1 /* 2 * COPYRIGHT: See COPYING in the top level directory 3 * PROJECT: ReactOS system libraries 4 * PURPOSE: System setup 5 * FILE: dll/win32/syssetup/security.c 6 * PROGRAMER: Eric Kohl 7 */ 8 9 /* INCLUDES *****************************************************************/ 10 11 #include "precomp.h" 12 13 #include <ntlsa.h> 14 #include <ntsecapi.h> 15 #include <ntsam.h> 16 #include <sddl.h> 17 18 #define NDEBUG 19 #include <debug.h> 20 21 #define TICKS_PER_DAY -864000000000LL 22 #define TICKS_PER_MINUTE -600000000LL 23 24 /* FUNCTIONS ****************************************************************/ 25 26 NTSTATUS 27 WINAPI 28 SetAccountsDomainSid( 29 PSID DomainSid, 30 LPCWSTR DomainName) 31 { 32 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; 33 POLICY_ACCOUNT_DOMAIN_INFO Info; 34 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 35 LSA_HANDLE PolicyHandle; 36 37 SAM_HANDLE ServerHandle = NULL; 38 SAM_HANDLE DomainHandle = NULL; 39 DOMAIN_NAME_INFORMATION DomainNameInfo; 40 41 NTSTATUS Status; 42 43 DPRINT("SYSSETUP: SetAccountsDomainSid\n"); 44 45 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 46 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 47 48 Status = LsaOpenPolicy(NULL, 49 &ObjectAttributes, 50 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 51 &PolicyHandle); 52 if (Status != STATUS_SUCCESS) 53 { 54 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status); 55 return Status; 56 } 57 58 Status = LsaQueryInformationPolicy(PolicyHandle, 59 PolicyAccountDomainInformation, 60 (PVOID *)&OrigInfo); 61 if (Status == STATUS_SUCCESS && OrigInfo != NULL) 62 { 63 if (DomainName == NULL) 64 { 65 Info.DomainName.Buffer = OrigInfo->DomainName.Buffer; 66 Info.DomainName.Length = OrigInfo->DomainName.Length; 67 Info.DomainName.MaximumLength = OrigInfo->DomainName.MaximumLength; 68 } 69 else 70 { 71 Info.DomainName.Buffer = (LPWSTR)DomainName; 72 Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR); 73 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR); 74 } 75 76 if (DomainSid == NULL) 77 Info.DomainSid = OrigInfo->DomainSid; 78 else 79 Info.DomainSid = DomainSid; 80 } 81 else 82 { 83 Info.DomainName.Buffer = (LPWSTR)DomainName; 84 Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR); 85 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR); 86 Info.DomainSid = DomainSid; 87 } 88 89 Status = LsaSetInformationPolicy(PolicyHandle, 90 PolicyAccountDomainInformation, 91 (PVOID)&Info); 92 if (Status != STATUS_SUCCESS) 93 { 94 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status); 95 } 96 97 if (OrigInfo != NULL) 98 LsaFreeMemory(OrigInfo); 99 100 LsaClose(PolicyHandle); 101 102 DomainNameInfo.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR); 103 DomainNameInfo.DomainName.MaximumLength = (wcslen(DomainName) + 1) * sizeof(WCHAR); 104 DomainNameInfo.DomainName.Buffer = (LPWSTR)DomainName; 105 106 Status = SamConnect(NULL, 107 &ServerHandle, 108 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, 109 NULL); 110 if (NT_SUCCESS(Status)) 111 { 112 Status = SamOpenDomain(ServerHandle, 113 DOMAIN_WRITE_OTHER_PARAMETERS, 114 Info.DomainSid, 115 &DomainHandle); 116 if (NT_SUCCESS(Status)) 117 { 118 Status = SamSetInformationDomain(DomainHandle, 119 DomainNameInformation, 120 (PVOID)&DomainNameInfo); 121 if (!NT_SUCCESS(Status)) 122 { 123 DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status); 124 } 125 126 SamCloseHandle(DomainHandle); 127 } 128 else 129 { 130 DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status); 131 } 132 133 SamCloseHandle(ServerHandle); 134 } 135 136 return Status; 137 } 138 139 140 /* Hack */ 141 static 142 NTSTATUS 143 SetPrimaryDomain(LPCWSTR DomainName, 144 PSID DomainSid) 145 { 146 PPOLICY_PRIMARY_DOMAIN_INFO OrigInfo = NULL; 147 POLICY_PRIMARY_DOMAIN_INFO Info; 148 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 149 LSA_HANDLE PolicyHandle; 150 NTSTATUS Status; 151 152 DPRINT1("SYSSETUP: SetPrimaryDomain()\n"); 153 154 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 155 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 156 157 Status = LsaOpenPolicy(NULL, 158 &ObjectAttributes, 159 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 160 &PolicyHandle); 161 if (Status != STATUS_SUCCESS) 162 { 163 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status); 164 return Status; 165 } 166 167 Status = LsaQueryInformationPolicy(PolicyHandle, 168 PolicyPrimaryDomainInformation, 169 (PVOID *)&OrigInfo); 170 if (Status == STATUS_SUCCESS && OrigInfo != NULL) 171 { 172 if (DomainName == NULL) 173 { 174 Info.Name.Buffer = OrigInfo->Name.Buffer; 175 Info.Name.Length = OrigInfo->Name.Length; 176 Info.Name.MaximumLength = OrigInfo->Name.MaximumLength; 177 } 178 else 179 { 180 Info.Name.Buffer = (LPWSTR)DomainName; 181 Info.Name.Length = wcslen(DomainName) * sizeof(WCHAR); 182 Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR); 183 } 184 185 if (DomainSid == NULL) 186 Info.Sid = OrigInfo->Sid; 187 else 188 Info.Sid = DomainSid; 189 } 190 else 191 { 192 Info.Name.Buffer = (LPWSTR)DomainName; 193 Info.Name.Length = wcslen(DomainName) * sizeof(WCHAR); 194 Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR); 195 Info.Sid = DomainSid; 196 } 197 198 Status = LsaSetInformationPolicy(PolicyHandle, 199 PolicyPrimaryDomainInformation, 200 (PVOID)&Info); 201 if (Status != STATUS_SUCCESS) 202 { 203 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status); 204 } 205 206 if (OrigInfo != NULL) 207 LsaFreeMemory(OrigInfo); 208 209 LsaClose(PolicyHandle); 210 211 return Status; 212 } 213 214 215 static 216 VOID 217 InstallBuiltinAccounts(VOID) 218 { 219 LPWSTR BuiltinAccounts[] = { 220 L"S-1-1-0", /* Everyone */ 221 L"S-1-5-4", /* Interactive */ 222 L"S-1-5-6", /* Service */ 223 L"S-1-5-19", /* Local Service */ 224 L"S-1-5-20", /* Network Service */ 225 L"S-1-5-32-544", /* Administrators */ 226 L"S-1-5-32-545", /* Users */ 227 L"S-1-5-32-547", /* Power Users */ 228 L"S-1-5-32-551", /* Backup Operators */ 229 L"S-1-5-32-555"}; /* Remote Desktop Users */ 230 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 231 NTSTATUS Status; 232 LSA_HANDLE PolicyHandle = NULL; 233 LSA_HANDLE AccountHandle = NULL; 234 PSID AccountSid; 235 ULONG i; 236 237 DPRINT("InstallBuiltinAccounts()\n"); 238 239 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 240 241 Status = LsaOpenPolicy(NULL, 242 &ObjectAttributes, 243 POLICY_CREATE_ACCOUNT, 244 &PolicyHandle); 245 if (!NT_SUCCESS(Status)) 246 { 247 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status); 248 return; 249 } 250 251 for (i = 0; i < ARRAYSIZE(BuiltinAccounts); i++) 252 { 253 if (!ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid)) 254 { 255 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", BuiltinAccounts[i], GetLastError()); 256 continue; 257 } 258 259 Status = LsaCreateAccount(PolicyHandle, 260 AccountSid, 261 0, 262 &AccountHandle); 263 if (NT_SUCCESS(Status)) 264 { 265 LsaClose(AccountHandle); 266 } 267 268 LocalFree(AccountSid); 269 } 270 271 LsaClose(PolicyHandle); 272 } 273 274 275 static 276 VOID 277 InstallPrivileges( 278 HINF hSecurityInf) 279 { 280 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 281 WCHAR szPrivilegeString[256]; 282 WCHAR szSidString[256]; 283 INFCONTEXT InfContext; 284 DWORD i; 285 PSID AccountSid = NULL; 286 NTSTATUS Status; 287 LSA_HANDLE PolicyHandle = NULL; 288 LSA_UNICODE_STRING RightString, AccountName; 289 PLSA_REFERENCED_DOMAIN_LIST ReferencedDomains = NULL; 290 PLSA_TRANSLATED_SID2 Sids = NULL; 291 292 DPRINT("InstallPrivileges()\n"); 293 294 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 295 296 Status = LsaOpenPolicy(NULL, 297 &ObjectAttributes, 298 POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES, 299 &PolicyHandle); 300 if (!NT_SUCCESS(Status)) 301 { 302 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status); 303 goto done; 304 } 305 306 if (!SetupFindFirstLineW(hSecurityInf, 307 L"Privilege Rights", 308 NULL, 309 &InfContext)) 310 { 311 DPRINT1("SetupFindFirstLineW failed\n"); 312 goto done; 313 } 314 315 do 316 { 317 /* Retrieve the privilege name */ 318 if (!SetupGetStringFieldW(&InfContext, 319 0, 320 szPrivilegeString, 321 ARRAYSIZE(szPrivilegeString), 322 NULL)) 323 { 324 DPRINT1("SetupGetStringFieldW() failed\n"); 325 goto done; 326 } 327 DPRINT("Privilege: %S\n", szPrivilegeString); 328 329 for (i = 0; i < SetupGetFieldCount(&InfContext); i++) 330 { 331 if (!SetupGetStringFieldW(&InfContext, 332 i + 1, 333 szSidString, 334 ARRAYSIZE(szSidString), 335 NULL)) 336 { 337 DPRINT1("SetupGetStringFieldW() failed\n"); 338 goto done; 339 } 340 DPRINT("SID: %S\n", szSidString); 341 342 if (szSidString[0] == UNICODE_NULL) 343 continue; 344 345 if (szSidString[0] == L'*') 346 { 347 DPRINT("Account Sid: %S\n", &szSidString[1]); 348 349 if (!ConvertStringSidToSid(&szSidString[1], &AccountSid)) 350 { 351 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", szSidString, GetLastError()); 352 continue; 353 } 354 } 355 else 356 { 357 DPRINT("Account name: %S\n", szSidString); 358 359 ReferencedDomains = NULL; 360 Sids = NULL; 361 RtlInitUnicodeString(&AccountName, szSidString); 362 Status = LsaLookupNames2(PolicyHandle, 363 0, 364 1, 365 &AccountName, 366 &ReferencedDomains, 367 &Sids); 368 if (ReferencedDomains != NULL) 369 { 370 LsaFreeMemory(ReferencedDomains); 371 } 372 373 if (!NT_SUCCESS(Status)) 374 { 375 DPRINT1("LsaLookupNames2() failed (Status 0x%08lx)\n", Status); 376 377 if (Sids != NULL) 378 { 379 LsaFreeMemory(Sids); 380 Sids = NULL; 381 } 382 383 continue; 384 } 385 } 386 387 RtlInitUnicodeString(&RightString, szPrivilegeString); 388 Status = LsaAddAccountRights(PolicyHandle, 389 (AccountSid != NULL) ? AccountSid : Sids[0].Sid, 390 &RightString, 391 1); 392 if (!NT_SUCCESS(Status)) 393 { 394 DPRINT1("LsaAddAccountRights() failed (Status %08lx)\n", Status); 395 } 396 397 if (Sids != NULL) 398 { 399 LsaFreeMemory(Sids); 400 Sids = NULL; 401 } 402 403 if (AccountSid != NULL) 404 { 405 LocalFree(AccountSid); 406 AccountSid = NULL; 407 } 408 } 409 410 } 411 while (SetupFindNextLine(&InfContext, &InfContext)); 412 413 done: 414 if (PolicyHandle != NULL) 415 LsaClose(PolicyHandle); 416 } 417 418 419 static 420 VOID 421 ApplyRegistryValues( 422 HINF hSecurityInf) 423 { 424 WCHAR szRegistryPath[MAX_PATH]; 425 WCHAR szRootName[MAX_PATH]; 426 WCHAR szKeyName[MAX_PATH]; 427 WCHAR szValueName[MAX_PATH]; 428 INFCONTEXT InfContext; 429 DWORD dwLength, dwType; 430 HKEY hRootKey, hKey; 431 PWSTR Ptr1, Ptr2; 432 DWORD dwError; 433 PVOID pBuffer; 434 435 DPRINT("ApplyRegistryValues()\n"); 436 437 if (!SetupFindFirstLineW(hSecurityInf, 438 L"Registry Values", 439 NULL, 440 &InfContext)) 441 { 442 DPRINT1("SetupFindFirstLineW failed\n"); 443 return; 444 } 445 446 do 447 { 448 /* Retrieve the privilege name */ 449 if (!SetupGetStringFieldW(&InfContext, 450 0, 451 szRegistryPath, 452 ARRAYSIZE(szRegistryPath), 453 NULL)) 454 { 455 DPRINT1("SetupGetStringFieldW() failed\n"); 456 return; 457 } 458 459 DPRINT("RegistryPath: %S\n", szRegistryPath); 460 461 Ptr1 = wcschr(szRegistryPath, L'\\'); 462 Ptr2 = wcsrchr(szRegistryPath, L'\\'); 463 if (Ptr1 != NULL && Ptr2 != NULL && Ptr1 != Ptr2) 464 { 465 dwLength = (DWORD)(((ULONG_PTR)Ptr1 - (ULONG_PTR)szRegistryPath) / sizeof(WCHAR)); 466 wcsncpy(szRootName, szRegistryPath, dwLength); 467 szRootName[dwLength] = UNICODE_NULL; 468 469 Ptr1++; 470 dwLength = (DWORD)(((ULONG_PTR)Ptr2 - (ULONG_PTR)Ptr1) / sizeof(WCHAR)); 471 wcsncpy(szKeyName, Ptr1, dwLength); 472 szKeyName[dwLength] = UNICODE_NULL; 473 474 Ptr2++; 475 wcscpy(szValueName, Ptr2); 476 477 DPRINT("RootName: %S\n", szRootName); 478 DPRINT("KeyName: %S\n", szKeyName); 479 DPRINT("ValueName: %S\n", szValueName); 480 481 if (_wcsicmp(szRootName, L"Machine") == 0) 482 { 483 hRootKey = HKEY_LOCAL_MACHINE; 484 } 485 else 486 { 487 DPRINT1("Unsupported root key %S\n", szRootName); 488 break; 489 } 490 491 if (!SetupGetIntField(&InfContext, 492 1, 493 (PINT)&dwType)) 494 { 495 DPRINT1("Failed to get key type (Error %lu)\n", GetLastError()); 496 break; 497 } 498 499 if (dwType != REG_SZ && dwType != REG_EXPAND_SZ && dwType != REG_BINARY && 500 dwType != REG_DWORD && dwType != REG_MULTI_SZ) 501 { 502 DPRINT1("Invalid value type %lu\n", dwType); 503 break; 504 } 505 506 dwLength = 0; 507 switch (dwType) 508 { 509 case REG_SZ: 510 case REG_EXPAND_SZ: 511 SetupGetStringField(&InfContext, 512 2, 513 NULL, 514 0, 515 &dwLength); 516 dwLength *= sizeof(WCHAR); 517 break; 518 519 case REG_BINARY: 520 SetupGetBinaryField(&InfContext, 521 2, 522 NULL, 523 0, 524 &dwLength); 525 break; 526 527 case REG_DWORD: 528 dwLength = sizeof(INT); 529 break; 530 531 case REG_MULTI_SZ: 532 SetupGetMultiSzField(&InfContext, 533 2, 534 NULL, 535 0, 536 &dwLength); 537 dwLength *= sizeof(WCHAR); 538 break; 539 } 540 541 if (dwLength == 0) 542 { 543 DPRINT1("Failed to determine the required buffer size!\n"); 544 break; 545 } 546 547 dwError = RegCreateKeyExW(hRootKey, 548 szKeyName, 549 0, 550 NULL, 551 REG_OPTION_NON_VOLATILE, 552 KEY_WRITE, 553 NULL, 554 &hKey, 555 NULL); 556 if (dwError != ERROR_SUCCESS) 557 { 558 DPRINT1("Failed to create the key %S (Error %lu)\n", szKeyName, dwError); 559 break; 560 } 561 562 pBuffer = HeapAlloc(GetProcessHeap(), 0, dwLength); 563 if (pBuffer) 564 { 565 switch (dwType) 566 { 567 case REG_SZ: 568 case REG_EXPAND_SZ: 569 SetupGetStringField(&InfContext, 570 2, 571 pBuffer, 572 dwLength / sizeof(WCHAR), 573 &dwLength); 574 dwLength *= sizeof(WCHAR); 575 break; 576 577 case REG_BINARY: 578 SetupGetBinaryField(&InfContext, 579 2, 580 pBuffer, 581 dwLength, 582 &dwLength); 583 break; 584 585 case REG_DWORD: 586 SetupGetIntField(&InfContext, 587 2, 588 pBuffer); 589 break; 590 591 case REG_MULTI_SZ: 592 SetupGetMultiSzField(&InfContext, 593 2, 594 pBuffer, 595 dwLength / sizeof(WCHAR), 596 &dwLength); 597 dwLength *= sizeof(WCHAR); 598 break; 599 } 600 601 RegSetValueEx(hKey, 602 szValueName, 603 0, 604 dwType, 605 pBuffer, 606 dwLength); 607 608 HeapFree(GetProcessHeap(), 0, pBuffer); 609 } 610 611 RegCloseKey(hKey); 612 } 613 } 614 while (SetupFindNextLine(&InfContext, &InfContext)); 615 } 616 617 618 static 619 VOID 620 ApplyEventlogSettings( 621 _In_ HINF hSecurityInf, 622 _In_ PWSTR pszSectionName, 623 _In_ PWSTR pszLogName) 624 { 625 INFCONTEXT InfContext; 626 HKEY hServiceKey = NULL, hLogKey = NULL; 627 DWORD dwValue, dwError; 628 BOOL bValueSet; 629 630 DPRINT("ApplyEventlogSettings(%p %S %S)\n", 631 hSecurityInf, pszSectionName, pszLogName); 632 633 dwError = RegCreateKeyExW(HKEY_LOCAL_MACHINE, 634 L"System\\CurrentControlSet\\Services\\Eventlog", 635 0, 636 NULL, 637 REG_OPTION_NON_VOLATILE, 638 KEY_WRITE, 639 NULL, 640 &hServiceKey, 641 NULL); 642 if (dwError != ERROR_SUCCESS) 643 { 644 DPRINT1("Failed to create the Eventlog Service key (Error %lu)\n", dwError); 645 return; 646 } 647 648 dwError = RegCreateKeyExW(hServiceKey, 649 pszLogName, 650 0, 651 NULL, 652 REG_OPTION_NON_VOLATILE, 653 KEY_WRITE, 654 NULL, 655 &hLogKey, 656 NULL); 657 if (dwError != ERROR_SUCCESS) 658 { 659 DPRINT1("Failed to create the key %S (Error %lu)\n", pszLogName, dwError); 660 RegCloseKey(hServiceKey); 661 return; 662 } 663 664 if (SetupFindFirstLineW(hSecurityInf, 665 pszSectionName, 666 L"MaximumLogSize", 667 &InfContext)) 668 { 669 DPRINT("MaximumLogSize\n"); 670 dwValue = 0; 671 SetupGetIntField(&InfContext, 672 1, 673 (PINT)&dwValue); 674 675 DPRINT("MaximumLogSize: %lu (kByte)\n", dwValue); 676 if (dwValue >= 64 && dwValue <= 4194240) 677 { 678 dwValue *= 1024; 679 680 DPRINT("MaxSize: %lu\n", dwValue); 681 RegSetValueEx(hLogKey, 682 L"MaxSize", 683 0, 684 REG_DWORD, 685 (LPBYTE)&dwValue, 686 sizeof(dwValue)); 687 } 688 } 689 690 if (SetupFindFirstLineW(hSecurityInf, 691 pszSectionName, 692 L"AuditLogRetentionPeriod", 693 &InfContext)) 694 { 695 bValueSet = FALSE; 696 dwValue = 0; 697 SetupGetIntField(&InfContext, 698 1, 699 (PINT)&dwValue); 700 if (dwValue == 0) 701 { 702 bValueSet = TRUE; 703 } 704 else if (dwValue == 1) 705 { 706 if (SetupFindFirstLineW(hSecurityInf, 707 pszSectionName, 708 L"RetentionDays", 709 &InfContext)) 710 { 711 SetupGetIntField(&InfContext, 712 1, 713 (PINT)&dwValue); 714 dwValue *= 86400; 715 bValueSet = TRUE; 716 } 717 } 718 else if (dwValue == 2) 719 { 720 dwValue = (DWORD)-1; 721 bValueSet = TRUE; 722 } 723 724 if (bValueSet) 725 { 726 DPRINT("Retention: %lu\n", dwValue); 727 RegSetValueEx(hLogKey, 728 L"Retention", 729 0, 730 REG_DWORD, 731 (LPBYTE)&dwValue, 732 sizeof(dwValue)); 733 } 734 } 735 736 if (SetupFindFirstLineW(hSecurityInf, 737 pszSectionName, 738 L"RestrictGuestAccess", 739 &InfContext)) 740 { 741 dwValue = 0; 742 SetupGetIntField(&InfContext, 743 1, 744 (PINT)&dwValue); 745 if (dwValue == 0 || dwValue == 1) 746 { 747 DPRINT("RestrictGuestAccess: %lu\n", dwValue); 748 RegSetValueEx(hLogKey, 749 L"RestrictGuestAccess", 750 0, 751 REG_DWORD, 752 (LPBYTE)&dwValue, 753 sizeof(dwValue)); 754 } 755 } 756 757 RegCloseKey(hLogKey); 758 RegCloseKey(hServiceKey); 759 } 760 761 762 static 763 VOID 764 ApplyPasswordSettings( 765 _In_ HINF hSecurityInf, 766 _In_ PWSTR pszSectionName) 767 { 768 INFCONTEXT InfContext; 769 DOMAIN_PASSWORD_INFORMATION PasswordInfo; 770 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; 771 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 772 LSA_HANDLE PolicyHandle = NULL; 773 SAM_HANDLE ServerHandle = NULL; 774 SAM_HANDLE DomainHandle = NULL; 775 INT nValue; 776 NTSTATUS Status; 777 778 DPRINT("ApplyPasswordSettings()\n"); 779 780 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 781 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 782 783 Status = LsaOpenPolicy(NULL, 784 &ObjectAttributes, 785 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 786 &PolicyHandle); 787 if (Status != STATUS_SUCCESS) 788 { 789 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status); 790 return; 791 } 792 793 Status = LsaQueryInformationPolicy(PolicyHandle, 794 PolicyAccountDomainInformation, 795 (PVOID *)&OrigInfo); 796 if (!NT_SUCCESS(Status)) 797 { 798 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status); 799 goto done; 800 } 801 802 Status = SamConnect(NULL, 803 &ServerHandle, 804 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, 805 NULL); 806 if (!NT_SUCCESS(Status)) 807 { 808 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status); 809 goto done; 810 } 811 812 Status = SamOpenDomain(ServerHandle, 813 DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS, 814 OrigInfo->DomainSid, 815 &DomainHandle); 816 if (!NT_SUCCESS(Status)) 817 { 818 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status); 819 goto done; 820 } 821 822 Status = SamQueryInformationDomain(DomainHandle, 823 DomainPasswordInformation, 824 (PVOID*)&PasswordInfo); 825 if (!NT_SUCCESS(Status)) 826 { 827 DPRINT1("SamQueryInformationDomain() failed (Status %08lx)\n", Status); 828 goto done; 829 } 830 831 DPRINT("MaximumPasswordAge (OldValue) : 0x%I64x\n", PasswordInfo.MaxPasswordAge.QuadPart); 832 if (SetupFindFirstLineW(hSecurityInf, 833 pszSectionName, 834 L"MaximumPasswordAge", 835 &InfContext)) 836 { 837 if (SetupGetIntField(&InfContext, 1, &nValue)) 838 { 839 DPRINT("Value: %ld\n", nValue); 840 if (nValue == -1) 841 { 842 PasswordInfo.MaxPasswordAge.QuadPart = 0x8000000000000000; 843 } 844 else if ((nValue >= 1) && (nValue < 1000)) 845 { 846 PasswordInfo.MaxPasswordAge.QuadPart = (LONGLONG)nValue * TICKS_PER_DAY; 847 } 848 DPRINT("MaximumPasswordAge (NewValue) : 0x%I64x\n", PasswordInfo.MaxPasswordAge.QuadPart); 849 } 850 } 851 852 DPRINT("MinimumPasswordAge (OldValue) : 0x%I64x\n", PasswordInfo.MinPasswordAge.QuadPart); 853 if (SetupFindFirstLineW(hSecurityInf, 854 pszSectionName, 855 L"MinimumPasswordAge", 856 &InfContext)) 857 { 858 if (SetupGetIntField(&InfContext, 1, &nValue)) 859 { 860 DPRINT("Wert: %ld\n", nValue); 861 if ((nValue >= 0) && (nValue < 1000)) 862 { 863 if (PasswordInfo.MaxPasswordAge.QuadPart < (LONGLONG)nValue * TICKS_PER_DAY) 864 PasswordInfo.MinPasswordAge.QuadPart = (LONGLONG)nValue * TICKS_PER_DAY; 865 } 866 DPRINT("MinimumPasswordAge (NewValue) : 0x%I64x\n", PasswordInfo.MinPasswordAge.QuadPart); 867 } 868 } 869 870 DPRINT("MinimumPasswordLength (OldValue) : %lu\n", PasswordInfo.MinPasswordLength); 871 if (SetupFindFirstLineW(hSecurityInf, 872 pszSectionName, 873 L"MinimumPasswordLength", 874 &InfContext)) 875 { 876 if (SetupGetIntField(&InfContext, 1, &nValue)) 877 { 878 DPRINT("Value: %ld\n", nValue); 879 if ((nValue >= 0) && (nValue <= 65535)) 880 { 881 PasswordInfo.MinPasswordLength = nValue; 882 } 883 DPRINT("MinimumPasswordLength (NewValue) : %lu\n", PasswordInfo.MinPasswordLength); 884 } 885 } 886 887 DPRINT("PasswordHistoryLength (OldValue) : %lu\n", PasswordInfo.PasswordHistoryLength); 888 if (SetupFindFirstLineW(hSecurityInf, 889 pszSectionName, 890 L"PasswordHistorySize", 891 &InfContext)) 892 { 893 if (SetupGetIntField(&InfContext, 1, &nValue)) 894 { 895 DPRINT("Value: %ld\n", nValue); 896 if ((nValue >= 0) && (nValue <= 65535)) 897 { 898 PasswordInfo.PasswordHistoryLength = nValue; 899 } 900 DPRINT("PasswordHistoryLength (NewValue) : %lu\n", PasswordInfo.PasswordHistoryLength); 901 } 902 } 903 904 if (SetupFindFirstLineW(hSecurityInf, 905 pszSectionName, 906 L"PasswordComplexity", 907 &InfContext)) 908 { 909 if (SetupGetIntField(&InfContext, 1, &nValue)) 910 { 911 if (nValue == 0) 912 { 913 PasswordInfo.PasswordProperties &= ~DOMAIN_PASSWORD_COMPLEX; 914 } 915 else 916 { 917 PasswordInfo.PasswordProperties |= DOMAIN_PASSWORD_COMPLEX; 918 } 919 } 920 } 921 922 if (SetupFindFirstLineW(hSecurityInf, 923 pszSectionName, 924 L"ClearTextPassword", 925 &InfContext)) 926 { 927 if (SetupGetIntField(&InfContext, 1, &nValue)) 928 { 929 if (nValue == 0) 930 { 931 PasswordInfo.PasswordProperties &= ~DOMAIN_PASSWORD_STORE_CLEARTEXT; 932 } 933 else 934 { 935 PasswordInfo.PasswordProperties |= DOMAIN_PASSWORD_STORE_CLEARTEXT; 936 } 937 } 938 } 939 940 /* Windows ignores the RequireLogonToChangePassword option */ 941 942 Status = SamSetInformationDomain(DomainHandle, 943 DomainPasswordInformation, 944 (PVOID*)&PasswordInfo); 945 if (!NT_SUCCESS(Status)) 946 { 947 DPRINT1("SamSetInformationDomain() failed (Status %08lx)\n", Status); 948 goto done; 949 } 950 951 done: 952 if (DomainHandle != NULL) 953 SamCloseHandle(DomainHandle); 954 955 if (ServerHandle != NULL) 956 SamCloseHandle(ServerHandle); 957 958 if (OrigInfo != NULL) 959 LsaFreeMemory(OrigInfo); 960 961 if (PolicyHandle != NULL) 962 LsaClose(PolicyHandle); 963 } 964 965 966 static 967 VOID 968 ApplyLockoutSettings( 969 _In_ HINF hSecurityInf, 970 _In_ PWSTR pszSectionName) 971 { 972 INFCONTEXT InfContext; 973 DOMAIN_LOCKOUT_INFORMATION LockoutInfo; 974 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; 975 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 976 LSA_HANDLE PolicyHandle = NULL; 977 SAM_HANDLE ServerHandle = NULL; 978 SAM_HANDLE DomainHandle = NULL; 979 INT nValue; 980 NTSTATUS Status; 981 982 DPRINT("ApplyLockoutSettings()\n"); 983 984 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 985 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 986 987 Status = LsaOpenPolicy(NULL, 988 &ObjectAttributes, 989 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 990 &PolicyHandle); 991 if (Status != STATUS_SUCCESS) 992 { 993 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status); 994 return; 995 } 996 997 Status = LsaQueryInformationPolicy(PolicyHandle, 998 PolicyAccountDomainInformation, 999 (PVOID *)&OrigInfo); 1000 if (!NT_SUCCESS(Status)) 1001 { 1002 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status); 1003 goto done; 1004 } 1005 1006 Status = SamConnect(NULL, 1007 &ServerHandle, 1008 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, 1009 NULL); 1010 if (!NT_SUCCESS(Status)) 1011 { 1012 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status); 1013 goto done; 1014 } 1015 1016 Status = SamOpenDomain(ServerHandle, 1017 DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS, 1018 OrigInfo->DomainSid, 1019 &DomainHandle); 1020 if (!NT_SUCCESS(Status)) 1021 { 1022 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status); 1023 goto done; 1024 } 1025 1026 Status = SamQueryInformationDomain(DomainHandle, 1027 DomainLockoutInformation, 1028 (PVOID*)&LockoutInfo); 1029 if (!NT_SUCCESS(Status)) 1030 { 1031 DPRINT1("SamQueryInformationDomain() failed (Status %08lx)\n", Status); 1032 goto done; 1033 } 1034 1035 if (SetupFindFirstLineW(hSecurityInf, 1036 pszSectionName, 1037 L"LockoutBadCount", 1038 &InfContext)) 1039 { 1040 if (SetupGetIntField(&InfContext, 1, &nValue)) 1041 { 1042 if (nValue >= 0) 1043 { 1044 LockoutInfo.LockoutThreshold = nValue; 1045 } 1046 } 1047 } 1048 1049 if (SetupFindFirstLineW(hSecurityInf, 1050 pszSectionName, 1051 L"ResetLockoutCount", 1052 &InfContext)) 1053 { 1054 if (SetupGetIntField(&InfContext, 1, &nValue)) 1055 { 1056 if (nValue >= 0) 1057 { 1058 LockoutInfo.LockoutObservationWindow.QuadPart = (LONGLONG)nValue * TICKS_PER_MINUTE; 1059 } 1060 } 1061 } 1062 1063 if (SetupFindFirstLineW(hSecurityInf, 1064 pszSectionName, 1065 L"LockoutDuration", 1066 &InfContext)) 1067 { 1068 if (SetupGetIntField(&InfContext, 1, &nValue)) 1069 { 1070 if (nValue == -1) 1071 { 1072 LockoutInfo.LockoutDuration.QuadPart = 0x8000000000000000LL; 1073 } 1074 else if ((nValue >= 0) && (nValue < 100000)) 1075 { 1076 LockoutInfo.LockoutDuration.QuadPart = (LONGLONG)nValue * TICKS_PER_MINUTE; 1077 } 1078 } 1079 } 1080 1081 Status = SamSetInformationDomain(DomainHandle, 1082 DomainLockoutInformation, 1083 (PVOID*)&LockoutInfo); 1084 if (!NT_SUCCESS(Status)) 1085 { 1086 DPRINT1("SamSetInformationDomain() failed (Status %08lx)\n", Status); 1087 goto done; 1088 } 1089 1090 done: 1091 if (DomainHandle != NULL) 1092 SamCloseHandle(DomainHandle); 1093 1094 if (ServerHandle != NULL) 1095 SamCloseHandle(ServerHandle); 1096 1097 if (OrigInfo != NULL) 1098 LsaFreeMemory(OrigInfo); 1099 1100 if (PolicyHandle != NULL) 1101 LsaClose(PolicyHandle); 1102 } 1103 1104 1105 static 1106 VOID 1107 SetLsaAnonymousNameLookup( 1108 _In_ HINF hSecurityInf, 1109 _In_ PWSTR pszSectionName) 1110 { 1111 #if 0 1112 INFCONTEXT InfContext; 1113 INT nValue = 0; 1114 1115 DPRINT1("SetLsaAnonymousNameLookup()\n"); 1116 1117 if (!SetupFindFirstLineW(hSecurityInf, 1118 pszSectionName, 1119 L"LSAAnonymousNameLookup", 1120 &InfContext)) 1121 { 1122 return; 1123 } 1124 1125 if (!SetupGetIntField(&InfContext, 1, &nValue)) 1126 { 1127 return; 1128 } 1129 1130 if (nValue == 0) 1131 { 1132 } 1133 else 1134 { 1135 } 1136 #endif 1137 } 1138 1139 1140 static 1141 VOID 1142 EnableAccount( 1143 _In_ HINF hSecurityInf, 1144 _In_ PWSTR pszSectionName, 1145 _In_ PWSTR pszValueName, 1146 _In_ SAM_HANDLE DomainHandle, 1147 _In_ DWORD dwAccountRid) 1148 { 1149 INFCONTEXT InfContext; 1150 SAM_HANDLE UserHandle = NULL; 1151 USER_CONTROL_INFORMATION ControlInfo; 1152 INT nValue = 0; 1153 NTSTATUS Status; 1154 1155 DPRINT("EnableAccount()\n"); 1156 1157 if (!SetupFindFirstLineW(hSecurityInf, 1158 pszSectionName, 1159 pszValueName, 1160 &InfContext)) 1161 return; 1162 1163 if (!SetupGetIntField(&InfContext, 1, &nValue)) 1164 { 1165 DPRINT1("No valid integer value\n"); 1166 goto done; 1167 } 1168 1169 DPRINT("Value: %d\n", nValue); 1170 1171 Status = SamOpenUser(DomainHandle, 1172 USER_READ_ACCOUNT | USER_WRITE_ACCOUNT, 1173 dwAccountRid, 1174 &UserHandle); 1175 if (!NT_SUCCESS(Status)) 1176 { 1177 DPRINT1("SamOpenUser() failed (Status: 0x%08lx)\n", Status); 1178 goto done; 1179 } 1180 1181 Status = SamQueryInformationUser(UserHandle, 1182 UserControlInformation, 1183 (PVOID)&ControlInfo); 1184 if (!NT_SUCCESS(Status)) 1185 { 1186 DPRINT1("SamQueryInformationUser() failed (Status: 0x%08lx)\n", Status); 1187 goto done; 1188 } 1189 1190 if (nValue == 0) 1191 { 1192 ControlInfo.UserAccountControl |= USER_ACCOUNT_DISABLED; 1193 } 1194 else 1195 { 1196 ControlInfo.UserAccountControl &= ~USER_ACCOUNT_DISABLED; 1197 } 1198 1199 Status = SamSetInformationUser(UserHandle, 1200 UserControlInformation, 1201 (PVOID)&ControlInfo); 1202 if (!NT_SUCCESS(Status)) 1203 { 1204 DPRINT1("SamSetInformationUser() failed (Status: 0x%08lx)\n", Status); 1205 } 1206 1207 done: 1208 if (UserHandle != NULL) 1209 SamCloseHandle(UserHandle); 1210 } 1211 1212 1213 static 1214 VOID 1215 SetNewAccountName( 1216 _In_ HINF hSecurityInf, 1217 _In_ PWSTR pszSectionName, 1218 _In_ PWSTR pszValueName, 1219 _In_ SAM_HANDLE DomainHandle, 1220 _In_ DWORD dwAccountRid) 1221 { 1222 INFCONTEXT InfContext; 1223 DWORD dwLength = 0; 1224 PWSTR pszName = NULL; 1225 SAM_HANDLE UserHandle = NULL; 1226 USER_NAME_INFORMATION NameInfo; 1227 NTSTATUS Status; 1228 1229 DPRINT("SetNewAccountName()\n"); 1230 1231 if (!SetupFindFirstLineW(hSecurityInf, 1232 pszSectionName, 1233 pszValueName, 1234 &InfContext)) 1235 return; 1236 1237 SetupGetStringFieldW(&InfContext, 1238 1, 1239 NULL, 1240 0, 1241 &dwLength); 1242 if (dwLength == 0) 1243 return; 1244 1245 pszName = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwLength * sizeof(WCHAR)); 1246 if (pszName == NULL) 1247 { 1248 DPRINT1("HeapAlloc() failed\n"); 1249 return; 1250 } 1251 1252 if (!SetupGetStringFieldW(&InfContext, 1253 1, 1254 pszName, 1255 dwLength, 1256 &dwLength)) 1257 { 1258 DPRINT1("No valid string value\n"); 1259 goto done; 1260 } 1261 1262 DPRINT("NewAccountName: '%S'\n", pszName); 1263 1264 Status = SamOpenUser(DomainHandle, 1265 USER_WRITE_ACCOUNT, 1266 dwAccountRid, 1267 &UserHandle); 1268 if (!NT_SUCCESS(Status)) 1269 { 1270 DPRINT1("SamOpenUser() failed (Status: 0x%08lx)\n", Status); 1271 goto done; 1272 } 1273 1274 NameInfo.UserName.Length = wcslen(pszName) * sizeof(WCHAR); 1275 NameInfo.UserName.MaximumLength = NameInfo.UserName.Length + sizeof(WCHAR); 1276 NameInfo.UserName.Buffer = pszName; 1277 NameInfo.FullName.Length = 0; 1278 NameInfo.FullName.MaximumLength = 0; 1279 NameInfo.FullName.Buffer = NULL; 1280 1281 Status = SamSetInformationUser(UserHandle, 1282 UserNameInformation, 1283 (PVOID)&NameInfo); 1284 if (!NT_SUCCESS(Status)) 1285 { 1286 DPRINT1("SamSetInformationUser() failed (Status: 0x%08lx)\n", Status); 1287 } 1288 1289 done: 1290 if (UserHandle != NULL) 1291 SamCloseHandle(UserHandle); 1292 1293 if (pszName != NULL) 1294 HeapFree(GetProcessHeap(), 0, pszName); 1295 } 1296 1297 1298 static 1299 VOID 1300 ApplyAccountSettings( 1301 _In_ HINF hSecurityInf, 1302 _In_ PWSTR pszSectionName) 1303 { 1304 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; 1305 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 1306 LSA_HANDLE PolicyHandle = NULL; 1307 SAM_HANDLE ServerHandle = NULL; 1308 SAM_HANDLE DomainHandle = NULL; 1309 NTSTATUS Status; 1310 1311 DPRINT("ApplyAccountSettings()\n"); 1312 1313 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 1314 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 1315 1316 Status = LsaOpenPolicy(NULL, 1317 &ObjectAttributes, 1318 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 1319 &PolicyHandle); 1320 if (Status != STATUS_SUCCESS) 1321 { 1322 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status); 1323 return; 1324 } 1325 1326 Status = LsaQueryInformationPolicy(PolicyHandle, 1327 PolicyAccountDomainInformation, 1328 (PVOID *)&OrigInfo); 1329 if (!NT_SUCCESS(Status)) 1330 { 1331 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status); 1332 goto done; 1333 } 1334 1335 Status = SamConnect(NULL, 1336 &ServerHandle, 1337 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, 1338 NULL); 1339 if (!NT_SUCCESS(Status)) 1340 { 1341 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status); 1342 goto done; 1343 } 1344 1345 Status = SamOpenDomain(ServerHandle, 1346 DOMAIN_LOOKUP, 1347 OrigInfo->DomainSid, 1348 &DomainHandle); 1349 if (!NT_SUCCESS(Status)) 1350 { 1351 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status); 1352 goto done; 1353 } 1354 1355 SetLsaAnonymousNameLookup(hSecurityInf, 1356 pszSectionName); 1357 1358 EnableAccount(hSecurityInf, 1359 pszSectionName, 1360 L"EnableAdminAccount", 1361 DomainHandle, 1362 DOMAIN_USER_RID_ADMIN); 1363 1364 EnableAccount(hSecurityInf, 1365 pszSectionName, 1366 L"EnableGuestAccount", 1367 DomainHandle, 1368 DOMAIN_USER_RID_GUEST); 1369 1370 SetNewAccountName(hSecurityInf, 1371 pszSectionName, 1372 L"NewAdministratorName", 1373 DomainHandle, 1374 DOMAIN_USER_RID_ADMIN); 1375 1376 SetNewAccountName(hSecurityInf, 1377 pszSectionName, 1378 L"NewGuestName", 1379 DomainHandle, 1380 DOMAIN_USER_RID_GUEST); 1381 1382 done: 1383 if (DomainHandle != NULL) 1384 SamCloseHandle(DomainHandle); 1385 1386 if (ServerHandle != NULL) 1387 SamCloseHandle(ServerHandle); 1388 1389 if (OrigInfo != NULL) 1390 LsaFreeMemory(OrigInfo); 1391 1392 if (PolicyHandle != NULL) 1393 LsaClose(PolicyHandle); 1394 } 1395 1396 1397 static 1398 VOID 1399 ApplyAuditEvents( 1400 _In_ HINF hSecurityInf) 1401 { 1402 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 1403 INFCONTEXT InfContext; 1404 WCHAR szOptionName[256]; 1405 INT nValue; 1406 LSA_HANDLE PolicyHandle = NULL; 1407 POLICY_AUDIT_EVENTS_INFO AuditInfo; 1408 PULONG AuditOptions = NULL; 1409 NTSTATUS Status; 1410 1411 DPRINT("ApplyAuditEvents(%p)\n", hSecurityInf); 1412 1413 if (!SetupFindFirstLineW(hSecurityInf, 1414 L"Event Audit", 1415 NULL, 1416 &InfContext)) 1417 { 1418 DPRINT1("SetupFindFirstLineW failed\n"); 1419 return; 1420 } 1421 1422 ZeroMemory(&ObjectAttributes, sizeof(LSA_OBJECT_ATTRIBUTES)); 1423 1424 Status = LsaOpenPolicy(NULL, 1425 &ObjectAttributes, 1426 POLICY_SET_AUDIT_REQUIREMENTS, 1427 &PolicyHandle); 1428 if (!NT_SUCCESS(Status)) 1429 { 1430 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status); 1431 return; 1432 } 1433 1434 AuditOptions = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, 1435 (AuditCategoryAccountLogon + 1) * sizeof(ULONG)); 1436 if (AuditOptions == NULL) 1437 { 1438 DPRINT1("Failed to allocate the auditiing options array!\n"); 1439 goto done; 1440 } 1441 1442 AuditInfo.AuditingMode = TRUE; 1443 AuditInfo.EventAuditingOptions = AuditOptions; 1444 AuditInfo.MaximumAuditEventCount = AuditCategoryAccountLogon + 1; 1445 1446 do 1447 { 1448 /* Retrieve the group name */ 1449 if (!SetupGetStringFieldW(&InfContext, 1450 0, 1451 szOptionName, 1452 ARRAYSIZE(szOptionName), 1453 NULL)) 1454 { 1455 DPRINT1("SetupGetStringFieldW() failed\n"); 1456 continue; 1457 } 1458 1459 DPRINT("Option: '%S'\n", szOptionName); 1460 1461 if (!SetupGetIntField(&InfContext, 1462 1, 1463 &nValue)) 1464 { 1465 DPRINT1("SetupGetStringFieldW() failed\n"); 1466 continue; 1467 } 1468 1469 DPRINT("Value: %d\n", nValue); 1470 1471 if ((nValue < POLICY_AUDIT_EVENT_UNCHANGED) || (nValue > POLICY_AUDIT_EVENT_NONE)) 1472 { 1473 DPRINT1("Invalid audit option!\n"); 1474 continue; 1475 } 1476 1477 if (_wcsicmp(szOptionName, L"AuditSystemEvents") == 0) 1478 { 1479 AuditOptions[AuditCategorySystem] = (ULONG)nValue; 1480 } 1481 else if (_wcsicmp(szOptionName, L"AuditLogonEvents") == 0) 1482 { 1483 AuditOptions[AuditCategoryLogon] = (ULONG)nValue; 1484 } 1485 else if (_wcsicmp(szOptionName, L"AuditObjectAccess") == 0) 1486 { 1487 AuditOptions[AuditCategoryObjectAccess] = (ULONG)nValue; 1488 } 1489 else if (_wcsicmp(szOptionName, L"AuditPrivilegeUse") == 0) 1490 { 1491 AuditOptions[AuditCategoryPrivilegeUse] = (ULONG)nValue; 1492 } 1493 else if (_wcsicmp(szOptionName, L"AuditProcessTracking") == 0) 1494 { 1495 AuditOptions[AuditCategoryDetailedTracking] = (ULONG)nValue; 1496 } 1497 else if (_wcsicmp(szOptionName, L"AuditPolicyChange") == 0) 1498 { 1499 AuditOptions[AuditCategoryPolicyChange] = (ULONG)nValue; 1500 } 1501 else if (_wcsicmp(szOptionName, L"AuditAccountManage") == 0) 1502 { 1503 AuditOptions[AuditCategoryAccountManagement] = (ULONG)nValue; 1504 } 1505 else if (_wcsicmp(szOptionName, L"AuditDSAccess") == 0) 1506 { 1507 AuditOptions[AuditCategoryDirectoryServiceAccess] = (ULONG)nValue; 1508 } 1509 else if (_wcsicmp(szOptionName, L"AuditAccountLogon") == 0) 1510 { 1511 AuditOptions[AuditCategoryAccountLogon] = (ULONG)nValue; 1512 } 1513 else 1514 { 1515 DPRINT1("Invalid auditing option '%S'\n", szOptionName); 1516 } 1517 } 1518 while (SetupFindNextLine(&InfContext, &InfContext)); 1519 1520 Status = LsaSetInformationPolicy(PolicyHandle, 1521 PolicyAuditEventsInformation, 1522 (PVOID)&AuditInfo); 1523 if (Status != STATUS_SUCCESS) 1524 { 1525 DPRINT1("LsaSetInformationPolicy() failed (Status 0x%08lx)\n", Status); 1526 } 1527 1528 done: 1529 if (AuditOptions != NULL) 1530 HeapFree(GetProcessHeap(), 0, AuditOptions); 1531 1532 if (PolicyHandle != NULL) 1533 LsaClose(PolicyHandle); 1534 } 1535 1536 1537 VOID 1538 InstallSecurity(VOID) 1539 { 1540 HINF hSecurityInf; 1541 PWSTR pszSecurityInf; 1542 1543 // if (IsServer()) 1544 // pszSecurityInf = L"defltsv.inf"; 1545 // else 1546 pszSecurityInf = L"defltwk.inf"; 1547 1548 InstallBuiltinAccounts(); 1549 1550 hSecurityInf = SetupOpenInfFileW(pszSecurityInf, 1551 NULL, 1552 INF_STYLE_WIN4, 1553 NULL); 1554 if (hSecurityInf != INVALID_HANDLE_VALUE) 1555 { 1556 InstallPrivileges(hSecurityInf); 1557 ApplyRegistryValues(hSecurityInf); 1558 1559 ApplyEventlogSettings(hSecurityInf, L"Application Log", L"Application"); 1560 ApplyEventlogSettings(hSecurityInf, L"Security Log", L"Security"); 1561 ApplyEventlogSettings(hSecurityInf, L"System Log", L"System"); 1562 1563 ApplyPasswordSettings(hSecurityInf, L"System Access"); 1564 ApplyLockoutSettings(hSecurityInf, L"System Access"); 1565 ApplyAccountSettings(hSecurityInf, L"System Access"); 1566 1567 ApplyAuditEvents(hSecurityInf); 1568 1569 SetupCloseInfFile(hSecurityInf); 1570 } 1571 1572 /* Hack */ 1573 SetPrimaryDomain(L"WORKGROUP", NULL); 1574 } 1575 1576 1577 NTSTATUS 1578 SetAdministratorPassword(LPCWSTR Password) 1579 { 1580 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; 1581 PUSER_ACCOUNT_NAME_INFORMATION AccountNameInfo = NULL; 1582 USER_SET_PASSWORD_INFORMATION PasswordInfo; 1583 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 1584 LSA_HANDLE PolicyHandle = NULL; 1585 SAM_HANDLE ServerHandle = NULL; 1586 SAM_HANDLE DomainHandle = NULL; 1587 SAM_HANDLE UserHandle = NULL; 1588 NTSTATUS Status; 1589 1590 DPRINT("SYSSETUP: SetAdministratorPassword(%p)\n", Password); 1591 1592 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 1593 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 1594 1595 Status = LsaOpenPolicy(NULL, 1596 &ObjectAttributes, 1597 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 1598 &PolicyHandle); 1599 if (Status != STATUS_SUCCESS) 1600 { 1601 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status); 1602 return Status; 1603 } 1604 1605 Status = LsaQueryInformationPolicy(PolicyHandle, 1606 PolicyAccountDomainInformation, 1607 (PVOID *)&OrigInfo); 1608 if (!NT_SUCCESS(Status)) 1609 { 1610 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status); 1611 goto done; 1612 } 1613 1614 Status = SamConnect(NULL, 1615 &ServerHandle, 1616 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, 1617 NULL); 1618 if (!NT_SUCCESS(Status)) 1619 { 1620 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status); 1621 goto done; 1622 } 1623 1624 Status = SamOpenDomain(ServerHandle, 1625 DOMAIN_LOOKUP, 1626 OrigInfo->DomainSid, 1627 &DomainHandle); 1628 if (!NT_SUCCESS(Status)) 1629 { 1630 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status); 1631 goto done; 1632 } 1633 1634 Status = SamOpenUser(DomainHandle, 1635 USER_FORCE_PASSWORD_CHANGE | USER_READ_GENERAL, 1636 DOMAIN_USER_RID_ADMIN, 1637 &UserHandle); 1638 if (!NT_SUCCESS(Status)) 1639 { 1640 DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status); 1641 goto done; 1642 } 1643 1644 RtlInitUnicodeString(&PasswordInfo.Password, Password); 1645 PasswordInfo.PasswordExpired = FALSE; 1646 1647 Status = SamSetInformationUser(UserHandle, 1648 UserSetPasswordInformation, 1649 (PVOID)&PasswordInfo); 1650 if (!NT_SUCCESS(Status)) 1651 { 1652 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status); 1653 goto done; 1654 } 1655 1656 Status = SamQueryInformationUser(UserHandle, 1657 UserAccountNameInformation, 1658 (PVOID*)&AccountNameInfo); 1659 if (!NT_SUCCESS(Status)) 1660 { 1661 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status); 1662 goto done; 1663 } 1664 1665 AdminInfo.Name = RtlAllocateHeap(RtlGetProcessHeap(), 1666 HEAP_ZERO_MEMORY, 1667 AccountNameInfo->UserName.Length + sizeof(WCHAR)); 1668 if (AdminInfo.Name != NULL) 1669 RtlCopyMemory(AdminInfo.Name, 1670 AccountNameInfo->UserName.Buffer, 1671 AccountNameInfo->UserName.Length); 1672 1673 AdminInfo.Domain = RtlAllocateHeap(RtlGetProcessHeap(), 1674 HEAP_ZERO_MEMORY, 1675 OrigInfo->DomainName.Length + sizeof(WCHAR)); 1676 if (AdminInfo.Domain != NULL) 1677 RtlCopyMemory(AdminInfo.Domain, 1678 OrigInfo->DomainName.Buffer, 1679 OrigInfo->DomainName.Length); 1680 1681 AdminInfo.Password = RtlAllocateHeap(RtlGetProcessHeap(), 1682 0, 1683 (wcslen(Password) + 1) * sizeof(WCHAR)); 1684 if (AdminInfo.Password != NULL) 1685 wcscpy(AdminInfo.Password, Password); 1686 1687 DPRINT("Administrator Name: %S\n", AdminInfo.Name); 1688 DPRINT("Administrator Domain: %S\n", AdminInfo.Domain); 1689 DPRINT("Administrator Password: %S\n", AdminInfo.Password); 1690 1691 done: 1692 if (AccountNameInfo != NULL) 1693 SamFreeMemory(AccountNameInfo); 1694 1695 if (OrigInfo != NULL) 1696 LsaFreeMemory(OrigInfo); 1697 1698 if (PolicyHandle != NULL) 1699 LsaClose(PolicyHandle); 1700 1701 if (UserHandle != NULL) 1702 SamCloseHandle(UserHandle); 1703 1704 if (DomainHandle != NULL) 1705 SamCloseHandle(DomainHandle); 1706 1707 if (ServerHandle != NULL) 1708 SamCloseHandle(ServerHandle); 1709 1710 DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status); 1711 1712 return Status; 1713 } 1714 1715 1716 VOID 1717 SetAutoAdminLogon(VOID) 1718 { 1719 WCHAR szAutoAdminLogon[2]; 1720 HKEY hKey = NULL; 1721 DWORD dwType; 1722 DWORD dwSize; 1723 LONG lError; 1724 1725 lError = RegOpenKeyExW(HKEY_LOCAL_MACHINE, 1726 L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", 1727 0, 1728 KEY_READ | KEY_WRITE, 1729 &hKey); 1730 if (lError != ERROR_SUCCESS) 1731 return; 1732 1733 dwSize = 2 * sizeof(WCHAR); 1734 lError = RegQueryValueExW(hKey, 1735 L"AutoAdminLogon", 1736 NULL, 1737 &dwType, 1738 (LPBYTE)szAutoAdminLogon, 1739 &dwSize); 1740 if (lError != ERROR_SUCCESS) 1741 goto done; 1742 1743 if (wcscmp(szAutoAdminLogon, L"1") == 0) 1744 { 1745 RegSetValueExW(hKey, 1746 L"DefaultDomainName", 1747 0, 1748 REG_SZ, 1749 (LPBYTE)AdminInfo.Domain, 1750 (wcslen(AdminInfo.Domain) + 1) * sizeof(WCHAR)); 1751 1752 RegSetValueExW(hKey, 1753 L"DefaultUserName", 1754 0, 1755 REG_SZ, 1756 (LPBYTE)AdminInfo.Name, 1757 (wcslen(AdminInfo.Name) + 1) * sizeof(WCHAR)); 1758 1759 RegSetValueExW(hKey, 1760 L"DefaultPassword", 1761 0, 1762 REG_SZ, 1763 (LPBYTE)AdminInfo.Password, 1764 (wcslen(AdminInfo.Password) + 1) * sizeof(WCHAR)); 1765 } 1766 1767 done: 1768 if (hKey != NULL) 1769 RegCloseKey(hKey); 1770 } 1771 1772 1773 /* EOF */ 1774 1775