1 /* 2 * COPYRIGHT: See COPYING in the top level directory 3 * PROJECT: Security Account Manager (SAM) Server 4 * FILE: reactos/dll/win32/samsrv/setup.c 5 * PURPOSE: Registry setup routines 6 * 7 * PROGRAMMERS: Eric Kohl 8 */ 9 10 #include "samsrv.h" 11 12 #include <ntsecapi.h> 13 14 #include "resources.h" 15 16 /* GLOBALS *****************************************************************/ 17 18 #define TICKS_PER_SECOND 10000000LL 19 20 SID_IDENTIFIER_AUTHORITY SecurityNtAuthority = {SECURITY_NT_AUTHORITY}; 21 22 /* FUNCTIONS ***************************************************************/ 23 24 static BOOL 25 SampSetupAddMemberToAlias(HKEY hDomainKey, 26 ULONG AliasId, 27 PSID MemberSid) 28 { 29 DWORD dwDisposition; 30 LPWSTR MemberSidString = NULL; 31 WCHAR szKeyName[256]; 32 HKEY hMembersKey; 33 34 ConvertSidToStringSidW(MemberSid, &MemberSidString); 35 36 swprintf(szKeyName, L"Aliases\\%08lX\\Members", AliasId); 37 38 if (!RegCreateKeyExW(hDomainKey, 39 szKeyName, 40 0, 41 NULL, 42 REG_OPTION_NON_VOLATILE, 43 KEY_ALL_ACCESS, 44 NULL, 45 &hMembersKey, 46 &dwDisposition)) 47 { 48 RegSetValueEx(hMembersKey, 49 MemberSidString, 50 0, 51 REG_BINARY, 52 (LPVOID)MemberSid, 53 RtlLengthSid(MemberSid)); 54 55 RegCloseKey(hMembersKey); 56 } 57 58 swprintf(szKeyName, L"Aliases\\Members\\%s", MemberSidString); 59 60 if (!RegCreateKeyExW(hDomainKey, 61 szKeyName, 62 0, 63 NULL, 64 REG_OPTION_NON_VOLATILE, 65 KEY_ALL_ACCESS, 66 NULL, 67 &hMembersKey, 68 &dwDisposition)) 69 { 70 swprintf(szKeyName, L"%08lX", AliasId); 71 72 RegSetValueEx(hMembersKey, 73 szKeyName, 74 0, 75 REG_BINARY, 76 (LPVOID)MemberSid, 77 RtlLengthSid(MemberSid)); 78 79 RegCloseKey(hMembersKey); 80 } 81 82 if (MemberSidString != NULL) 83 LocalFree(MemberSidString); 84 85 return TRUE; 86 } 87 88 89 static 90 NTSTATUS 91 SampSetupCreateAliasAccount(HANDLE hDomainKey, 92 LPCWSTR lpAccountName, 93 LPCWSTR lpDescription, 94 ULONG ulRelativeId) 95 { 96 WCHAR szAccountKeyName[32]; 97 HANDLE hAccountKey = NULL; 98 HANDLE hNamesKey = NULL; 99 PSECURITY_DESCRIPTOR Sd = NULL; 100 ULONG SdSize = 0; 101 NTSTATUS Status; 102 103 swprintf(szAccountKeyName, L"Aliases\\%08lX", ulRelativeId); 104 105 Status = SampRegCreateKey(hDomainKey, 106 szAccountKeyName, 107 KEY_ALL_ACCESS, 108 &hAccountKey); 109 if (!NT_SUCCESS(Status)) 110 return Status; 111 112 Status = SampRegSetValue(hAccountKey, 113 L"Name", 114 REG_SZ, 115 (LPVOID)lpAccountName, 116 (wcslen(lpAccountName) + 1) * sizeof(WCHAR)); 117 if (!NT_SUCCESS(Status)) 118 goto done; 119 120 Status = SampRegSetValue(hAccountKey, 121 L"Description", 122 REG_SZ, 123 (LPVOID)lpDescription, 124 (wcslen(lpDescription) + 1) * sizeof(WCHAR)); 125 if (!NT_SUCCESS(Status)) 126 goto done; 127 128 /* Create the server SD */ 129 Status = SampCreateAliasSD(&Sd, 130 &SdSize); 131 if (!NT_SUCCESS(Status)) 132 goto done; 133 134 /* Set SecDesc attribute*/ 135 Status = SampRegSetValue(hAccountKey, 136 L"SecDesc", 137 REG_BINARY, 138 Sd, 139 SdSize); 140 if (!NT_SUCCESS(Status)) 141 goto done; 142 143 Status = SampRegOpenKey(hDomainKey, 144 L"Aliases\\Names", 145 KEY_ALL_ACCESS, 146 &hNamesKey); 147 if (!NT_SUCCESS(Status)) 148 goto done; 149 150 Status = SampRegSetValue(hNamesKey, 151 lpAccountName, 152 REG_DWORD, 153 (LPVOID)&ulRelativeId, 154 sizeof(ULONG)); 155 156 done: 157 SampRegCloseKey(&hNamesKey); 158 159 if (Sd != NULL) 160 RtlFreeHeap(RtlGetProcessHeap(), 0, Sd); 161 162 if (hAccountKey != NULL) 163 { 164 SampRegCloseKey(&hAccountKey); 165 166 if (!NT_SUCCESS(Status)) 167 SampRegDeleteKey(hDomainKey, 168 szAccountKeyName); 169 } 170 171 return Status; 172 } 173 174 175 static 176 NTSTATUS 177 SampSetupAddMemberToGroup(IN HANDLE hDomainKey, 178 IN ULONG GroupId, 179 IN ULONG MemberId) 180 { 181 WCHAR szKeyName[256]; 182 HANDLE hGroupKey = NULL; 183 PULONG MembersBuffer = NULL; 184 ULONG MembersCount = 0; 185 ULONG Length = 0; 186 ULONG i; 187 NTSTATUS Status; 188 189 swprintf(szKeyName, L"Groups\\%08lX", GroupId); 190 191 Status = SampRegOpenKey(hDomainKey, 192 szKeyName, 193 KEY_ALL_ACCESS, 194 &hGroupKey); 195 if (!NT_SUCCESS(Status)) 196 return Status; 197 198 Status = SampRegQueryValue(hGroupKey, 199 L"Members", 200 NULL, 201 NULL, 202 &Length); 203 if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND) 204 goto done; 205 206 MembersBuffer = midl_user_allocate(Length + sizeof(ULONG)); 207 if (MembersBuffer == NULL) 208 { 209 Status = STATUS_INSUFFICIENT_RESOURCES; 210 goto done; 211 } 212 213 if (Status != STATUS_OBJECT_NAME_NOT_FOUND) 214 { 215 Status = SampRegQueryValue(hGroupKey, 216 L"Members", 217 NULL, 218 MembersBuffer, 219 &Length); 220 if (!NT_SUCCESS(Status)) 221 goto done; 222 223 MembersCount = Length / sizeof(ULONG); 224 } 225 226 for (i = 0; i < MembersCount; i++) 227 { 228 if (MembersBuffer[i] == MemberId) 229 { 230 Status = STATUS_MEMBER_IN_GROUP; 231 goto done; 232 } 233 } 234 235 MembersBuffer[MembersCount] = MemberId; 236 Length += sizeof(ULONG); 237 238 Status = SampRegSetValue(hGroupKey, 239 L"Members", 240 REG_BINARY, 241 MembersBuffer, 242 Length); 243 244 done: 245 if (MembersBuffer != NULL) 246 midl_user_free(MembersBuffer); 247 248 SampRegCloseKey(&hGroupKey); 249 250 return Status; 251 } 252 253 254 static 255 NTSTATUS 256 SampSetupCreateGroupAccount(HANDLE hDomainKey, 257 LPCWSTR lpAccountName, 258 LPCWSTR lpComment, 259 ULONG ulRelativeId) 260 { 261 SAM_GROUP_FIXED_DATA FixedGroupData; 262 WCHAR szAccountKeyName[32]; 263 HANDLE hAccountKey = NULL; 264 HANDLE hNamesKey = NULL; 265 PSECURITY_DESCRIPTOR Sd = NULL; 266 ULONG SdSize = 0; 267 NTSTATUS Status; 268 269 /* Initialize fixed group data */ 270 FixedGroupData.Version = 1; 271 FixedGroupData.Reserved = 0; 272 FixedGroupData.GroupId = ulRelativeId; 273 FixedGroupData.Attributes = 0; 274 275 swprintf(szAccountKeyName, L"Groups\\%08lX", ulRelativeId); 276 277 Status = SampRegCreateKey(hDomainKey, 278 szAccountKeyName, 279 KEY_ALL_ACCESS, 280 &hAccountKey); 281 if (!NT_SUCCESS(Status)) 282 return Status; 283 284 Status = SampRegSetValue(hAccountKey, 285 L"F", 286 REG_BINARY, 287 (LPVOID)&FixedGroupData, 288 sizeof(SAM_GROUP_FIXED_DATA)); 289 if (!NT_SUCCESS(Status)) 290 goto done; 291 292 Status = SampRegSetValue(hAccountKey, 293 L"Name", 294 REG_SZ, 295 (LPVOID)lpAccountName, 296 (wcslen(lpAccountName) + 1) * sizeof(WCHAR)); 297 if (!NT_SUCCESS(Status)) 298 goto done; 299 300 Status = SampRegSetValue(hAccountKey, 301 L"AdminComment", 302 REG_SZ, 303 (LPVOID)lpComment, 304 (wcslen(lpComment) + 1) * sizeof(WCHAR)); 305 if (!NT_SUCCESS(Status)) 306 goto done; 307 308 /* Create the security descriptor */ 309 Status = SampCreateGroupSD(&Sd, 310 &SdSize); 311 if (!NT_SUCCESS(Status)) 312 goto done; 313 314 /* Set the SecDesc attribute*/ 315 Status = SampRegSetValue(hAccountKey, 316 L"SecDesc", 317 REG_BINARY, 318 Sd, 319 SdSize); 320 if (!NT_SUCCESS(Status)) 321 goto done; 322 323 Status = SampRegOpenKey(hDomainKey, 324 L"Groups\\Names", 325 KEY_ALL_ACCESS, 326 &hNamesKey); 327 if (!NT_SUCCESS(Status)) 328 goto done; 329 330 Status = SampRegSetValue(hNamesKey, 331 lpAccountName, 332 REG_DWORD, 333 (LPVOID)&ulRelativeId, 334 sizeof(ULONG)); 335 336 done: 337 SampRegCloseKey(&hNamesKey); 338 339 if (Sd != NULL) 340 RtlFreeHeap(RtlGetProcessHeap(), 0, Sd); 341 342 if (hAccountKey != NULL) 343 { 344 SampRegCloseKey(&hAccountKey); 345 346 if (!NT_SUCCESS(Status)) 347 SampRegDeleteKey(hDomainKey, 348 szAccountKeyName); 349 } 350 351 return Status; 352 } 353 354 355 static 356 NTSTATUS 357 SampSetupCreateUserAccount(HANDLE hDomainKey, 358 LPCWSTR lpAccountName, 359 LPCWSTR lpComment, 360 PSID lpDomainSid, 361 ULONG ulRelativeId, 362 ULONG UserAccountControl) 363 { 364 SAM_USER_FIXED_DATA FixedUserData; 365 GROUP_MEMBERSHIP GroupMembership; 366 UCHAR LogonHours[23]; 367 LPWSTR lpEmptyString = L""; 368 WCHAR szAccountKeyName[32]; 369 HANDLE hAccountKey = NULL; 370 HANDLE hNamesKey = NULL; 371 PSECURITY_DESCRIPTOR Sd = NULL; 372 ULONG SdSize = 0; 373 PSID UserSid = NULL; 374 NTSTATUS Status; 375 376 UserSid = AppendRidToSid(lpDomainSid, 377 ulRelativeId); 378 379 /* Create the security descriptor */ 380 Status = SampCreateUserSD(UserSid, 381 &Sd, 382 &SdSize); 383 if (!NT_SUCCESS(Status)) 384 goto done; 385 386 /* Initialize fixed user data */ 387 FixedUserData.Version = 1; 388 FixedUserData.Reserved = 0; 389 FixedUserData.LastLogon.QuadPart = 0; 390 FixedUserData.LastLogoff.QuadPart = 0; 391 FixedUserData.PasswordLastSet.QuadPart = 0; 392 FixedUserData.AccountExpires.QuadPart = MAXLONGLONG; 393 FixedUserData.LastBadPasswordTime.QuadPart = 0; 394 FixedUserData.UserId = ulRelativeId; 395 FixedUserData.PrimaryGroupId = DOMAIN_GROUP_RID_USERS; 396 FixedUserData.UserAccountControl = UserAccountControl; 397 FixedUserData.CountryCode = 0; 398 FixedUserData.CodePage = 0; 399 FixedUserData.BadPasswordCount = 0; 400 FixedUserData.LogonCount = 0; 401 FixedUserData.AdminCount = 0; 402 FixedUserData.OperatorCount = 0; 403 404 swprintf(szAccountKeyName, L"Users\\%08lX", ulRelativeId); 405 406 Status = SampRegCreateKey(hDomainKey, 407 szAccountKeyName, 408 KEY_ALL_ACCESS, 409 &hAccountKey); 410 if (!NT_SUCCESS(Status)) 411 return Status; 412 413 Status = SampRegSetValue(hAccountKey, 414 L"F", 415 REG_BINARY, 416 (LPVOID)&FixedUserData, 417 sizeof(SAM_USER_FIXED_DATA)); 418 if (!NT_SUCCESS(Status)) 419 goto done; 420 421 Status = SampRegSetValue(hAccountKey, 422 L"Name", 423 REG_SZ, 424 (LPVOID)lpAccountName, 425 (wcslen(lpAccountName) + 1) * sizeof(WCHAR)); 426 if (!NT_SUCCESS(Status)) 427 goto done; 428 429 Status = SampRegSetValue(hAccountKey, 430 L"FullName", 431 REG_SZ, 432 (LPVOID)lpEmptyString, 433 sizeof(WCHAR)); 434 if (!NT_SUCCESS(Status)) 435 goto done; 436 437 Status = SampRegSetValue(hAccountKey, 438 L"HomeDirectory", 439 REG_SZ, 440 (LPVOID)lpEmptyString, 441 sizeof(WCHAR)); 442 if (!NT_SUCCESS(Status)) 443 goto done; 444 445 Status = SampRegSetValue(hAccountKey, 446 L"HomeDirectoryDrive", 447 REG_SZ, 448 (LPVOID)lpEmptyString, 449 sizeof(WCHAR)); 450 if (!NT_SUCCESS(Status)) 451 goto done; 452 453 Status = SampRegSetValue(hAccountKey, 454 L"ScriptPath", 455 REG_SZ, 456 (LPVOID)lpEmptyString, 457 sizeof(WCHAR)); 458 if (!NT_SUCCESS(Status)) 459 goto done; 460 461 Status = SampRegSetValue(hAccountKey, 462 L"ProfilePath", 463 REG_SZ, 464 (LPVOID)lpEmptyString, 465 sizeof(WCHAR)); 466 if (!NT_SUCCESS(Status)) 467 goto done; 468 469 Status = SampRegSetValue(hAccountKey, 470 L"AdminComment", 471 REG_SZ, 472 (LPVOID)lpComment, 473 (wcslen(lpComment) + 1) * sizeof(WCHAR)); 474 if (!NT_SUCCESS(Status)) 475 goto done; 476 477 Status = SampRegSetValue(hAccountKey, 478 L"UserComment", 479 REG_SZ, 480 (LPVOID)lpEmptyString, 481 sizeof(WCHAR)); 482 if (!NT_SUCCESS(Status)) 483 goto done; 484 485 Status = SampRegSetValue(hAccountKey, 486 L"WorkStations", 487 REG_SZ, 488 (LPVOID)lpEmptyString, 489 sizeof(WCHAR)); 490 if (!NT_SUCCESS(Status)) 491 goto done; 492 493 Status = SampRegSetValue(hAccountKey, 494 L"Parameters", 495 REG_SZ, 496 (LPVOID)lpEmptyString, 497 sizeof(WCHAR)); 498 if (!NT_SUCCESS(Status)) 499 goto done; 500 501 /* Set LogonHours attribute*/ 502 *((PUSHORT)LogonHours) = 168; 503 memset(&(LogonHours[2]), 0xff, 21); 504 505 Status = SampRegSetValue(hAccountKey, 506 L"LogonHours", 507 REG_BINARY, 508 (LPVOID)LogonHours, 509 sizeof(LogonHours)); 510 if (!NT_SUCCESS(Status)) 511 goto done; 512 513 /* Set Groups attribute*/ 514 GroupMembership.RelativeId = DOMAIN_GROUP_RID_USERS; 515 GroupMembership.Attributes = SE_GROUP_MANDATORY | 516 SE_GROUP_ENABLED | 517 SE_GROUP_ENABLED_BY_DEFAULT; 518 519 Status = SampRegSetValue(hAccountKey, 520 L"Groups", 521 REG_BINARY, 522 (LPVOID)&GroupMembership, 523 sizeof(GROUP_MEMBERSHIP)); 524 if (!NT_SUCCESS(Status)) 525 goto done; 526 527 /* Set LMPwd attribute*/ 528 Status = SampRegSetValue(hAccountKey, 529 L"LMPwd", 530 REG_BINARY, 531 (LPVOID)&EmptyLmHash, 532 sizeof(ENCRYPTED_LM_OWF_PASSWORD)); 533 if (!NT_SUCCESS(Status)) 534 goto done; 535 536 /* Set NTPwd attribute*/ 537 Status = SampRegSetValue(hAccountKey, 538 L"NTPwd", 539 REG_BINARY, 540 (LPVOID)&EmptyNtHash, 541 sizeof(ENCRYPTED_NT_OWF_PASSWORD)); 542 if (!NT_SUCCESS(Status)) 543 goto done; 544 545 /* Set LMPwdHistory attribute*/ 546 Status = SampRegSetValue(hAccountKey, 547 L"LMPwdHistory", 548 REG_BINARY, 549 NULL, 550 0); 551 if (!NT_SUCCESS(Status)) 552 goto done; 553 554 /* Set NTPwdHistory attribute*/ 555 Status = SampRegSetValue(hAccountKey, 556 L"NTPwdHistory", 557 REG_BINARY, 558 NULL, 559 0); 560 if (!NT_SUCCESS(Status)) 561 goto done; 562 563 /* Set PrivateData attribute*/ 564 Status = SampRegSetValue(hAccountKey, 565 L"PrivateData", 566 REG_SZ, 567 (LPVOID)lpEmptyString, 568 sizeof(WCHAR)); 569 if (!NT_SUCCESS(Status)) 570 goto done; 571 572 /* Set the SecDesc attribute*/ 573 Status = SampRegSetValue(hAccountKey, 574 L"SecDesc", 575 REG_BINARY, 576 Sd, 577 SdSize); 578 if (!NT_SUCCESS(Status)) 579 goto done; 580 581 Status = SampRegOpenKey(hDomainKey, 582 L"Users\\Names", 583 KEY_ALL_ACCESS, 584 &hNamesKey); 585 if (!NT_SUCCESS(Status)) 586 goto done; 587 588 Status = SampRegSetValue(hNamesKey, 589 lpAccountName, 590 REG_DWORD, 591 (LPVOID)&ulRelativeId, 592 sizeof(ULONG)); 593 594 done: 595 SampRegCloseKey(&hNamesKey); 596 597 if (Sd != NULL) 598 RtlFreeHeap(RtlGetProcessHeap(), 0, Sd); 599 600 if (UserSid != NULL) 601 RtlFreeHeap(RtlGetProcessHeap(), 0, UserSid); 602 603 if (hAccountKey != NULL) 604 { 605 SampRegCloseKey(&hAccountKey); 606 607 if (!NT_SUCCESS(Status)) 608 SampRegDeleteKey(hDomainKey, 609 szAccountKeyName); 610 } 611 612 return Status; 613 } 614 615 616 static 617 NTSTATUS 618 SampSetupCreateDomain(IN HANDLE hServerKey, 619 IN LPCWSTR lpKeyName, 620 IN LPCWSTR lpDomainName, 621 IN PSID lpDomainSid, 622 IN BOOLEAN bBuiltinDomain, 623 OUT HANDLE *lpDomainKey) 624 { 625 SAM_DOMAIN_FIXED_DATA FixedData; 626 WCHAR szDomainKeyName[32]; 627 LPWSTR lpEmptyString = L""; 628 HANDLE hDomainKey = NULL; 629 HANDLE hAliasesKey = NULL; 630 HANDLE hGroupsKey = NULL; 631 HANDLE hUsersKey = NULL; 632 HANDLE hNamesKey = NULL; 633 PSECURITY_DESCRIPTOR Sd = NULL; 634 ULONG SdSize = 0; 635 NTSTATUS Status; 636 637 if (lpDomainKey != NULL) 638 *lpDomainKey = NULL; 639 640 /* Initialize the fixed domain data */ 641 memset(&FixedData, 0, sizeof(SAM_DOMAIN_FIXED_DATA)); 642 FixedData.Version = 1; 643 NtQuerySystemTime(&FixedData.CreationTime); 644 FixedData.DomainModifiedCount.QuadPart = 0; 645 FixedData.MaxPasswordAge.QuadPart = -(6LL * 7LL * 24LL * 60LL * 60LL * TICKS_PER_SECOND); /* 6 weeks */ 646 FixedData.MinPasswordAge.QuadPart = 0; /* right now */ 647 FixedData.ForceLogoff.QuadPart = LLONG_MAX; /* very far in the future aka never */ 648 FixedData.LockoutDuration.QuadPart = -(30LL * 60LL * TICKS_PER_SECOND); /* 30 minutes */ 649 FixedData.LockoutObservationWindow.QuadPart = -(30LL * 60LL * TICKS_PER_SECOND); /* 30 minutes */ 650 FixedData.ModifiedCountAtLastPromotion.QuadPart = 0; 651 FixedData.NextRid = 1000; 652 FixedData.PasswordProperties = 0; 653 FixedData.MinPasswordLength = 0; 654 FixedData.PasswordHistoryLength = 0; 655 FixedData.LockoutThreshold = 0; 656 FixedData.DomainServerState = DomainServerEnabled; 657 FixedData.DomainServerRole = DomainServerRolePrimary; 658 FixedData.UasCompatibilityRequired = TRUE; 659 660 wcscpy(szDomainKeyName, L"Domains\\"); 661 wcscat(szDomainKeyName, lpKeyName); 662 663 Status = SampRegCreateKey(hServerKey, 664 szDomainKeyName, 665 KEY_ALL_ACCESS, 666 &hDomainKey); 667 if (!NT_SUCCESS(Status)) 668 return Status; 669 670 /* Set the fixed data value */ 671 Status = SampRegSetValue(hDomainKey, 672 L"F", 673 REG_BINARY, 674 (LPVOID)&FixedData, 675 sizeof(SAM_DOMAIN_FIXED_DATA)); 676 if (!NT_SUCCESS(Status)) 677 goto done; 678 679 if (lpDomainSid != NULL) 680 { 681 Status = SampRegSetValue(hDomainKey, 682 L"Name", 683 REG_SZ, 684 (LPVOID)lpDomainName, 685 (wcslen(lpDomainName) + 1) * sizeof(WCHAR)); 686 if (!NT_SUCCESS(Status)) 687 goto done; 688 689 Status = SampRegSetValue(hDomainKey, 690 L"SID", 691 REG_BINARY, 692 (LPVOID)lpDomainSid, 693 RtlLengthSid(lpDomainSid)); 694 if (!NT_SUCCESS(Status)) 695 goto done; 696 } 697 698 Status = SampRegSetValue(hDomainKey, 699 L"OemInformation", 700 REG_SZ, 701 (LPVOID)lpEmptyString, 702 sizeof(WCHAR)); 703 if (!NT_SUCCESS(Status)) 704 goto done; 705 706 Status = SampRegSetValue(hDomainKey, 707 L"ReplicaSourceNodeName", 708 REG_SZ, 709 (LPVOID)lpEmptyString, 710 sizeof(WCHAR)); 711 if (!NT_SUCCESS(Status)) 712 goto done; 713 714 /* Create the Alias container */ 715 Status = SampRegCreateKey(hDomainKey, 716 L"Aliases", 717 KEY_ALL_ACCESS, 718 &hAliasesKey); 719 if (!NT_SUCCESS(Status)) 720 goto done; 721 722 Status = SampRegCreateKey(hAliasesKey, 723 L"Names", 724 KEY_ALL_ACCESS, 725 &hNamesKey); 726 if (!NT_SUCCESS(Status)) 727 goto done; 728 729 SampRegCloseKey(&hNamesKey); 730 731 /* Create the Groups container */ 732 Status = SampRegCreateKey(hDomainKey, 733 L"Groups", 734 KEY_ALL_ACCESS, 735 &hGroupsKey); 736 if (!NT_SUCCESS(Status)) 737 goto done; 738 739 Status = SampRegCreateKey(hGroupsKey, 740 L"Names", 741 KEY_ALL_ACCESS, 742 &hNamesKey); 743 if (!NT_SUCCESS(Status)) 744 goto done; 745 746 SampRegCloseKey(&hNamesKey); 747 748 /* Create the Users container */ 749 Status = SampRegCreateKey(hDomainKey, 750 L"Users", 751 KEY_ALL_ACCESS, 752 &hUsersKey); 753 if (!NT_SUCCESS(Status)) 754 goto done; 755 756 Status = SampRegCreateKey(hUsersKey, 757 L"Names", 758 KEY_ALL_ACCESS, 759 &hNamesKey); 760 if (!NT_SUCCESS(Status)) 761 goto done; 762 763 /* Create the server SD */ 764 if (bBuiltinDomain != FALSE) 765 Status = SampCreateBuiltinDomainSD(&Sd, 766 &SdSize); 767 else 768 Status = SampCreateAccountDomainSD(&Sd, 769 &SdSize); 770 771 if (!NT_SUCCESS(Status)) 772 goto done; 773 774 /* Set SecDesc attribute*/ 775 Status = SampRegSetValue(hServerKey, 776 L"SecDesc", 777 REG_BINARY, 778 Sd, 779 SdSize); 780 if (!NT_SUCCESS(Status)) 781 goto done; 782 783 SampRegCloseKey(&hNamesKey); 784 785 if (lpDomainKey != NULL) 786 *lpDomainKey = hDomainKey; 787 788 done: 789 if (Sd != NULL) 790 RtlFreeHeap(RtlGetProcessHeap(), 0, Sd); 791 792 SampRegCloseKey(&hAliasesKey); 793 SampRegCloseKey(&hGroupsKey); 794 SampRegCloseKey(&hUsersKey); 795 796 if (!NT_SUCCESS(Status)) 797 SampRegCloseKey(&hDomainKey); 798 799 return Status; 800 } 801 802 803 static 804 NTSTATUS 805 SampSetupCreateServer(IN HANDLE hSamKey, 806 OUT HANDLE *lpServerKey) 807 { 808 HANDLE hServerKey = NULL; 809 HANDLE hDomainsKey = NULL; 810 PSECURITY_DESCRIPTOR Sd = NULL; 811 ULONG SdSize = 0; 812 NTSTATUS Status; 813 814 Status = SampRegCreateKey(hSamKey, 815 L"SAM", 816 KEY_ALL_ACCESS, 817 &hServerKey); 818 if (!NT_SUCCESS(Status)) 819 return Status; 820 821 Status = SampRegCreateKey(hServerKey, 822 L"Domains", 823 KEY_ALL_ACCESS, 824 &hDomainsKey); 825 if (!NT_SUCCESS(Status)) 826 goto done; 827 828 /* Create the server SD */ 829 Status = SampCreateServerSD(&Sd, 830 &SdSize); 831 if (!NT_SUCCESS(Status)) 832 goto done; 833 834 /* Set SecDesc attribute*/ 835 Status = SampRegSetValue(hServerKey, 836 L"SecDesc", 837 REG_BINARY, 838 Sd, 839 SdSize); 840 if (!NT_SUCCESS(Status)) 841 goto done; 842 843 SampRegCloseKey(&hDomainsKey); 844 845 *lpServerKey = hServerKey; 846 847 done: 848 if (Sd != NULL) 849 RtlFreeHeap(RtlGetProcessHeap(), 0, Sd); 850 851 return Status; 852 } 853 854 855 NTSTATUS 856 SampGetAccountDomainInfo(PPOLICY_ACCOUNT_DOMAIN_INFO *AccountDomainInfo) 857 { 858 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 859 LSA_HANDLE PolicyHandle; 860 NTSTATUS Status; 861 862 TRACE("SampGetAccountDomainInfo\n"); 863 864 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 865 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 866 867 Status = LsaOpenPolicy(NULL, 868 &ObjectAttributes, 869 POLICY_VIEW_LOCAL_INFORMATION, 870 &PolicyHandle); 871 if (Status != STATUS_SUCCESS) 872 { 873 ERR("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status); 874 return Status; 875 } 876 877 Status = LsaQueryInformationPolicy(PolicyHandle, 878 PolicyAccountDomainInformation, 879 (PVOID *)AccountDomainInfo); 880 881 LsaClose(PolicyHandle); 882 883 return Status; 884 } 885 886 887 BOOL 888 SampInitializeSAM(VOID) 889 { 890 PPOLICY_ACCOUNT_DOMAIN_INFO AccountDomainInfo = NULL; 891 HANDLE hSamKey = NULL; 892 HANDLE hServerKey = NULL; 893 HANDLE hBuiltinDomainKey = NULL; 894 HANDLE hAccountDomainKey = NULL; 895 PSID pBuiltinSid = NULL; 896 PSID pInteractiveSid = NULL; 897 PSID pAuthenticatedUserSid = NULL; 898 BOOL bResult = TRUE; 899 PSID pSid; 900 HINSTANCE hInstance; 901 WCHAR szComment[256]; 902 WCHAR szName[80]; 903 NTSTATUS Status; 904 905 TRACE("SampInitializeSAM() called\n"); 906 907 hInstance = GetModuleHandleW(L"samsrv.dll"); 908 909 /* Open the SAM key */ 910 Status = SampRegOpenKey(NULL, 911 L"\\Registry\\Machine\\SAM", 912 KEY_READ | KEY_CREATE_SUB_KEY | KEY_ENUMERATE_SUB_KEYS, 913 &hSamKey); 914 if (!NT_SUCCESS(Status)) 915 { 916 ERR("Failed to open the SAM key (Status: 0x%08lx)\n", Status); 917 return FALSE; 918 } 919 920 /* Create the SAM Server object */ 921 Status = SampSetupCreateServer(hSamKey, 922 &hServerKey); 923 if (!NT_SUCCESS(Status)) 924 { 925 bResult = FALSE; 926 goto done; 927 } 928 929 /* Create and initialize the Builtin Domain SID */ 930 pBuiltinSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, RtlLengthRequiredSid(1)); 931 if (pBuiltinSid == NULL) 932 { 933 ERR("Failed to allocate the Builtin Domain SID\n"); 934 bResult = FALSE; 935 goto done; 936 } 937 938 RtlInitializeSid(pBuiltinSid, &SecurityNtAuthority, 1); 939 *(RtlSubAuthoritySid(pBuiltinSid, 0)) = SECURITY_BUILTIN_DOMAIN_RID; 940 941 /* Create and initialize the Interactive SID */ 942 pInteractiveSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, RtlLengthRequiredSid(1)); 943 if (pInteractiveSid == NULL) 944 { 945 ERR("Failed to allocate the Interactive SID\n"); 946 bResult = FALSE; 947 goto done; 948 } 949 950 RtlInitializeSid(pInteractiveSid, &SecurityNtAuthority, 1); 951 *(RtlSubAuthoritySid(pInteractiveSid, 0)) = SECURITY_INTERACTIVE_RID; 952 953 /* Create and initialize the Authenticated User SID */ 954 pAuthenticatedUserSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, RtlLengthRequiredSid(1)); 955 if (pAuthenticatedUserSid == NULL) 956 { 957 ERR("Failed to allocate the Authenticated User SID\n"); 958 bResult = FALSE; 959 goto done; 960 } 961 962 RtlInitializeSid(pAuthenticatedUserSid, &SecurityNtAuthority, 1); 963 *(RtlSubAuthoritySid(pAuthenticatedUserSid, 0)) = SECURITY_AUTHENTICATED_USER_RID; 964 965 /* Get account domain information */ 966 Status = SampGetAccountDomainInfo(&AccountDomainInfo); 967 if (!NT_SUCCESS(Status)) 968 { 969 ERR("SampGetAccountDomainInfo failed (Status %08lx)\n", Status); 970 bResult = FALSE; 971 goto done; 972 } 973 974 SampLoadString(hInstance, IDS_DOMAIN_BUILTIN_NAME, szName, 80); 975 976 /* Create the Builtin domain */ 977 Status = SampSetupCreateDomain(hServerKey, 978 L"Builtin", 979 szName, 980 pBuiltinSid, 981 TRUE, 982 &hBuiltinDomainKey); 983 if (!NT_SUCCESS(Status)) 984 { 985 bResult = FALSE; 986 goto done; 987 } 988 989 SampLoadString(hInstance, IDS_ALIAS_ADMINISTRATORS_NAME, szName, 80); 990 SampLoadString(hInstance, IDS_ALIAS_ADMINISTRATORS_COMMENT, szComment, 256); 991 992 SampSetupCreateAliasAccount(hBuiltinDomainKey, 993 szName, 994 szComment, 995 DOMAIN_ALIAS_RID_ADMINS); 996 997 SampLoadString(hInstance, IDS_ALIAS_USERS_NAME, szName, 80); 998 SampLoadString(hInstance, IDS_ALIAS_USERS_COMMENT, szComment, 256); 999 1000 SampSetupCreateAliasAccount(hBuiltinDomainKey, 1001 szName, 1002 szComment, 1003 DOMAIN_ALIAS_RID_USERS); 1004 1005 SampLoadString(hInstance, IDS_ALIAS_GUESTS_NAME, szName, 80); 1006 SampLoadString(hInstance, IDS_ALIAS_GUESTS_COMMENT, szComment, 256); 1007 1008 SampSetupCreateAliasAccount(hBuiltinDomainKey, 1009 szName, 1010 szComment, 1011 DOMAIN_ALIAS_RID_GUESTS); 1012 1013 SampLoadString(hInstance, IDS_ALIAS_POWER_USERS_NAME, szName, 80); 1014 SampLoadString(hInstance, IDS_ALIAS_POWER_USERS_COMMENT, szComment, 256); 1015 1016 SampSetupCreateAliasAccount(hBuiltinDomainKey, 1017 szName, 1018 szComment, 1019 DOMAIN_ALIAS_RID_POWER_USERS); 1020 1021 /* Add the Administrator user to the Administrators alias */ 1022 pSid = AppendRidToSid(AccountDomainInfo->DomainSid, 1023 DOMAIN_USER_RID_ADMIN); 1024 if (pSid != NULL) 1025 { 1026 SampSetupAddMemberToAlias(hBuiltinDomainKey, 1027 DOMAIN_ALIAS_RID_ADMINS, 1028 pSid); 1029 1030 RtlFreeHeap(RtlGetProcessHeap(), 0, pSid); 1031 } 1032 1033 /* Add the Guest user to the Guests alias */ 1034 pSid = AppendRidToSid(AccountDomainInfo->DomainSid, 1035 DOMAIN_USER_RID_GUEST); 1036 if (pSid != NULL) 1037 { 1038 SampSetupAddMemberToAlias(hBuiltinDomainKey, 1039 DOMAIN_ALIAS_RID_GUESTS, 1040 pSid); 1041 1042 RtlFreeHeap(RtlGetProcessHeap(), 0, pSid); 1043 } 1044 1045 /* Add the Interactive SID to the Users alias */ 1046 SampSetupAddMemberToAlias(hBuiltinDomainKey, 1047 DOMAIN_ALIAS_RID_USERS, 1048 pInteractiveSid); 1049 1050 /* Add the Authenticated User SID to the Users alias */ 1051 SampSetupAddMemberToAlias(hBuiltinDomainKey, 1052 DOMAIN_ALIAS_RID_USERS, 1053 pAuthenticatedUserSid); 1054 1055 /* Create the Account domain */ 1056 Status = SampSetupCreateDomain(hServerKey, 1057 L"Account", 1058 L"", 1059 AccountDomainInfo->DomainSid, 1060 FALSE, 1061 &hAccountDomainKey); 1062 if (!NT_SUCCESS(Status)) 1063 { 1064 bResult = FALSE; 1065 goto done; 1066 } 1067 1068 SampLoadString(hInstance, IDS_GROUP_NONE_NAME, szName, 80); 1069 SampLoadString(hInstance, IDS_GROUP_NONE_COMMENT, szComment, 256); 1070 1071 SampSetupCreateGroupAccount(hAccountDomainKey, 1072 szName, 1073 szComment, 1074 DOMAIN_GROUP_RID_USERS); 1075 1076 SampLoadString(hInstance, IDS_USER_ADMINISTRATOR_NAME, szName, 80); 1077 SampLoadString(hInstance, IDS_USER_ADMINISTRATOR_COMMENT, szComment, 256); 1078 1079 SampSetupCreateUserAccount(hAccountDomainKey, 1080 szName, 1081 szComment, 1082 AccountDomainInfo->DomainSid, 1083 DOMAIN_USER_RID_ADMIN, 1084 USER_DONT_EXPIRE_PASSWORD | USER_NORMAL_ACCOUNT); 1085 1086 SampSetupAddMemberToGroup(hAccountDomainKey, 1087 DOMAIN_GROUP_RID_USERS, 1088 DOMAIN_USER_RID_ADMIN); 1089 1090 SampLoadString(hInstance, IDS_USER_GUEST_NAME, szName, 80); 1091 SampLoadString(hInstance, IDS_USER_GUEST_COMMENT, szComment, 256); 1092 1093 SampSetupCreateUserAccount(hAccountDomainKey, 1094 szName, 1095 szComment, 1096 AccountDomainInfo->DomainSid, 1097 DOMAIN_USER_RID_GUEST, 1098 USER_ACCOUNT_DISABLED | USER_DONT_EXPIRE_PASSWORD | USER_NORMAL_ACCOUNT); 1099 1100 SampSetupAddMemberToGroup(hAccountDomainKey, 1101 DOMAIN_GROUP_RID_USERS, 1102 DOMAIN_USER_RID_GUEST); 1103 1104 done: 1105 if (AccountDomainInfo) 1106 LsaFreeMemory(AccountDomainInfo); 1107 1108 if (pAuthenticatedUserSid) 1109 RtlFreeHeap(RtlGetProcessHeap(), 0, pAuthenticatedUserSid); 1110 1111 if (pInteractiveSid) 1112 RtlFreeHeap(RtlGetProcessHeap(), 0, pInteractiveSid); 1113 1114 if (pBuiltinSid) 1115 RtlFreeHeap(RtlGetProcessHeap(), 0, pBuiltinSid); 1116 1117 SampRegCloseKey(&hAccountDomainKey); 1118 SampRegCloseKey(&hBuiltinDomainKey); 1119 SampRegCloseKey(&hServerKey); 1120 SampRegCloseKey(&hSamKey); 1121 1122 TRACE("SampInitializeSAM() done\n"); 1123 1124 return bResult; 1125 } 1126