1 /* 2 * COPYRIGHT: See COPYING in the top level directory 3 * PROJECT: ReactOS system libraries 4 * PURPOSE: System setup 5 * FILE: dll/win32/syssetup/security.c 6 * PROGRAMER: Eric Kohl 7 */ 8 9 /* INCLUDES *****************************************************************/ 10 11 #include "precomp.h" 12 13 #include <ntlsa.h> 14 #include <ntsecapi.h> 15 #include <ntsam.h> 16 #include <sddl.h> 17 18 #define NDEBUG 19 #include <debug.h> 20 21 #define TICKS_PER_DAY -864000000000LL 22 #define TICKS_PER_MINUTE -600000000LL 23 24 /* FUNCTIONS ****************************************************************/ 25 26 NTSTATUS 27 WINAPI 28 SetAccountsDomainSid( 29 PSID DomainSid, 30 LPCWSTR DomainName) 31 { 32 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; 33 POLICY_ACCOUNT_DOMAIN_INFO Info; 34 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 35 LSA_HANDLE PolicyHandle; 36 37 SAM_HANDLE ServerHandle = NULL; 38 SAM_HANDLE DomainHandle = NULL; 39 DOMAIN_NAME_INFORMATION DomainNameInfo; 40 41 NTSTATUS Status; 42 43 DPRINT("SYSSETUP: SetAccountsDomainSid\n"); 44 45 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 46 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 47 48 Status = LsaOpenPolicy(NULL, 49 &ObjectAttributes, 50 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 51 &PolicyHandle); 52 if (Status != STATUS_SUCCESS) 53 { 54 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status); 55 return Status; 56 } 57 58 Status = LsaQueryInformationPolicy(PolicyHandle, 59 PolicyAccountDomainInformation, 60 (PVOID *)&OrigInfo); 61 if (Status == STATUS_SUCCESS && OrigInfo != NULL) 62 { 63 if (DomainName == NULL) 64 { 65 Info.DomainName.Buffer = OrigInfo->DomainName.Buffer; 66 Info.DomainName.Length = OrigInfo->DomainName.Length; 67 Info.DomainName.MaximumLength = OrigInfo->DomainName.MaximumLength; 68 } 69 else 70 { 71 Info.DomainName.Buffer = (LPWSTR)DomainName; 72 Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR); 73 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR); 74 } 75 76 if (DomainSid == NULL) 77 Info.DomainSid = OrigInfo->DomainSid; 78 else 79 Info.DomainSid = DomainSid; 80 } 81 else 82 { 83 Info.DomainName.Buffer = (LPWSTR)DomainName; 84 Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR); 85 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR); 86 Info.DomainSid = DomainSid; 87 } 88 89 Status = LsaSetInformationPolicy(PolicyHandle, 90 PolicyAccountDomainInformation, 91 (PVOID)&Info); 92 if (Status != STATUS_SUCCESS) 93 { 94 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status); 95 } 96 97 if (OrigInfo != NULL) 98 LsaFreeMemory(OrigInfo); 99 100 LsaClose(PolicyHandle); 101 102 DomainNameInfo.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR); 103 DomainNameInfo.DomainName.MaximumLength = DomainNameInfo.DomainName.Length + sizeof(WCHAR); 104 DomainNameInfo.DomainName.Buffer = (LPWSTR)DomainName; 105 106 Status = SamConnect(NULL, 107 &ServerHandle, 108 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, 109 NULL); 110 if (NT_SUCCESS(Status)) 111 { 112 Status = SamOpenDomain(ServerHandle, 113 DOMAIN_WRITE_OTHER_PARAMETERS, 114 Info.DomainSid, 115 &DomainHandle); 116 if (NT_SUCCESS(Status)) 117 { 118 Status = SamSetInformationDomain(DomainHandle, 119 DomainNameInformation, 120 &DomainNameInfo); 121 if (!NT_SUCCESS(Status)) 122 { 123 DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status); 124 } 125 126 SamCloseHandle(DomainHandle); 127 } 128 else 129 { 130 DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status); 131 } 132 133 SamCloseHandle(ServerHandle); 134 } 135 136 return Status; 137 } 138 139 140 /* Hack */ 141 static 142 NTSTATUS 143 SetPrimaryDomain(LPCWSTR DomainName, 144 PSID DomainSid) 145 { 146 PPOLICY_PRIMARY_DOMAIN_INFO OrigInfo = NULL; 147 POLICY_PRIMARY_DOMAIN_INFO Info; 148 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 149 LSA_HANDLE PolicyHandle; 150 NTSTATUS Status; 151 152 DPRINT1("SYSSETUP: SetPrimaryDomain()\n"); 153 154 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 155 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 156 157 Status = LsaOpenPolicy(NULL, 158 &ObjectAttributes, 159 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 160 &PolicyHandle); 161 if (Status != STATUS_SUCCESS) 162 { 163 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status); 164 return Status; 165 } 166 167 Status = LsaQueryInformationPolicy(PolicyHandle, 168 PolicyPrimaryDomainInformation, 169 (PVOID *)&OrigInfo); 170 if (Status == STATUS_SUCCESS && OrigInfo != NULL) 171 { 172 if (DomainName == NULL) 173 { 174 Info.Name.Buffer = OrigInfo->Name.Buffer; 175 Info.Name.Length = OrigInfo->Name.Length; 176 Info.Name.MaximumLength = OrigInfo->Name.MaximumLength; 177 } 178 else 179 { 180 Info.Name.Buffer = (LPWSTR)DomainName; 181 Info.Name.Length = wcslen(DomainName) * sizeof(WCHAR); 182 Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR); 183 } 184 185 if (DomainSid == NULL) 186 Info.Sid = OrigInfo->Sid; 187 else 188 Info.Sid = DomainSid; 189 } 190 else 191 { 192 Info.Name.Buffer = (LPWSTR)DomainName; 193 Info.Name.Length = wcslen(DomainName) * sizeof(WCHAR); 194 Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR); 195 Info.Sid = DomainSid; 196 } 197 198 Status = LsaSetInformationPolicy(PolicyHandle, 199 PolicyPrimaryDomainInformation, 200 (PVOID)&Info); 201 if (Status != STATUS_SUCCESS) 202 { 203 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status); 204 } 205 206 if (OrigInfo != NULL) 207 LsaFreeMemory(OrigInfo); 208 209 LsaClose(PolicyHandle); 210 211 return Status; 212 } 213 214 215 static 216 VOID 217 InstallBuiltinAccounts(VOID) 218 { 219 LPWSTR BuiltinAccounts[] = { 220 L"S-1-1-0", /* Everyone */ 221 L"S-1-5-4", /* Interactive */ 222 L"S-1-5-6", /* Service */ 223 L"S-1-5-19", /* Local Service */ 224 L"S-1-5-20", /* Network Service */ 225 L"S-1-5-32-544", /* Administrators */ 226 L"S-1-5-32-545", /* Users */ 227 L"S-1-5-32-547", /* Power Users */ 228 L"S-1-5-32-551", /* Backup Operators */ 229 L"S-1-5-32-555"}; /* Remote Desktop Users */ 230 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 231 NTSTATUS Status; 232 LSA_HANDLE PolicyHandle = NULL; 233 LSA_HANDLE AccountHandle = NULL; 234 PSID AccountSid; 235 ULONG i; 236 237 DPRINT("InstallBuiltinAccounts()\n"); 238 239 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 240 241 Status = LsaOpenPolicy(NULL, 242 &ObjectAttributes, 243 POLICY_CREATE_ACCOUNT, 244 &PolicyHandle); 245 if (!NT_SUCCESS(Status)) 246 { 247 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status); 248 return; 249 } 250 251 for (i = 0; i < ARRAYSIZE(BuiltinAccounts); i++) 252 { 253 if (!ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid)) 254 { 255 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", BuiltinAccounts[i], GetLastError()); 256 continue; 257 } 258 259 Status = LsaCreateAccount(PolicyHandle, 260 AccountSid, 261 0, 262 &AccountHandle); 263 if (NT_SUCCESS(Status)) 264 { 265 LsaClose(AccountHandle); 266 } 267 268 LocalFree(AccountSid); 269 } 270 271 LsaClose(PolicyHandle); 272 } 273 274 275 static 276 VOID 277 InstallPrivileges( 278 HINF hSecurityInf) 279 { 280 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 281 WCHAR szPrivilegeString[256]; 282 WCHAR szSidString[256]; 283 INFCONTEXT InfContext; 284 DWORD i; 285 PSID AccountSid = NULL; 286 NTSTATUS Status; 287 LSA_HANDLE PolicyHandle = NULL; 288 LSA_UNICODE_STRING RightString, AccountName; 289 PLSA_REFERENCED_DOMAIN_LIST ReferencedDomains = NULL; 290 PLSA_TRANSLATED_SID2 Sids = NULL; 291 292 DPRINT("InstallPrivileges()\n"); 293 294 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 295 296 Status = LsaOpenPolicy(NULL, 297 &ObjectAttributes, 298 POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES, 299 &PolicyHandle); 300 if (!NT_SUCCESS(Status)) 301 { 302 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status); 303 goto done; 304 } 305 306 if (!SetupFindFirstLineW(hSecurityInf, 307 L"Privilege Rights", 308 NULL, 309 &InfContext)) 310 { 311 DPRINT1("SetupFindFirstLineW failed\n"); 312 goto done; 313 } 314 315 do 316 { 317 /* Retrieve the privilege name */ 318 if (!SetupGetStringFieldW(&InfContext, 319 0, 320 szPrivilegeString, 321 ARRAYSIZE(szPrivilegeString), 322 NULL)) 323 { 324 DPRINT1("SetupGetStringFieldW() failed\n"); 325 goto done; 326 } 327 DPRINT("Privilege: %S\n", szPrivilegeString); 328 329 for (i = 0; i < SetupGetFieldCount(&InfContext); i++) 330 { 331 if (!SetupGetStringFieldW(&InfContext, 332 i + 1, 333 szSidString, 334 ARRAYSIZE(szSidString), 335 NULL)) 336 { 337 DPRINT1("SetupGetStringFieldW() failed\n"); 338 goto done; 339 } 340 DPRINT("SID: %S\n", szSidString); 341 342 if (szSidString[0] == UNICODE_NULL) 343 continue; 344 345 if (szSidString[0] == L'*') 346 { 347 DPRINT("Account Sid: %S\n", &szSidString[1]); 348 349 if (!ConvertStringSidToSid(&szSidString[1], &AccountSid)) 350 { 351 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", szSidString, GetLastError()); 352 continue; 353 } 354 } 355 else 356 { 357 DPRINT("Account name: %S\n", szSidString); 358 359 ReferencedDomains = NULL; 360 Sids = NULL; 361 RtlInitUnicodeString(&AccountName, szSidString); 362 Status = LsaLookupNames2(PolicyHandle, 363 0, 364 1, 365 &AccountName, 366 &ReferencedDomains, 367 &Sids); 368 if (ReferencedDomains != NULL) 369 { 370 LsaFreeMemory(ReferencedDomains); 371 } 372 373 if (!NT_SUCCESS(Status)) 374 { 375 DPRINT1("LsaLookupNames2() failed (Status 0x%08lx)\n", Status); 376 377 if (Sids != NULL) 378 { 379 LsaFreeMemory(Sids); 380 Sids = NULL; 381 } 382 383 continue; 384 } 385 } 386 387 RtlInitUnicodeString(&RightString, szPrivilegeString); 388 Status = LsaAddAccountRights(PolicyHandle, 389 (AccountSid != NULL) ? AccountSid : Sids[0].Sid, 390 &RightString, 391 1); 392 if (!NT_SUCCESS(Status)) 393 { 394 DPRINT1("LsaAddAccountRights() failed (Status %08lx)\n", Status); 395 } 396 397 if (Sids != NULL) 398 { 399 LsaFreeMemory(Sids); 400 Sids = NULL; 401 } 402 403 if (AccountSid != NULL) 404 { 405 LocalFree(AccountSid); 406 AccountSid = NULL; 407 } 408 } 409 410 } 411 while (SetupFindNextLine(&InfContext, &InfContext)); 412 413 done: 414 if (PolicyHandle != NULL) 415 LsaClose(PolicyHandle); 416 } 417 418 419 static 420 VOID 421 ApplyRegistryValues( 422 HINF hSecurityInf) 423 { 424 WCHAR szRegistryPath[MAX_PATH]; 425 WCHAR szRootName[MAX_PATH]; 426 WCHAR szKeyName[MAX_PATH]; 427 WCHAR szValueName[MAX_PATH]; 428 INFCONTEXT InfContext; 429 DWORD dwLength, dwType; 430 HKEY hRootKey, hKey; 431 PWSTR Ptr1, Ptr2; 432 DWORD dwError; 433 PVOID pBuffer; 434 435 DPRINT("ApplyRegistryValues()\n"); 436 437 if (!SetupFindFirstLineW(hSecurityInf, 438 L"Registry Values", 439 NULL, 440 &InfContext)) 441 { 442 DPRINT1("SetupFindFirstLineW failed\n"); 443 return; 444 } 445 446 do 447 { 448 /* Retrieve the privilege name */ 449 if (!SetupGetStringFieldW(&InfContext, 450 0, 451 szRegistryPath, 452 ARRAYSIZE(szRegistryPath), 453 NULL)) 454 { 455 DPRINT1("SetupGetStringFieldW() failed\n"); 456 return; 457 } 458 459 DPRINT("RegistryPath: %S\n", szRegistryPath); 460 461 Ptr1 = wcschr(szRegistryPath, L'\\'); 462 Ptr2 = wcsrchr(szRegistryPath, L'\\'); 463 if (Ptr1 != NULL && Ptr2 != NULL && Ptr1 != Ptr2) 464 { 465 dwLength = (DWORD)(((ULONG_PTR)Ptr1 - (ULONG_PTR)szRegistryPath) / sizeof(WCHAR)); 466 wcsncpy(szRootName, szRegistryPath, dwLength); 467 szRootName[dwLength] = UNICODE_NULL; 468 469 Ptr1++; 470 dwLength = (DWORD)(((ULONG_PTR)Ptr2 - (ULONG_PTR)Ptr1) / sizeof(WCHAR)); 471 wcsncpy(szKeyName, Ptr1, dwLength); 472 szKeyName[dwLength] = UNICODE_NULL; 473 474 Ptr2++; 475 wcscpy(szValueName, Ptr2); 476 477 DPRINT("RootName: %S\n", szRootName); 478 DPRINT("KeyName: %S\n", szKeyName); 479 DPRINT("ValueName: %S\n", szValueName); 480 481 if (_wcsicmp(szRootName, L"Machine") == 0) 482 { 483 hRootKey = HKEY_LOCAL_MACHINE; 484 } 485 else 486 { 487 DPRINT1("Unsupported root key %S\n", szRootName); 488 break; 489 } 490 491 if (!SetupGetIntField(&InfContext, 492 1, 493 (PINT)&dwType)) 494 { 495 DPRINT1("Failed to get key type (Error %lu)\n", GetLastError()); 496 break; 497 } 498 499 if (dwType != REG_SZ && dwType != REG_EXPAND_SZ && dwType != REG_BINARY && 500 dwType != REG_DWORD && dwType != REG_MULTI_SZ) 501 { 502 DPRINT1("Invalid value type %lu\n", dwType); 503 break; 504 } 505 506 dwLength = 0; 507 switch (dwType) 508 { 509 case REG_SZ: 510 case REG_EXPAND_SZ: 511 SetupGetStringField(&InfContext, 512 2, 513 NULL, 514 0, 515 &dwLength); 516 dwLength *= sizeof(WCHAR); 517 break; 518 519 case REG_BINARY: 520 SetupGetBinaryField(&InfContext, 521 2, 522 NULL, 523 0, 524 &dwLength); 525 break; 526 527 case REG_DWORD: 528 dwLength = sizeof(INT); 529 break; 530 531 case REG_MULTI_SZ: 532 SetupGetMultiSzField(&InfContext, 533 2, 534 NULL, 535 0, 536 &dwLength); 537 dwLength *= sizeof(WCHAR); 538 break; 539 } 540 541 if (dwLength == 0) 542 { 543 DPRINT1("Failed to determine the required buffer size!\n"); 544 break; 545 } 546 547 dwError = RegCreateKeyExW(hRootKey, 548 szKeyName, 549 0, 550 NULL, 551 REG_OPTION_NON_VOLATILE, 552 KEY_WRITE, 553 NULL, 554 &hKey, 555 NULL); 556 if (dwError != ERROR_SUCCESS) 557 { 558 DPRINT1("Failed to create the key %S (Error %lu)\n", szKeyName, dwError); 559 break; 560 } 561 562 pBuffer = HeapAlloc(GetProcessHeap(), 0, dwLength); 563 if (pBuffer) 564 { 565 switch (dwType) 566 { 567 case REG_SZ: 568 case REG_EXPAND_SZ: 569 SetupGetStringField(&InfContext, 570 2, 571 pBuffer, 572 dwLength / sizeof(WCHAR), 573 &dwLength); 574 dwLength *= sizeof(WCHAR); 575 break; 576 577 case REG_BINARY: 578 SetupGetBinaryField(&InfContext, 579 2, 580 pBuffer, 581 dwLength, 582 &dwLength); 583 break; 584 585 case REG_DWORD: 586 SetupGetIntField(&InfContext, 587 2, 588 pBuffer); 589 break; 590 591 case REG_MULTI_SZ: 592 SetupGetMultiSzField(&InfContext, 593 2, 594 pBuffer, 595 dwLength / sizeof(WCHAR), 596 &dwLength); 597 dwLength *= sizeof(WCHAR); 598 break; 599 } 600 601 RegSetValueEx(hKey, 602 szValueName, 603 0, 604 dwType, 605 pBuffer, 606 dwLength); 607 608 HeapFree(GetProcessHeap(), 0, pBuffer); 609 } 610 611 RegCloseKey(hKey); 612 } 613 } 614 while (SetupFindNextLine(&InfContext, &InfContext)); 615 } 616 617 618 static 619 VOID 620 ApplyEventlogSettings( 621 _In_ HINF hSecurityInf, 622 _In_ PWSTR pszSectionName, 623 _In_ PWSTR pszLogName) 624 { 625 INFCONTEXT InfContext; 626 HKEY hServiceKey = NULL, hLogKey = NULL; 627 DWORD dwValue, dwError; 628 BOOL bValueSet; 629 630 DPRINT("ApplyEventlogSettings(%p %S %S)\n", 631 hSecurityInf, pszSectionName, pszLogName); 632 633 dwError = RegCreateKeyExW(HKEY_LOCAL_MACHINE, 634 L"System\\CurrentControlSet\\Services\\Eventlog", 635 0, 636 NULL, 637 REG_OPTION_NON_VOLATILE, 638 KEY_WRITE, 639 NULL, 640 &hServiceKey, 641 NULL); 642 if (dwError != ERROR_SUCCESS) 643 { 644 DPRINT1("Failed to create the Eventlog Service key (Error %lu)\n", dwError); 645 return; 646 } 647 648 dwError = RegCreateKeyExW(hServiceKey, 649 pszLogName, 650 0, 651 NULL, 652 REG_OPTION_NON_VOLATILE, 653 KEY_WRITE, 654 NULL, 655 &hLogKey, 656 NULL); 657 if (dwError != ERROR_SUCCESS) 658 { 659 DPRINT1("Failed to create the key %S (Error %lu)\n", pszLogName, dwError); 660 RegCloseKey(hServiceKey); 661 return; 662 } 663 664 if (SetupFindFirstLineW(hSecurityInf, 665 pszSectionName, 666 L"MaximumLogSize", 667 &InfContext)) 668 { 669 DPRINT("MaximumLogSize\n"); 670 dwValue = 0; 671 SetupGetIntField(&InfContext, 672 1, 673 (PINT)&dwValue); 674 675 DPRINT("MaximumLogSize: %lu (kByte)\n", dwValue); 676 if (dwValue >= 64 && dwValue <= 4194240) 677 { 678 dwValue *= 1024; 679 680 DPRINT("MaxSize: %lu\n", dwValue); 681 RegSetValueEx(hLogKey, 682 L"MaxSize", 683 0, 684 REG_DWORD, 685 (LPBYTE)&dwValue, 686 sizeof(dwValue)); 687 } 688 } 689 690 if (SetupFindFirstLineW(hSecurityInf, 691 pszSectionName, 692 L"AuditLogRetentionPeriod", 693 &InfContext)) 694 { 695 bValueSet = FALSE; 696 dwValue = 0; 697 SetupGetIntField(&InfContext, 698 1, 699 (PINT)&dwValue); 700 if (dwValue == 0) 701 { 702 bValueSet = TRUE; 703 } 704 else if (dwValue == 1) 705 { 706 if (SetupFindFirstLineW(hSecurityInf, 707 pszSectionName, 708 L"RetentionDays", 709 &InfContext)) 710 { 711 SetupGetIntField(&InfContext, 712 1, 713 (PINT)&dwValue); 714 dwValue *= 86400; 715 bValueSet = TRUE; 716 } 717 } 718 else if (dwValue == 2) 719 { 720 dwValue = (DWORD)-1; 721 bValueSet = TRUE; 722 } 723 724 if (bValueSet) 725 { 726 DPRINT("Retention: %lu\n", dwValue); 727 RegSetValueEx(hLogKey, 728 L"Retention", 729 0, 730 REG_DWORD, 731 (LPBYTE)&dwValue, 732 sizeof(dwValue)); 733 } 734 } 735 736 if (SetupFindFirstLineW(hSecurityInf, 737 pszSectionName, 738 L"RestrictGuestAccess", 739 &InfContext)) 740 { 741 dwValue = 0; 742 SetupGetIntField(&InfContext, 743 1, 744 (PINT)&dwValue); 745 if (dwValue == 0 || dwValue == 1) 746 { 747 DPRINT("RestrictGuestAccess: %lu\n", dwValue); 748 RegSetValueEx(hLogKey, 749 L"RestrictGuestAccess", 750 0, 751 REG_DWORD, 752 (LPBYTE)&dwValue, 753 sizeof(dwValue)); 754 } 755 } 756 757 RegCloseKey(hLogKey); 758 RegCloseKey(hServiceKey); 759 } 760 761 762 static 763 VOID 764 ApplyPasswordSettings( 765 _In_ HINF hSecurityInf, 766 _In_ PWSTR pszSectionName) 767 { 768 INFCONTEXT InfContext; 769 PDOMAIN_PASSWORD_INFORMATION PasswordInfo = NULL; 770 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; 771 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 772 LSA_HANDLE PolicyHandle = NULL; 773 SAM_HANDLE ServerHandle = NULL; 774 SAM_HANDLE DomainHandle = NULL; 775 INT nValue; 776 NTSTATUS Status; 777 778 DPRINT("ApplyPasswordSettings()\n"); 779 780 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 781 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 782 783 Status = LsaOpenPolicy(NULL, 784 &ObjectAttributes, 785 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 786 &PolicyHandle); 787 if (Status != STATUS_SUCCESS) 788 { 789 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status); 790 return; 791 } 792 793 Status = LsaQueryInformationPolicy(PolicyHandle, 794 PolicyAccountDomainInformation, 795 (PVOID *)&OrigInfo); 796 if (!NT_SUCCESS(Status)) 797 { 798 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status); 799 goto done; 800 } 801 802 Status = SamConnect(NULL, 803 &ServerHandle, 804 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, 805 NULL); 806 if (!NT_SUCCESS(Status)) 807 { 808 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status); 809 goto done; 810 } 811 812 Status = SamOpenDomain(ServerHandle, 813 DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS, 814 OrigInfo->DomainSid, 815 &DomainHandle); 816 if (!NT_SUCCESS(Status)) 817 { 818 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status); 819 goto done; 820 } 821 822 Status = SamQueryInformationDomain(DomainHandle, 823 DomainPasswordInformation, 824 (PVOID*)&PasswordInfo); 825 if (!NT_SUCCESS(Status)) 826 { 827 DPRINT1("SamQueryInformationDomain() failed (Status %08lx)\n", Status); 828 goto done; 829 } 830 831 DPRINT("MaximumPasswordAge (OldValue) : 0x%I64x\n", PasswordInfo->MaxPasswordAge.QuadPart); 832 if (SetupFindFirstLineW(hSecurityInf, 833 pszSectionName, 834 L"MaximumPasswordAge", 835 &InfContext)) 836 { 837 if (SetupGetIntField(&InfContext, 1, &nValue)) 838 { 839 DPRINT("Value: %ld\n", nValue); 840 if (nValue == -1) 841 { 842 PasswordInfo->MaxPasswordAge.QuadPart = 0x8000000000000000; 843 } 844 else if ((nValue >= 1) && (nValue < 1000)) 845 { 846 PasswordInfo->MaxPasswordAge.QuadPart = (LONGLONG)nValue * TICKS_PER_DAY; 847 } 848 DPRINT("MaximumPasswordAge (NewValue) : 0x%I64x\n", PasswordInfo->MaxPasswordAge.QuadPart); 849 } 850 } 851 852 DPRINT("MinimumPasswordAge (OldValue) : 0x%I64x\n", PasswordInfo->MinPasswordAge.QuadPart); 853 if (SetupFindFirstLineW(hSecurityInf, 854 pszSectionName, 855 L"MinimumPasswordAge", 856 &InfContext)) 857 { 858 if (SetupGetIntField(&InfContext, 1, &nValue)) 859 { 860 DPRINT("Wert: %ld\n", nValue); 861 if ((nValue >= 0) && (nValue < 1000)) 862 { 863 if (PasswordInfo->MaxPasswordAge.QuadPart < (LONGLONG)nValue * TICKS_PER_DAY) 864 PasswordInfo->MinPasswordAge.QuadPart = (LONGLONG)nValue * TICKS_PER_DAY; 865 } 866 DPRINT("MinimumPasswordAge (NewValue) : 0x%I64x\n", PasswordInfo->MinPasswordAge.QuadPart); 867 } 868 } 869 870 DPRINT("MinimumPasswordLength (OldValue) : %lu\n", PasswordInfo->MinPasswordLength); 871 if (SetupFindFirstLineW(hSecurityInf, 872 pszSectionName, 873 L"MinimumPasswordLength", 874 &InfContext)) 875 { 876 if (SetupGetIntField(&InfContext, 1, &nValue)) 877 { 878 DPRINT("Value: %ld\n", nValue); 879 if ((nValue >= 0) && (nValue <= 65535)) 880 { 881 PasswordInfo->MinPasswordLength = nValue; 882 } 883 DPRINT("MinimumPasswordLength (NewValue) : %lu\n", PasswordInfo->MinPasswordLength); 884 } 885 } 886 887 DPRINT("PasswordHistoryLength (OldValue) : %lu\n", PasswordInfo->PasswordHistoryLength); 888 if (SetupFindFirstLineW(hSecurityInf, 889 pszSectionName, 890 L"PasswordHistorySize", 891 &InfContext)) 892 { 893 if (SetupGetIntField(&InfContext, 1, &nValue)) 894 { 895 DPRINT("Value: %ld\n", nValue); 896 if ((nValue >= 0) && (nValue <= 65535)) 897 { 898 PasswordInfo->PasswordHistoryLength = nValue; 899 } 900 DPRINT("PasswordHistoryLength (NewValue) : %lu\n", PasswordInfo->PasswordHistoryLength); 901 } 902 } 903 904 if (SetupFindFirstLineW(hSecurityInf, 905 pszSectionName, 906 L"PasswordComplexity", 907 &InfContext)) 908 { 909 if (SetupGetIntField(&InfContext, 1, &nValue)) 910 { 911 if (nValue == 0) 912 { 913 PasswordInfo->PasswordProperties &= ~DOMAIN_PASSWORD_COMPLEX; 914 } 915 else 916 { 917 PasswordInfo->PasswordProperties |= DOMAIN_PASSWORD_COMPLEX; 918 } 919 } 920 } 921 922 if (SetupFindFirstLineW(hSecurityInf, 923 pszSectionName, 924 L"ClearTextPassword", 925 &InfContext)) 926 { 927 if (SetupGetIntField(&InfContext, 1, &nValue)) 928 { 929 if (nValue == 0) 930 { 931 PasswordInfo->PasswordProperties &= ~DOMAIN_PASSWORD_STORE_CLEARTEXT; 932 } 933 else 934 { 935 PasswordInfo->PasswordProperties |= DOMAIN_PASSWORD_STORE_CLEARTEXT; 936 } 937 } 938 } 939 940 /* Windows ignores the RequireLogonToChangePassword option */ 941 942 Status = SamSetInformationDomain(DomainHandle, 943 DomainPasswordInformation, 944 PasswordInfo); 945 if (!NT_SUCCESS(Status)) 946 { 947 DPRINT1("SamSetInformationDomain() failed (Status %08lx)\n", Status); 948 goto done; 949 } 950 951 done: 952 if (PasswordInfo != NULL) 953 SamFreeMemory(PasswordInfo); 954 955 if (DomainHandle != NULL) 956 SamCloseHandle(DomainHandle); 957 958 if (ServerHandle != NULL) 959 SamCloseHandle(ServerHandle); 960 961 if (OrigInfo != NULL) 962 LsaFreeMemory(OrigInfo); 963 964 if (PolicyHandle != NULL) 965 LsaClose(PolicyHandle); 966 } 967 968 969 static 970 VOID 971 ApplyLockoutSettings( 972 _In_ HINF hSecurityInf, 973 _In_ PWSTR pszSectionName) 974 { 975 INFCONTEXT InfContext; 976 PDOMAIN_LOCKOUT_INFORMATION LockoutInfo = NULL; 977 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; 978 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 979 LSA_HANDLE PolicyHandle = NULL; 980 SAM_HANDLE ServerHandle = NULL; 981 SAM_HANDLE DomainHandle = NULL; 982 INT nValue; 983 NTSTATUS Status; 984 985 DPRINT("ApplyLockoutSettings()\n"); 986 987 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 988 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 989 990 Status = LsaOpenPolicy(NULL, 991 &ObjectAttributes, 992 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 993 &PolicyHandle); 994 if (Status != STATUS_SUCCESS) 995 { 996 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status); 997 return; 998 } 999 1000 Status = LsaQueryInformationPolicy(PolicyHandle, 1001 PolicyAccountDomainInformation, 1002 (PVOID *)&OrigInfo); 1003 if (!NT_SUCCESS(Status)) 1004 { 1005 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status); 1006 goto done; 1007 } 1008 1009 Status = SamConnect(NULL, 1010 &ServerHandle, 1011 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, 1012 NULL); 1013 if (!NT_SUCCESS(Status)) 1014 { 1015 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status); 1016 goto done; 1017 } 1018 1019 Status = SamOpenDomain(ServerHandle, 1020 DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS, 1021 OrigInfo->DomainSid, 1022 &DomainHandle); 1023 if (!NT_SUCCESS(Status)) 1024 { 1025 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status); 1026 goto done; 1027 } 1028 1029 Status = SamQueryInformationDomain(DomainHandle, 1030 DomainLockoutInformation, 1031 (PVOID*)&LockoutInfo); 1032 if (!NT_SUCCESS(Status)) 1033 { 1034 DPRINT1("SamQueryInformationDomain() failed (Status %08lx)\n", Status); 1035 goto done; 1036 } 1037 1038 if (SetupFindFirstLineW(hSecurityInf, 1039 pszSectionName, 1040 L"LockoutBadCount", 1041 &InfContext)) 1042 { 1043 if (SetupGetIntField(&InfContext, 1, &nValue)) 1044 { 1045 if (nValue >= 0) 1046 { 1047 LockoutInfo->LockoutThreshold = nValue; 1048 } 1049 } 1050 } 1051 1052 if (SetupFindFirstLineW(hSecurityInf, 1053 pszSectionName, 1054 L"ResetLockoutCount", 1055 &InfContext)) 1056 { 1057 if (SetupGetIntField(&InfContext, 1, &nValue)) 1058 { 1059 if (nValue >= 0) 1060 { 1061 LockoutInfo->LockoutObservationWindow.QuadPart = (LONGLONG)nValue * TICKS_PER_MINUTE; 1062 } 1063 } 1064 } 1065 1066 if (SetupFindFirstLineW(hSecurityInf, 1067 pszSectionName, 1068 L"LockoutDuration", 1069 &InfContext)) 1070 { 1071 if (SetupGetIntField(&InfContext, 1, &nValue)) 1072 { 1073 if (nValue == -1) 1074 { 1075 LockoutInfo->LockoutDuration.QuadPart = 0x8000000000000000LL; 1076 } 1077 else if ((nValue >= 0) && (nValue < 100000)) 1078 { 1079 LockoutInfo->LockoutDuration.QuadPart = (LONGLONG)nValue * TICKS_PER_MINUTE; 1080 } 1081 } 1082 } 1083 1084 Status = SamSetInformationDomain(DomainHandle, 1085 DomainLockoutInformation, 1086 LockoutInfo); 1087 if (!NT_SUCCESS(Status)) 1088 { 1089 DPRINT1("SamSetInformationDomain() failed (Status %08lx)\n", Status); 1090 goto done; 1091 } 1092 1093 done: 1094 if (LockoutInfo != NULL) 1095 SamFreeMemory(LockoutInfo); 1096 1097 if (DomainHandle != NULL) 1098 SamCloseHandle(DomainHandle); 1099 1100 if (ServerHandle != NULL) 1101 SamCloseHandle(ServerHandle); 1102 1103 if (OrigInfo != NULL) 1104 LsaFreeMemory(OrigInfo); 1105 1106 if (PolicyHandle != NULL) 1107 LsaClose(PolicyHandle); 1108 } 1109 1110 1111 static 1112 VOID 1113 SetLsaAnonymousNameLookup( 1114 _In_ HINF hSecurityInf, 1115 _In_ PWSTR pszSectionName) 1116 { 1117 #if 0 1118 INFCONTEXT InfContext; 1119 INT nValue = 0; 1120 1121 DPRINT1("SetLsaAnonymousNameLookup()\n"); 1122 1123 if (!SetupFindFirstLineW(hSecurityInf, 1124 pszSectionName, 1125 L"LSAAnonymousNameLookup", 1126 &InfContext)) 1127 { 1128 return; 1129 } 1130 1131 if (!SetupGetIntField(&InfContext, 1, &nValue)) 1132 { 1133 return; 1134 } 1135 1136 if (nValue == 0) 1137 { 1138 } 1139 else 1140 { 1141 } 1142 #endif 1143 } 1144 1145 1146 static 1147 VOID 1148 EnableAccount( 1149 _In_ HINF hSecurityInf, 1150 _In_ PWSTR pszSectionName, 1151 _In_ PWSTR pszValueName, 1152 _In_ SAM_HANDLE DomainHandle, 1153 _In_ DWORD dwAccountRid) 1154 { 1155 INFCONTEXT InfContext; 1156 SAM_HANDLE UserHandle = NULL; 1157 PUSER_CONTROL_INFORMATION ControlInfo = NULL; 1158 INT nValue = 0; 1159 NTSTATUS Status; 1160 1161 DPRINT("EnableAccount()\n"); 1162 1163 if (!SetupFindFirstLineW(hSecurityInf, 1164 pszSectionName, 1165 pszValueName, 1166 &InfContext)) 1167 return; 1168 1169 if (!SetupGetIntField(&InfContext, 1, &nValue)) 1170 { 1171 DPRINT1("No valid integer value\n"); 1172 goto done; 1173 } 1174 1175 DPRINT("Value: %d\n", nValue); 1176 1177 Status = SamOpenUser(DomainHandle, 1178 USER_READ_ACCOUNT | USER_WRITE_ACCOUNT, 1179 dwAccountRid, 1180 &UserHandle); 1181 if (!NT_SUCCESS(Status)) 1182 { 1183 DPRINT1("SamOpenUser() failed (Status: 0x%08lx)\n", Status); 1184 goto done; 1185 } 1186 1187 Status = SamQueryInformationUser(UserHandle, 1188 UserControlInformation, 1189 (PVOID*)&ControlInfo); 1190 if (!NT_SUCCESS(Status)) 1191 { 1192 DPRINT1("SamQueryInformationUser() failed (Status: 0x%08lx)\n", Status); 1193 goto done; 1194 } 1195 1196 if (nValue == 0) 1197 { 1198 ControlInfo->UserAccountControl |= USER_ACCOUNT_DISABLED; 1199 } 1200 else 1201 { 1202 ControlInfo->UserAccountControl &= ~USER_ACCOUNT_DISABLED; 1203 } 1204 1205 Status = SamSetInformationUser(UserHandle, 1206 UserControlInformation, 1207 ControlInfo); 1208 if (!NT_SUCCESS(Status)) 1209 { 1210 DPRINT1("SamSetInformationUser() failed (Status: 0x%08lx)\n", Status); 1211 } 1212 1213 done: 1214 if (ControlInfo != NULL) 1215 SamFreeMemory(ControlInfo); 1216 1217 if (UserHandle != NULL) 1218 SamCloseHandle(UserHandle); 1219 } 1220 1221 1222 static 1223 VOID 1224 SetNewAccountName( 1225 _In_ HINF hSecurityInf, 1226 _In_ PWSTR pszSectionName, 1227 _In_ PWSTR pszValueName, 1228 _In_ SAM_HANDLE DomainHandle, 1229 _In_ DWORD dwAccountRid) 1230 { 1231 INFCONTEXT InfContext; 1232 DWORD dwLength = 0; 1233 PWSTR pszName = NULL; 1234 SAM_HANDLE UserHandle = NULL; 1235 USER_NAME_INFORMATION NameInfo; 1236 NTSTATUS Status; 1237 1238 DPRINT("SetNewAccountName()\n"); 1239 1240 if (!SetupFindFirstLineW(hSecurityInf, 1241 pszSectionName, 1242 pszValueName, 1243 &InfContext)) 1244 return; 1245 1246 SetupGetStringFieldW(&InfContext, 1247 1, 1248 NULL, 1249 0, 1250 &dwLength); 1251 if (dwLength == 0) 1252 return; 1253 1254 pszName = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwLength * sizeof(WCHAR)); 1255 if (pszName == NULL) 1256 { 1257 DPRINT1("HeapAlloc() failed\n"); 1258 return; 1259 } 1260 1261 if (!SetupGetStringFieldW(&InfContext, 1262 1, 1263 pszName, 1264 dwLength, 1265 &dwLength)) 1266 { 1267 DPRINT1("No valid string value\n"); 1268 goto done; 1269 } 1270 1271 DPRINT("NewAccountName: '%S'\n", pszName); 1272 1273 Status = SamOpenUser(DomainHandle, 1274 USER_WRITE_ACCOUNT, 1275 dwAccountRid, 1276 &UserHandle); 1277 if (!NT_SUCCESS(Status)) 1278 { 1279 DPRINT1("SamOpenUser() failed (Status: 0x%08lx)\n", Status); 1280 goto done; 1281 } 1282 1283 NameInfo.UserName.Length = wcslen(pszName) * sizeof(WCHAR); 1284 NameInfo.UserName.MaximumLength = NameInfo.UserName.Length + sizeof(WCHAR); 1285 NameInfo.UserName.Buffer = pszName; 1286 NameInfo.FullName.Length = 0; 1287 NameInfo.FullName.MaximumLength = 0; 1288 NameInfo.FullName.Buffer = NULL; 1289 1290 Status = SamSetInformationUser(UserHandle, 1291 UserNameInformation, 1292 &NameInfo); 1293 if (!NT_SUCCESS(Status)) 1294 { 1295 DPRINT1("SamSetInformationUser() failed (Status: 0x%08lx)\n", Status); 1296 } 1297 1298 done: 1299 if (UserHandle != NULL) 1300 SamCloseHandle(UserHandle); 1301 1302 if (pszName != NULL) 1303 HeapFree(GetProcessHeap(), 0, pszName); 1304 } 1305 1306 1307 static 1308 VOID 1309 ApplyAccountSettings( 1310 _In_ HINF hSecurityInf, 1311 _In_ PWSTR pszSectionName) 1312 { 1313 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; 1314 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 1315 LSA_HANDLE PolicyHandle = NULL; 1316 SAM_HANDLE ServerHandle = NULL; 1317 SAM_HANDLE DomainHandle = NULL; 1318 NTSTATUS Status; 1319 1320 DPRINT("ApplyAccountSettings()\n"); 1321 1322 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 1323 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 1324 1325 Status = LsaOpenPolicy(NULL, 1326 &ObjectAttributes, 1327 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 1328 &PolicyHandle); 1329 if (Status != STATUS_SUCCESS) 1330 { 1331 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status); 1332 return; 1333 } 1334 1335 Status = LsaQueryInformationPolicy(PolicyHandle, 1336 PolicyAccountDomainInformation, 1337 (PVOID *)&OrigInfo); 1338 if (!NT_SUCCESS(Status)) 1339 { 1340 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status); 1341 goto done; 1342 } 1343 1344 Status = SamConnect(NULL, 1345 &ServerHandle, 1346 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, 1347 NULL); 1348 if (!NT_SUCCESS(Status)) 1349 { 1350 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status); 1351 goto done; 1352 } 1353 1354 Status = SamOpenDomain(ServerHandle, 1355 DOMAIN_LOOKUP, 1356 OrigInfo->DomainSid, 1357 &DomainHandle); 1358 if (!NT_SUCCESS(Status)) 1359 { 1360 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status); 1361 goto done; 1362 } 1363 1364 SetLsaAnonymousNameLookup(hSecurityInf, 1365 pszSectionName); 1366 1367 EnableAccount(hSecurityInf, 1368 pszSectionName, 1369 L"EnableAdminAccount", 1370 DomainHandle, 1371 DOMAIN_USER_RID_ADMIN); 1372 1373 EnableAccount(hSecurityInf, 1374 pszSectionName, 1375 L"EnableGuestAccount", 1376 DomainHandle, 1377 DOMAIN_USER_RID_GUEST); 1378 1379 SetNewAccountName(hSecurityInf, 1380 pszSectionName, 1381 L"NewAdministratorName", 1382 DomainHandle, 1383 DOMAIN_USER_RID_ADMIN); 1384 1385 SetNewAccountName(hSecurityInf, 1386 pszSectionName, 1387 L"NewGuestName", 1388 DomainHandle, 1389 DOMAIN_USER_RID_GUEST); 1390 1391 done: 1392 if (DomainHandle != NULL) 1393 SamCloseHandle(DomainHandle); 1394 1395 if (ServerHandle != NULL) 1396 SamCloseHandle(ServerHandle); 1397 1398 if (OrigInfo != NULL) 1399 LsaFreeMemory(OrigInfo); 1400 1401 if (PolicyHandle != NULL) 1402 LsaClose(PolicyHandle); 1403 } 1404 1405 1406 static 1407 VOID 1408 ApplyAuditEvents( 1409 _In_ HINF hSecurityInf) 1410 { 1411 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 1412 INFCONTEXT InfContext; 1413 WCHAR szOptionName[256]; 1414 INT nValue; 1415 LSA_HANDLE PolicyHandle = NULL; 1416 POLICY_AUDIT_EVENTS_INFO AuditInfo; 1417 PULONG AuditOptions = NULL; 1418 NTSTATUS Status; 1419 1420 DPRINT("ApplyAuditEvents(%p)\n", hSecurityInf); 1421 1422 if (!SetupFindFirstLineW(hSecurityInf, 1423 L"Event Audit", 1424 NULL, 1425 &InfContext)) 1426 { 1427 DPRINT1("SetupFindFirstLineW failed\n"); 1428 return; 1429 } 1430 1431 ZeroMemory(&ObjectAttributes, sizeof(LSA_OBJECT_ATTRIBUTES)); 1432 1433 Status = LsaOpenPolicy(NULL, 1434 &ObjectAttributes, 1435 POLICY_SET_AUDIT_REQUIREMENTS, 1436 &PolicyHandle); 1437 if (!NT_SUCCESS(Status)) 1438 { 1439 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status); 1440 return; 1441 } 1442 1443 AuditOptions = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, 1444 (AuditCategoryAccountLogon + 1) * sizeof(ULONG)); 1445 if (AuditOptions == NULL) 1446 { 1447 DPRINT1("Failed to allocate the auditiing options array!\n"); 1448 goto done; 1449 } 1450 1451 AuditInfo.AuditingMode = TRUE; 1452 AuditInfo.EventAuditingOptions = AuditOptions; 1453 AuditInfo.MaximumAuditEventCount = AuditCategoryAccountLogon + 1; 1454 1455 do 1456 { 1457 /* Retrieve the group name */ 1458 if (!SetupGetStringFieldW(&InfContext, 1459 0, 1460 szOptionName, 1461 ARRAYSIZE(szOptionName), 1462 NULL)) 1463 { 1464 DPRINT1("SetupGetStringFieldW() failed\n"); 1465 continue; 1466 } 1467 1468 DPRINT("Option: '%S'\n", szOptionName); 1469 1470 if (!SetupGetIntField(&InfContext, 1471 1, 1472 &nValue)) 1473 { 1474 DPRINT1("SetupGetStringFieldW() failed\n"); 1475 continue; 1476 } 1477 1478 DPRINT("Value: %d\n", nValue); 1479 1480 if ((nValue < POLICY_AUDIT_EVENT_UNCHANGED) || (nValue > POLICY_AUDIT_EVENT_NONE)) 1481 { 1482 DPRINT1("Invalid audit option!\n"); 1483 continue; 1484 } 1485 1486 if (_wcsicmp(szOptionName, L"AuditSystemEvents") == 0) 1487 { 1488 AuditOptions[AuditCategorySystem] = (ULONG)nValue; 1489 } 1490 else if (_wcsicmp(szOptionName, L"AuditLogonEvents") == 0) 1491 { 1492 AuditOptions[AuditCategoryLogon] = (ULONG)nValue; 1493 } 1494 else if (_wcsicmp(szOptionName, L"AuditObjectAccess") == 0) 1495 { 1496 AuditOptions[AuditCategoryObjectAccess] = (ULONG)nValue; 1497 } 1498 else if (_wcsicmp(szOptionName, L"AuditPrivilegeUse") == 0) 1499 { 1500 AuditOptions[AuditCategoryPrivilegeUse] = (ULONG)nValue; 1501 } 1502 else if (_wcsicmp(szOptionName, L"AuditProcessTracking") == 0) 1503 { 1504 AuditOptions[AuditCategoryDetailedTracking] = (ULONG)nValue; 1505 } 1506 else if (_wcsicmp(szOptionName, L"AuditPolicyChange") == 0) 1507 { 1508 AuditOptions[AuditCategoryPolicyChange] = (ULONG)nValue; 1509 } 1510 else if (_wcsicmp(szOptionName, L"AuditAccountManage") == 0) 1511 { 1512 AuditOptions[AuditCategoryAccountManagement] = (ULONG)nValue; 1513 } 1514 else if (_wcsicmp(szOptionName, L"AuditDSAccess") == 0) 1515 { 1516 AuditOptions[AuditCategoryDirectoryServiceAccess] = (ULONG)nValue; 1517 } 1518 else if (_wcsicmp(szOptionName, L"AuditAccountLogon") == 0) 1519 { 1520 AuditOptions[AuditCategoryAccountLogon] = (ULONG)nValue; 1521 } 1522 else 1523 { 1524 DPRINT1("Invalid auditing option '%S'\n", szOptionName); 1525 } 1526 } 1527 while (SetupFindNextLine(&InfContext, &InfContext)); 1528 1529 Status = LsaSetInformationPolicy(PolicyHandle, 1530 PolicyAuditEventsInformation, 1531 (PVOID)&AuditInfo); 1532 if (Status != STATUS_SUCCESS) 1533 { 1534 DPRINT1("LsaSetInformationPolicy() failed (Status 0x%08lx)\n", Status); 1535 } 1536 1537 done: 1538 if (AuditOptions != NULL) 1539 HeapFree(GetProcessHeap(), 0, AuditOptions); 1540 1541 if (PolicyHandle != NULL) 1542 LsaClose(PolicyHandle); 1543 } 1544 1545 1546 VOID 1547 InstallSecurity(VOID) 1548 { 1549 HINF hSecurityInf; 1550 PWSTR pszSecurityInf; 1551 1552 // if (IsServer()) 1553 // pszSecurityInf = L"defltsv.inf"; 1554 // else 1555 pszSecurityInf = L"defltwk.inf"; 1556 1557 InstallBuiltinAccounts(); 1558 1559 hSecurityInf = SetupOpenInfFileW(pszSecurityInf, 1560 NULL, 1561 INF_STYLE_WIN4, 1562 NULL); 1563 if (hSecurityInf != INVALID_HANDLE_VALUE) 1564 { 1565 InstallPrivileges(hSecurityInf); 1566 ApplyRegistryValues(hSecurityInf); 1567 1568 ApplyEventlogSettings(hSecurityInf, L"Application Log", L"Application"); 1569 ApplyEventlogSettings(hSecurityInf, L"Security Log", L"Security"); 1570 ApplyEventlogSettings(hSecurityInf, L"System Log", L"System"); 1571 1572 ApplyPasswordSettings(hSecurityInf, L"System Access"); 1573 ApplyLockoutSettings(hSecurityInf, L"System Access"); 1574 ApplyAccountSettings(hSecurityInf, L"System Access"); 1575 1576 ApplyAuditEvents(hSecurityInf); 1577 1578 SetupCloseInfFile(hSecurityInf); 1579 } 1580 1581 /* Hack */ 1582 SetPrimaryDomain(L"WORKGROUP", NULL); 1583 } 1584 1585 1586 NTSTATUS 1587 SetAdministratorPassword(LPCWSTR Password) 1588 { 1589 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; 1590 PUSER_ACCOUNT_NAME_INFORMATION AccountNameInfo = NULL; 1591 USER_SET_PASSWORD_INFORMATION PasswordInfo; 1592 LSA_OBJECT_ATTRIBUTES ObjectAttributes; 1593 LSA_HANDLE PolicyHandle = NULL; 1594 SAM_HANDLE ServerHandle = NULL; 1595 SAM_HANDLE DomainHandle = NULL; 1596 SAM_HANDLE UserHandle = NULL; 1597 NTSTATUS Status; 1598 1599 DPRINT("SYSSETUP: SetAdministratorPassword(%p)\n", Password); 1600 1601 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); 1602 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); 1603 1604 Status = LsaOpenPolicy(NULL, 1605 &ObjectAttributes, 1606 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, 1607 &PolicyHandle); 1608 if (Status != STATUS_SUCCESS) 1609 { 1610 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status); 1611 return Status; 1612 } 1613 1614 Status = LsaQueryInformationPolicy(PolicyHandle, 1615 PolicyAccountDomainInformation, 1616 (PVOID *)&OrigInfo); 1617 if (!NT_SUCCESS(Status)) 1618 { 1619 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status); 1620 goto done; 1621 } 1622 1623 Status = SamConnect(NULL, 1624 &ServerHandle, 1625 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, 1626 NULL); 1627 if (!NT_SUCCESS(Status)) 1628 { 1629 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status); 1630 goto done; 1631 } 1632 1633 Status = SamOpenDomain(ServerHandle, 1634 DOMAIN_LOOKUP, 1635 OrigInfo->DomainSid, 1636 &DomainHandle); 1637 if (!NT_SUCCESS(Status)) 1638 { 1639 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status); 1640 goto done; 1641 } 1642 1643 Status = SamOpenUser(DomainHandle, 1644 USER_FORCE_PASSWORD_CHANGE | USER_READ_GENERAL, 1645 DOMAIN_USER_RID_ADMIN, 1646 &UserHandle); 1647 if (!NT_SUCCESS(Status)) 1648 { 1649 DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status); 1650 goto done; 1651 } 1652 1653 RtlInitUnicodeString(&PasswordInfo.Password, Password); 1654 PasswordInfo.PasswordExpired = FALSE; 1655 1656 Status = SamSetInformationUser(UserHandle, 1657 UserSetPasswordInformation, 1658 &PasswordInfo); 1659 if (!NT_SUCCESS(Status)) 1660 { 1661 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status); 1662 goto done; 1663 } 1664 1665 Status = SamQueryInformationUser(UserHandle, 1666 UserAccountNameInformation, 1667 (PVOID*)&AccountNameInfo); 1668 if (!NT_SUCCESS(Status)) 1669 { 1670 DPRINT1("SamQueryInformationUser() failed (Status 0x%08lx)\n", Status); 1671 goto done; 1672 } 1673 1674 AdminInfo.Name = RtlAllocateHeap(RtlGetProcessHeap(), 1675 HEAP_ZERO_MEMORY, 1676 AccountNameInfo->UserName.Length + sizeof(WCHAR)); 1677 if (AdminInfo.Name != NULL) 1678 RtlCopyMemory(AdminInfo.Name, 1679 AccountNameInfo->UserName.Buffer, 1680 AccountNameInfo->UserName.Length); 1681 1682 AdminInfo.Domain = RtlAllocateHeap(RtlGetProcessHeap(), 1683 HEAP_ZERO_MEMORY, 1684 OrigInfo->DomainName.Length + sizeof(WCHAR)); 1685 if (AdminInfo.Domain != NULL) 1686 RtlCopyMemory(AdminInfo.Domain, 1687 OrigInfo->DomainName.Buffer, 1688 OrigInfo->DomainName.Length); 1689 1690 AdminInfo.Password = RtlAllocateHeap(RtlGetProcessHeap(), 1691 0, 1692 (wcslen(Password) + 1) * sizeof(WCHAR)); 1693 if (AdminInfo.Password != NULL) 1694 wcscpy(AdminInfo.Password, Password); 1695 1696 DPRINT("Administrator Name: %S\n", AdminInfo.Name); 1697 DPRINT("Administrator Domain: %S\n", AdminInfo.Domain); 1698 DPRINT("Administrator Password: %S\n", AdminInfo.Password); 1699 1700 done: 1701 if (AccountNameInfo != NULL) 1702 SamFreeMemory(AccountNameInfo); 1703 1704 if (OrigInfo != NULL) 1705 LsaFreeMemory(OrigInfo); 1706 1707 if (PolicyHandle != NULL) 1708 LsaClose(PolicyHandle); 1709 1710 if (UserHandle != NULL) 1711 SamCloseHandle(UserHandle); 1712 1713 if (DomainHandle != NULL) 1714 SamCloseHandle(DomainHandle); 1715 1716 if (ServerHandle != NULL) 1717 SamCloseHandle(ServerHandle); 1718 1719 DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status); 1720 1721 return Status; 1722 } 1723 1724 1725 VOID 1726 SetAutoAdminLogon(VOID) 1727 { 1728 WCHAR szAutoAdminLogon[2]; 1729 HKEY hKey = NULL; 1730 DWORD dwType; 1731 DWORD dwSize; 1732 LONG lError; 1733 1734 lError = RegOpenKeyExW(HKEY_LOCAL_MACHINE, 1735 L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon", 1736 0, 1737 KEY_READ | KEY_WRITE, 1738 &hKey); 1739 if (lError != ERROR_SUCCESS) 1740 return; 1741 1742 dwSize = 2 * sizeof(WCHAR); 1743 lError = RegQueryValueExW(hKey, 1744 L"AutoAdminLogon", 1745 NULL, 1746 &dwType, 1747 (LPBYTE)szAutoAdminLogon, 1748 &dwSize); 1749 if (lError != ERROR_SUCCESS) 1750 goto done; 1751 1752 if (wcscmp(szAutoAdminLogon, L"1") == 0) 1753 { 1754 RegSetValueExW(hKey, 1755 L"DefaultDomainName", 1756 0, 1757 REG_SZ, 1758 (LPBYTE)AdminInfo.Domain, 1759 (wcslen(AdminInfo.Domain) + 1) * sizeof(WCHAR)); 1760 1761 RegSetValueExW(hKey, 1762 L"DefaultUserName", 1763 0, 1764 REG_SZ, 1765 (LPBYTE)AdminInfo.Name, 1766 (wcslen(AdminInfo.Name) + 1) * sizeof(WCHAR)); 1767 1768 RegSetValueExW(hKey, 1769 L"DefaultPassword", 1770 0, 1771 REG_SZ, 1772 (LPBYTE)AdminInfo.Password, 1773 (wcslen(AdminInfo.Password) + 1) * sizeof(WCHAR)); 1774 } 1775 1776 done: 1777 if (hKey != NULL) 1778 RegCloseKey(hKey); 1779 } 1780 1781 1782 /* EOF */ 1783 1784