ReactOS 0.4.15-dev-7788-g1ad9096
setup.c
Go to the documentation of this file.
1/*
2 * PROJECT: ReactOS RPC Subsystem Service
3 * LICENSE: GPL-2.0+ (https://spdx.org/licenses/GPL-2.0+)
4 * PURPOSE: One-time service setup configuration.
5 * COPYRIGHT: Copyright 2018 Hermes Belusca-Maito
6 */
7
8/* INCLUDES *****************************************************************/
9
10/* PSDK/NDK Headers */
11#define WIN32_NO_STATUS
12#include <windef.h>
13#include <winbase.h>
14#include <winreg.h>
15#include <winsvc.h>
16
17#include <ndk/rtlfuncs.h>
18#include <ntsecapi.h>
19
20#include "wine/debug.h"
21
23
24/* FUNCTIONS ****************************************************************/
25
26static BOOL
28{
29 LONG lResult;
30 HKEY hKey;
31 DWORD dwData = 0;
32 DWORD cbData = sizeof(dwData);
33 DWORD dwType = REG_NONE;
34
35 lResult = RegOpenKeyExW(HKEY_LOCAL_MACHINE, L"SYSTEM\\Setup", 0, KEY_QUERY_VALUE, &hKey);
36 if (lResult != ERROR_SUCCESS)
37 return FALSE;
38
39 lResult = RegQueryValueExW(hKey, L"SystemSetupInProgress", NULL,
40 &dwType, (LPBYTE)&dwData, &cbData);
42
43 if ((lResult == ERROR_SUCCESS) && (dwType == REG_DWORD) &&
44 (cbData == sizeof(dwData)) && (dwData == 1))
45 {
46 return TRUE;
47 }
48
49 return FALSE;
50}
51
52static BOOL
54{
55 /* S-1-5-18 -- Local System */
56 static SID SystemSid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };
57
58 BOOL bRet = FALSE;
59 PTOKEN_USER pTokenUser;
60 HANDLE hToken;
61 DWORD cbTokenBuffer = 0;
62
63 /* Get the process token */
65 return FALSE;
66
67 /* Retrieve token's information */
68 if (GetTokenInformation(hToken, TokenUser, NULL, 0, &cbTokenBuffer) ||
70 {
71 goto Quit;
72 }
73
74 pTokenUser = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cbTokenBuffer);
75 if (!pTokenUser)
76 goto Quit;
77
78 if (GetTokenInformation(hToken, TokenUser, pTokenUser, cbTokenBuffer, &cbTokenBuffer))
79 {
80 /* Compare with SYSTEM SID */
81 bRet = EqualSid(pTokenUser->User.Sid, &SystemSid);
82 }
83
84 HeapFree(GetProcessHeap(), 0, pTokenUser);
85
86Quit:
87 CloseHandle(hToken);
88 return bRet;
89}
90
91static VOID
93{
94 SC_HANDLE hSCManager, hService;
95
96 /* Open the service controller */
98 if (!hSCManager)
99 {
100 ERR("OpenSCManager() failed with error 0x%lx\n", GetLastError());
101 return;
102 }
103
104 /* Open the RPCSS service */
105 hService = OpenServiceW(hSCManager, L"RPCSS", SERVICE_CHANGE_CONFIG);
106 if (!hService)
107 ERR("OpenService(\"RPCSS\") failed with error 0x%lx\n", GetLastError());
108 if (hService)
109 {
110 /* Use the NetworkService account */
111 if (!ChangeServiceConfigW(hService,
115 NULL,
116 NULL,
117 NULL,
118 NULL,
119 L"NT AUTHORITY\\NetworkService",
120 L"",
121 NULL))
122 {
123 ERR("ChangeServiceConfig(\"RPCSS\") failed with error 0x%lx\n", GetLastError());
124 }
125
126 CloseServiceHandle(hService);
127 }
128
130}
131
132static VOID
134{
135 /* S-1-5-6 -- "Service" group */
136 static SID ServiceSid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_SERVICE_RID } };
137
139 LSA_HANDLE PolicyHandle;
141 LSA_UNICODE_STRING RightString;
142
146 &PolicyHandle);
147 if (!NT_SUCCESS(Status))
148 {
149 ERR("LsaOpenPolicy() failed with Status 0x%08lx\n", Status);
150 return;
151 }
152
153 RtlInitUnicodeString(&RightString, L"SeImpersonatePrivilege");
154 Status = LsaAddAccountRights(PolicyHandle, &ServiceSid, &RightString, 1);
155 if (!NT_SUCCESS(Status))
156 {
157 ERR("LsaAddAccountRights(\"S-1-5-6\", \"%wZ\") failed with Status 0x%08lx\n", Status, &RightString);
158 }
159
160 LsaClose(PolicyHandle);
161}
162
164{
165 /*
166 * On first run during the setup phase, the RPCSS service runs under
167 * the LocalSystem account. RPCSS then re-configures itself to run
168 * under the NetworkService account and adds the Impersonate privilege
169 * to the "Service" group.
170 * This is done in this way, because the NetworkService account does not
171 * initially exist when the setup phase is running and the RPCSS service
172 * is started, but this account is created later during the setup phase.
173 */
175 {
178 }
179}
#define WINE_DEFAULT_DEBUG_CHANNEL(t)
Definition: precomp.h:23
LONG NTSTATUS
Definition: precomp.h:26
static BOOL SetupIsActive(VOID)
Definition: setup.c:27
VOID DoRpcSsSetupConfiguration(VOID)
Definition: setup.c:163
static BOOL RunningAsSYSTEM(VOID)
Definition: setup.c:53
static VOID AddImpersonatePrivilege(VOID)
Definition: setup.c:133
static VOID RpcSsConfigureAsNetworkService(VOID)
Definition: setup.c:92
#define ERR(fmt,...)
Definition: debug.h:110
#define RegCloseKey(hKey)
Definition: registry.h:49
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
#define ERROR_SUCCESS
Definition: deptool.c:10
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3362
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4132
NTSTATUS WINAPI LsaOpenPolicy(IN PLSA_UNICODE_STRING SystemName OPTIONAL, IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE PolicyHandle)
Definition: lsa.c:1183
NTSTATUS WINAPI LsaAddAccountRights(IN LSA_HANDLE PolicyHandle, IN PSID AccountSid, IN PLSA_UNICODE_STRING UserRights, IN ULONG CountOfRights)
Definition: lsa.c:105
NTSTATUS WINAPI LsaClose(IN LSA_HANDLE ObjectHandle)
Definition: lsa.c:194
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:411
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:294
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:829
#define CloseHandle
Definition: compat.h:739
#define GetProcessHeap()
Definition: compat.h:736
#define HeapAlloc
Definition: compat.h:733
#define GetCurrentProcess()
Definition: compat.h:759
#define HeapFree(x, y, z)
Definition: compat.h:735
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
unsigned int BOOL
Definition: ntddk_ex.h:94
unsigned long DWORD
Definition: ntddk_ex.h:95
FxAutoRegKey hKey
Status
Definition: gdiplustypes.h:25
static HANDLE ULONG_PTR dwData
Definition: file.c:35
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define REG_NONE
Definition: nt_native.h:1492
#define POLICY_CREATE_ACCOUNT
Definition: ntsecapi.h:65
#define POLICY_LOOKUP_NAMES
Definition: ntsecapi.h:72
#define L(x)
Definition: ntvdm.h:50
long LONG
Definition: pedump.c:60
SC_HANDLE hSCManager
Definition: sc.c:12
SC_HANDLE WINAPI OpenSCManagerW(LPCWSTR lpMachineName, LPCWSTR lpDatabaseName, DWORD dwDesiredAccess)
Definition: scm.c:2068
SC_HANDLE WINAPI OpenServiceW(SC_HANDLE hSCManager, LPCWSTR lpServiceName, DWORD dwDesiredAccess)
Definition: scm.c:2160
BOOL WINAPI ChangeServiceConfigW(SC_HANDLE hService, DWORD dwServiceType, DWORD dwStartType, DWORD dwErrorControl, LPCWSTR lpBinaryPathName, LPCWSTR lpLoadOrderGroup, LPDWORD lpdwTagId, LPCWSTR lpDependencies, LPCWSTR lpServiceStartName, LPCWSTR lpPassword, LPCWSTR lpDisplayName)
Definition: scm.c:482
BOOL WINAPI CloseServiceHandle(SC_HANDLE hSCObject)
Definition: scm.c:580
#define REG_DWORD
Definition: sdbapi.c:596
SID_AND_ATTRIBUTES User
Definition: setypes.h:1010
unsigned char * LPBYTE
Definition: typedefs.h:53
#define ZeroMemory
Definition: winbase.h:1712
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12
#define SC_MANAGER_CONNECT
Definition: winsvc.h:14
#define SERVICE_NO_CHANGE
Definition: winsvc.h:20
#define SERVICE_CHANGE_CONFIG
Definition: winsvc.h:54
#define SERVICES_ACTIVE_DATABASE
Definition: winsvc.h:564
#define SECURITY_SERVICE_RID
Definition: setypes.h:562
#define TOKEN_QUERY
Definition: setypes.h:928
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:574
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
@ TokenUser
Definition: setypes.h:966
#define SID_REVISION
Definition: setypes.h:481