xref: /reactos/dll/win32/syssetup/security.c (revision 6d8aafb6)
1 /*
2  * COPYRIGHT:         See COPYING in the top level directory
3  * PROJECT:           ReactOS system libraries
4  * PURPOSE:           System setup
5  * FILE:              dll/win32/syssetup/security.c
6  * PROGRAMER:         Eric Kohl
7  */
8 
9 /* INCLUDES *****************************************************************/
10 
11 #include "precomp.h"
12 
13 #include <ntlsa.h>
14 #include <ntsecapi.h>
15 #include <ntsam.h>
16 #include <sddl.h>
17 
18 #define NDEBUG
19 #include <debug.h>
20 
21 #define TICKS_PER_DAY -864000000000LL
22 #define TICKS_PER_MINUTE -600000000LL
23 
24 /* FUNCTIONS ****************************************************************/
25 
26 NTSTATUS
27 WINAPI
28 SetAccountsDomainSid(
29     PSID DomainSid,
30     LPCWSTR DomainName)
31 {
32     PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
33     POLICY_ACCOUNT_DOMAIN_INFO Info;
34     LSA_OBJECT_ATTRIBUTES ObjectAttributes;
35     LSA_HANDLE PolicyHandle;
36 
37     SAM_HANDLE ServerHandle = NULL;
38     SAM_HANDLE DomainHandle = NULL;
39     DOMAIN_NAME_INFORMATION DomainNameInfo;
40 
41     NTSTATUS Status;
42 
43     DPRINT("SYSSETUP: SetAccountsDomainSid\n");
44 
45     memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
46     ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
47 
48     Status = LsaOpenPolicy(NULL,
49                            &ObjectAttributes,
50                            POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
51                            &PolicyHandle);
52     if (Status != STATUS_SUCCESS)
53     {
54         DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
55         return Status;
56     }
57 
58     Status = LsaQueryInformationPolicy(PolicyHandle,
59                                        PolicyAccountDomainInformation,
60                                        (PVOID *)&OrigInfo);
61     if (Status == STATUS_SUCCESS && OrigInfo != NULL)
62     {
63         if (DomainName == NULL)
64         {
65             Info.DomainName.Buffer = OrigInfo->DomainName.Buffer;
66             Info.DomainName.Length = OrigInfo->DomainName.Length;
67             Info.DomainName.MaximumLength = OrigInfo->DomainName.MaximumLength;
68         }
69         else
70         {
71             Info.DomainName.Buffer = (LPWSTR)DomainName;
72             Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
73             Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
74         }
75 
76         if (DomainSid == NULL)
77             Info.DomainSid = OrigInfo->DomainSid;
78         else
79             Info.DomainSid = DomainSid;
80     }
81     else
82     {
83         Info.DomainName.Buffer = (LPWSTR)DomainName;
84         Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
85         Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
86         Info.DomainSid = DomainSid;
87     }
88 
89     Status = LsaSetInformationPolicy(PolicyHandle,
90                                      PolicyAccountDomainInformation,
91                                      (PVOID)&Info);
92     if (Status != STATUS_SUCCESS)
93     {
94         DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status);
95     }
96 
97     if (OrigInfo != NULL)
98         LsaFreeMemory(OrigInfo);
99 
100     LsaClose(PolicyHandle);
101 
102     DomainNameInfo.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
103     DomainNameInfo.DomainName.MaximumLength = (wcslen(DomainName) + 1) * sizeof(WCHAR);
104     DomainNameInfo.DomainName.Buffer = (LPWSTR)DomainName;
105 
106     Status = SamConnect(NULL,
107                         &ServerHandle,
108                         SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
109                         NULL);
110     if (NT_SUCCESS(Status))
111     {
112         Status = SamOpenDomain(ServerHandle,
113                                DOMAIN_WRITE_OTHER_PARAMETERS,
114                                Info.DomainSid,
115                                &DomainHandle);
116         if (NT_SUCCESS(Status))
117         {
118             Status = SamSetInformationDomain(DomainHandle,
119                                              DomainNameInformation,
120                                              (PVOID)&DomainNameInfo);
121             if (!NT_SUCCESS(Status))
122             {
123                 DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status);
124             }
125 
126             SamCloseHandle(DomainHandle);
127         }
128         else
129         {
130             DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status);
131         }
132 
133         SamCloseHandle(ServerHandle);
134     }
135 
136     return Status;
137 }
138 
139 
140 /* Hack */
141 static
142 NTSTATUS
143 SetPrimaryDomain(LPCWSTR DomainName,
144                  PSID DomainSid)
145 {
146     PPOLICY_PRIMARY_DOMAIN_INFO OrigInfo = NULL;
147     POLICY_PRIMARY_DOMAIN_INFO Info;
148     LSA_OBJECT_ATTRIBUTES ObjectAttributes;
149     LSA_HANDLE PolicyHandle;
150     NTSTATUS Status;
151 
152     DPRINT1("SYSSETUP: SetPrimaryDomain()\n");
153 
154     memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
155     ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
156 
157     Status = LsaOpenPolicy(NULL,
158                            &ObjectAttributes,
159                            POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
160                            &PolicyHandle);
161     if (Status != STATUS_SUCCESS)
162     {
163         DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
164         return Status;
165     }
166 
167     Status = LsaQueryInformationPolicy(PolicyHandle,
168                                        PolicyPrimaryDomainInformation,
169                                        (PVOID *)&OrigInfo);
170     if (Status == STATUS_SUCCESS && OrigInfo != NULL)
171     {
172         if (DomainName == NULL)
173         {
174             Info.Name.Buffer = OrigInfo->Name.Buffer;
175             Info.Name.Length = OrigInfo->Name.Length;
176             Info.Name.MaximumLength = OrigInfo->Name.MaximumLength;
177         }
178         else
179         {
180             Info.Name.Buffer = (LPWSTR)DomainName;
181             Info.Name.Length = wcslen(DomainName) * sizeof(WCHAR);
182             Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR);
183         }
184 
185         if (DomainSid == NULL)
186             Info.Sid = OrigInfo->Sid;
187         else
188             Info.Sid = DomainSid;
189     }
190     else
191     {
192         Info.Name.Buffer = (LPWSTR)DomainName;
193         Info.Name.Length = wcslen(DomainName) * sizeof(WCHAR);
194         Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR);
195         Info.Sid = DomainSid;
196     }
197 
198     Status = LsaSetInformationPolicy(PolicyHandle,
199                                      PolicyPrimaryDomainInformation,
200                                      (PVOID)&Info);
201     if (Status != STATUS_SUCCESS)
202     {
203         DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status);
204     }
205 
206     if (OrigInfo != NULL)
207         LsaFreeMemory(OrigInfo);
208 
209     LsaClose(PolicyHandle);
210 
211     return Status;
212 }
213 
214 
215 static
216 VOID
217 InstallBuiltinAccounts(VOID)
218 {
219     LPWSTR BuiltinAccounts[] = {
220         L"S-1-1-0",         /* Everyone */
221         L"S-1-5-4",         /* Interactive */
222         L"S-1-5-6",         /* Service */
223         L"S-1-5-19",        /* Local Service */
224         L"S-1-5-20",        /* Network Service */
225         L"S-1-5-32-544",    /* Administrators */
226         L"S-1-5-32-545",    /* Users */
227         L"S-1-5-32-547",    /* Power Users */
228         L"S-1-5-32-551",    /* Backup Operators */
229         L"S-1-5-32-555"};   /* Remote Desktop Users */
230     LSA_OBJECT_ATTRIBUTES ObjectAttributes;
231     NTSTATUS Status;
232     LSA_HANDLE PolicyHandle = NULL;
233     LSA_HANDLE AccountHandle = NULL;
234     PSID AccountSid;
235     ULONG i;
236 
237     DPRINT("InstallBuiltinAccounts()\n");
238 
239     memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
240 
241     Status = LsaOpenPolicy(NULL,
242                            &ObjectAttributes,
243                            POLICY_CREATE_ACCOUNT,
244                            &PolicyHandle);
245     if (!NT_SUCCESS(Status))
246     {
247         DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
248         return;
249     }
250 
251     for (i = 0; i < ARRAYSIZE(BuiltinAccounts); i++)
252     {
253         if (!ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid))
254         {
255             DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", BuiltinAccounts[i], GetLastError());
256             continue;
257         }
258 
259         Status = LsaCreateAccount(PolicyHandle,
260                                   AccountSid,
261                                   0,
262                                   &AccountHandle);
263         if (NT_SUCCESS(Status))
264         {
265             LsaClose(AccountHandle);
266         }
267 
268         LocalFree(AccountSid);
269     }
270 
271     LsaClose(PolicyHandle);
272 }
273 
274 
275 static
276 VOID
277 InstallPrivileges(
278     HINF hSecurityInf)
279 {
280     LSA_OBJECT_ATTRIBUTES ObjectAttributes;
281     WCHAR szPrivilegeString[256];
282     WCHAR szSidString[256];
283     INFCONTEXT InfContext;
284     DWORD i;
285     PSID AccountSid = NULL;
286     NTSTATUS Status;
287     LSA_HANDLE PolicyHandle = NULL;
288     LSA_UNICODE_STRING RightString, AccountName;
289     PLSA_REFERENCED_DOMAIN_LIST ReferencedDomains = NULL;
290     PLSA_TRANSLATED_SID2 Sids = NULL;
291 
292     DPRINT("InstallPrivileges()\n");
293 
294     memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
295 
296     Status = LsaOpenPolicy(NULL,
297                            &ObjectAttributes,
298                            POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES,
299                            &PolicyHandle);
300     if (!NT_SUCCESS(Status))
301     {
302         DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
303         goto done;
304     }
305 
306     if (!SetupFindFirstLineW(hSecurityInf,
307                              L"Privilege Rights",
308                              NULL,
309                              &InfContext))
310     {
311         DPRINT1("SetupFindFirstLineW failed\n");
312         goto done;
313     }
314 
315     do
316     {
317         /* Retrieve the privilege name */
318         if (!SetupGetStringFieldW(&InfContext,
319                                   0,
320                                   szPrivilegeString,
321                                   ARRAYSIZE(szPrivilegeString),
322                                   NULL))
323         {
324             DPRINT1("SetupGetStringFieldW() failed\n");
325             goto done;
326         }
327         DPRINT("Privilege: %S\n", szPrivilegeString);
328 
329         for (i = 0; i < SetupGetFieldCount(&InfContext); i++)
330         {
331             if (!SetupGetStringFieldW(&InfContext,
332                                       i + 1,
333                                       szSidString,
334                                       ARRAYSIZE(szSidString),
335                                       NULL))
336             {
337                 DPRINT1("SetupGetStringFieldW() failed\n");
338                 goto done;
339             }
340             DPRINT("SID: %S\n", szSidString);
341 
342             if (szSidString[0] == UNICODE_NULL)
343                 continue;
344 
345             if (szSidString[0] == L'*')
346             {
347                 DPRINT("Account Sid: %S\n", &szSidString[1]);
348 
349                 if (!ConvertStringSidToSid(&szSidString[1], &AccountSid))
350                 {
351                     DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", szSidString, GetLastError());
352                     continue;
353                 }
354             }
355             else
356             {
357                 DPRINT("Account name: %S\n", szSidString);
358 
359                 ReferencedDomains = NULL;
360                 Sids = NULL;
361                 RtlInitUnicodeString(&AccountName, szSidString);
362                 Status = LsaLookupNames2(PolicyHandle,
363                                          0,
364                                          1,
365                                          &AccountName,
366                                          &ReferencedDomains,
367                                          &Sids);
368                 if (ReferencedDomains != NULL)
369                 {
370                     LsaFreeMemory(ReferencedDomains);
371                 }
372 
373                 if (!NT_SUCCESS(Status))
374                 {
375                     DPRINT1("LsaLookupNames2() failed (Status 0x%08lx)\n", Status);
376 
377                     if (Sids != NULL)
378                     {
379                         LsaFreeMemory(Sids);
380                         Sids = NULL;
381                     }
382 
383                     continue;
384                 }
385             }
386 
387             RtlInitUnicodeString(&RightString, szPrivilegeString);
388             Status = LsaAddAccountRights(PolicyHandle,
389                                          (AccountSid != NULL) ? AccountSid : Sids[0].Sid,
390                                          &RightString,
391                                          1);
392             if (!NT_SUCCESS(Status))
393             {
394                 DPRINT1("LsaAddAccountRights() failed (Status %08lx)\n", Status);
395             }
396 
397             if (Sids != NULL)
398             {
399                 LsaFreeMemory(Sids);
400                 Sids = NULL;
401             }
402 
403             if (AccountSid != NULL)
404             {
405                 LocalFree(AccountSid);
406                 AccountSid = NULL;
407             }
408         }
409 
410     }
411     while (SetupFindNextLine(&InfContext, &InfContext));
412 
413 done:
414     if (PolicyHandle != NULL)
415         LsaClose(PolicyHandle);
416 }
417 
418 
419 static
420 VOID
421 ApplyRegistryValues(
422     HINF hSecurityInf)
423 {
424     WCHAR szRegistryPath[MAX_PATH];
425     WCHAR szRootName[MAX_PATH];
426     WCHAR szKeyName[MAX_PATH];
427     WCHAR szValueName[MAX_PATH];
428     INFCONTEXT InfContext;
429     DWORD dwLength, dwType;
430     HKEY hRootKey, hKey;
431     PWSTR Ptr1, Ptr2;
432     DWORD dwError;
433     PVOID pBuffer;
434 
435     DPRINT("ApplyRegistryValues()\n");
436 
437     if (!SetupFindFirstLineW(hSecurityInf,
438                              L"Registry Values",
439                              NULL,
440                              &InfContext))
441     {
442         DPRINT1("SetupFindFirstLineW failed\n");
443         return;
444     }
445 
446     do
447     {
448         /* Retrieve the privilege name */
449         if (!SetupGetStringFieldW(&InfContext,
450                                   0,
451                                   szRegistryPath,
452                                   ARRAYSIZE(szRegistryPath),
453                                   NULL))
454         {
455             DPRINT1("SetupGetStringFieldW() failed\n");
456             return;
457         }
458 
459         DPRINT("RegistryPath: %S\n", szRegistryPath);
460 
461         Ptr1 = wcschr(szRegistryPath, L'\\');
462         Ptr2 = wcsrchr(szRegistryPath, L'\\');
463         if (Ptr1 != NULL && Ptr2 != NULL && Ptr1 != Ptr2)
464         {
465             dwLength = (DWORD)(((ULONG_PTR)Ptr1 - (ULONG_PTR)szRegistryPath) / sizeof(WCHAR));
466             wcsncpy(szRootName, szRegistryPath, dwLength);
467             szRootName[dwLength] = UNICODE_NULL;
468 
469             Ptr1++;
470             dwLength = (DWORD)(((ULONG_PTR)Ptr2 - (ULONG_PTR)Ptr1) / sizeof(WCHAR));
471             wcsncpy(szKeyName, Ptr1, dwLength);
472             szKeyName[dwLength] = UNICODE_NULL;
473 
474             Ptr2++;
475             wcscpy(szValueName, Ptr2);
476 
477             DPRINT("RootName: %S\n", szRootName);
478             DPRINT("KeyName: %S\n", szKeyName);
479             DPRINT("ValueName: %S\n", szValueName);
480 
481             if (_wcsicmp(szRootName, L"Machine") == 0)
482             {
483                 hRootKey = HKEY_LOCAL_MACHINE;
484             }
485             else
486             {
487                 DPRINT1("Unsupported root key %S\n", szRootName);
488                 break;
489             }
490 
491             if (!SetupGetIntField(&InfContext,
492                                   1,
493                                   (PINT)&dwType))
494             {
495                 DPRINT1("Failed to get key type (Error %lu)\n", GetLastError());
496                 break;
497             }
498 
499             if (dwType != REG_SZ && dwType != REG_EXPAND_SZ && dwType != REG_BINARY &&
500                 dwType != REG_DWORD && dwType != REG_MULTI_SZ)
501             {
502                 DPRINT1("Invalid value type %lu\n", dwType);
503                 break;
504             }
505 
506             dwLength = 0;
507             switch (dwType)
508             {
509                 case REG_SZ:
510                 case REG_EXPAND_SZ:
511                     SetupGetStringField(&InfContext,
512                                         2,
513                                         NULL,
514                                         0,
515                                         &dwLength);
516                     dwLength *= sizeof(WCHAR);
517                     break;
518 
519                 case REG_BINARY:
520                     SetupGetBinaryField(&InfContext,
521                                         2,
522                                         NULL,
523                                         0,
524                                         &dwLength);
525                     break;
526 
527                 case REG_DWORD:
528                     dwLength = sizeof(INT);
529                     break;
530 
531                 case REG_MULTI_SZ:
532                     SetupGetMultiSzField(&InfContext,
533                                          2,
534                                          NULL,
535                                          0,
536                                          &dwLength);
537                     dwLength *= sizeof(WCHAR);
538                     break;
539             }
540 
541             if (dwLength == 0)
542             {
543                 DPRINT1("Failed to determine the required buffer size!\n");
544                 break;
545             }
546 
547             dwError = RegCreateKeyExW(hRootKey,
548                                       szKeyName,
549                                       0,
550                                       NULL,
551                                       REG_OPTION_NON_VOLATILE,
552                                       KEY_WRITE,
553                                       NULL,
554                                       &hKey,
555                                       NULL);
556             if (dwError != ERROR_SUCCESS)
557             {
558                 DPRINT1("Failed to create the key %S (Error %lu)\n", szKeyName, dwError);
559                 break;
560             }
561 
562             pBuffer = HeapAlloc(GetProcessHeap(), 0, dwLength);
563             if (pBuffer)
564             {
565                 switch (dwType)
566                 {
567                     case REG_SZ:
568                     case REG_EXPAND_SZ:
569                         SetupGetStringField(&InfContext,
570                                             2,
571                                             pBuffer,
572                                             dwLength / sizeof(WCHAR),
573                                             &dwLength);
574                         dwLength *= sizeof(WCHAR);
575                         break;
576 
577                     case REG_BINARY:
578                         SetupGetBinaryField(&InfContext,
579                                             2,
580                                             pBuffer,
581                                             dwLength,
582                                             &dwLength);
583                         break;
584 
585                     case REG_DWORD:
586                         SetupGetIntField(&InfContext,
587                                          2,
588                                          pBuffer);
589                         break;
590 
591                     case REG_MULTI_SZ:
592                         SetupGetMultiSzField(&InfContext,
593                                              2,
594                                              pBuffer,
595                                              dwLength / sizeof(WCHAR),
596                                              &dwLength);
597                         dwLength *= sizeof(WCHAR);
598                         break;
599                 }
600 
601                 RegSetValueEx(hKey,
602                               szValueName,
603                               0,
604                               dwType,
605                               pBuffer,
606                               dwLength);
607 
608                 HeapFree(GetProcessHeap(), 0, pBuffer);
609             }
610 
611             RegCloseKey(hKey);
612         }
613     }
614     while (SetupFindNextLine(&InfContext, &InfContext));
615 }
616 
617 
618 static
619 VOID
620 ApplyEventlogSettings(
621     _In_ HINF hSecurityInf,
622     _In_ PWSTR pszSectionName,
623     _In_ PWSTR pszLogName)
624 {
625     INFCONTEXT InfContext;
626     HKEY hServiceKey = NULL, hLogKey = NULL;
627     DWORD dwValue, dwError;
628     BOOL bValueSet;
629 
630     DPRINT("ApplyEventlogSettings(%p %S %S)\n",
631            hSecurityInf, pszSectionName, pszLogName);
632 
633     dwError = RegCreateKeyExW(HKEY_LOCAL_MACHINE,
634                               L"System\\CurrentControlSet\\Services\\Eventlog",
635                               0,
636                               NULL,
637                               REG_OPTION_NON_VOLATILE,
638                               KEY_WRITE,
639                               NULL,
640                               &hServiceKey,
641                               NULL);
642     if (dwError != ERROR_SUCCESS)
643     {
644         DPRINT1("Failed to create the Eventlog Service key (Error %lu)\n", dwError);
645         return;
646     }
647 
648     dwError = RegCreateKeyExW(hServiceKey,
649                               pszLogName,
650                               0,
651                               NULL,
652                               REG_OPTION_NON_VOLATILE,
653                               KEY_WRITE,
654                               NULL,
655                               &hLogKey,
656                               NULL);
657     if (dwError != ERROR_SUCCESS)
658     {
659         DPRINT1("Failed to create the key %S (Error %lu)\n", pszLogName, dwError);
660         RegCloseKey(hServiceKey);
661         return;
662     }
663 
664     if (SetupFindFirstLineW(hSecurityInf,
665                             pszSectionName,
666                             L"MaximumLogSize",
667                             &InfContext))
668     {
669         DPRINT("MaximumLogSize\n");
670         dwValue = 0;
671         SetupGetIntField(&InfContext,
672                          1,
673                          (PINT)&dwValue);
674 
675         DPRINT("MaximumLogSize: %lu (kByte)\n", dwValue);
676         if (dwValue >= 64 && dwValue <= 4194240)
677         {
678             dwValue *= 1024;
679 
680             DPRINT("MaxSize: %lu\n", dwValue);
681             RegSetValueEx(hLogKey,
682                           L"MaxSize",
683                           0,
684                           REG_DWORD,
685                           (LPBYTE)&dwValue,
686                           sizeof(dwValue));
687         }
688     }
689 
690     if (SetupFindFirstLineW(hSecurityInf,
691                             pszSectionName,
692                             L"AuditLogRetentionPeriod",
693                             &InfContext))
694     {
695         bValueSet = FALSE;
696         dwValue = 0;
697         SetupGetIntField(&InfContext,
698                          1,
699                          (PINT)&dwValue);
700         if (dwValue == 0)
701         {
702             bValueSet = TRUE;
703         }
704         else if (dwValue == 1)
705         {
706             if (SetupFindFirstLineW(hSecurityInf,
707                                     pszSectionName,
708                                     L"RetentionDays",
709                                     &InfContext))
710             {
711                 SetupGetIntField(&InfContext,
712                                  1,
713                                  (PINT)&dwValue);
714                 dwValue *= 86400;
715                 bValueSet = TRUE;
716             }
717         }
718         else if (dwValue == 2)
719         {
720             dwValue = (DWORD)-1;
721             bValueSet = TRUE;
722         }
723 
724         if (bValueSet)
725         {
726             DPRINT("Retention: %lu\n", dwValue);
727             RegSetValueEx(hLogKey,
728                           L"Retention",
729                           0,
730                           REG_DWORD,
731                           (LPBYTE)&dwValue,
732                           sizeof(dwValue));
733         }
734     }
735 
736     if (SetupFindFirstLineW(hSecurityInf,
737                             pszSectionName,
738                             L"RestrictGuestAccess",
739                             &InfContext))
740     {
741         dwValue = 0;
742         SetupGetIntField(&InfContext,
743                          1,
744                          (PINT)&dwValue);
745         if (dwValue == 0 || dwValue == 1)
746         {
747             DPRINT("RestrictGuestAccess: %lu\n", dwValue);
748             RegSetValueEx(hLogKey,
749                           L"RestrictGuestAccess",
750                           0,
751                           REG_DWORD,
752                           (LPBYTE)&dwValue,
753                           sizeof(dwValue));
754         }
755     }
756 
757     RegCloseKey(hLogKey);
758     RegCloseKey(hServiceKey);
759 }
760 
761 
762 static
763 VOID
764 ApplyPasswordSettings(
765     _In_ HINF hSecurityInf,
766     _In_ PWSTR pszSectionName)
767 {
768     INFCONTEXT InfContext;
769     DOMAIN_PASSWORD_INFORMATION PasswordInfo;
770     PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
771     LSA_OBJECT_ATTRIBUTES ObjectAttributes;
772     LSA_HANDLE PolicyHandle = NULL;
773     SAM_HANDLE ServerHandle = NULL;
774     SAM_HANDLE DomainHandle = NULL;
775     INT nValue;
776     NTSTATUS Status;
777 
778     DPRINT("ApplyPasswordSettings()\n");
779 
780     memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
781     ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
782 
783     Status = LsaOpenPolicy(NULL,
784                            &ObjectAttributes,
785                            POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
786                            &PolicyHandle);
787     if (Status != STATUS_SUCCESS)
788     {
789         DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
790         return;
791     }
792 
793     Status = LsaQueryInformationPolicy(PolicyHandle,
794                                        PolicyAccountDomainInformation,
795                                        (PVOID *)&OrigInfo);
796     if (!NT_SUCCESS(Status))
797     {
798         DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
799         goto done;
800     }
801 
802     Status = SamConnect(NULL,
803                         &ServerHandle,
804                         SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
805                         NULL);
806     if (!NT_SUCCESS(Status))
807     {
808         DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
809         goto done;
810     }
811 
812     Status = SamOpenDomain(ServerHandle,
813                            DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS,
814                            OrigInfo->DomainSid,
815                            &DomainHandle);
816     if (!NT_SUCCESS(Status))
817     {
818         DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
819         goto done;
820     }
821 
822     Status = SamQueryInformationDomain(DomainHandle,
823                                        DomainPasswordInformation,
824                                        (PVOID*)&PasswordInfo);
825     if (!NT_SUCCESS(Status))
826     {
827         DPRINT1("SamQueryInformationDomain() failed (Status %08lx)\n", Status);
828         goto done;
829     }
830 
831     DPRINT("MaximumPasswordAge (OldValue) : 0x%I64x\n", PasswordInfo.MaxPasswordAge.QuadPart);
832     if (SetupFindFirstLineW(hSecurityInf,
833                             pszSectionName,
834                             L"MaximumPasswordAge",
835                             &InfContext))
836     {
837         if (SetupGetIntField(&InfContext, 1, &nValue))
838         {
839             DPRINT("Value: %ld\n", nValue);
840             if (nValue == -1)
841             {
842                 PasswordInfo.MaxPasswordAge.QuadPart = 0x8000000000000000;
843             }
844             else if ((nValue >= 1) && (nValue < 1000))
845             {
846                 PasswordInfo.MaxPasswordAge.QuadPart = (LONGLONG)nValue * TICKS_PER_DAY;
847             }
848             DPRINT("MaximumPasswordAge (NewValue) : 0x%I64x\n", PasswordInfo.MaxPasswordAge.QuadPart);
849         }
850     }
851 
852     DPRINT("MinimumPasswordAge (OldValue) : 0x%I64x\n", PasswordInfo.MinPasswordAge.QuadPart);
853     if (SetupFindFirstLineW(hSecurityInf,
854                             pszSectionName,
855                             L"MinimumPasswordAge",
856                             &InfContext))
857     {
858         if (SetupGetIntField(&InfContext, 1, &nValue))
859         {
860             DPRINT("Wert: %ld\n", nValue);
861             if ((nValue >= 0) && (nValue < 1000))
862             {
863                 if (PasswordInfo.MaxPasswordAge.QuadPart < (LONGLONG)nValue * TICKS_PER_DAY)
864                     PasswordInfo.MinPasswordAge.QuadPart = (LONGLONG)nValue * TICKS_PER_DAY;
865             }
866             DPRINT("MinimumPasswordAge (NewValue) : 0x%I64x\n", PasswordInfo.MinPasswordAge.QuadPart);
867         }
868     }
869 
870     DPRINT("MinimumPasswordLength (OldValue) : %lu\n", PasswordInfo.MinPasswordLength);
871     if (SetupFindFirstLineW(hSecurityInf,
872                             pszSectionName,
873                             L"MinimumPasswordLength",
874                             &InfContext))
875     {
876         if (SetupGetIntField(&InfContext, 1, &nValue))
877         {
878             DPRINT("Value: %ld\n", nValue);
879             if ((nValue >= 0) && (nValue <= 65535))
880             {
881                 PasswordInfo.MinPasswordLength = nValue;
882             }
883             DPRINT("MinimumPasswordLength (NewValue) : %lu\n", PasswordInfo.MinPasswordLength);
884         }
885     }
886 
887     DPRINT("PasswordHistoryLength (OldValue) : %lu\n", PasswordInfo.PasswordHistoryLength);
888     if (SetupFindFirstLineW(hSecurityInf,
889                             pszSectionName,
890                             L"PasswordHistorySize",
891                             &InfContext))
892     {
893         if (SetupGetIntField(&InfContext, 1, &nValue))
894         {
895             DPRINT("Value: %ld\n", nValue);
896             if ((nValue >= 0) && (nValue <= 65535))
897             {
898                 PasswordInfo.PasswordHistoryLength = nValue;
899             }
900             DPRINT("PasswordHistoryLength (NewValue) : %lu\n", PasswordInfo.PasswordHistoryLength);
901         }
902     }
903 
904     if (SetupFindFirstLineW(hSecurityInf,
905                             pszSectionName,
906                             L"PasswordComplexity",
907                             &InfContext))
908     {
909         if (SetupGetIntField(&InfContext, 1, &nValue))
910         {
911             if (nValue == 0)
912             {
913                 PasswordInfo.PasswordProperties &= ~DOMAIN_PASSWORD_COMPLEX;
914             }
915             else
916             {
917                 PasswordInfo.PasswordProperties |= DOMAIN_PASSWORD_COMPLEX;
918             }
919         }
920     }
921 
922     if (SetupFindFirstLineW(hSecurityInf,
923                             pszSectionName,
924                             L"ClearTextPassword",
925                             &InfContext))
926     {
927         if (SetupGetIntField(&InfContext, 1, &nValue))
928         {
929             if (nValue == 0)
930             {
931                 PasswordInfo.PasswordProperties &= ~DOMAIN_PASSWORD_STORE_CLEARTEXT;
932             }
933             else
934             {
935                 PasswordInfo.PasswordProperties |= DOMAIN_PASSWORD_STORE_CLEARTEXT;
936             }
937         }
938     }
939 
940     /* Windows ignores the RequireLogonToChangePassword option */
941 
942     Status = SamSetInformationDomain(DomainHandle,
943                                      DomainPasswordInformation,
944                                      (PVOID*)&PasswordInfo);
945     if (!NT_SUCCESS(Status))
946     {
947         DPRINT1("SamSetInformationDomain() failed (Status %08lx)\n", Status);
948         goto done;
949     }
950 
951 done:
952     if (DomainHandle != NULL)
953         SamCloseHandle(DomainHandle);
954 
955     if (ServerHandle != NULL)
956         SamCloseHandle(ServerHandle);
957 
958     if (OrigInfo != NULL)
959         LsaFreeMemory(OrigInfo);
960 
961     if (PolicyHandle != NULL)
962         LsaClose(PolicyHandle);
963 }
964 
965 
966 static
967 VOID
968 ApplyLockoutSettings(
969     _In_ HINF hSecurityInf,
970     _In_ PWSTR pszSectionName)
971 {
972     INFCONTEXT InfContext;
973     DOMAIN_LOCKOUT_INFORMATION LockoutInfo;
974     PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
975     LSA_OBJECT_ATTRIBUTES ObjectAttributes;
976     LSA_HANDLE PolicyHandle = NULL;
977     SAM_HANDLE ServerHandle = NULL;
978     SAM_HANDLE DomainHandle = NULL;
979     INT nValue;
980     NTSTATUS Status;
981 
982     DPRINT("ApplyLockoutSettings()\n");
983 
984     memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
985     ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
986 
987     Status = LsaOpenPolicy(NULL,
988                            &ObjectAttributes,
989                            POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
990                            &PolicyHandle);
991     if (Status != STATUS_SUCCESS)
992     {
993         DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
994         return;
995     }
996 
997     Status = LsaQueryInformationPolicy(PolicyHandle,
998                                        PolicyAccountDomainInformation,
999                                        (PVOID *)&OrigInfo);
1000     if (!NT_SUCCESS(Status))
1001     {
1002         DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
1003         goto done;
1004     }
1005 
1006     Status = SamConnect(NULL,
1007                         &ServerHandle,
1008                         SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
1009                         NULL);
1010     if (!NT_SUCCESS(Status))
1011     {
1012         DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
1013         goto done;
1014     }
1015 
1016     Status = SamOpenDomain(ServerHandle,
1017                            DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS,
1018                            OrigInfo->DomainSid,
1019                            &DomainHandle);
1020     if (!NT_SUCCESS(Status))
1021     {
1022         DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
1023         goto done;
1024     }
1025 
1026     Status = SamQueryInformationDomain(DomainHandle,
1027                                        DomainLockoutInformation,
1028                                        (PVOID*)&LockoutInfo);
1029     if (!NT_SUCCESS(Status))
1030     {
1031         DPRINT1("SamQueryInformationDomain() failed (Status %08lx)\n", Status);
1032         goto done;
1033     }
1034 
1035     if (SetupFindFirstLineW(hSecurityInf,
1036                             pszSectionName,
1037                             L"LockoutBadCount",
1038                             &InfContext))
1039     {
1040         if (SetupGetIntField(&InfContext, 1, &nValue))
1041         {
1042             if (nValue >= 0)
1043             {
1044                 LockoutInfo.LockoutThreshold = nValue;
1045             }
1046         }
1047     }
1048 
1049     if (SetupFindFirstLineW(hSecurityInf,
1050                             pszSectionName,
1051                             L"ResetLockoutCount",
1052                             &InfContext))
1053     {
1054         if (SetupGetIntField(&InfContext, 1, &nValue))
1055         {
1056             if (nValue >= 0)
1057             {
1058                 LockoutInfo.LockoutObservationWindow.QuadPart = (LONGLONG)nValue * TICKS_PER_MINUTE;
1059             }
1060         }
1061     }
1062 
1063     if (SetupFindFirstLineW(hSecurityInf,
1064                             pszSectionName,
1065                             L"LockoutDuration",
1066                             &InfContext))
1067     {
1068         if (SetupGetIntField(&InfContext, 1, &nValue))
1069         {
1070             if (nValue == -1)
1071             {
1072                 LockoutInfo.LockoutDuration.QuadPart = 0x8000000000000000LL;
1073             }
1074             else if ((nValue >= 0) && (nValue < 100000))
1075             {
1076                 LockoutInfo.LockoutDuration.QuadPart = (LONGLONG)nValue * TICKS_PER_MINUTE;
1077             }
1078         }
1079     }
1080 
1081     Status = SamSetInformationDomain(DomainHandle,
1082                                      DomainLockoutInformation,
1083                                      (PVOID*)&LockoutInfo);
1084     if (!NT_SUCCESS(Status))
1085     {
1086         DPRINT1("SamSetInformationDomain() failed (Status %08lx)\n", Status);
1087         goto done;
1088     }
1089 
1090 done:
1091     if (DomainHandle != NULL)
1092         SamCloseHandle(DomainHandle);
1093 
1094     if (ServerHandle != NULL)
1095         SamCloseHandle(ServerHandle);
1096 
1097     if (OrigInfo != NULL)
1098         LsaFreeMemory(OrigInfo);
1099 
1100     if (PolicyHandle != NULL)
1101         LsaClose(PolicyHandle);
1102 }
1103 
1104 
1105 static
1106 VOID
1107 SetLsaAnonymousNameLookup(
1108     _In_ HINF hSecurityInf,
1109     _In_ PWSTR pszSectionName)
1110 {
1111 #if 0
1112     INFCONTEXT InfContext;
1113     INT nValue = 0;
1114 
1115     DPRINT1("SetLsaAnonymousNameLookup()\n");
1116 
1117     if (!SetupFindFirstLineW(hSecurityInf,
1118                              pszSectionName,
1119                              L"LSAAnonymousNameLookup",
1120                              &InfContext))
1121     {
1122         return;
1123     }
1124 
1125     if (!SetupGetIntField(&InfContext, 1, &nValue))
1126     {
1127         return;
1128     }
1129 
1130     if (nValue == 0)
1131     {
1132     }
1133     else
1134     {
1135     }
1136 #endif
1137 }
1138 
1139 
1140 static
1141 VOID
1142 EnableAccount(
1143     _In_ HINF hSecurityInf,
1144     _In_ PWSTR pszSectionName,
1145     _In_ PWSTR pszValueName,
1146     _In_ SAM_HANDLE DomainHandle,
1147     _In_ DWORD dwAccountRid)
1148 {
1149     INFCONTEXT InfContext;
1150     SAM_HANDLE UserHandle = NULL;
1151     USER_CONTROL_INFORMATION ControlInfo;
1152     INT nValue = 0;
1153     NTSTATUS Status;
1154 
1155     DPRINT("EnableAccount()\n");
1156 
1157     if (!SetupFindFirstLineW(hSecurityInf,
1158                             pszSectionName,
1159                             pszValueName,
1160                             &InfContext))
1161         return;
1162 
1163     if (!SetupGetIntField(&InfContext, 1, &nValue))
1164     {
1165         DPRINT1("No valid integer value\n");
1166         goto done;
1167     }
1168 
1169     DPRINT("Value: %d\n", nValue);
1170 
1171     Status = SamOpenUser(DomainHandle,
1172                          USER_READ_ACCOUNT | USER_WRITE_ACCOUNT,
1173                          dwAccountRid,
1174                          &UserHandle);
1175     if (!NT_SUCCESS(Status))
1176     {
1177         DPRINT1("SamOpenUser() failed (Status: 0x%08lx)\n", Status);
1178         goto done;
1179     }
1180 
1181     Status = SamQueryInformationUser(UserHandle,
1182                                      UserControlInformation,
1183                                      (PVOID)&ControlInfo);
1184     if (!NT_SUCCESS(Status))
1185     {
1186         DPRINT1("SamQueryInformationUser() failed (Status: 0x%08lx)\n", Status);
1187         goto done;
1188     }
1189 
1190     if (nValue == 0)
1191     {
1192         ControlInfo.UserAccountControl |= USER_ACCOUNT_DISABLED;
1193     }
1194     else
1195     {
1196         ControlInfo.UserAccountControl &= ~USER_ACCOUNT_DISABLED;
1197     }
1198 
1199     Status = SamSetInformationUser(UserHandle,
1200                                    UserControlInformation,
1201                                    (PVOID)&ControlInfo);
1202     if (!NT_SUCCESS(Status))
1203     {
1204         DPRINT1("SamSetInformationUser() failed (Status: 0x%08lx)\n", Status);
1205     }
1206 
1207 done:
1208     if (UserHandle != NULL)
1209         SamCloseHandle(UserHandle);
1210 }
1211 
1212 
1213 static
1214 VOID
1215 SetNewAccountName(
1216     _In_ HINF hSecurityInf,
1217     _In_ PWSTR pszSectionName,
1218     _In_ PWSTR pszValueName,
1219     _In_ SAM_HANDLE DomainHandle,
1220     _In_ DWORD dwAccountRid)
1221 {
1222     INFCONTEXT InfContext;
1223     DWORD dwLength = 0;
1224     PWSTR pszName = NULL;
1225     SAM_HANDLE UserHandle = NULL;
1226     USER_NAME_INFORMATION NameInfo;
1227     NTSTATUS Status;
1228 
1229     DPRINT("SetNewAccountName()\n");
1230 
1231     if (!SetupFindFirstLineW(hSecurityInf,
1232                             pszSectionName,
1233                             pszValueName,
1234                             &InfContext))
1235         return;
1236 
1237     SetupGetStringFieldW(&InfContext,
1238                          1,
1239                          NULL,
1240                          0,
1241                          &dwLength);
1242     if (dwLength == 0)
1243         return;
1244 
1245     pszName = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwLength * sizeof(WCHAR));
1246     if (pszName == NULL)
1247     {
1248         DPRINT1("HeapAlloc() failed\n");
1249         return;
1250     }
1251 
1252     if (!SetupGetStringFieldW(&InfContext,
1253                               1,
1254                               pszName,
1255                               dwLength,
1256                               &dwLength))
1257     {
1258         DPRINT1("No valid string value\n");
1259         goto done;
1260     }
1261 
1262     DPRINT("NewAccountName: '%S'\n", pszName);
1263 
1264     Status = SamOpenUser(DomainHandle,
1265                          USER_WRITE_ACCOUNT,
1266                          dwAccountRid,
1267                          &UserHandle);
1268     if (!NT_SUCCESS(Status))
1269     {
1270         DPRINT1("SamOpenUser() failed (Status: 0x%08lx)\n", Status);
1271         goto done;
1272     }
1273 
1274     NameInfo.UserName.Length = wcslen(pszName) * sizeof(WCHAR);
1275     NameInfo.UserName.MaximumLength = NameInfo.UserName.Length + sizeof(WCHAR);
1276     NameInfo.UserName.Buffer = pszName;
1277     NameInfo.FullName.Length = 0;
1278     NameInfo.FullName.MaximumLength = 0;
1279     NameInfo.FullName.Buffer = NULL;
1280 
1281     Status = SamSetInformationUser(UserHandle,
1282                                    UserNameInformation,
1283                                    (PVOID)&NameInfo);
1284     if (!NT_SUCCESS(Status))
1285     {
1286         DPRINT1("SamSetInformationUser() failed (Status: 0x%08lx)\n", Status);
1287     }
1288 
1289 done:
1290     if (UserHandle != NULL)
1291         SamCloseHandle(UserHandle);
1292 
1293     if (pszName != NULL)
1294         HeapFree(GetProcessHeap(), 0, pszName);
1295 }
1296 
1297 
1298 static
1299 VOID
1300 ApplyAccountSettings(
1301     _In_ HINF hSecurityInf,
1302     _In_ PWSTR pszSectionName)
1303 {
1304     PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
1305     LSA_OBJECT_ATTRIBUTES ObjectAttributes;
1306     LSA_HANDLE PolicyHandle = NULL;
1307     SAM_HANDLE ServerHandle = NULL;
1308     SAM_HANDLE DomainHandle = NULL;
1309     NTSTATUS Status;
1310 
1311     DPRINT("ApplyAccountSettings()\n");
1312 
1313     memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
1314     ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
1315 
1316     Status = LsaOpenPolicy(NULL,
1317                            &ObjectAttributes,
1318                            POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
1319                            &PolicyHandle);
1320     if (Status != STATUS_SUCCESS)
1321     {
1322         DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
1323         return;
1324     }
1325 
1326     Status = LsaQueryInformationPolicy(PolicyHandle,
1327                                        PolicyAccountDomainInformation,
1328                                        (PVOID *)&OrigInfo);
1329     if (!NT_SUCCESS(Status))
1330     {
1331         DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
1332         goto done;
1333     }
1334 
1335     Status = SamConnect(NULL,
1336                         &ServerHandle,
1337                         SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
1338                         NULL);
1339     if (!NT_SUCCESS(Status))
1340     {
1341         DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
1342         goto done;
1343     }
1344 
1345     Status = SamOpenDomain(ServerHandle,
1346                            DOMAIN_LOOKUP,
1347                            OrigInfo->DomainSid,
1348                            &DomainHandle);
1349     if (!NT_SUCCESS(Status))
1350     {
1351         DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
1352         goto done;
1353     }
1354 
1355     SetLsaAnonymousNameLookup(hSecurityInf,
1356                               pszSectionName);
1357 
1358     EnableAccount(hSecurityInf,
1359                   pszSectionName,
1360                   L"EnableAdminAccount",
1361                   DomainHandle,
1362                   DOMAIN_USER_RID_ADMIN);
1363 
1364     EnableAccount(hSecurityInf,
1365                   pszSectionName,
1366                   L"EnableGuestAccount",
1367                   DomainHandle,
1368                   DOMAIN_USER_RID_GUEST);
1369 
1370     SetNewAccountName(hSecurityInf,
1371                       pszSectionName,
1372                       L"NewAdministratorName",
1373                       DomainHandle,
1374                       DOMAIN_USER_RID_ADMIN);
1375 
1376     SetNewAccountName(hSecurityInf,
1377                       pszSectionName,
1378                       L"NewGuestName",
1379                       DomainHandle,
1380                       DOMAIN_USER_RID_GUEST);
1381 
1382 done:
1383     if (DomainHandle != NULL)
1384         SamCloseHandle(DomainHandle);
1385 
1386     if (ServerHandle != NULL)
1387         SamCloseHandle(ServerHandle);
1388 
1389     if (OrigInfo != NULL)
1390         LsaFreeMemory(OrigInfo);
1391 
1392     if (PolicyHandle != NULL)
1393         LsaClose(PolicyHandle);
1394 }
1395 
1396 
1397 static
1398 VOID
1399 ApplyAuditEvents(
1400     _In_ HINF hSecurityInf)
1401 {
1402     LSA_OBJECT_ATTRIBUTES ObjectAttributes;
1403     INFCONTEXT InfContext;
1404     WCHAR szOptionName[256];
1405     INT nValue;
1406     LSA_HANDLE PolicyHandle = NULL;
1407     POLICY_AUDIT_EVENTS_INFO AuditInfo;
1408     PULONG AuditOptions = NULL;
1409     NTSTATUS Status;
1410 
1411     DPRINT("ApplyAuditEvents(%p)\n", hSecurityInf);
1412 
1413     if (!SetupFindFirstLineW(hSecurityInf,
1414                              L"Event Audit",
1415                              NULL,
1416                              &InfContext))
1417     {
1418         DPRINT1("SetupFindFirstLineW failed\n");
1419         return;
1420     }
1421 
1422     ZeroMemory(&ObjectAttributes, sizeof(LSA_OBJECT_ATTRIBUTES));
1423 
1424     Status = LsaOpenPolicy(NULL,
1425                            &ObjectAttributes,
1426                            POLICY_SET_AUDIT_REQUIREMENTS,
1427                            &PolicyHandle);
1428     if (!NT_SUCCESS(Status))
1429     {
1430         DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
1431         return;
1432     }
1433 
1434     AuditOptions = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
1435                              (AuditCategoryAccountLogon + 1) * sizeof(ULONG));
1436     if (AuditOptions == NULL)
1437     {
1438         DPRINT1("Failed to allocate the auditiing options array!\n");
1439         goto done;
1440     }
1441 
1442     AuditInfo.AuditingMode = TRUE;
1443     AuditInfo.EventAuditingOptions = AuditOptions;
1444     AuditInfo.MaximumAuditEventCount = AuditCategoryAccountLogon + 1;
1445 
1446     do
1447     {
1448         /* Retrieve the group name */
1449         if (!SetupGetStringFieldW(&InfContext,
1450                                   0,
1451                                   szOptionName,
1452                                   ARRAYSIZE(szOptionName),
1453                                   NULL))
1454         {
1455             DPRINT1("SetupGetStringFieldW() failed\n");
1456             continue;
1457         }
1458 
1459         DPRINT("Option: '%S'\n", szOptionName);
1460 
1461         if (!SetupGetIntField(&InfContext,
1462                               1,
1463                               &nValue))
1464         {
1465             DPRINT1("SetupGetStringFieldW() failed\n");
1466             continue;
1467         }
1468 
1469         DPRINT("Value: %d\n", nValue);
1470 
1471         if ((nValue < POLICY_AUDIT_EVENT_UNCHANGED) || (nValue > POLICY_AUDIT_EVENT_NONE))
1472         {
1473             DPRINT1("Invalid audit option!\n");
1474             continue;
1475         }
1476 
1477         if (_wcsicmp(szOptionName, L"AuditSystemEvents") == 0)
1478         {
1479             AuditOptions[AuditCategorySystem] = (ULONG)nValue;
1480         }
1481         else if (_wcsicmp(szOptionName, L"AuditLogonEvents") == 0)
1482         {
1483             AuditOptions[AuditCategoryLogon] = (ULONG)nValue;
1484         }
1485         else if (_wcsicmp(szOptionName, L"AuditObjectAccess") == 0)
1486         {
1487             AuditOptions[AuditCategoryObjectAccess] = (ULONG)nValue;
1488         }
1489         else if (_wcsicmp(szOptionName, L"AuditPrivilegeUse") == 0)
1490         {
1491             AuditOptions[AuditCategoryPrivilegeUse] = (ULONG)nValue;
1492         }
1493         else if (_wcsicmp(szOptionName, L"AuditProcessTracking") == 0)
1494         {
1495             AuditOptions[AuditCategoryDetailedTracking] = (ULONG)nValue;
1496         }
1497         else if (_wcsicmp(szOptionName, L"AuditPolicyChange") == 0)
1498         {
1499             AuditOptions[AuditCategoryPolicyChange] = (ULONG)nValue;
1500         }
1501         else if (_wcsicmp(szOptionName, L"AuditAccountManage") == 0)
1502         {
1503             AuditOptions[AuditCategoryAccountManagement] = (ULONG)nValue;
1504         }
1505         else if (_wcsicmp(szOptionName, L"AuditDSAccess") == 0)
1506         {
1507             AuditOptions[AuditCategoryDirectoryServiceAccess] = (ULONG)nValue;
1508         }
1509         else if (_wcsicmp(szOptionName, L"AuditAccountLogon") == 0)
1510         {
1511             AuditOptions[AuditCategoryAccountLogon] = (ULONG)nValue;
1512         }
1513         else
1514         {
1515             DPRINT1("Invalid auditing option '%S'\n", szOptionName);
1516         }
1517     }
1518     while (SetupFindNextLine(&InfContext, &InfContext));
1519 
1520     Status = LsaSetInformationPolicy(PolicyHandle,
1521                                      PolicyAuditEventsInformation,
1522                                      (PVOID)&AuditInfo);
1523     if (Status != STATUS_SUCCESS)
1524     {
1525         DPRINT1("LsaSetInformationPolicy() failed (Status 0x%08lx)\n", Status);
1526     }
1527 
1528 done:
1529     if (AuditOptions != NULL)
1530         HeapFree(GetProcessHeap(), 0, AuditOptions);
1531 
1532     if (PolicyHandle != NULL)
1533         LsaClose(PolicyHandle);
1534 }
1535 
1536 
1537 VOID
1538 InstallSecurity(VOID)
1539 {
1540     HINF hSecurityInf;
1541     PWSTR pszSecurityInf;
1542 
1543 //    if (IsServer())
1544 //        pszSecurityInf = L"defltsv.inf";
1545 //    else
1546         pszSecurityInf = L"defltwk.inf";
1547 
1548     InstallBuiltinAccounts();
1549 
1550     hSecurityInf = SetupOpenInfFileW(pszSecurityInf,
1551                                      NULL,
1552                                      INF_STYLE_WIN4,
1553                                      NULL);
1554     if (hSecurityInf != INVALID_HANDLE_VALUE)
1555     {
1556         InstallPrivileges(hSecurityInf);
1557         ApplyRegistryValues(hSecurityInf);
1558 
1559         ApplyEventlogSettings(hSecurityInf, L"Application Log", L"Application");
1560         ApplyEventlogSettings(hSecurityInf, L"Security Log", L"Security");
1561         ApplyEventlogSettings(hSecurityInf, L"System Log", L"System");
1562 
1563         ApplyPasswordSettings(hSecurityInf, L"System Access");
1564         ApplyLockoutSettings(hSecurityInf, L"System Access");
1565         ApplyAccountSettings(hSecurityInf, L"System Access");
1566 
1567         ApplyAuditEvents(hSecurityInf);
1568 
1569         SetupCloseInfFile(hSecurityInf);
1570     }
1571 
1572     /* Hack */
1573     SetPrimaryDomain(L"WORKGROUP", NULL);
1574 }
1575 
1576 
1577 NTSTATUS
1578 SetAdministratorPassword(LPCWSTR Password)
1579 {
1580     PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
1581     PUSER_ACCOUNT_NAME_INFORMATION AccountNameInfo = NULL;
1582     USER_SET_PASSWORD_INFORMATION PasswordInfo;
1583     LSA_OBJECT_ATTRIBUTES ObjectAttributes;
1584     LSA_HANDLE PolicyHandle = NULL;
1585     SAM_HANDLE ServerHandle = NULL;
1586     SAM_HANDLE DomainHandle = NULL;
1587     SAM_HANDLE UserHandle = NULL;
1588     NTSTATUS Status;
1589 
1590     DPRINT("SYSSETUP: SetAdministratorPassword(%p)\n", Password);
1591 
1592     memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
1593     ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
1594 
1595     Status = LsaOpenPolicy(NULL,
1596                            &ObjectAttributes,
1597                            POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
1598                            &PolicyHandle);
1599     if (Status != STATUS_SUCCESS)
1600     {
1601         DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
1602         return Status;
1603     }
1604 
1605     Status = LsaQueryInformationPolicy(PolicyHandle,
1606                                        PolicyAccountDomainInformation,
1607                                        (PVOID *)&OrigInfo);
1608     if (!NT_SUCCESS(Status))
1609     {
1610         DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
1611         goto done;
1612     }
1613 
1614     Status = SamConnect(NULL,
1615                         &ServerHandle,
1616                         SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
1617                         NULL);
1618     if (!NT_SUCCESS(Status))
1619     {
1620         DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
1621         goto done;
1622     }
1623 
1624     Status = SamOpenDomain(ServerHandle,
1625                            DOMAIN_LOOKUP,
1626                            OrigInfo->DomainSid,
1627                            &DomainHandle);
1628     if (!NT_SUCCESS(Status))
1629     {
1630         DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
1631         goto done;
1632     }
1633 
1634     Status = SamOpenUser(DomainHandle,
1635                          USER_FORCE_PASSWORD_CHANGE | USER_READ_GENERAL,
1636                          DOMAIN_USER_RID_ADMIN,
1637                          &UserHandle);
1638     if (!NT_SUCCESS(Status))
1639     {
1640         DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status);
1641         goto done;
1642     }
1643 
1644     RtlInitUnicodeString(&PasswordInfo.Password, Password);
1645     PasswordInfo.PasswordExpired = FALSE;
1646 
1647     Status = SamSetInformationUser(UserHandle,
1648                                    UserSetPasswordInformation,
1649                                    (PVOID)&PasswordInfo);
1650     if (!NT_SUCCESS(Status))
1651     {
1652         DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status);
1653         goto done;
1654     }
1655 
1656     Status = SamQueryInformationUser(UserHandle,
1657                                      UserAccountNameInformation,
1658                                      (PVOID*)&AccountNameInfo);
1659     if (!NT_SUCCESS(Status))
1660     {
1661         DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status);
1662         goto done;
1663     }
1664 
1665     AdminInfo.Name = RtlAllocateHeap(RtlGetProcessHeap(),
1666                                      HEAP_ZERO_MEMORY,
1667                                      AccountNameInfo->UserName.Length + sizeof(WCHAR));
1668     if (AdminInfo.Name != NULL)
1669         RtlCopyMemory(AdminInfo.Name,
1670                       AccountNameInfo->UserName.Buffer,
1671                       AccountNameInfo->UserName.Length);
1672 
1673     AdminInfo.Domain = RtlAllocateHeap(RtlGetProcessHeap(),
1674                                        HEAP_ZERO_MEMORY,
1675                                        OrigInfo->DomainName.Length + sizeof(WCHAR));
1676     if (AdminInfo.Domain != NULL)
1677         RtlCopyMemory(AdminInfo.Domain,
1678                       OrigInfo->DomainName.Buffer,
1679                       OrigInfo->DomainName.Length);
1680 
1681     AdminInfo.Password = RtlAllocateHeap(RtlGetProcessHeap(),
1682                                          0,
1683                                          (wcslen(Password) + 1) * sizeof(WCHAR));
1684     if (AdminInfo.Password != NULL)
1685         wcscpy(AdminInfo.Password, Password);
1686 
1687     DPRINT("Administrator Name: %S\n", AdminInfo.Name);
1688     DPRINT("Administrator Domain: %S\n", AdminInfo.Domain);
1689     DPRINT("Administrator Password: %S\n", AdminInfo.Password);
1690 
1691 done:
1692     if (AccountNameInfo != NULL)
1693         SamFreeMemory(AccountNameInfo);
1694 
1695     if (OrigInfo != NULL)
1696         LsaFreeMemory(OrigInfo);
1697 
1698     if (PolicyHandle != NULL)
1699         LsaClose(PolicyHandle);
1700 
1701     if (UserHandle != NULL)
1702         SamCloseHandle(UserHandle);
1703 
1704     if (DomainHandle != NULL)
1705         SamCloseHandle(DomainHandle);
1706 
1707     if (ServerHandle != NULL)
1708         SamCloseHandle(ServerHandle);
1709 
1710     DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status);
1711 
1712     return Status;
1713 }
1714 
1715 
1716 VOID
1717 SetAutoAdminLogon(VOID)
1718 {
1719     WCHAR szAutoAdminLogon[2];
1720     HKEY hKey = NULL;
1721     DWORD dwType;
1722     DWORD dwSize;
1723     LONG lError;
1724 
1725     lError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
1726                            L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
1727                            0,
1728                            KEY_READ | KEY_WRITE,
1729                            &hKey);
1730     if (lError != ERROR_SUCCESS)
1731         return;
1732 
1733     dwSize = 2 * sizeof(WCHAR);
1734     lError = RegQueryValueExW(hKey,
1735                               L"AutoAdminLogon",
1736                               NULL,
1737                               &dwType,
1738                               (LPBYTE)szAutoAdminLogon,
1739                               &dwSize);
1740     if (lError != ERROR_SUCCESS)
1741         goto done;
1742 
1743     if (wcscmp(szAutoAdminLogon, L"1") == 0)
1744     {
1745         RegSetValueExW(hKey,
1746                        L"DefaultDomainName",
1747                        0,
1748                        REG_SZ,
1749                        (LPBYTE)AdminInfo.Domain,
1750                        (wcslen(AdminInfo.Domain) + 1) * sizeof(WCHAR));
1751 
1752         RegSetValueExW(hKey,
1753                        L"DefaultUserName",
1754                        0,
1755                        REG_SZ,
1756                        (LPBYTE)AdminInfo.Name,
1757                        (wcslen(AdminInfo.Name) + 1) * sizeof(WCHAR));
1758 
1759         RegSetValueExW(hKey,
1760                        L"DefaultPassword",
1761                        0,
1762                        REG_SZ,
1763                        (LPBYTE)AdminInfo.Password,
1764                        (wcslen(AdminInfo.Password) + 1) * sizeof(WCHAR));
1765     }
1766 
1767 done:
1768     if (hKey != NULL)
1769         RegCloseKey(hKey);
1770 }
1771 
1772 
1773 /* EOF */
1774 
1775