ReactOS 0.4.16-dev-2613-g9533ad7
security.c
Go to the documentation of this file.
1/*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * PURPOSE: System setup
5 * FILE: dll/win32/syssetup/security.c
6 * PROGRAMER: Eric Kohl
7 */
8
9/* INCLUDES *****************************************************************/
10
11#include "precomp.h"
12
13#include <ntlsa.h>
14#include <ntsecapi.h>
15#include <ntsam.h>
16#include <sddl.h>
17
18#define NDEBUG
19#include <debug.h>
20
21#define TICKS_PER_DAY -864000000000LL
22#define TICKS_PER_MINUTE -600000000LL
23
24/* FUNCTIONS ****************************************************************/
25
26NTSTATUS
27WINAPI
28SetAccountsDomainSid(
29 PSID DomainSid,
30 LPCWSTR DomainName)
31{
32 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
33 POLICY_ACCOUNT_DOMAIN_INFO Info;
34 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
35 LSA_HANDLE PolicyHandle;
36
37 SAM_HANDLE ServerHandle = NULL;
38 SAM_HANDLE DomainHandle = NULL;
39 DOMAIN_NAME_INFORMATION DomainNameInfo;
40
41 SIZE_T DomainNameLength = 0;
42 NTSTATUS Status;
43
44 DPRINT("SYSSETUP: SetAccountsDomainSid\n");
45
46 if (DomainName != NULL)
47 {
48 DomainNameLength = wcslen(DomainName);
49 if (DomainNameLength > UNICODE_STRING_MAX_CHARS)
50 {
51 return STATUS_INVALID_PARAMETER;
52 }
53 }
54
55 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
56 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
57
58 Status = LsaOpenPolicy(NULL,
59 &ObjectAttributes,
60 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
61 &PolicyHandle);
62 if (Status != STATUS_SUCCESS)
63 {
64 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
65 return Status;
66 }
67
68 Status = LsaQueryInformationPolicy(PolicyHandle,
69 PolicyAccountDomainInformation,
70 (PVOID *)&OrigInfo);
71 if (Status == STATUS_SUCCESS && OrigInfo != NULL)
72 {
73 if (DomainName == NULL)
74 {
75 Info.DomainName.Buffer = OrigInfo->DomainName.Buffer;
76 Info.DomainName.Length = OrigInfo->DomainName.Length;
77 Info.DomainName.MaximumLength = OrigInfo->DomainName.MaximumLength;
78 }
79 else
80 {
81 Info.DomainName.Buffer = (LPWSTR)DomainName;
82 Info.DomainName.Length = DomainNameLength * sizeof(WCHAR);
83 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
84 }
85
86 if (DomainSid == NULL)
87 Info.DomainSid = OrigInfo->DomainSid;
88 else
89 Info.DomainSid = DomainSid;
90 }
91 else
92 {
93 Info.DomainName.Buffer = (LPWSTR)DomainName;
94 Info.DomainName.Length = DomainNameLength * sizeof(WCHAR);
95 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
96 Info.DomainSid = DomainSid;
97 }
98
99 Status = LsaSetInformationPolicy(PolicyHandle,
100 PolicyAccountDomainInformation,
101 (PVOID)&Info);
102 if (Status != STATUS_SUCCESS)
103 {
104 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status);
105 }
106
107 if (OrigInfo != NULL)
108 LsaFreeMemory(OrigInfo);
109
110 LsaClose(PolicyHandle);
111
112 DomainNameInfo.DomainName.Length = DomainNameLength * sizeof(WCHAR);
113 DomainNameInfo.DomainName.MaximumLength = DomainNameInfo.DomainName.Length + sizeof(WCHAR);
114 DomainNameInfo.DomainName.Buffer = (LPWSTR)DomainName;
115
116 Status = SamConnect(NULL,
117 &ServerHandle,
118 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
119 NULL);
120 if (NT_SUCCESS(Status))
121 {
122 Status = SamOpenDomain(ServerHandle,
123 DOMAIN_WRITE_OTHER_PARAMETERS,
124 Info.DomainSid,
125 &DomainHandle);
126 if (NT_SUCCESS(Status))
127 {
128 Status = SamSetInformationDomain(DomainHandle,
129 DomainNameInformation,
130 &DomainNameInfo);
131 if (!NT_SUCCESS(Status))
132 {
133 DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status);
134 }
135
136 SamCloseHandle(DomainHandle);
137 }
138 else
139 {
140 DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status);
141 }
142
143 SamCloseHandle(ServerHandle);
144 }
145
146 return Status;
147}
148
149
150/* Hack */
151static
152NTSTATUS
153SetPrimaryDomain(LPCWSTR DomainName,
154 PSID DomainSid)
155{
156 PPOLICY_PRIMARY_DOMAIN_INFO OrigInfo = NULL;
157 POLICY_PRIMARY_DOMAIN_INFO Info;
158 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
159 LSA_HANDLE PolicyHandle;
160 SIZE_T DomainNameLength = 0;
161 NTSTATUS Status;
162
163 DPRINT1("SYSSETUP: SetPrimaryDomain()\n");
164
165 if (DomainName != NULL)
166 {
167 DomainNameLength = wcslen(DomainName);
168 if (DomainNameLength > UNICODE_STRING_MAX_CHARS)
169 {
170 return STATUS_INVALID_PARAMETER;
171 }
172 }
173
174 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
175 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
176
177 Status = LsaOpenPolicy(NULL,
178 &ObjectAttributes,
179 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
180 &PolicyHandle);
181 if (Status != STATUS_SUCCESS)
182 {
183 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
184 return Status;
185 }
186
187 Status = LsaQueryInformationPolicy(PolicyHandle,
188 PolicyPrimaryDomainInformation,
189 (PVOID *)&OrigInfo);
190 if (Status == STATUS_SUCCESS && OrigInfo != NULL)
191 {
192 if (DomainName == NULL)
193 {
194 Info.Name.Buffer = OrigInfo->Name.Buffer;
195 Info.Name.Length = OrigInfo->Name.Length;
196 Info.Name.MaximumLength = OrigInfo->Name.MaximumLength;
197 }
198 else
199 {
200 Info.Name.Buffer = (LPWSTR)DomainName;
201 Info.Name.Length = DomainNameLength * sizeof(WCHAR);
202 Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR);
203 }
204
205 if (DomainSid == NULL)
206 Info.Sid = OrigInfo->Sid;
207 else
208 Info.Sid = DomainSid;
209 }
210 else
211 {
212 Info.Name.Buffer = (LPWSTR)DomainName;
213 Info.Name.Length = DomainNameLength * sizeof(WCHAR);
214 Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR);
215 Info.Sid = DomainSid;
216 }
217
218 Status = LsaSetInformationPolicy(PolicyHandle,
219 PolicyPrimaryDomainInformation,
220 (PVOID)&Info);
221 if (Status != STATUS_SUCCESS)
222 {
223 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status);
224 }
225
226 if (OrigInfo != NULL)
227 LsaFreeMemory(OrigInfo);
228
229 LsaClose(PolicyHandle);
230
231 return Status;
232}
233
234
235static
236VOID
237InstallBuiltinAccounts(
238 _In_ PITEMSDATA pItemsData,
239 _In_ PREGISTRATIONNOTIFY pNotify)
240{
241 LPWSTR BuiltinAccounts[] = {
242 L"S-1-1-0", /* Everyone */
243 L"S-1-5-4", /* Interactive */
244 L"S-1-5-6", /* Service */
245 L"S-1-5-19", /* Local Service */
246 L"S-1-5-20", /* Network Service */
247 L"S-1-5-32-544", /* Administrators */
248 L"S-1-5-32-545", /* Users */
249 L"S-1-5-32-547", /* Power Users */
250 L"S-1-5-32-551", /* Backup Operators */
251 L"S-1-5-32-555"}; /* Remote Desktop Users */
252 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
253 NTSTATUS Status;
254 LSA_HANDLE PolicyHandle = NULL;
255 LSA_HANDLE AccountHandle = NULL;
256 PSID AccountSid;
257 ULONG i;
258
259 DPRINT("InstallBuiltinAccounts()\n");
260
261 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
262
263 Status = LsaOpenPolicy(NULL,
264 &ObjectAttributes,
265 POLICY_CREATE_ACCOUNT,
266 &PolicyHandle);
267 if (!NT_SUCCESS(Status))
268 {
269 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
270 return;
271 }
272
273 for (i = 0; i < ARRAYSIZE(BuiltinAccounts); i++)
274 {
275 pNotify->Progress++;
276 SendMessage(pItemsData->hwndDlg, PM_STEP_START, 0, (LPARAM)pNotify);
277
278 if (!ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid))
279 {
280 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", BuiltinAccounts[i], GetLastError());
281 continue;
282 }
283
284 Status = LsaCreateAccount(PolicyHandle,
285 AccountSid,
286 0,
287 &AccountHandle);
288 if (NT_SUCCESS(Status))
289 {
290 LsaClose(AccountHandle);
291 }
292
293 LocalFree(AccountSid);
294
295 SendMessage(pItemsData->hwndDlg, PM_STEP_END, 0, (LPARAM)pNotify);
296 }
297
298 LsaClose(PolicyHandle);
299}
300
301
302static
303VOID
304InstallPrivileges(
305 _In_ HINF hSecurityInf,
306 _In_ PITEMSDATA pItemsData,
307 _In_ PREGISTRATIONNOTIFY pNotify)
308{
309 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
310 WCHAR szPrivilegeString[256];
311 WCHAR szSidString[256];
312 INFCONTEXT InfContext;
313 DWORD i;
314 PSID AccountSid = NULL;
315 NTSTATUS Status;
316 LSA_HANDLE PolicyHandle = NULL;
317 LSA_UNICODE_STRING RightString, AccountName;
318 PLSA_REFERENCED_DOMAIN_LIST ReferencedDomains = NULL;
319 PLSA_TRANSLATED_SID2 Sids = NULL;
320
321 DPRINT("InstallPrivileges()\n");
322
323 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
324
325 Status = LsaOpenPolicy(NULL,
326 &ObjectAttributes,
327 POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES,
328 &PolicyHandle);
329 if (!NT_SUCCESS(Status))
330 {
331 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
332 goto done;
333 }
334
335 if (!SetupFindFirstLineW(hSecurityInf,
336 L"Privilege Rights",
337 NULL,
338 &InfContext))
339 {
340 DPRINT1("SetupFindFirstLineW failed\n");
341 goto done;
342 }
343
344 do
345 {
346 pNotify->Progress++;
347 SendMessage(pItemsData->hwndDlg, PM_STEP_START, 0, (LPARAM)pNotify);
348
349 /* Retrieve the privilege name */
350 if (!SetupGetStringFieldW(&InfContext,
351 0,
352 szPrivilegeString,
353 ARRAYSIZE(szPrivilegeString),
354 NULL))
355 {
356 DPRINT1("SetupGetStringFieldW() failed\n");
357 goto done;
358 }
359 DPRINT("Privilege: %S\n", szPrivilegeString);
360
361 for (i = 0; i < SetupGetFieldCount(&InfContext); i++)
362 {
363 if (!SetupGetStringFieldW(&InfContext,
364 i + 1,
365 szSidString,
366 ARRAYSIZE(szSidString),
367 NULL))
368 {
369 DPRINT1("SetupGetStringFieldW() failed\n");
370 goto done;
371 }
372 DPRINT("SID: %S\n", szSidString);
373
374 if (szSidString[0] == UNICODE_NULL)
375 continue;
376
377 if (szSidString[0] == L'*')
378 {
379 DPRINT("Account Sid: %S\n", &szSidString[1]);
380
381 if (!ConvertStringSidToSid(&szSidString[1], &AccountSid))
382 {
383 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", szSidString, GetLastError());
384 continue;
385 }
386 }
387 else
388 {
389 DPRINT("Account name: %S\n", szSidString);
390
391 ReferencedDomains = NULL;
392 Sids = NULL;
393 RtlInitUnicodeString(&AccountName, szSidString);
394 Status = LsaLookupNames2(PolicyHandle,
395 0,
396 1,
397 &AccountName,
398 &ReferencedDomains,
399 &Sids);
400 if (ReferencedDomains != NULL)
401 {
402 LsaFreeMemory(ReferencedDomains);
403 }
404
405 if (!NT_SUCCESS(Status))
406 {
407 DPRINT1("LsaLookupNames2() failed (Status 0x%08lx)\n", Status);
408
409 if (Sids != NULL)
410 {
411 LsaFreeMemory(Sids);
412 Sids = NULL;
413 }
414
415 continue;
416 }
417 }
418
419 RtlInitUnicodeString(&RightString, szPrivilegeString);
420 Status = LsaAddAccountRights(PolicyHandle,
421 (AccountSid != NULL) ? AccountSid : Sids[0].Sid,
422 &RightString,
423 1);
424 if (!NT_SUCCESS(Status))
425 {
426 DPRINT1("LsaAddAccountRights() failed (Status %08lx)\n", Status);
427 }
428
429 if (Sids != NULL)
430 {
431 LsaFreeMemory(Sids);
432 Sids = NULL;
433 }
434
435 if (AccountSid != NULL)
436 {
437 LocalFree(AccountSid);
438 AccountSid = NULL;
439 }
440 }
441
442 SendMessage(pItemsData->hwndDlg, PM_STEP_END, 0, (LPARAM)pNotify);
443 }
444 while (SetupFindNextLine(&InfContext, &InfContext));
445
446done:
447 if (PolicyHandle != NULL)
448 LsaClose(PolicyHandle);
449}
450
451
452static
453VOID
454ApplyRegistryValues(
455 _In_ HINF hSecurityInf,
456 _In_ PITEMSDATA pItemsData,
457 _In_ PREGISTRATIONNOTIFY pNotify)
458{
459 WCHAR szRegistryPath[MAX_PATH];
460 WCHAR szRootName[MAX_PATH];
461 WCHAR szKeyName[MAX_PATH];
462 WCHAR szValueName[MAX_PATH];
463 INFCONTEXT InfContext;
464 DWORD dwLength, dwType;
465 HKEY hRootKey, hKey;
466 PWSTR Ptr1, Ptr2;
467 DWORD dwError;
468 PVOID pBuffer;
469
470 DPRINT("ApplyRegistryValues()\n");
471
472 if (!SetupFindFirstLineW(hSecurityInf,
473 L"Registry Values",
474 NULL,
475 &InfContext))
476 {
477 DPRINT1("SetupFindFirstLineW failed\n");
478 return;
479 }
480
481 do
482 {
483 pNotify->Progress++;
484 SendMessage(pItemsData->hwndDlg, PM_STEP_START, 0, (LPARAM)pNotify);
485
486 /* Retrieve the registry path */
487 if (!SetupGetStringFieldW(&InfContext,
488 0,
489 szRegistryPath,
490 ARRAYSIZE(szRegistryPath),
491 NULL))
492 {
493 DPRINT1("SetupGetStringFieldW() failed\n");
494 return;
495 }
496
497 DPRINT("RegistryPath: %S\n", szRegistryPath);
498
499 Ptr1 = wcschr(szRegistryPath, L'\\');
500 Ptr2 = wcsrchr(szRegistryPath, L'\\');
501 if (Ptr1 != NULL && Ptr2 != NULL && Ptr1 != Ptr2)
502 {
503 dwLength = (DWORD)(((ULONG_PTR)Ptr1 - (ULONG_PTR)szRegistryPath) / sizeof(WCHAR));
504 wcsncpy(szRootName, szRegistryPath, dwLength);
505 szRootName[dwLength] = UNICODE_NULL;
506
507 Ptr1++;
508 dwLength = (DWORD)(((ULONG_PTR)Ptr2 - (ULONG_PTR)Ptr1) / sizeof(WCHAR));
509 wcsncpy(szKeyName, Ptr1, dwLength);
510 szKeyName[dwLength] = UNICODE_NULL;
511
512 Ptr2++;
513 wcscpy(szValueName, Ptr2);
514
515 DPRINT("RootName: %S\n", szRootName);
516 DPRINT("KeyName: %S\n", szKeyName);
517 DPRINT("ValueName: %S\n", szValueName);
518
519 if (_wcsicmp(szRootName, L"Machine") == 0)
520 {
521 hRootKey = HKEY_LOCAL_MACHINE;
522 }
523 else
524 {
525 DPRINT1("Unsupported root key %S\n", szRootName);
526 break;
527 }
528
529 if (!SetupGetIntField(&InfContext,
530 1,
531 (PINT)&dwType))
532 {
533 DPRINT1("Failed to get key type (Error %lu)\n", GetLastError());
534 break;
535 }
536
537 if (dwType != REG_SZ && dwType != REG_EXPAND_SZ && dwType != REG_BINARY &&
538 dwType != REG_DWORD && dwType != REG_MULTI_SZ)
539 {
540 DPRINT1("Invalid value type %lu\n", dwType);
541 break;
542 }
543
544 dwLength = 0;
545 switch (dwType)
546 {
547 case REG_SZ:
548 case REG_EXPAND_SZ:
549 SetupGetStringField(&InfContext,
550 2,
551 NULL,
552 0,
553 &dwLength);
554 dwLength *= sizeof(WCHAR);
555 break;
556
557 case REG_BINARY:
558 SetupGetBinaryField(&InfContext,
559 2,
560 NULL,
561 0,
562 &dwLength);
563 break;
564
565 case REG_DWORD:
566 dwLength = sizeof(INT);
567 break;
568
569 case REG_MULTI_SZ:
570 SetupGetMultiSzField(&InfContext,
571 2,
572 NULL,
573 0,
574 &dwLength);
575 dwLength *= sizeof(WCHAR);
576 break;
577 }
578
579 if (dwLength == 0)
580 {
581 DPRINT1("Failed to determine the required buffer size!\n");
582 break;
583 }
584
585 dwError = RegCreateKeyExW(hRootKey,
586 szKeyName,
587 0,
588 NULL,
589 REG_OPTION_NON_VOLATILE,
590 KEY_WRITE,
591 NULL,
592 &hKey,
593 NULL);
594 if (dwError != ERROR_SUCCESS)
595 {
596 DPRINT1("Failed to create the key %S (Error %lu)\n", szKeyName, dwError);
597 break;
598 }
599
600 pBuffer = HeapAlloc(GetProcessHeap(), 0, dwLength);
601 if (pBuffer)
602 {
603 switch (dwType)
604 {
605 case REG_SZ:
606 case REG_EXPAND_SZ:
607 SetupGetStringField(&InfContext,
608 2,
609 pBuffer,
610 dwLength / sizeof(WCHAR),
611 &dwLength);
612 dwLength *= sizeof(WCHAR);
613 break;
614
615 case REG_BINARY:
616 SetupGetBinaryField(&InfContext,
617 2,
618 pBuffer,
619 dwLength,
620 &dwLength);
621 break;
622
623 case REG_DWORD:
624 SetupGetIntField(&InfContext,
625 2,
626 pBuffer);
627 break;
628
629 case REG_MULTI_SZ:
630 SetupGetMultiSzField(&InfContext,
631 2,
632 pBuffer,
633 dwLength / sizeof(WCHAR),
634 &dwLength);
635 dwLength *= sizeof(WCHAR);
636 break;
637 }
638
639 RegSetValueEx(hKey,
640 szValueName,
641 0,
642 dwType,
643 pBuffer,
644 dwLength);
645
646 HeapFree(GetProcessHeap(), 0, pBuffer);
647 }
648
649 RegCloseKey(hKey);
650 }
651
652 SendMessage(pItemsData->hwndDlg, PM_STEP_END, 0, (LPARAM)pNotify);
653 }
654 while (SetupFindNextLine(&InfContext, &InfContext));
655}
656
657
658static
659VOID
660ApplyEventlogSettings(
661 _In_ HINF hSecurityInf,
662 _In_ PITEMSDATA pItemsData,
663 _In_ PREGISTRATIONNOTIFY pNotify,
664 _In_ PWSTR pszSectionName,
665 _In_ PWSTR pszLogName)
666{
667 INFCONTEXT InfContext;
668 HKEY hServiceKey = NULL, hLogKey = NULL;
669 DWORD dwValue, dwError;
670 BOOL bValueSet;
671
672 DPRINT("ApplyEventlogSettings(%p %S %S)\n",
673 hSecurityInf, pszSectionName, pszLogName);
674
675 dwError = RegCreateKeyExW(HKEY_LOCAL_MACHINE,
676 L"System\\CurrentControlSet\\Services\\Eventlog",
677 0,
678 NULL,
679 REG_OPTION_NON_VOLATILE,
680 KEY_WRITE,
681 NULL,
682 &hServiceKey,
683 NULL);
684 if (dwError != ERROR_SUCCESS)
685 {
686 DPRINT1("Failed to create the Eventlog Service key (Error %lu)\n", dwError);
687 return;
688 }
689
690 dwError = RegCreateKeyExW(hServiceKey,
691 pszLogName,
692 0,
693 NULL,
694 REG_OPTION_NON_VOLATILE,
695 KEY_WRITE,
696 NULL,
697 &hLogKey,
698 NULL);
699 if (dwError != ERROR_SUCCESS)
700 {
701 DPRINT1("Failed to create the key %S (Error %lu)\n", pszLogName, dwError);
702 RegCloseKey(hServiceKey);
703 return;
704 }
705
706 if (SetupFindFirstLineW(hSecurityInf,
707 pszSectionName,
708 L"MaximumLogSize",
709 &InfContext))
710 {
711 pNotify->Progress++;
712 SendMessage(pItemsData->hwndDlg, PM_STEP_START, 0, (LPARAM)pNotify);
713
714 DPRINT("MaximumLogSize\n");
715 dwValue = 0;
716 SetupGetIntField(&InfContext,
717 1,
718 (PINT)&dwValue);
719
720 DPRINT("MaximumLogSize: %lu (kByte)\n", dwValue);
721 if (dwValue >= 64 && dwValue <= 4194240)
722 {
723 dwValue *= 1024;
724
725 DPRINT("MaxSize: %lu\n", dwValue);
726 RegSetValueEx(hLogKey,
727 L"MaxSize",
728 0,
729 REG_DWORD,
730 (LPBYTE)&dwValue,
731 sizeof(dwValue));
732 }
733
734 SendMessage(pItemsData->hwndDlg, PM_STEP_END, 0, (LPARAM)pNotify);
735 }
736
737 if (SetupFindFirstLineW(hSecurityInf,
738 pszSectionName,
739 L"AuditLogRetentionPeriod",
740 &InfContext))
741 {
742 pNotify->Progress++;
743 SendMessage(pItemsData->hwndDlg, PM_STEP_START, 0, (LPARAM)pNotify);
744
745 bValueSet = FALSE;
746 dwValue = 0;
747 SetupGetIntField(&InfContext,
748 1,
749 (PINT)&dwValue);
750 if (dwValue == 0)
751 {
752 bValueSet = TRUE;
753 }
754 else if (dwValue == 1)
755 {
756 if (SetupFindFirstLineW(hSecurityInf,
757 pszSectionName,
758 L"RetentionDays",
759 &InfContext))
760 {
761 SetupGetIntField(&InfContext,
762 1,
763 (PINT)&dwValue);
764 dwValue *= 86400;
765 bValueSet = TRUE;
766 }
767 }
768 else if (dwValue == 2)
769 {
770 dwValue = (DWORD)-1;
771 bValueSet = TRUE;
772 }
773
774 if (bValueSet)
775 {
776 DPRINT("Retention: %lu\n", dwValue);
777 RegSetValueEx(hLogKey,
778 L"Retention",
779 0,
780 REG_DWORD,
781 (LPBYTE)&dwValue,
782 sizeof(dwValue));
783 }
784
785 SendMessage(pItemsData->hwndDlg, PM_STEP_END, 0, (LPARAM)pNotify);
786 }
787
788 if (SetupFindFirstLineW(hSecurityInf,
789 pszSectionName,
790 L"RestrictGuestAccess",
791 &InfContext))
792 {
793 pNotify->Progress++;
794 SendMessage(pItemsData->hwndDlg, PM_STEP_START, 0, (LPARAM)pNotify);
795
796 dwValue = 0;
797 SetupGetIntField(&InfContext,
798 1,
799 (PINT)&dwValue);
800 if (dwValue == 0 || dwValue == 1)
801 {
802 DPRINT("RestrictGuestAccess: %lu\n", dwValue);
803 RegSetValueEx(hLogKey,
804 L"RestrictGuestAccess",
805 0,
806 REG_DWORD,
807 (LPBYTE)&dwValue,
808 sizeof(dwValue));
809 }
810
811 SendMessage(pItemsData->hwndDlg, PM_STEP_END, 0, (LPARAM)pNotify);
812 }
813
814 RegCloseKey(hLogKey);
815 RegCloseKey(hServiceKey);
816}
817
818
819static
820VOID
821ApplyPasswordSettings(
822 _In_ HINF hSecurityInf,
823 _In_ PITEMSDATA pItemsData,
824 _In_ PREGISTRATIONNOTIFY pNotify,
825 _In_ PWSTR pszSectionName)
826{
827 INFCONTEXT InfContext;
828 PDOMAIN_PASSWORD_INFORMATION PasswordInfo = NULL;
829 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
830 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
831 LSA_HANDLE PolicyHandle = NULL;
832 SAM_HANDLE ServerHandle = NULL;
833 SAM_HANDLE DomainHandle = NULL;
834 INT nValue;
835 NTSTATUS Status;
836
837 DPRINT("ApplyPasswordSettings()\n");
838
839 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
840 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
841
842 Status = LsaOpenPolicy(NULL,
843 &ObjectAttributes,
844 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
845 &PolicyHandle);
846 if (Status != STATUS_SUCCESS)
847 {
848 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
849 return;
850 }
851
852 Status = LsaQueryInformationPolicy(PolicyHandle,
853 PolicyAccountDomainInformation,
854 (PVOID *)&OrigInfo);
855 if (!NT_SUCCESS(Status))
856 {
857 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
858 goto done;
859 }
860
861 Status = SamConnect(NULL,
862 &ServerHandle,
863 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
864 NULL);
865 if (!NT_SUCCESS(Status))
866 {
867 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
868 goto done;
869 }
870
871 Status = SamOpenDomain(ServerHandle,
872 DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS,
873 OrigInfo->DomainSid,
874 &DomainHandle);
875 if (!NT_SUCCESS(Status))
876 {
877 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
878 goto done;
879 }
880
881 Status = SamQueryInformationDomain(DomainHandle,
882 DomainPasswordInformation,
883 (PVOID*)&PasswordInfo);
884 if (!NT_SUCCESS(Status))
885 {
886 DPRINT1("SamQueryInformationDomain() failed (Status %08lx)\n", Status);
887 goto done;
888 }
889
890 DPRINT("MaximumPasswordAge (OldValue) : 0x%I64x\n", PasswordInfo->MaxPasswordAge.QuadPart);
891 if (SetupFindFirstLineW(hSecurityInf,
892 pszSectionName,
893 L"MaximumPasswordAge",
894 &InfContext))
895 {
896 if (SetupGetIntField(&InfContext, 1, &nValue))
897 {
898 DPRINT("Value: %ld\n", nValue);
899 if (nValue == -1)
900 {
901 PasswordInfo->MaxPasswordAge.QuadPart = 0x8000000000000000;
902 }
903 else if ((nValue >= 1) && (nValue < 1000))
904 {
905 PasswordInfo->MaxPasswordAge.QuadPart = (LONGLONG)nValue * TICKS_PER_DAY;
906 }
907 DPRINT("MaximumPasswordAge (NewValue) : 0x%I64x\n", PasswordInfo->MaxPasswordAge.QuadPart);
908 }
909 }
910
911 DPRINT("MinimumPasswordAge (OldValue) : 0x%I64x\n", PasswordInfo->MinPasswordAge.QuadPart);
912 if (SetupFindFirstLineW(hSecurityInf,
913 pszSectionName,
914 L"MinimumPasswordAge",
915 &InfContext))
916 {
917 if (SetupGetIntField(&InfContext, 1, &nValue))
918 {
919 DPRINT("Wert: %ld\n", nValue);
920 if ((nValue >= 0) && (nValue < 1000))
921 {
922 if (PasswordInfo->MaxPasswordAge.QuadPart < (LONGLONG)nValue * TICKS_PER_DAY)
923 PasswordInfo->MinPasswordAge.QuadPart = (LONGLONG)nValue * TICKS_PER_DAY;
924 }
925 DPRINT("MinimumPasswordAge (NewValue) : 0x%I64x\n", PasswordInfo->MinPasswordAge.QuadPart);
926 }
927 }
928
929 DPRINT("MinimumPasswordLength (OldValue) : %lu\n", PasswordInfo->MinPasswordLength);
930 if (SetupFindFirstLineW(hSecurityInf,
931 pszSectionName,
932 L"MinimumPasswordLength",
933 &InfContext))
934 {
935 if (SetupGetIntField(&InfContext, 1, &nValue))
936 {
937 DPRINT("Value: %ld\n", nValue);
938 if ((nValue >= 0) && (nValue <= 65535))
939 {
940 PasswordInfo->MinPasswordLength = nValue;
941 }
942 DPRINT("MinimumPasswordLength (NewValue) : %lu\n", PasswordInfo->MinPasswordLength);
943 }
944 }
945
946 DPRINT("PasswordHistoryLength (OldValue) : %lu\n", PasswordInfo->PasswordHistoryLength);
947 if (SetupFindFirstLineW(hSecurityInf,
948 pszSectionName,
949 L"PasswordHistorySize",
950 &InfContext))
951 {
952 if (SetupGetIntField(&InfContext, 1, &nValue))
953 {
954 DPRINT("Value: %ld\n", nValue);
955 if ((nValue >= 0) && (nValue <= 65535))
956 {
957 PasswordInfo->PasswordHistoryLength = nValue;
958 }
959 DPRINT("PasswordHistoryLength (NewValue) : %lu\n", PasswordInfo->PasswordHistoryLength);
960 }
961 }
962
963 if (SetupFindFirstLineW(hSecurityInf,
964 pszSectionName,
965 L"PasswordComplexity",
966 &InfContext))
967 {
968 if (SetupGetIntField(&InfContext, 1, &nValue))
969 {
970 if (nValue == 0)
971 {
972 PasswordInfo->PasswordProperties &= ~DOMAIN_PASSWORD_COMPLEX;
973 }
974 else
975 {
976 PasswordInfo->PasswordProperties |= DOMAIN_PASSWORD_COMPLEX;
977 }
978 }
979 }
980
981 if (SetupFindFirstLineW(hSecurityInf,
982 pszSectionName,
983 L"ClearTextPassword",
984 &InfContext))
985 {
986 if (SetupGetIntField(&InfContext, 1, &nValue))
987 {
988 if (nValue == 0)
989 {
990 PasswordInfo->PasswordProperties &= ~DOMAIN_PASSWORD_STORE_CLEARTEXT;
991 }
992 else
993 {
994 PasswordInfo->PasswordProperties |= DOMAIN_PASSWORD_STORE_CLEARTEXT;
995 }
996 }
997 }
998
999 /* Windows ignores the RequireLogonToChangePassword option */
1000
1001 Status = SamSetInformationDomain(DomainHandle,
1002 DomainPasswordInformation,
1003 PasswordInfo);
1004 if (!NT_SUCCESS(Status))
1005 {
1006 DPRINT1("SamSetInformationDomain() failed (Status %08lx)\n", Status);
1007 goto done;
1008 }
1009
1010done:
1011 if (PasswordInfo != NULL)
1012 SamFreeMemory(PasswordInfo);
1013
1014 if (DomainHandle != NULL)
1015 SamCloseHandle(DomainHandle);
1016
1017 if (ServerHandle != NULL)
1018 SamCloseHandle(ServerHandle);
1019
1020 if (OrigInfo != NULL)
1021 LsaFreeMemory(OrigInfo);
1022
1023 if (PolicyHandle != NULL)
1024 LsaClose(PolicyHandle);
1025}
1026
1027
1028static
1029VOID
1030ApplyLockoutSettings(
1031 _In_ HINF hSecurityInf,
1032 _In_ PWSTR pszSectionName)
1033{
1034 INFCONTEXT InfContext;
1035 PDOMAIN_LOCKOUT_INFORMATION LockoutInfo = NULL;
1036 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
1037 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
1038 LSA_HANDLE PolicyHandle = NULL;
1039 SAM_HANDLE ServerHandle = NULL;
1040 SAM_HANDLE DomainHandle = NULL;
1041 INT nValue;
1042 NTSTATUS Status;
1043
1044 DPRINT("ApplyLockoutSettings()\n");
1045
1046 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
1047 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
1048
1049 Status = LsaOpenPolicy(NULL,
1050 &ObjectAttributes,
1051 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
1052 &PolicyHandle);
1053 if (Status != STATUS_SUCCESS)
1054 {
1055 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
1056 return;
1057 }
1058
1059 Status = LsaQueryInformationPolicy(PolicyHandle,
1060 PolicyAccountDomainInformation,
1061 (PVOID *)&OrigInfo);
1062 if (!NT_SUCCESS(Status))
1063 {
1064 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
1065 goto done;
1066 }
1067
1068 Status = SamConnect(NULL,
1069 &ServerHandle,
1070 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
1071 NULL);
1072 if (!NT_SUCCESS(Status))
1073 {
1074 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
1075 goto done;
1076 }
1077
1078 Status = SamOpenDomain(ServerHandle,
1079 DOMAIN_READ_PASSWORD_PARAMETERS | DOMAIN_WRITE_PASSWORD_PARAMS,
1080 OrigInfo->DomainSid,
1081 &DomainHandle);
1082 if (!NT_SUCCESS(Status))
1083 {
1084 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
1085 goto done;
1086 }
1087
1088 Status = SamQueryInformationDomain(DomainHandle,
1089 DomainLockoutInformation,
1090 (PVOID*)&LockoutInfo);
1091 if (!NT_SUCCESS(Status))
1092 {
1093 DPRINT1("SamQueryInformationDomain() failed (Status %08lx)\n", Status);
1094 goto done;
1095 }
1096
1097 if (SetupFindFirstLineW(hSecurityInf,
1098 pszSectionName,
1099 L"LockoutBadCount",
1100 &InfContext))
1101 {
1102 if (SetupGetIntField(&InfContext, 1, &nValue))
1103 {
1104 if (nValue >= 0)
1105 {
1106 LockoutInfo->LockoutThreshold = nValue;
1107 }
1108 }
1109 }
1110
1111 if (SetupFindFirstLineW(hSecurityInf,
1112 pszSectionName,
1113 L"ResetLockoutCount",
1114 &InfContext))
1115 {
1116 if (SetupGetIntField(&InfContext, 1, &nValue))
1117 {
1118 if (nValue >= 0)
1119 {
1120 LockoutInfo->LockoutObservationWindow.QuadPart = (LONGLONG)nValue * TICKS_PER_MINUTE;
1121 }
1122 }
1123 }
1124
1125 if (SetupFindFirstLineW(hSecurityInf,
1126 pszSectionName,
1127 L"LockoutDuration",
1128 &InfContext))
1129 {
1130 if (SetupGetIntField(&InfContext, 1, &nValue))
1131 {
1132 if (nValue == -1)
1133 {
1134 LockoutInfo->LockoutDuration.QuadPart = 0x8000000000000000LL;
1135 }
1136 else if ((nValue >= 0) && (nValue < 100000))
1137 {
1138 LockoutInfo->LockoutDuration.QuadPart = (LONGLONG)nValue * TICKS_PER_MINUTE;
1139 }
1140 }
1141 }
1142
1143 Status = SamSetInformationDomain(DomainHandle,
1144 DomainLockoutInformation,
1145 LockoutInfo);
1146 if (!NT_SUCCESS(Status))
1147 {
1148 DPRINT1("SamSetInformationDomain() failed (Status %08lx)\n", Status);
1149 goto done;
1150 }
1151
1152done:
1153 if (LockoutInfo != NULL)
1154 SamFreeMemory(LockoutInfo);
1155
1156 if (DomainHandle != NULL)
1157 SamCloseHandle(DomainHandle);
1158
1159 if (ServerHandle != NULL)
1160 SamCloseHandle(ServerHandle);
1161
1162 if (OrigInfo != NULL)
1163 LsaFreeMemory(OrigInfo);
1164
1165 if (PolicyHandle != NULL)
1166 LsaClose(PolicyHandle);
1167}
1168
1169
1170static
1171VOID
1172SetLsaAnonymousNameLookup(
1173 _In_ HINF hSecurityInf,
1174 _In_ PWSTR pszSectionName)
1175{
1176#if 0
1177 INFCONTEXT InfContext;
1178 INT nValue = 0;
1179
1180 DPRINT1("SetLsaAnonymousNameLookup()\n");
1181
1182 if (!SetupFindFirstLineW(hSecurityInf,
1183 pszSectionName,
1184 L"LSAAnonymousNameLookup",
1185 &InfContext))
1186 {
1187 return;
1188 }
1189
1190 if (!SetupGetIntField(&InfContext, 1, &nValue))
1191 {
1192 return;
1193 }
1194
1195 if (nValue == 0)
1196 {
1197 }
1198 else
1199 {
1200 }
1201#endif
1202}
1203
1204
1205static
1206VOID
1207EnableAccount(
1208 _In_ HINF hSecurityInf,
1209 _In_ PWSTR pszSectionName,
1210 _In_ PWSTR pszValueName,
1211 _In_ SAM_HANDLE DomainHandle,
1212 _In_ DWORD dwAccountRid)
1213{
1214 INFCONTEXT InfContext;
1215 SAM_HANDLE UserHandle = NULL;
1216 PUSER_CONTROL_INFORMATION ControlInfo = NULL;
1217 INT nValue = 0;
1218 NTSTATUS Status;
1219
1220 DPRINT("EnableAccount()\n");
1221
1222 if (!SetupFindFirstLineW(hSecurityInf,
1223 pszSectionName,
1224 pszValueName,
1225 &InfContext))
1226 return;
1227
1228 if (!SetupGetIntField(&InfContext, 1, &nValue))
1229 {
1230 DPRINT1("No valid integer value\n");
1231 goto done;
1232 }
1233
1234 DPRINT("Value: %d\n", nValue);
1235
1236 Status = SamOpenUser(DomainHandle,
1237 USER_READ_ACCOUNT | USER_WRITE_ACCOUNT,
1238 dwAccountRid,
1239 &UserHandle);
1240 if (!NT_SUCCESS(Status))
1241 {
1242 DPRINT1("SamOpenUser() failed (Status: 0x%08lx)\n", Status);
1243 goto done;
1244 }
1245
1246 Status = SamQueryInformationUser(UserHandle,
1247 UserControlInformation,
1248 (PVOID*)&ControlInfo);
1249 if (!NT_SUCCESS(Status))
1250 {
1251 DPRINT1("SamQueryInformationUser() failed (Status: 0x%08lx)\n", Status);
1252 goto done;
1253 }
1254
1255 if (nValue == 0)
1256 {
1257 ControlInfo->UserAccountControl |= USER_ACCOUNT_DISABLED;
1258 }
1259 else
1260 {
1261 ControlInfo->UserAccountControl &= ~USER_ACCOUNT_DISABLED;
1262 }
1263
1264 Status = SamSetInformationUser(UserHandle,
1265 UserControlInformation,
1266 ControlInfo);
1267 if (!NT_SUCCESS(Status))
1268 {
1269 DPRINT1("SamSetInformationUser() failed (Status: 0x%08lx)\n", Status);
1270 }
1271
1272done:
1273 if (ControlInfo != NULL)
1274 SamFreeMemory(ControlInfo);
1275
1276 if (UserHandle != NULL)
1277 SamCloseHandle(UserHandle);
1278}
1279
1280
1281static
1282VOID
1283SetNewAccountName(
1284 _In_ HINF hSecurityInf,
1285 _In_ PWSTR pszSectionName,
1286 _In_ PWSTR pszValueName,
1287 _In_ SAM_HANDLE DomainHandle,
1288 _In_ DWORD dwAccountRid)
1289{
1290 INFCONTEXT InfContext;
1291 DWORD dwLength = 0;
1292 PWSTR pszName = NULL;
1293 SAM_HANDLE UserHandle = NULL;
1294 USER_NAME_INFORMATION NameInfo;
1295 NTSTATUS Status;
1296
1297 DPRINT("SetNewAccountName()\n");
1298
1299 if (!SetupFindFirstLineW(hSecurityInf,
1300 pszSectionName,
1301 pszValueName,
1302 &InfContext))
1303 return;
1304
1305 SetupGetStringFieldW(&InfContext,
1306 1,
1307 NULL,
1308 0,
1309 &dwLength);
1310 if (dwLength == 0)
1311 return;
1312
1313 ASSERT(dwLength <= UNICODE_STRING_MAX_CHARS);
1314
1315 pszName = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwLength * sizeof(WCHAR));
1316 if (pszName == NULL)
1317 {
1318 DPRINT1("HeapAlloc() failed\n");
1319 return;
1320 }
1321
1322 if (!SetupGetStringFieldW(&InfContext,
1323 1,
1324 pszName,
1325 dwLength,
1326 &dwLength))
1327 {
1328 DPRINT1("No valid string value\n");
1329 goto done;
1330 }
1331
1332 DPRINT("NewAccountName: '%S'\n", pszName);
1333
1334 Status = SamOpenUser(DomainHandle,
1335 USER_WRITE_ACCOUNT,
1336 dwAccountRid,
1337 &UserHandle);
1338 if (!NT_SUCCESS(Status))
1339 {
1340 DPRINT1("SamOpenUser() failed (Status: 0x%08lx)\n", Status);
1341 goto done;
1342 }
1343
1344 NameInfo.UserName.Length = (USHORT)wcslen(pszName) * sizeof(WCHAR);
1345 NameInfo.UserName.MaximumLength = NameInfo.UserName.Length + sizeof(WCHAR);
1346 NameInfo.UserName.Buffer = pszName;
1347 NameInfo.FullName.Length = 0;
1348 NameInfo.FullName.MaximumLength = 0;
1349 NameInfo.FullName.Buffer = NULL;
1350
1351 Status = SamSetInformationUser(UserHandle,
1352 UserNameInformation,
1353 &NameInfo);
1354 if (!NT_SUCCESS(Status))
1355 {
1356 DPRINT1("SamSetInformationUser() failed (Status: 0x%08lx)\n", Status);
1357 }
1358
1359done:
1360 if (UserHandle != NULL)
1361 SamCloseHandle(UserHandle);
1362
1363 if (pszName != NULL)
1364 HeapFree(GetProcessHeap(), 0, pszName);
1365}
1366
1367
1368static
1369VOID
1370ApplyAccountSettings(
1371 _In_ HINF hSecurityInf,
1372 _In_ PWSTR pszSectionName)
1373{
1374 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
1375 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
1376 LSA_HANDLE PolicyHandle = NULL;
1377 SAM_HANDLE ServerHandle = NULL;
1378 SAM_HANDLE DomainHandle = NULL;
1379 NTSTATUS Status;
1380
1381 DPRINT("ApplyAccountSettings()\n");
1382
1383 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
1384 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
1385
1386 Status = LsaOpenPolicy(NULL,
1387 &ObjectAttributes,
1388 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
1389 &PolicyHandle);
1390 if (Status != STATUS_SUCCESS)
1391 {
1392 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
1393 return;
1394 }
1395
1396 Status = LsaQueryInformationPolicy(PolicyHandle,
1397 PolicyAccountDomainInformation,
1398 (PVOID *)&OrigInfo);
1399 if (!NT_SUCCESS(Status))
1400 {
1401 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
1402 goto done;
1403 }
1404
1405 Status = SamConnect(NULL,
1406 &ServerHandle,
1407 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
1408 NULL);
1409 if (!NT_SUCCESS(Status))
1410 {
1411 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
1412 goto done;
1413 }
1414
1415 Status = SamOpenDomain(ServerHandle,
1416 DOMAIN_LOOKUP,
1417 OrigInfo->DomainSid,
1418 &DomainHandle);
1419 if (!NT_SUCCESS(Status))
1420 {
1421 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
1422 goto done;
1423 }
1424
1425 SetLsaAnonymousNameLookup(hSecurityInf,
1426 pszSectionName);
1427
1428 EnableAccount(hSecurityInf,
1429 pszSectionName,
1430 L"EnableAdminAccount",
1431 DomainHandle,
1432 DOMAIN_USER_RID_ADMIN);
1433
1434 EnableAccount(hSecurityInf,
1435 pszSectionName,
1436 L"EnableGuestAccount",
1437 DomainHandle,
1438 DOMAIN_USER_RID_GUEST);
1439
1440 SetNewAccountName(hSecurityInf,
1441 pszSectionName,
1442 L"NewAdministratorName",
1443 DomainHandle,
1444 DOMAIN_USER_RID_ADMIN);
1445
1446 SetNewAccountName(hSecurityInf,
1447 pszSectionName,
1448 L"NewGuestName",
1449 DomainHandle,
1450 DOMAIN_USER_RID_GUEST);
1451
1452done:
1453 if (DomainHandle != NULL)
1454 SamCloseHandle(DomainHandle);
1455
1456 if (ServerHandle != NULL)
1457 SamCloseHandle(ServerHandle);
1458
1459 if (OrigInfo != NULL)
1460 LsaFreeMemory(OrigInfo);
1461
1462 if (PolicyHandle != NULL)
1463 LsaClose(PolicyHandle);
1464}
1465
1466
1467static
1468VOID
1469ApplyAuditEvents(
1470 _In_ HINF hSecurityInf)
1471{
1472 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
1473 INFCONTEXT InfContext;
1474 WCHAR szOptionName[256];
1475 INT nValue;
1476 LSA_HANDLE PolicyHandle = NULL;
1477 POLICY_AUDIT_EVENTS_INFO AuditInfo;
1478 PULONG AuditOptions = NULL;
1479 NTSTATUS Status;
1480
1481 DPRINT("ApplyAuditEvents(%p)\n", hSecurityInf);
1482
1483 if (!SetupFindFirstLineW(hSecurityInf,
1484 L"Event Audit",
1485 NULL,
1486 &InfContext))
1487 {
1488 DPRINT1("SetupFindFirstLineW failed\n");
1489 return;
1490 }
1491
1492 ZeroMemory(&ObjectAttributes, sizeof(LSA_OBJECT_ATTRIBUTES));
1493
1494 Status = LsaOpenPolicy(NULL,
1495 &ObjectAttributes,
1496 POLICY_SET_AUDIT_REQUIREMENTS,
1497 &PolicyHandle);
1498 if (!NT_SUCCESS(Status))
1499 {
1500 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
1501 return;
1502 }
1503
1504 AuditOptions = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
1505 (AuditCategoryAccountLogon + 1) * sizeof(ULONG));
1506 if (AuditOptions == NULL)
1507 {
1508 DPRINT1("Failed to allocate the auditiing options array!\n");
1509 goto done;
1510 }
1511
1512 AuditInfo.AuditingMode = TRUE;
1513 AuditInfo.EventAuditingOptions = AuditOptions;
1514 AuditInfo.MaximumAuditEventCount = AuditCategoryAccountLogon + 1;
1515
1516 do
1517 {
1518 /* Retrieve the group name */
1519 if (!SetupGetStringFieldW(&InfContext,
1520 0,
1521 szOptionName,
1522 ARRAYSIZE(szOptionName),
1523 NULL))
1524 {
1525 DPRINT1("SetupGetStringFieldW() failed\n");
1526 continue;
1527 }
1528
1529 DPRINT("Option: '%S'\n", szOptionName);
1530
1531 if (!SetupGetIntField(&InfContext,
1532 1,
1533 &nValue))
1534 {
1535 DPRINT1("SetupGetStringFieldW() failed\n");
1536 continue;
1537 }
1538
1539 DPRINT("Value: %d\n", nValue);
1540
1541 if ((nValue < POLICY_AUDIT_EVENT_UNCHANGED) || (nValue > POLICY_AUDIT_EVENT_NONE))
1542 {
1543 DPRINT1("Invalid audit option!\n");
1544 continue;
1545 }
1546
1547 if (_wcsicmp(szOptionName, L"AuditSystemEvents") == 0)
1548 {
1549 AuditOptions[AuditCategorySystem] = (ULONG)nValue;
1550 }
1551 else if (_wcsicmp(szOptionName, L"AuditLogonEvents") == 0)
1552 {
1553 AuditOptions[AuditCategoryLogon] = (ULONG)nValue;
1554 }
1555 else if (_wcsicmp(szOptionName, L"AuditObjectAccess") == 0)
1556 {
1557 AuditOptions[AuditCategoryObjectAccess] = (ULONG)nValue;
1558 }
1559 else if (_wcsicmp(szOptionName, L"AuditPrivilegeUse") == 0)
1560 {
1561 AuditOptions[AuditCategoryPrivilegeUse] = (ULONG)nValue;
1562 }
1563 else if (_wcsicmp(szOptionName, L"AuditProcessTracking") == 0)
1564 {
1565 AuditOptions[AuditCategoryDetailedTracking] = (ULONG)nValue;
1566 }
1567 else if (_wcsicmp(szOptionName, L"AuditPolicyChange") == 0)
1568 {
1569 AuditOptions[AuditCategoryPolicyChange] = (ULONG)nValue;
1570 }
1571 else if (_wcsicmp(szOptionName, L"AuditAccountManage") == 0)
1572 {
1573 AuditOptions[AuditCategoryAccountManagement] = (ULONG)nValue;
1574 }
1575 else if (_wcsicmp(szOptionName, L"AuditDSAccess") == 0)
1576 {
1577 AuditOptions[AuditCategoryDirectoryServiceAccess] = (ULONG)nValue;
1578 }
1579 else if (_wcsicmp(szOptionName, L"AuditAccountLogon") == 0)
1580 {
1581 AuditOptions[AuditCategoryAccountLogon] = (ULONG)nValue;
1582 }
1583 else
1584 {
1585 DPRINT1("Invalid auditing option '%S'\n", szOptionName);
1586 }
1587 }
1588 while (SetupFindNextLine(&InfContext, &InfContext));
1589
1590 Status = LsaSetInformationPolicy(PolicyHandle,
1591 PolicyAuditEventsInformation,
1592 (PVOID)&AuditInfo);
1593 if (Status != STATUS_SUCCESS)
1594 {
1595 DPRINT1("LsaSetInformationPolicy() failed (Status 0x%08lx)\n", Status);
1596 }
1597
1598done:
1599 if (AuditOptions != NULL)
1600 HeapFree(GetProcessHeap(), 0, AuditOptions);
1601
1602 if (PolicyHandle != NULL)
1603 LsaClose(PolicyHandle);
1604}
1605
1606LONG
1607CountSecuritySteps(VOID)
1608{
1609 HINF hSecurityInf;
1610 PWSTR pszSecurityInf;
1611 LONG Steps = 0;
1612
1613// if (IsServer())
1614// pszSecurityInf = L"defltsv.inf";
1615// else
1616 pszSecurityInf = L"defltwk.inf";
1617
1618 Steps += 10; // InstallBuiltinAccounts();
1619
1620 hSecurityInf = SetupOpenInfFileW(pszSecurityInf,
1621 NULL,
1622 INF_STYLE_WIN4,
1623 NULL);
1624 if (hSecurityInf != INVALID_HANDLE_VALUE)
1625 {
1626 /* Count InstallPrivilege steps */
1627 Steps += SetupGetLineCountW(hSecurityInf, L"Privilege Rights");
1628
1629 Steps += SetupGetLineCountW(hSecurityInf, L"Registry Values");
1630
1631 Steps += SetupGetLineCountW(hSecurityInf, L"Application Log");
1632 Steps += SetupGetLineCountW(hSecurityInf, L"Security Log");
1633 Steps += SetupGetLineCountW(hSecurityInf, L"System Log");
1634
1635 Steps += SetupGetLineCountW(hSecurityInf, L"System Access");
1636
1637 Steps += SetupGetLineCountW(hSecurityInf, L"Event Audit");
1638
1639 SetupCloseInfFile(hSecurityInf);
1640 }
1641
1642 Steps++; // SetPrimaryDomain
1643
1644 return Steps;
1645}
1646
1647DWORD
1648InstallSecurity(
1649 _In_ PITEMSDATA pItemsData,
1650 _In_ PREGISTRATIONNOTIFY pNotify)
1651{
1652 HINF hSecurityInf;
1653 PWSTR pszSecurityInf;
1654
1655// if (IsServer())
1656// pszSecurityInf = L"defltsv.inf";
1657// else
1658 pszSecurityInf = L"defltwk.inf";
1659
1660 InstallBuiltinAccounts(pItemsData, pNotify);
1661
1662 hSecurityInf = SetupOpenInfFileW(pszSecurityInf,
1663 NULL,
1664 INF_STYLE_WIN4,
1665 NULL);
1666 if (hSecurityInf != INVALID_HANDLE_VALUE)
1667 {
1668 InstallPrivileges(hSecurityInf, pItemsData, pNotify);
1669 ApplyRegistryValues(hSecurityInf, pItemsData, pNotify);
1670
1671 ApplyEventlogSettings(hSecurityInf, pItemsData, pNotify, L"Application Log", L"Application");
1672 ApplyEventlogSettings(hSecurityInf, pItemsData, pNotify, L"Security Log", L"Security");
1673 ApplyEventlogSettings(hSecurityInf, pItemsData, pNotify, L"System Log", L"System");
1674
1675 ApplyPasswordSettings(hSecurityInf, pItemsData, pNotify, L"System Access");
1676 ApplyLockoutSettings(hSecurityInf, L"System Access");
1677 ApplyAccountSettings(hSecurityInf, L"System Access");
1678
1679 ApplyAuditEvents(hSecurityInf);
1680
1681 SetupCloseInfFile(hSecurityInf);
1682 }
1683
1684 /* Hack */
1685 SetPrimaryDomain(L"WORKGROUP", NULL);
1686
1687 return ERROR_SUCCESS;
1688}
1689
1690
1691NTSTATUS
1692SetAdministratorPassword(LPCWSTR Password)
1693{
1694 PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
1695 PUSER_ACCOUNT_NAME_INFORMATION AccountNameInfo = NULL;
1696 USER_SET_PASSWORD_INFORMATION PasswordInfo;
1697 LSA_OBJECT_ATTRIBUTES ObjectAttributes;
1698 LSA_HANDLE PolicyHandle = NULL;
1699 SAM_HANDLE ServerHandle = NULL;
1700 SAM_HANDLE DomainHandle = NULL;
1701 SAM_HANDLE UserHandle = NULL;
1702 NTSTATUS Status;
1703
1704 DPRINT("SYSSETUP: SetAdministratorPassword(%p)\n", Password);
1705
1706 memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
1707 ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
1708
1709 Status = LsaOpenPolicy(NULL,
1710 &ObjectAttributes,
1711 POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
1712 &PolicyHandle);
1713 if (Status != STATUS_SUCCESS)
1714 {
1715 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
1716 return Status;
1717 }
1718
1719 Status = LsaQueryInformationPolicy(PolicyHandle,
1720 PolicyAccountDomainInformation,
1721 (PVOID *)&OrigInfo);
1722 if (!NT_SUCCESS(Status))
1723 {
1724 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
1725 goto done;
1726 }
1727
1728 Status = SamConnect(NULL,
1729 &ServerHandle,
1730 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
1731 NULL);
1732 if (!NT_SUCCESS(Status))
1733 {
1734 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
1735 goto done;
1736 }
1737
1738 Status = SamOpenDomain(ServerHandle,
1739 DOMAIN_LOOKUP,
1740 OrigInfo->DomainSid,
1741 &DomainHandle);
1742 if (!NT_SUCCESS(Status))
1743 {
1744 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
1745 goto done;
1746 }
1747
1748 Status = SamOpenUser(DomainHandle,
1749 USER_FORCE_PASSWORD_CHANGE | USER_READ_GENERAL,
1750 DOMAIN_USER_RID_ADMIN,
1751 &UserHandle);
1752 if (!NT_SUCCESS(Status))
1753 {
1754 DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status);
1755 goto done;
1756 }
1757
1758 RtlInitUnicodeString(&PasswordInfo.Password, Password);
1759 PasswordInfo.PasswordExpired = FALSE;
1760
1761 Status = SamSetInformationUser(UserHandle,
1762 UserSetPasswordInformation,
1763 &PasswordInfo);
1764 if (!NT_SUCCESS(Status))
1765 {
1766 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status);
1767 goto done;
1768 }
1769
1770 Status = SamQueryInformationUser(UserHandle,
1771 UserAccountNameInformation,
1772 (PVOID*)&AccountNameInfo);
1773 if (!NT_SUCCESS(Status))
1774 {
1775 DPRINT1("SamQueryInformationUser() failed (Status 0x%08lx)\n", Status);
1776 goto done;
1777 }
1778
1779 AdminInfo.Name = RtlAllocateHeap(RtlGetProcessHeap(),
1780 HEAP_ZERO_MEMORY,
1781 AccountNameInfo->UserName.Length + sizeof(WCHAR));
1782 if (AdminInfo.Name != NULL)
1783 RtlCopyMemory(AdminInfo.Name,
1784 AccountNameInfo->UserName.Buffer,
1785 AccountNameInfo->UserName.Length);
1786
1787 AdminInfo.Domain = RtlAllocateHeap(RtlGetProcessHeap(),
1788 HEAP_ZERO_MEMORY,
1789 OrigInfo->DomainName.Length + sizeof(WCHAR));
1790 if (AdminInfo.Domain != NULL)
1791 RtlCopyMemory(AdminInfo.Domain,
1792 OrigInfo->DomainName.Buffer,
1793 OrigInfo->DomainName.Length);
1794
1795 AdminInfo.Password = RtlAllocateHeap(RtlGetProcessHeap(),
1796 0,
1797 (wcslen(Password) + 1) * sizeof(WCHAR));
1798 if (AdminInfo.Password != NULL)
1799 wcscpy(AdminInfo.Password, Password);
1800
1801 DPRINT("Administrator Name: %S\n", AdminInfo.Name);
1802 DPRINT("Administrator Domain: %S\n", AdminInfo.Domain);
1803 DPRINT("Administrator Password: %S\n", AdminInfo.Password);
1804
1805done:
1806 if (AccountNameInfo != NULL)
1807 SamFreeMemory(AccountNameInfo);
1808
1809 if (OrigInfo != NULL)
1810 LsaFreeMemory(OrigInfo);
1811
1812 if (PolicyHandle != NULL)
1813 LsaClose(PolicyHandle);
1814
1815 if (UserHandle != NULL)
1816 SamCloseHandle(UserHandle);
1817
1818 if (DomainHandle != NULL)
1819 SamCloseHandle(DomainHandle);
1820
1821 if (ServerHandle != NULL)
1822 SamCloseHandle(ServerHandle);
1823
1824 DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status);
1825
1826 return Status;
1827}
1828
1829
1830VOID
1831SetAutoAdminLogon(VOID)
1832{
1833 WCHAR szAutoAdminLogon[2];
1834 HKEY hKey = NULL;
1835 DWORD dwType;
1836 DWORD dwSize;
1837 LONG lError;
1838
1839 lError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
1840 L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
1841 0,
1842 KEY_READ | KEY_WRITE,
1843 &hKey);
1844 if (lError != ERROR_SUCCESS)
1845 return;
1846
1847 dwSize = 2 * sizeof(WCHAR);
1848 lError = RegQueryValueExW(hKey,
1849 L"AutoAdminLogon",
1850 NULL,
1851 &dwType,
1852 (LPBYTE)szAutoAdminLogon,
1853 &dwSize);
1854 if (lError != ERROR_SUCCESS)
1855 goto done;
1856
1857 if (wcscmp(szAutoAdminLogon, L"1") == 0)
1858 {
1859 RegSetValueExW(hKey,
1860 L"DefaultDomainName",
1861 0,
1862 REG_SZ,
1863 (LPBYTE)AdminInfo.Domain,
1864 (wcslen(AdminInfo.Domain) + 1) * sizeof(WCHAR));
1865
1866 RegSetValueExW(hKey,
1867 L"DefaultUserName",
1868 0,
1869 REG_SZ,
1870 (LPBYTE)AdminInfo.Name,
1871 (wcslen(AdminInfo.Name) + 1) * sizeof(WCHAR));
1872
1873 RegSetValueExW(hKey,
1874 L"DefaultPassword",
1875 0,
1876 REG_SZ,
1877 (LPBYTE)AdminInfo.Password,
1878 (wcslen(AdminInfo.Password) + 1) * sizeof(WCHAR));
1879 }
1880
1881done:
1882 if (hKey != NULL)
1883 RegCloseKey(hKey);
1884}
1885
1886
1887/* EOF */
1888
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
DPRINT1
#define DPRINT1
Definition: precomp.h:8
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:616
RegCloseKey
#define RegCloseKey(hKey)
Definition: registry.h:49
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
ARRAYSIZE
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
RegCreateKeyExW
LONG WINAPI RegCreateKeyExW(_In_ HKEY hKey, _In_ LPCWSTR lpSubKey, _In_ DWORD Reserved, _In_opt_ LPWSTR lpClass, _In_ DWORD dwOptions, _In_ REGSAM samDesired, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes, _Out_ PHKEY phkResult, _Out_opt_ LPDWORD lpdwDisposition)
Definition: reg.c:1096
RegOpenKeyExW
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3333
RegSetValueExW
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
Definition: reg.c:4882
RegQueryValueExW
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4103
LsaSetInformationPolicy
NTSTATUS WINAPI LsaSetInformationPolicy(IN LSA_HANDLE PolicyHandle, IN POLICY_INFORMATION_CLASS InformationClass, IN PVOID Buffer)
Definition: lsa.c:1948
LsaOpenPolicy
NTSTATUS WINAPI LsaOpenPolicy(IN PLSA_UNICODE_STRING SystemName OPTIONAL, IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE PolicyHandle)
Definition: lsa.c:1183
LsaCreateAccount
NTSTATUS WINAPI LsaCreateAccount(IN LSA_HANDLE PolicyHandle, IN PSID AccountSid, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE AccountHandle)
Definition: lsa.c:219
LsaQueryInformationPolicy
NTSTATUS WINAPI LsaQueryInformationPolicy(IN LSA_HANDLE PolicyHandle, IN POLICY_INFORMATION_CLASS InformationClass, OUT PVOID *Buffer)
Definition: lsa.c:1473
LsaLookupNames2
NTSTATUS WINAPI LsaLookupNames2(IN LSA_HANDLE PolicyHandle, IN ULONG Flags, IN ULONG Count, IN PLSA_UNICODE_STRING Names, OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, OUT PLSA_TRANSLATED_SID2 *Sids)
Definition: lsa.c:906
LsaAddAccountRights
NTSTATUS WINAPI LsaAddAccountRights(IN LSA_HANDLE PolicyHandle, IN PSID AccountSid, IN PLSA_UNICODE_STRING UserRights, IN ULONG CountOfRights)
Definition: lsa.c:105
LsaFreeMemory
NTSTATUS WINAPI LsaFreeMemory(IN PVOID Buffer)
Definition: lsa.c:701
LsaClose
NTSTATUS WINAPI LsaClose(IN LSA_HANDLE ObjectHandle)
Definition: lsa.c:194
wcschr
#define wcschr
Definition: compat.h:17
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:736
wcsrchr
#define wcsrchr
Definition: compat.h:16
INVALID_HANDLE_VALUE
#define INVALID_HANDLE_VALUE
Definition: compat.h:731
HeapAlloc
#define HeapAlloc
Definition: compat.h:733
MAX_PATH
#define MAX_PATH
Definition: compat.h:34
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:735
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
dwLength
static DWORD DWORD * dwLength
Definition: fusion.c:86
_wcsicmp
_ACRTIMP int __cdecl _wcsicmp(const wchar_t *, const wchar_t *)
Definition: wcs.c:159
wcslen
_ACRTIMP size_t __cdecl wcslen(const wchar_t *)
Definition: wcs.c:2983
wcscmp
_ACRTIMP int __cdecl wcscmp(const wchar_t *, const wchar_t *)
Definition: wcs.c:1972
SetupOpenInfFileW
HINF WINAPI SetupOpenInfFileW(PCWSTR name, PCWSTR class, DWORD style, UINT *error)
Definition: parser.c:1229
SetupGetLineCountW
LONG WINAPI SetupGetLineCountW(HINF hinf, PCWSTR section)
Definition: parser.c:1501
PM_STEP_START
#define PM_STEP_START
Definition: globals.h:62
AdminInfo
ADMIN_INFO AdminInfo
Definition: install.c:38
PM_STEP_END
#define PM_STEP_END
Definition: globals.h:63
TICKS_PER_MINUTE
#define TICKS_PER_MINUTE
Definition: security.c:22
SetAutoAdminLogon
VOID SetAutoAdminLogon(VOID)
Definition: security.c:1831
ApplyAuditEvents
static VOID ApplyAuditEvents(_In_ HINF hSecurityInf)
Definition: security.c:1469
SetAdministratorPassword
NTSTATUS SetAdministratorPassword(LPCWSTR Password)
Definition: security.c:1692
CountSecuritySteps
LONG CountSecuritySteps(VOID)
Definition: security.c:1607
ApplyLockoutSettings
static VOID ApplyLockoutSettings(_In_ HINF hSecurityInf, _In_ PWSTR pszSectionName)
Definition: security.c:1030
SetPrimaryDomain
static NTSTATUS SetPrimaryDomain(LPCWSTR DomainName, PSID DomainSid)
Definition: security.c:153
ApplyRegistryValues
static VOID ApplyRegistryValues(_In_ HINF hSecurityInf, _In_ PITEMSDATA pItemsData, _In_ PREGISTRATIONNOTIFY pNotify)
Definition: security.c:454
InstallPrivileges
static VOID InstallPrivileges(_In_ HINF hSecurityInf, _In_ PITEMSDATA pItemsData, _In_ PREGISTRATIONNOTIFY pNotify)
Definition: security.c:304
TICKS_PER_DAY
#define TICKS_PER_DAY
Definition: security.c:21
ApplyAccountSettings
static VOID ApplyAccountSettings(_In_ HINF hSecurityInf, _In_ PWSTR pszSectionName)
Definition: security.c:1370
EnableAccount
static VOID EnableAccount(_In_ HINF hSecurityInf, _In_ PWSTR pszSectionName, _In_ PWSTR pszValueName, _In_ SAM_HANDLE DomainHandle, _In_ DWORD dwAccountRid)
Definition: security.c:1207
InstallSecurity
DWORD InstallSecurity(_In_ PITEMSDATA pItemsData, _In_ PREGISTRATIONNOTIFY pNotify)
Definition: security.c:1648
ApplyPasswordSettings
static VOID ApplyPasswordSettings(_In_ HINF hSecurityInf, _In_ PITEMSDATA pItemsData, _In_ PREGISTRATIONNOTIFY pNotify, _In_ PWSTR pszSectionName)
Definition: security.c:821
InstallBuiltinAccounts
static VOID InstallBuiltinAccounts(_In_ PITEMSDATA pItemsData, _In_ PREGISTRATIONNOTIFY pNotify)
Definition: security.c:237
ApplyEventlogSettings
static VOID ApplyEventlogSettings(_In_ HINF hSecurityInf, _In_ PITEMSDATA pItemsData, _In_ PREGISTRATIONNOTIFY pNotify, _In_ PWSTR pszSectionName, _In_ PWSTR pszLogName)
Definition: security.c:660
SetLsaAnonymousNameLookup
static VOID SetLsaAnonymousNameLookup(_In_ HINF hSecurityInf, _In_ PWSTR pszSectionName)
Definition: security.c:1172
SetAccountsDomainSid
NTSTATUS WINAPI SetAccountsDomainSid(PSID DomainSid, LPCWSTR DomainName)
Definition: security.c:28
SetNewAccountName
static VOID SetNewAccountName(_In_ HINF hSecurityInf, _In_ PWSTR pszSectionName, _In_ PWSTR pszValueName, _In_ SAM_HANDLE DomainHandle, _In_ DWORD dwAccountRid)
Definition: security.c:1283
L
#define L(x)
Definition: resources.c:13
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
hKey
FxAutoRegKey hKey
Definition: fxdriverapikm.cpp:59
Status
Status
Definition: gdiplustypes.h:25
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
LocalFree
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
INF_STYLE_WIN4
#define INF_STYLE_WIN4
Definition: infsupp.h:43
REG_SZ
#define REG_SZ
Definition: layer.c:22
ZeroMemory
#define ZeroMemory
Definition: minwinbase.h:31
LPARAM
LONG_PTR LPARAM
Definition: minwindef.h:175
PINT
int * PINT
Definition: minwindef.h:150
ASSERT
#define ASSERT(a)
Definition: mode.c:44
dwSize
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
Definition: env.c:56
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1165
_In_
#define _In_
Definition: no_sal2.h:158
REG_BINARY
#define REG_BINARY
Definition: nt_native.h:1499
KEY_READ
#define KEY_READ
Definition: nt_native.h:1026
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
REG_OPTION_NON_VOLATILE
#define REG_OPTION_NON_VOLATILE
Definition: nt_native.h:1060
REG_MULTI_SZ
#define REG_MULTI_SZ
Definition: nt_native.h:1504
KEY_WRITE
#define KEY_WRITE
Definition: nt_native.h:1034
DWORD
#define DWORD
Definition: nt_native.h:44
REG_EXPAND_SZ
#define REG_EXPAND_SZ
Definition: nt_native.h:1497
UNICODE_NULL
#define UNICODE_NULL
UNICODE_STRING_MAX_CHARS
#define UNICODE_STRING_MAX_CHARS
USER_READ_GENERAL
#define USER_READ_GENERAL
Definition: ntsam.h:126
DomainNameInformation
@ DomainNameInformation
Definition: ntsam.h:345
DomainPasswordInformation
@ DomainPasswordInformation
Definition: ntsam.h:341
DomainLockoutInformation
@ DomainLockoutInformation
Definition: ntsam.h:352
USER_FORCE_PASSWORD_CHANGE
#define USER_FORCE_PASSWORD_CHANGE
Definition: ntsam.h:133
DOMAIN_WRITE_OTHER_PARAMETERS
#define DOMAIN_WRITE_OTHER_PARAMETERS
Definition: ntsam.h:36
DOMAIN_LOOKUP
#define DOMAIN_LOOKUP
Definition: ntsam.h:42
USER_WRITE_ACCOUNT
#define USER_WRITE_ACCOUNT
Definition: ntsam.h:131
USER_READ_ACCOUNT
#define USER_READ_ACCOUNT
Definition: ntsam.h:130
DOMAIN_PASSWORD_STORE_CLEARTEXT
#define DOMAIN_PASSWORD_STORE_CLEARTEXT
Definition: ntsam.h:258
SAM_SERVER_LOOKUP_DOMAIN
#define SAM_SERVER_LOOKUP_DOMAIN
Definition: ntsam.h:104
UserAccountNameInformation
@ UserAccountNameInformation
Definition: ntsam.h:520
UserNameInformation
@ UserNameInformation
Definition: ntsam.h:519
UserSetPasswordInformation
@ UserSetPasswordInformation
Definition: ntsam.h:528
UserControlInformation
@ UserControlInformation
Definition: ntsam.h:529
SAM_SERVER_CONNECT
#define SAM_SERVER_CONNECT
Definition: ntsam.h:99
DOMAIN_WRITE_PASSWORD_PARAMS
#define DOMAIN_WRITE_PASSWORD_PARAMS
Definition: ntsam.h:34
DOMAIN_READ_PASSWORD_PARAMETERS
#define DOMAIN_READ_PASSWORD_PARAMETERS
Definition: ntsam.h:33
DOMAIN_PASSWORD_COMPLEX
#define DOMAIN_PASSWORD_COMPLEX
Definition: ntsam.h:254
USER_ACCOUNT_DISABLED
#define USER_ACCOUNT_DISABLED
Definition: ntsam.h:167
WCHAR
short WCHAR
Definition: pedump.c:58
LONG
long LONG
Definition: pedump.c:60
USHORT
unsigned short USHORT
Definition: pedump.c:61
INT
#define INT
Definition: polytest.cpp:20
POLICY_AUDIT_EVENT_NONE
#define POLICY_AUDIT_EVENT_NONE
Definition: ntsecapi.h:81
PolicyAuditEventsInformation
@ PolicyAuditEventsInformation
Definition: ntsecapi.h:244
PolicyPrimaryDomainInformation
@ PolicyPrimaryDomainInformation
Definition: ntsecapi.h:245
PolicyAccountDomainInformation
@ PolicyAccountDomainInformation
Definition: ntsecapi.h:247
POLICY_AUDIT_EVENT_UNCHANGED
#define POLICY_AUDIT_EVENT_UNCHANGED
Definition: ntsecapi.h:78
POLICY_CREATE_ACCOUNT
#define POLICY_CREATE_ACCOUNT
Definition: ntsecapi.h:65
LSA_OBJECT_ATTRIBUTES
struct _LSA_OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES
POLICY_TRUST_ADMIN
#define POLICY_TRUST_ADMIN
Definition: ntsecapi.h:64
AuditCategoryLogon
@ AuditCategoryLogon
Definition: ntsecapi.h:261
AuditCategoryAccountManagement
@ AuditCategoryAccountManagement
Definition: ntsecapi.h:266
AuditCategoryAccountLogon
@ AuditCategoryAccountLogon
Definition: ntsecapi.h:268
AuditCategoryPolicyChange
@ AuditCategoryPolicyChange
Definition: ntsecapi.h:265
AuditCategorySystem
@ AuditCategorySystem
Definition: ntsecapi.h:260
AuditCategoryObjectAccess
@ AuditCategoryObjectAccess
Definition: ntsecapi.h:262
AuditCategoryDirectoryServiceAccess
@ AuditCategoryDirectoryServiceAccess
Definition: ntsecapi.h:267
AuditCategoryDetailedTracking
@ AuditCategoryDetailedTracking
Definition: ntsecapi.h:264
AuditCategoryPrivilegeUse
@ AuditCategoryPrivilegeUse
Definition: ntsecapi.h:263
POLICY_VIEW_LOCAL_INFORMATION
#define POLICY_VIEW_LOCAL_INFORMATION
Definition: ntsecapi.h:61
POLICY_SET_AUDIT_REQUIREMENTS
#define POLICY_SET_AUDIT_REQUIREMENTS
Definition: ntsecapi.h:69
POLICY_LOOKUP_NAMES
#define POLICY_LOOKUP_NAMES
Definition: ntsecapi.h:72
pBuffer
PVOID pBuffer
Definition: rdesktop-core-tester.cpp:188
SamQueryInformationUser
NTSTATUS NTAPI SamQueryInformationUser(IN SAM_HANDLE UserHandle, IN USER_INFORMATION_CLASS UserInformationClass, OUT PVOID *Buffer)
Definition: samlib.c:1731
SamQueryInformationDomain
NTSTATUS NTAPI SamQueryInformationDomain(IN SAM_HANDLE DomainHandle, IN DOMAIN_INFORMATION_CLASS DomainInformationClass, OUT PVOID *Buffer)
Definition: samlib.c:1677
SamOpenUser
NTSTATUS NTAPI SamOpenUser(IN SAM_HANDLE DomainHandle, IN ACCESS_MASK DesiredAccess, IN ULONG UserId, OUT PSAM_HANDLE UserHandle)
Definition: samlib.c:1535
SamSetInformationUser
NTSTATUS NTAPI SamSetInformationUser(IN SAM_HANDLE UserHandle, IN USER_INFORMATION_CLASS UserInformationClass, IN PVOID Buffer)
Definition: samlib.c:2000
SamFreeMemory
NTSTATUS NTAPI SamFreeMemory(IN PVOID Buffer)
Definition: samlib.c:983
SamConnect
NTSTATUS NTAPI SamConnect(IN OUT PUNICODE_STRING ServerName OPTIONAL, OUT PSAM_HANDLE ServerHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: samlib.c:519
SamCloseHandle
NTSTATUS NTAPI SamCloseHandle(IN SAM_HANDLE SamHandle)
Definition: samlib.c:497
SamOpenDomain
NTSTATUS NTAPI SamOpenDomain(IN SAM_HANDLE ServerHandle, IN ACCESS_MASK DesiredAccess, IN PSID DomainId, OUT PSAM_HANDLE DomainHandle)
Definition: samlib.c:1477
SamSetInformationDomain
NTSTATUS NTAPI SamSetInformationDomain(IN SAM_HANDLE DomainHandle, IN DOMAIN_INFORMATION_CLASS DomainInformationClass, IN PVOID Buffer)
Definition: samlib.c:1946
REG_DWORD
#define REG_DWORD
Definition: sdbapi.c:615
ConvertStringSidToSid
#define ConvertStringSidToSid
Definition: sddl.h:161
wcsncpy
wcsncpy
Definition: corecrt_wstring.h:201
wcscpy
wcscpy
Definition: corecrt_wstring.h:120
memset
#define memset(x, y, z)
Definition: compat.h:39
SetupGetStringField
#define SetupGetStringField
Definition: setupapi.h:2640
SetupGetMultiSzField
#define SetupGetMultiSzField
Definition: setupapi.h:2636
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
DPRINT
#define DPRINT
Definition: sndvol32.h:73
_ADMIN_INFO::Password
LPWSTR Password
Definition: globals.h:25
_ADMIN_INFO::Name
LPWSTR Name
Definition: globals.h:23
_ADMIN_INFO::Domain
LPWSTR Domain
Definition: globals.h:24
_DOMAIN_LOCKOUT_INFORMATION
Definition: ntsam.h:449
_DOMAIN_LOCKOUT_INFORMATION::LockoutThreshold
USHORT LockoutThreshold
Definition: ntsam.h:452
_DOMAIN_LOCKOUT_INFORMATION::LockoutObservationWindow
LARGE_INTEGER LockoutObservationWindow
Definition: ntsam.h:451
_DOMAIN_LOCKOUT_INFORMATION::LockoutDuration
LARGE_INTEGER LockoutDuration
Definition: ntsam.h:450
_DOMAIN_NAME_INFORMATION
Definition: ntsam.h:408
_DOMAIN_NAME_INFORMATION::DomainName
UNICODE_STRING DomainName
Definition: ntsam.h:409
_DOMAIN_PASSWORD_INFORMATION
Definition: ntsam.h:371
_DOMAIN_PASSWORD_INFORMATION::PasswordHistoryLength
USHORT PasswordHistoryLength
Definition: ntsam.h:373
_DOMAIN_PASSWORD_INFORMATION::MinPasswordAge
LARGE_INTEGER MinPasswordAge
Definition: ntsam.h:376
_DOMAIN_PASSWORD_INFORMATION::PasswordProperties
ULONG PasswordProperties
Definition: ntsam.h:374
_DOMAIN_PASSWORD_INFORMATION::MaxPasswordAge
LARGE_INTEGER MaxPasswordAge
Definition: ntsam.h:375
_DOMAIN_PASSWORD_INFORMATION::MinPasswordLength
USHORT MinPasswordLength
Definition: ntsam.h:372
_INFCONTEXT
Definition: infsupp.h:23
_ITEMSDATA
Definition: globals.h:30
_LSA_OBJECT_ATTRIBUTES
Definition: ntsecapi.h:177
_LSA_REFERENCED_DOMAIN_LIST
Definition: ntsecapi.h:406
_LSA_TRANSLATED_SID2
Definition: ntsecapi.h:415
_LSA_UNICODE_STRING
Definition: ntsecapi.h:162
_POLICY_ACCOUNT_DOMAIN_INFO
Definition: ntsecapi.h:565
_POLICY_ACCOUNT_DOMAIN_INFO::DomainSid
PSID DomainSid
Definition: ntsecapi.h:567
_POLICY_ACCOUNT_DOMAIN_INFO::DomainName
LSA_UNICODE_STRING DomainName
Definition: ntsecapi.h:566
_POLICY_AUDIT_EVENTS_INFO
Definition: ntsecapi.h:560
_POLICY_AUDIT_EVENTS_INFO::AuditingMode
BOOLEAN AuditingMode
Definition: ntsecapi.h:561
_POLICY_AUDIT_EVENTS_INFO::MaximumAuditEventCount
ULONG MaximumAuditEventCount
Definition: ntsecapi.h:563
_POLICY_AUDIT_EVENTS_INFO::EventAuditingOptions
PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions
Definition: ntsecapi.h:562
_POLICY_PRIMARY_DOMAIN_INFO
Definition: ntsecapi.h:569
_POLICY_PRIMARY_DOMAIN_INFO::Sid
PSID Sid
Definition: ntsecapi.h:571
_POLICY_PRIMARY_DOMAIN_INFO::Name
LSA_UNICODE_STRING Name
Definition: ntsecapi.h:570
_REGISTRATIONNOTIFY
Definition: globals.h:35
_SID
Definition: ms-dtyp.idl:198
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:370
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
_USER_ACCOUNT_NAME_INFORMATION
Definition: ntsam.h:622
_USER_ACCOUNT_NAME_INFORMATION::UserName
UNICODE_STRING UserName
Definition: ntsam.h:623
_USER_CONTROL_INFORMATION
Definition: ntsam.h:669
_USER_CONTROL_INFORMATION::UserAccountControl
ULONG UserAccountControl
Definition: ntsam.h:670
_USER_NAME_INFORMATION
Definition: ntsam.h:616
_USER_NAME_INFORMATION::FullName
UNICODE_STRING FullName
Definition: ntsam.h:618
_USER_NAME_INFORMATION::UserName
UNICODE_STRING UserName
Definition: ntsam.h:617
_USER_SET_PASSWORD_INFORMATION
Definition: ntsam.h:663
_USER_SET_PASSWORD_INFORMATION::Password
UNICODE_STRING Password
Definition: ntsam.h:664
_USER_SET_PASSWORD_INFORMATION::PasswordExpired
BOOLEAN PasswordExpired
Definition: ntsam.h:665
Password
@ Password
Definition: telnetd.h:67
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
LPCWSTR
const uint16_t * LPCWSTR
Definition: typedefs.h:57
LPBYTE
unsigned char * LPBYTE
Definition: typedefs.h:53
LPWSTR
uint16_t * LPWSTR
Definition: typedefs.h:56
LONGLONG
int64_t LONGLONG
Definition: typedefs.h:68
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
INT
int32_t INT
Definition: typedefs.h:58
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
ULONG
uint32_t ULONG
Definition: typedefs.h:59
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_LARGE_INTEGER::QuadPart
LONGLONG QuadPart
Definition: typedefs.h:114
SetupGetStringFieldW
BOOL WINAPI SetupGetStringFieldW(IN PINFCONTEXT Context, IN ULONG FieldIndex, OUT PWSTR ReturnBuffer, IN ULONG ReturnBufferSize, OUT PULONG RequiredSize)
Definition: infsupp.c:186
SetupFindFirstLineW
BOOL WINAPI SetupFindFirstLineW(IN HINF InfHandle, IN PCWSTR Section, IN PCWSTR Key, IN OUT PINFCONTEXT Context)
Definition: infsupp.c:56
SetupGetIntField
BOOL WINAPI SetupGetIntField(IN PINFCONTEXT Context, IN ULONG FieldIndex, OUT INT *IntegerValue)
Definition: infsupp.c:148
SetupGetFieldCount
ULONG WINAPI SetupGetFieldCount(IN PINFCONTEXT Context)
Definition: infsupp.c:93
SetupFindNextLine
BOOL WINAPI SetupFindNextLine(IN PINFCONTEXT ContextIn, OUT PINFCONTEXT ContextOut)
Definition: infsupp.c:82
SetupCloseInfFile
VOID WINAPI SetupCloseInfFile(IN HINF InfHandle)
Definition: infsupp.c:45
SetupGetBinaryField
BOOL WINAPI SetupGetBinaryField(IN PINFCONTEXT Context, IN ULONG FieldIndex, OUT PUCHAR ReturnBuffer, IN ULONG ReturnBufferSize, OUT PULONG RequiredSize)
Definition: infsupp.c:128
Info
_Must_inspect_result_ _In_ WDFCHILDLIST _In_ PWDF_CHILD_LIST_ITERATOR _Out_ WDFDEVICE _Inout_opt_ PWDF_CHILD_RETRIEVE_INFO Info
Definition: wdfchildlist.h:690
GetLastError
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
WINAPI
#define WINAPI
Definition: msvc.h:6
HKEY_LOCAL_MACHINE
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12
RegSetValueEx
#define RegSetValueEx
Definition: winreg.h:565
SendMessage
#define SendMessage
Definition: winuser.h:6009
DOMAIN_USER_RID_ADMIN
#define DOMAIN_USER_RID_ADMIN
Definition: setypes.h:631
DOMAIN_USER_RID_GUEST
#define DOMAIN_USER_RID_GUEST
Definition: setypes.h:632