupFindFirstLineW(hSecurityInf, 909 pszSectionName, 910 L"PasswordHistorySize", 911 &InfContext)) 912 { 913 if (SetupGetIntField(&InfContext, 1, &nValue)) 914 { 915 DPRINT("Value: %ld\n", nValue); 916 if ((nValue >= 0) && (nValue <= 65535)) 917 { 918 PasswordInfo->PasswordHistoryLength = nValue; 919 } 920 DPRINT("PasswordHistoryLength (NewValue) : %lu\n", PasswordInfo->PasswordHistoryLength); 921 } 922 } 923 924 if (SetupFindFirstLineW(hSecurityInf, 925 pszSectionName, 926 L"PasswordComplexity", 927 &InfContext)) 928 { 929 if (SetupGetIntField(&InfContext, 1, &nValue)) 930 { 931 if (nValue == 0) 932 { 933 PasswordInfo->PasswordProperties &= ~DOMAIN_PASSWORD_COMPLEX; 934 } 935 else 936 { 937 PasswordInfo->PasswordProperties |= DOMAIN_PASSWORD_COMPLEX; 938 } 939 } 940 } 941 942 if (SetupFindFirstLineW(hSecurityInf, 943 pszSectionName, 944 L"ClearTextPassword", 945 &InfContext)) 946 { 947 if (SetupGetIntField(&InfContext, 1, &nValue)) 948 { 949 if (nValue == 0) 950 { 951 PasswordInfo->PasswordProperties &= ~DOMAIN_PASSWORD_STORE_CLEARTEXT; 952 } 953 else 954 { 955 PasswordInfo->PasswordProperties |= DOMAIN_PASSWORD_STORE_CLEARTEXT; 956 } 957 } 958 } 959 960 /* Windows ignores the RequireLogonToChangePassword option */ 961 962 Status = SamSetInformationDomain(DomainHandle, 963 DomainPasswordInformation, 964 PasswordInfo); 965 if (!NT_SUCCESS(Status)) 966 { 967 DPRINT1("SamSetInformationDomain() failed (Status %08lx)\n", Status); 968 goto done; 969 } 970 971 done: 972 if (PasswordInfo != NULL) 973 SamFreeMemory(PasswordInfo); 974 975 if (DomainHandle != NULL) 976 SamCloseHandle(DomainHandle); 977 978 if (ServerHandle != NULL) 979 SamCloseHandle(ServerHandle); 980 981 if (OrigInfo != NULL) 982 LsaFreeMemory(OrigInfo); 983 984 if (PolicyHandle != NULL) 985 LsaClose(PolicyHandle); 986 } 987 988 989 static 990 VOID 991 ApplyLockoutSettings( 992 _In_ HINF hSecurityInf, 993 _In_ PWSTR pszSectionName) 994 { 995 INFCONTEXT InfContext; 996 PDOMAIN_LOCKOUT_INFORMATION LockoutInfo = NULL; 997 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; 998 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 999 LSA_HANDLE PolicyHandle = NULL; 1000 SAM_HANDLE ServerHandle = NULL; 1001 SAM_HANDLE DomainHandle = NULL; 1002 INT nValue; 1003 NTSTATUS Status; 1004 1005 DPRINT("ApplyLockoutSettings()\n"); 1006 1007 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 1008 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 1009 1010 Status = LsaOpenPolicy(NULL, 1011 &ObjectAttributes, 1012 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 1013 &PolicyHandle); 1014 if (Status != STATUS_SUCCESS) 1015 { 1016 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status); 1017 return; 1018 } 1019 1020 Status = LsaQueryInformationPolicy(PolicyHandle, 1021 PolicyAccountDomainInformation, 1022 (PVOID *)&OrigInfo); 1023 if (!NT_SUCCESS(Status)) 1024 { 1025 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status); 1026 goto done; 1027 } 1028 1029 Status = SamConnect(NULL, 1030 &ServerHandle, 1031 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, 1032 NULL); 1033 if (!NT_SUCCESS(Status)) 1034 { 1035 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status); 1036 goto done; 1037 } 1038 1039 Status = SamOpenDomain(ServerHandle, 1040 DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS, 1041 OrigInfo->DomainSid, 1042 &DomainHandle); 1043 if (!NT_SUCCESS(Status)) 1044 { 1045 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status); 1046 goto done; 1047 } 1048 1049 Status = SamQueryInformationDomain(DomainHandle, 1050 DomainLockoutInformation, 1051 (PVOID*)&LockoutInfo); 1052 if (!NT_SUCCESS(Status)) 1053 { 1054 DPRINT1("SamQueryInformationDomain() failed (Status %08lx)\n", Status); 1055 goto done; 1056 } 1057 1058 if (SetupFindFirstLineW(hSecurityInf, 1059 pszSectionName, 1060 L"LockoutBadCount", 1061 &InfContext)) 1062 { 1063 if (SetupGetIntField(&InfContext, 1, &nValue)) 1064 { 1065 if (nValue >= 0) 1066 { 1067 LockoutInfo->LockoutThreshold = nValue; 1068 } 1069 } 1070 } 1071 1072 if (SetupFindFirstLineW(hSecurityInf, 1073 pszSectionName, 1074 L"ResetLockoutCount", 1075 &InfContext)) 1076 { 1077 if (SetupGetIntField(&InfContext, 1, &nValue)) 1078 { 1079 if (nValue >= 0) 1080 { 1081 LockoutInfo->LockoutObservationWindow.QuadPart = (LONGLONG)nValue * TICKS_PER_MINUTE; 1082 } 1083 } 1084 } 1085 1086 if (SetupFindFirstLineW(hSecurityInf, 1087 pszSectionName, 1088 L"LockoutDuration", 1089 &InfContext)) 1090 { 1091 if (SetupGetIntField(&InfContext, 1, &nValue)) 1092 { 1093 if (nValue == -1) 1094 { 1095 LockoutInfo->LockoutDuration.QuadPart = 0x8000000000000000LL; 1096 } 1097 else if ((nValue >= 0) && (nValue < 100000)) 1098 { 1099 LockoutInfo->LockoutDuration.QuadPart = (LONGLONG)nValue * TICKS_PER_MINUTE; 1100 } 1101 } 1102 } 1103 1104 Status = SamSetInformationDomain(DomainHandle, 1105 DomainLockoutInformation, 1106 LockoutInfo); 1107 if (!NT_SUCCESS(Status)) 1108 { 1109 DPRINT1("SamSetInformationDomain() failed (Status %08lx)\n", Status); 1110 goto done; 1111 } 1112 1113 done: 1114 if (LockoutInfo != NULL) 1115 SamFreeMemory(LockoutInfo); 1116 1117 if (DomainHandle != NULL) 1118 SamCloseHandle(DomainHandle); 1119 1120 if (ServerHandle != NULL) 1121 SamCloseHandle(ServerHandle); 1122 1123 if (OrigInfo != NULL) 1124 LsaFreeMemory(OrigInfo); 1125 1126 if (PolicyHandle != NULL) 1127 LsaClose(PolicyHandle); 1128 } 1129 1130 1131 static 1132 VOID 1133 SetLsaAnonymousNameLookup( 1134 _In_ HINF hSecurityInf, 1135 _In_ PWSTR pszSectionName) 1136 { 1137 #if 0 1138 INFCONTEXT InfContext; 1139 INT nValue = 0; 1140 1141 DPRINT1("SetLsaAnonymousNameLookup()\n"); 1142 1143 if (!SetupFindFirstLineW(hSecurityInf, 1144 pszSectionName, 1145 L"LSAAnonymousNameLookup", 1146 &InfContext)) 1147 { 1148 return; 1149 } 1150 1151 if (!SetupGetIntField(&InfContext, 1, &nValue)) 1152 { 1153 return; 1154 } 1155 1156 if (nValue == 0) 1157 { 1158 } 1159 else 1160 { 1161 } 1162 #endif 1163 } 1164 1165 1166 static 1167 VOID 1168 EnableAccount( 1169 _In_ HINF hSecurityInf, 1170 _In_ PWSTR pszSectionName, 1171 _In_ PWSTR pszValueName, 1172 _In_ SAM_HANDLE DomainHandle, 1173 _In_ DWORD dwAccountRid) 1174 { 1175 INFCONTEXT InfContext; 1176 SAM_HANDLE UserHandle = NULL; 1177 PUSER_CONTROL_INFORMATION ControlInfo = NULL; 1178 INT nValue = 0; 1179 NTSTATUS Status; 1180 1181 DPRINT("EnableAccount()\n"); 1182 1183 if (!SetupFindFirstLineW(hSecurityInf, 1184 pszSectionName, 1185 pszValueName, 1186 &InfContext)) 1187 return; 1188 1189 if (!SetupGetIntField(&InfContext, 1, &nValue)) 1190 { 1191 DPRINT1("No valid integer value\n"); 1192 goto done; 1193 } 1194 1195 DPRINT("Value: %d\n", nValue); 1196 1197 Status = SamOpenUser(DomainHandle, 1198 USER_READ_ACCOUNT | USER_WRITE_ACCOUNT, 1199 dwAccountRid, 1200 &UserHandle); 1201 if (!NT_SUCCESS(Status)) 1202 { 1203 DPRINT1("SamOpenUser() failed (Status: 0x%08lx)\n", Status); 1204 goto done; 1205 } 1206 1207 Status = SamQueryInformationUser(UserHandle, 1208 UserControlInformation, 1209 (PVOID*)&ControlInfo); 1210 if (!NT_SUCCESS(Status)) 1211 { 1212 DPRINT1("SamQueryInformationUser() failed (Status: 0x%08lx)\n", Status); 1213 goto done; 1214 } 1215 1216 if (nValue == 0) 1217 { 1218 ControlInfo->UserAccountControl |= USER_ACCOUNT_DISABLED; 1219 } 1220 else 1221 { 1222 ControlInfo->UserAccountControl &= ~USER_ACCOUNT_DISABLED; 1223 } 1224 1225 Status = SamSetInformationUser(UserHandle, 1226 UserControlInformation, 1227 ControlInfo); 1228 if (!NT_SUCCESS(Status)) 1229 { 1230 DPRINT1("SamSetInformationUser() failed (Status: 0x%08lx)\n", Status); 1231 } 1232 1233 done: 1234 if (ControlInfo != NULL) 1235 SamFreeMemory(ControlInfo); 1236 1237 if (UserHandle != NULL) 1238 SamCloseHandle(UserHandle); 1239 } 1240 1241 1242 static 1243 VOID 1244 SetNewAccountName( 1245 _In_ HINF hSecurityInf, 1246 _In_ PWSTR pszSectionName, 1247 _In_ PWSTR pszValueName, 1248 _In_ SAM_HANDLE DomainHandle, 1249 _In_ DWORD dwAccountRid) 1250 { 1251 INFCONTEXT InfContext; 1252 DWORD dwLength = 0; 1253 PWSTR pszName = NULL; 1254 SAM_HANDLE UserHandle = NULL; 1255 USER_NAME_INFORMATION NameInfo; 1256 NTSTATUS Status; 1257 1258 DPRINT("SetNewAccountName()\n"); 1259 1260 if (!SetupFindFirstLineW(hSecurityInf, 1261 pszSectionName, 1262 pszValueName, 1263 &InfContext)) 1264 return; 1265 1266 SetupGetStringFieldW(&InfContext, 1267 1, 1268 NULL, 1269 0, 1270 &dwLength); 1271 if (dwLength == 0) 1272 return; 1273 1274 ASSERT(dwLength <= UNICODE_STRING_MAX_CHARS); 1275 1276 pszName = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwLength * sizeof(WCHAR)); 1277 if (pszName == NULL) 1278 { 1279 DPRINT1("HeapAlloc() failed\n"); 1280 return; 1281 } 1282 1283 if (!SetupGetStringFieldW(&InfContext, 1284 1, 1285 pszName, 1286 dwLength, 1287 &dwLength)) 1288 { 1289 DPRINT1("No valid string value\n"); 1290 goto done; 1291 } 1292 1293 DPRINT("NewAccountName: '%S'\n", pszName); 1294 1295 Status = SamOpenUser(DomainHandle, 1296 USER_WRITE_ACCOUNT, 1297 dwAccountRid, 1298 &UserHandle); 1299 if (!NT_SUCCESS(Status)) 1300 { 1301 DPRINT1("SamOpenUser() failed (Status: 0x%08lx)\n", Status); 1302 goto done; 1303 } 1304 1305 NameInfo.UserName.Length = (USHORT)wcslen(pszName) * sizeof(WCHAR); 1306 NameInfo.UserName.MaximumLength = NameInfo.UserName.Length + sizeof(WCHAR); 1307 NameInfo.UserName.Buffer = pszName; 1308 NameInfo.FullName.Length = 0; 1309 NameInfo.FullName.MaximumLength = 0; 1310 NameInfo.FullName.Buffer = NULL; 1311 1312 Status = SamSetInformationUser(UserHandle, 1313 UserNameInformation, 1314 &NameInfo); 1315 if (!NT_SUCCESS(Status)) 1316 { 1317 DPRINT1("SamSetInformationUser() failed (Status: 0x%08lx)\n", Status); 1318 } 1319 1320 done: 1321 if (UserHandle != NULL) 1322 SamCloseHandle(UserHandle); 1323 1324 if (pszName != NULL) 1325 HeapFree(GetProcessHeap(), 0, pszName); 1326 } 1327 1328 1329 static 1330 VOID 1331 ApplyAccountSettings( 1332 _In_ HINF hSecurityInf, 1333 _In_ PWSTR pszSectionName) 1334 { 1335 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; 1336 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 1337 LSA_HANDLE PolicyHandle = NULL; 1338 SAM_HANDLE ServerHandle = NULL; 1339 SAM_HANDLE DomainHandle = NULL; 1340 NTSTATUS Status; 1341 1342 DPRINT("ApplyAccountSettings()\n"); 1343 1344 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 1345 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 1346 1347 Status = LsaOpenPolicy(NULL, 1348 &ObjectAttributes, 1349 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 1350 &PolicyHandle); 1351 if (Status != STATUS_SUCCESS) 1352 { 1353 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status); 1354 return; 1355 } 1356 1357 Status = LsaQueryInformationPolicy(PolicyHandle, 1358 PolicyAccountDomainInformation, 1359 (PVOID *)&OrigInfo); 1360 if (!NT_SUCCESS(Status)) 1361 { 1362 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status); 1363 goto done; 1364 } 1365 1366 Status = SamConnect(NULL, 1367 &ServerHandle, 1368 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, 1369 NULL); 1370 if (!NT_SUCCESS(Status)) 1371 { 1372 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status); 1373 goto done; 1374 } 1375 1376 Status = SamOpenDomain(ServerHandle, 1377 DOMAIN_LOOKUP, 1378 OrigInfo->DomainSid, 1379 &DomainHandle); 1380 if (!NT_SUCCESS(Status)) 1381 { 1382 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status); 1383 goto done; 1384 } 1385 1386 SetLsaAnonymousNameLookup(hSecurityInf, 1387 pszSectionName); 1388 1389 EnableAccount(hSecurityInf, 1390 pszSectionName, 1391 L"EnableAdminAccount", 1392 DomainHandle, 1393 DOMAIN_USER_RID_ADMIN); 1394 1395 EnableAccount(hSecurityInf, 1396 pszSectionName, 1397 L"EnableGuestAccount", 1398 DomainHandle, 1399 DOMAIN_USER_RID_GUEST); 1400 1401 SetNewAccountName(hSecurityInf, 1402 pszSectionName, 1403 L"NewAdministratorName", 1404 DomainHandle, 1405 DOMAIN_USER_RID_ADMIN); 1406 1407 SetNewAccountName(hSecurityInf, 1408 pszSectionName, 1409 L"NewGuestName", 1410 DomainHandle, 1411 DOMAIN_USER_RID_GUEST); 1412 1413 done: 1414 if (DomainHandle != NULL) 1415 SamCloseHandle(DomainHandle); 1416 1417 if (ServerHandle != NULL) 1418 SamCloseHandle(ServerHandle); 1419 1420 if (OrigInfo != NULL) 1421 LsaFreeMemory(OrigInfo); 1422 1423 if (PolicyHandle != NULL) 1424 LsaClose(PolicyHandle); 1425 } 1426 1427 1428 static 1429 VOID 1430 ApplyAuditEvents( 1431 _In_ HINF hSecurityInf) 1432 { 1433 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 1434 INFCONTEXT InfContext; 1435 WCHAR szOptionName[256]; 1436 INT nValue; 1437 LSA_HANDLE PolicyHandle = NULL; 1438 POLICY_AUDIT_EVENTS_INFO AuditInfo; 1439 PULONG AuditOptions = NULL; 1440 NTSTATUS Status; 1441 1442 DPRINT("ApplyAuditEvents(%p)\n", hSecurityInf); 1443 1444 if (!SetupFindFirstLineW(hSecurityInf, 1445 L"Event Audit", 1446 NULL, 1447 &InfContext)) 1448 { 1449 DPRINT1("SetupFindFirstLineW failed\n"); 1450 return; 1451 } 1452 1453 ZeroMemory(&ObjectAttributes, sizeof(LSA_OBJECT_ATTRIBUTES)); 1454 1455 Status = LsaOpenPolicy(NULL, 1456 &ObjectAttributes, 1457 POLICY_SET_AUDIT_REQUIREMENTS, 1458 &PolicyHandle); 1459 if (!NT_SUCCESS(Status)) 1460 { 1461 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status); 1462 return; 1463 } 1464 1465 AuditOptions = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, 1466 (AuditCategoryAccountLogon + 1) * sizeof(ULONG)); 1467 if (AuditOptions == NULL) 1468 { 1469 DPRINT1("Failed to allocate the auditiing options array!\n"); 1470 goto done; 1471 } 1472 1473 AuditInfo.AuditingMode = TRUE; 1474 AuditInfo.EventAuditingOptions = AuditOptions; 1475 AuditInfo.MaximumAuditEventCount = AuditCategoryAccountLogon + 1; 1476 1477 do 1478 { 1479 /* Retrieve the group name */ 1480 if (!SetupGetStringFieldW(&InfContext, 1481 0, 1482 szOptionName, 1483 ARRAYSIZE(szOptionName), 1484 NULL)) 1485 { 1486 DPRINT1("SetupGetStringFieldW() failed\n"); 1487 continue; 1488 } 1489 1490 DPRINT("Option: '%S'\n", szOptionName); 1491 1492 if (!SetupGetIntField(&InfContext, 1493 1, 1494 &nValue)) 1495 { 1496 DPRINT1("SetupGetStringFieldW() failed\n"); 1497 continue; 1498 } 1499 1500 DPRINT("Value: %d\n", nValue); 1501 1502 if ((nValue < POLICY_AUDIT_EVENT_UNCHANGED) || (nValue > POLICY_AUDIT_EVENT_NONE)) 1503 { 1504 DPRINT1("Invalid audit option!\n"); 1505 continue; 1506 } 1507 1508 if (_wcsicmp(szOptionName, L"AuditSystemEvents") == 0) 1509 { 1510 AuditOptions[AuditCategorySystem] = (ULONG)nValue; 1511 } 1512 else if (_wcsicmp(szOptionName, L"AuditLogonEvents") == 0) 1513 { 1514 AuditOptions[AuditCategoryLogon] = (ULONG)nValue; 1515 } 1516 else if (_wcsicmp(szOptionName, L"AuditObjectAccess") == 0) 1517 { 1518 AuditOptions[AuditCategoryObjectAccess] = (ULONG)nValue; 1519 } 1520 else if (_wcsicmp(szOptionName, L"AuditPrivilegeUse") == 0) 1521 { 1522 AuditOptions[AuditCategoryPrivilegeUse] = (ULONG)nValue; 1523 } 1524 else if (_wcsicmp(szOptionName, L"AuditProcessTracking") == 0) 1525 { 1526 AuditOptions[AuditCategoryDetailedTracking] = (ULONG)nValue; 1527 } 1528 else if (_wcsicmp(szOptionName, L"AuditPolicyChange") == 0) 1529 { 1530 AuditOptions[AuditCategoryPolicyChange] = (ULONG)nValue; 1531 } 1532 else if (_wcsicmp(szOptionName, L"AuditAccountManage") == 0) 1533 { 1534 AuditOptions[AuditCategoryAccountManagement] = (ULONG)nValue; 1535 } 1536 else if (_wcsicmp(szOptionName, L"AuditDSAccess") == 0) 1537 { 1538 AuditOptions[AuditCategoryDirectoryServiceAccess] = (ULONG)nValue; 1539 } 1540 else if (_wcsicmp(szOptionName, L"AuditAccountLogon") == 0) 1541 { 1542 AuditOptions[AuditCategoryAccountLogon] = (ULONG)nValue; 1543 } 1544 else 1545 { 1546 DPRINT1("Invalid auditing option '%S'\n", szOptionName); 1547 } 1548 } 1549 while (SetupFindNextLine(&InfContext, &InfContext)); 1550 1551 Status = LsaSetInformationPolicy(PolicyHandle, 1552 PolicyAuditEventsInformation, 1553 (PVOID)&AuditInfo); 1554 if (Status != STATUS_SUCCESS) 1555 { 1556 DPRINT1("LsaSetInformationPolicy() failed (Status 0x%08lx)\n", Status); 1557 } 1558 1559 done: 1560 if (AuditOptions != NULL) 1561 HeapFree(GetProcessHeap(), 0, AuditOptions); 1562 1563 if (PolicyHandle != NULL) 1564 LsaClose(PolicyHandle); 1565 } 1566 1567 1568 VOID 1569 InstallSecurity(VOID) 1570 { 1571 HINF hSecurityInf; 1572 PWSTR pszSecurityInf; 1573 1574 // if (IsServer()) 1575 // pszSecurityInf = L"defltsv.inf"; 1576 // else 1577 pszSecurityInf = L"defltwk.inf"; 1578 1579 InstallBuiltinAccounts(); 1580 1581 hSecurityInf = SetupOpenInfFileW(pszSecurityInf, 1582 NULL, 1583 INF_STYLE_WIN4, 1584 NULL); 1585 if (hSecurityInf != INVALID_HANDLE_VALUE) 1586 { 1587 InstallPrivileges(hSecurityInf); 1588 ApplyRegistryValues(hSecurityInf); 1589 1590 ApplyEventlogSettings(hSecurityInf, L"Application Log", L"Application"); 1591 ApplyEventlogSettings(hSecurityInf, L"Security Log", L"Security"); 1592 ApplyEventlogSettings(hSecurityInf, L"System Log", L"System"); 1593 1594 ApplyPasswordSettings(hSecurityInf, L"System Access"); 1595 ApplyLockoutSettings(hSecurityInf, L"System Access"); 1596 ApplyAccountSettings(hSecurityInf, L"System Access"); 1597 1598 ApplyAuditEvents(hSecurityInf); 1599 1600 SetupCloseInfFile(hSecurityInf); 1601 } 1602 1603 /* Hack */ 1604 SetPrimaryDomain(L"WORKGROUP", NULL); 1605 } 1606 1607 1608 NTSTATUS 1609 SetAdministratorPassword(LPCWSTR Password) 1610 { 1611 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; 1612 PUSER_ACCOUNT_NAME_INFORMATION AccountNameInfo = NULL; 1613 USER_SET_PASSWORD_INFORMATION PasswordInfo; 1614 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 1615 LSA_HANDLE PolicyHandle = NULL; 1616 SAM_HANDLE ServerHandle = NULL; 1617 SAM_HANDLE DomainHandle = NULL; 1618 SAM_HANDLE UserHandle = NULL; 1619 NTSTATUS Status; 1620 1621 DPRINT("SYSSETUP: SetAdministratorPassword(%p)\n", Password); 1622 1623 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 1624 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 1625 1626 Status = LsaOpenPolicy(NULL, 1627 &ObjectAttributes, 1628 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 1629 &PolicyHandle); 1630 if (Status != STATUS_SUCCESS) 1631 { 1632 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status); 1633 return Status; 1634 } 1635 1636 Status = LsaQueryInformationPolicy(PolicyHandle, 1637 PolicyAccountDomainInformation, 1638 (PVOID *)&OrigInfo); 1639 if (!NT_SUCCESS(Status)) 1640 { 1641 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status); 1642 goto done; 1643 } 1644 1645 Status = SamConnect(NULL, 1646 &ServerHandle, 1647 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, 1648 NULL); 1649 if (!NT_SUCCESS(Status)) 1650 { 1651 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status); 1652 goto done; 1653 } 1654 1655 Status = SamOpenDomain(ServerHandle, 1656 DOMAIN_LOOKUP, 1657 OrigInfo->DomainSid, 1658 &DomainHandle); 1659 if (!NT_SUCCESS(Status)) 1660 { 1661 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status); 1662 goto done; 1663 } 1664 1665 Status = SamOpenUser(DomainHandle, 1666 USER_FORCE_PASSWORD_CHANGE | USER_READ_GENERAL, 1667 DOMAIN_USER_RID_ADMIN, 1668 &UserHandle); 1669 if (!NT_SUCCESS(Status)) 1670 { 1671 DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status); 1672 goto done; 1673 } 1674 1675 RtlInitUnicodeString(&PasswordInfo.Password, Password); 1676 PasswordInfo.PasswordExpired = FALSE; 1677 1678 Status = SamSetInformationUser(UserHandle, 1679 UserSetPasswordInformation, 1680 &PasswordInfo); 1681 if (!NT_SUCCESS(Status)) 1682 { 1683 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status); 1684 goto done; 1685 } 1686 1687 Status = SamQueryInformationUser(UserHandle, 1688 UserAccountNameInformation, 1689 (PVOID*)&AccountNameInfo); 1690 if (!NT_SUCCESS(Status)) 1691 { 1692 DPRINT1("SamQueryInformationUser() failed (Status 0x%08lx)\n", Status); 1693 goto done; 1694 } 1695 1696 AdminInfo.Name = RtlAllocateHeap(RtlGetProcessHeap(), 1697 HEAP_ZERO_MEMORY, 1698 AccountNameInfo->UserName.Length + sizeof(WCHAR)); 1699 if (AdminInfo.Name != NULL) 1700 RtlCopyMemory(AdminInfo.Name, 1701 AccountNameInfo->UserName.Buffer, 1702 AccountNameInfo->UserName.Length); 1703 1704 AdminInfo.Domain = RtlAllocateHeap(RtlGetProcessHeap(), 1705 HEAP_ZERO_MEMORY, 1706 OrigInfo->DomainName.Length + sizeof(WCHAR)); 1707 if (AdminInfo.Domain != NULL) 1708 RtlCopyMemory(AdminInfo.Domain, 1709 OrigInfo->DomainName.Buffer, 1710 OrigInfo->DomainName.Length); 1711 1712 AdminInfo.Password = RtlAllocateHeap(RtlGetProcessHeap(), 1713 0, 1714 (wcslen(Password) + 1) * sizeof(WCHAR)); 1715 if (AdminInfo.Password != NULL) 1716 wcscpy(AdminInfo.Password, Password); 1717 1718 DPRINT("Administrator Name: %S\n", AdminInfo.Name); 1719 DPRINT("Administrator Domain: %S\n", AdminInfo.Domain); 1720 DPRINT("Administrator Password: %S\n", AdminInfo.Password); 1721 1722 done: 1723 if (AccountNameInfo != NULL) 1724 SamFreeMemory(AccountNameInfo); 1725 1726 if (OrigInfo != NULL) 1727 LsaFreeMemory(OrigInfo); 1728 1729 if (PolicyHandle != NULL) 1730 LsaClose(PolicyHandle); 1731 1732 if (UserHandle != NULL) 1733 SamCloseHandle(UserHandle); 1734 1735 if (DomainHandle != NULL) 1736 SamCloseHandle(DomainHandle); 1737 1738 if (ServerHandle != NULL) 1739 SamCloseHandle(ServerHandle); 1740 1741 DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status); 1742 1743 return Status; 1744 } 1745 1746 1747 VOID 1748 SetAutoAdminLogon(VOID) 1749 { 1750 WCHAR szAutoAdminLogon[2]; 1751 HKEY hKey = NULL; 1752 DWORD dwType; 1753 DWORD dwSize; 1754 LONG lError; 1755 1756 lError = RegOpenKeyExW(HKEY_LOCAL_MACHINE, 1757 L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", 1758 0, 1759 KEY_READ | KEY_WRITE, 1760 &hKey); 1761 if (lError != ERROR_SUCCESS) 1762 return; 1763 1764 dwSize = 2 * sizeof(WCHAR); 1765 lError = RegQueryValueExW(hKey, 1766 L"AutoAdminLogon", 1767 NULL, 1768 &dwType, 1769 (LPBYTE)szAutoAdminLogon, 1770 &dwSize); 1771 if (lError != ERROR_SUCCESS) 1772 goto done; 1773 1774 if (wcscmp(szAutoAdminLogon, L"1") == 0) 1775 { 1776 RegSetValueExW(hKey, 1777 L"DefaultDomainName", 1778 0, 1779 REG_SZ, 1780 (LPBYTE)AdminInfo.Domain, 1781 (wcslen(AdminInfo.Domain) + 1) * sizeof(WCHAR)); 1782 1783 RegSetValueExW(hKey, 1784 L"DefaultUserName", 1785 0, 1786 REG_SZ, 1787 (LPBYTE)AdminInfo.Name, 1788 (wcslen(AdminInfo.Name) + 1) * sizeof(WCHAR)); 1789 1790 RegSetValueExW(hKey, 1791 L"DefaultPassword", 1792 0, 1793 REG_SZ, 1794 (LPBYTE)AdminInfo.Password, 1795 (wcslen(AdminInfo.Password) + 1) * sizeof(WCHAR)); 1796 } 1797 1798 done: 1799 if (hKey != NULL) 1800 RegCloseKey(hKey); 1801 } 1802 1803 1804 /* EOF */ 1805 1806