ReactOS 0.4.15-dev-7906-g1b85a5f
security.c
Go to the documentation of this file.
1/*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS system libraries
4 * PURPOSE: System setup
5 * FILE: dll/win32/syssetup/security.c
6 * PROGRAMER: Eric Kohl
7 */
8
9/* INCLUDES *****************************************************************/
10
11#include "precomp.h"
12
13#include <ntlsa.h>
14#include <ntsecapi.h>
15#include <ntsam.h>
16#include <sddl.h>
17
18#define NDEBUG
19#include <debug.h>
20
21#define TICKS_PER_DAY -864000000000LL
22#define TICKS_PER_MINUTE -600000000LL
23
24/* FUNCTIONS ****************************************************************/
25
29 PSID DomainSid,
30 LPCWSTR DomainName)
31{
35 LSA_HANDLE PolicyHandle;
36
37 SAM_HANDLE ServerHandle = NULL;
38 SAM_HANDLE DomainHandle = NULL;
39 DOMAIN_NAME_INFORMATION DomainNameInfo;
40
41 SIZE_T DomainNameLength = 0;
43
44 DPRINT("SYSSETUP: SetAccountsDomainSid\n");
45
46 if (DomainName != NULL)
47 {
48 DomainNameLength = wcslen(DomainName);
49 if (DomainNameLength > UNICODE_STRING_MAX_CHARS)
50 {
52 }
53 }
54
57
61 &PolicyHandle);
63 {
64 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
65 return Status;
66 }
67
68 Status = LsaQueryInformationPolicy(PolicyHandle,
70 (PVOID *)&OrigInfo);
71 if (Status == STATUS_SUCCESS && OrigInfo != NULL)
72 {
73 if (DomainName == NULL)
74 {
75 Info.DomainName.Buffer = OrigInfo->DomainName.Buffer;
76 Info.DomainName.Length = OrigInfo->DomainName.Length;
77 Info.DomainName.MaximumLength = OrigInfo->DomainName.MaximumLength;
78 }
79 else
80 {
81 Info.DomainName.Buffer = (LPWSTR)DomainName;
82 Info.DomainName.Length = DomainNameLength * sizeof(WCHAR);
83 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
84 }
85
86 if (DomainSid == NULL)
87 Info.DomainSid = OrigInfo->DomainSid;
88 else
89 Info.DomainSid = DomainSid;
90 }
91 else
92 {
93 Info.DomainName.Buffer = (LPWSTR)DomainName;
94 Info.DomainName.Length = DomainNameLength * sizeof(WCHAR);
95 Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
96 Info.DomainSid = DomainSid;
97 }
98
99 Status = LsaSetInformationPolicy(PolicyHandle,
101 (PVOID)&Info);
102 if (Status != STATUS_SUCCESS)
103 {
104 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status);
105 }
106
107 if (OrigInfo != NULL)
108 LsaFreeMemory(OrigInfo);
109
110 LsaClose(PolicyHandle);
111
112 DomainNameInfo.DomainName.Length = DomainNameLength * sizeof(WCHAR);
113 DomainNameInfo.DomainName.MaximumLength = DomainNameInfo.DomainName.Length + sizeof(WCHAR);
114 DomainNameInfo.DomainName.Buffer = (LPWSTR)DomainName;
115
117 &ServerHandle,
119 NULL);
120 if (NT_SUCCESS(Status))
121 {
122 Status = SamOpenDomain(ServerHandle,
124 Info.DomainSid,
125 &DomainHandle);
126 if (NT_SUCCESS(Status))
127 {
128 Status = SamSetInformationDomain(DomainHandle,
130 &DomainNameInfo);
131 if (!NT_SUCCESS(Status))
132 {
133 DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status);
134 }
135
136 SamCloseHandle(DomainHandle);
137 }
138 else
139 {
140 DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status);
141 }
142
143 SamCloseHandle(ServerHandle);
144 }
145
146 return Status;
147}
148
149
150/* Hack */
151static
154 PSID DomainSid)
155{
159 LSA_HANDLE PolicyHandle;
160 SIZE_T DomainNameLength = 0;
162
163 DPRINT1("SYSSETUP: SetPrimaryDomain()\n");
164
165 if (DomainName != NULL)
166 {
167 DomainNameLength = wcslen(DomainName);
168 if (DomainNameLength > UNICODE_STRING_MAX_CHARS)
169 {
171 }
172 }
173
176
180 &PolicyHandle);
181 if (Status != STATUS_SUCCESS)
182 {
183 DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
184 return Status;
185 }
186
187 Status = LsaQueryInformationPolicy(PolicyHandle,
189 (PVOID *)&OrigInfo);
190 if (Status == STATUS_SUCCESS && OrigInfo != NULL)
191 {
192 if (DomainName == NULL)
193 {
194 Info.Name.Buffer = OrigInfo->Name.Buffer;
195 Info.Name.Length = OrigInfo->Name.Length;
196 Info.Name.MaximumLength = OrigInfo->Name.MaximumLength;
197 }
198 else
199 {
200 Info.Name.Buffer = (LPWSTR)DomainName;
201 Info.Name.Length = DomainNameLength * sizeof(WCHAR);
202 Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR);
203 }
204
205 if (DomainSid == NULL)
206 Info.Sid = OrigInfo->Sid;
207 else
208 Info.Sid = DomainSid;
209 }
210 else
211 {
212 Info.Name.Buffer = (LPWSTR)DomainName;
213 Info.Name.Length = DomainNameLength * sizeof(WCHAR);
214 Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR);
215 Info.Sid = DomainSid;
216 }
217
218 Status = LsaSetInformationPolicy(PolicyHandle,
220 (PVOID)&Info);
221 if (Status != STATUS_SUCCESS)
222 {
223 DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status);
224 }
225
226 if (OrigInfo != NULL)
227 LsaFreeMemory(OrigInfo);
228
229 LsaClose(PolicyHandle);
230
231 return Status;
232}
233
234
235static
236VOID
238{
239 LPWSTR BuiltinAccounts[] = {
240 L"S-1-1-0", /* Everyone */
241 L"S-1-5-4", /* Interactive */
242 L"S-1-5-6", /* Service */
243 L"S-1-5-19", /* Local Service */
244 L"S-1-5-20", /* Network Service */
245 L"S-1-5-32-544", /* Administrators */
246 L"S-1-5-32-545", /* Users */
247 L"S-1-5-32-547", /* Power Users */
248 L"S-1-5-32-551", /* Backup Operators */
249 L"S-1-5-32-555"}; /* Remote Desktop Users */
252 LSA_HANDLE PolicyHandle = NULL;
253 LSA_HANDLE AccountHandle = NULL;
254 PSID AccountSid;
255 ULONG i;
256
257 DPRINT("InstallBuiltinAccounts()\n");
258
260
264 &PolicyHandle);
265 if (!NT_SUCCESS(Status))
266 {
267 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
268 return;
269 }
270
271 for (i = 0; i < ARRAYSIZE(BuiltinAccounts); i++)
272 {
273 if (!ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid))
274 {
275 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", BuiltinAccounts[i], GetLastError());
276 continue;
277 }
278
279 Status = LsaCreateAccount(PolicyHandle,
280 AccountSid,
281 0,
282 &AccountHandle);
283 if (NT_SUCCESS(Status))
284 {
285 LsaClose(AccountHandle);
286 }
287
288 LocalFree(AccountSid);
289 }
290
291 LsaClose(PolicyHandle);
292}
293
294
295static
296VOID
298 HINF hSecurityInf)
299{
301 WCHAR szPrivilegeString[256];
302 WCHAR szSidString[256];
303 INFCONTEXT InfContext;
304 DWORD i;
305 PSID AccountSid = NULL;
307 LSA_HANDLE PolicyHandle = NULL;
308 LSA_UNICODE_STRING RightString, AccountName;
309 PLSA_REFERENCED_DOMAIN_LIST ReferencedDomains = NULL;
311
312 DPRINT("InstallPrivileges()\n");
313
315
319 &PolicyHandle);
320 if (!NT_SUCCESS(Status))
321 {
322 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
323 goto done;
324 }
325
326 if (!SetupFindFirstLineW(hSecurityInf,
327 L"Privilege Rights",
328 NULL,
329 &InfContext))
330 {
331 DPRINT1("SetupFindFirstLineW failed\n");
332 goto done;
333 }
334
335 do
336 {
337 /* Retrieve the privilege name */
338 if (!SetupGetStringFieldW(&InfContext,
339 0,
340 szPrivilegeString,
341 ARRAYSIZE(szPrivilegeString),
342 NULL))
343 {
344 DPRINT1("SetupGetStringFieldW() failed\n");
345 goto done;
346 }
347 DPRINT("Privilege: %S\n", szPrivilegeString);
348
349 for (i = 0; i < SetupGetFieldCount(&InfContext); i++)
350 {
351 if (!SetupGetStringFieldW(&InfContext,
352 i + 1,
353 szSidString,
354 ARRAYSIZE(szSidString),
355 NULL))
356 {
357 DPRINT1("SetupGetStringFieldW() failed\n");
358 goto done;
359 }
360 DPRINT("SID: %S\n", szSidString);
361
362 if (szSidString[0] == UNICODE_NULL)
363 continue;
364
365 if (szSidString[0] == L'*')
366 {
367 DPRINT("Account Sid: %S\n", &szSidString[1]);
368
369 if (!ConvertStringSidToSid(&szSidString[1], &AccountSid))
370 {
371 DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", szSidString, GetLastError());
372 continue;
373 }
374 }
375 else
376 {
377 DPRINT("Account name: %S\n", szSidString);
378
379 ReferencedDomains = NULL;
380 Sids = NULL;
381 RtlInitUnicodeString(&AccountName, szSidString);
382 Status = LsaLookupNames2(PolicyHandle,
383 0,
384 1,
385 &AccountName,
386 &ReferencedDomains,
387 &Sids);
388 if (ReferencedDomains != NULL)
389 {
390 LsaFreeMemory(ReferencedDomains);
391 }
392
393 if (!NT_SUCCESS(Status))
394 {
395 DPRINT1("LsaLookupNames2() failed (Status 0x%08lx)\n", Status);
396
397 if (Sids != NULL)
398 {
399 LsaFreeMemory(Sids);
400 Sids = NULL;
401 }
402
403 continue;
404 }
405 }
406
407 RtlInitUnicodeString(&RightString, szPrivilegeString);
408 Status = LsaAddAccountRights(PolicyHandle,
409 (AccountSid != NULL) ? AccountSid : Sids[0].Sid,
410 &RightString,
411 1);
412 if (!NT_SUCCESS(Status))
413 {
414 DPRINT1("LsaAddAccountRights() failed (Status %08lx)\n", Status);
415 }
416
417 if (Sids != NULL)
418 {
419 LsaFreeMemory(Sids);
420 Sids = NULL;
421 }
422
423 if (AccountSid != NULL)
424 {
425 LocalFree(AccountSid);
426 AccountSid = NULL;
427 }
428 }
429
430 }
431 while (SetupFindNextLine(&InfContext, &InfContext));
432
433done:
434 if (PolicyHandle != NULL)
435 LsaClose(PolicyHandle);
436}
437
438
439static
440VOID
442 HINF hSecurityInf)
443{
444 WCHAR szRegistryPath[MAX_PATH];
445 WCHAR szRootName[MAX_PATH];
446 WCHAR szKeyName[MAX_PATH];
447 WCHAR szValueName[MAX_PATH];
448 INFCONTEXT InfContext;
449 DWORD dwLength, dwType;
450 HKEY hRootKey, hKey;
451 PWSTR Ptr1, Ptr2;
452 DWORD dwError;
454
455 DPRINT("ApplyRegistryValues()\n");
456
457 if (!SetupFindFirstLineW(hSecurityInf,
458 L"Registry Values",
459 NULL,
460 &InfContext))
461 {
462 DPRINT1("SetupFindFirstLineW failed\n");
463 return;
464 }
465
466 do
467 {
468 /* Retrieve the privilege name */
469 if (!SetupGetStringFieldW(&InfContext,
470 0,
471 szRegistryPath,
472 ARRAYSIZE(szRegistryPath),
473 NULL))
474 {
475 DPRINT1("SetupGetStringFieldW() failed\n");
476 return;
477 }
478
479 DPRINT("RegistryPath: %S\n", szRegistryPath);
480
481 Ptr1 = wcschr(szRegistryPath, L'\\');
482 Ptr2 = wcsrchr(szRegistryPath, L'\\');
483 if (Ptr1 != NULL && Ptr2 != NULL && Ptr1 != Ptr2)
484 {
485 dwLength = (DWORD)(((ULONG_PTR)Ptr1 - (ULONG_PTR)szRegistryPath) / sizeof(WCHAR));
486 wcsncpy(szRootName, szRegistryPath, dwLength);
487 szRootName[dwLength] = UNICODE_NULL;
488
489 Ptr1++;
490 dwLength = (DWORD)(((ULONG_PTR)Ptr2 - (ULONG_PTR)Ptr1) / sizeof(WCHAR));
491 wcsncpy(szKeyName, Ptr1, dwLength);
492 szKeyName[dwLength] = UNICODE_NULL;
493
494 Ptr2++;
495 wcscpy(szValueName, Ptr2);
496
497 DPRINT("RootName: %S\n", szRootName);
498 DPRINT("KeyName: %S\n", szKeyName);
499 DPRINT("ValueName: %S\n", szValueName);
500
501 if (_wcsicmp(szRootName, L"Machine") == 0)
502 {
503 hRootKey = HKEY_LOCAL_MACHINE;
504 }
505 else
506 {
507 DPRINT1("Unsupported root key %S\n", szRootName);
508 break;
509 }
510
511 if (!SetupGetIntField(&InfContext,
512 1,
513 (PINT)&dwType))
514 {
515 DPRINT1("Failed to get key type (Error %lu)\n", GetLastError());
516 break;
517 }
518
519 if (dwType != REG_SZ && dwType != REG_EXPAND_SZ && dwType != REG_BINARY &&
520 dwType != REG_DWORD && dwType != REG_MULTI_SZ)
521 {
522 DPRINT1("Invalid value type %lu\n", dwType);
523 break;
524 }
525
526 dwLength = 0;
527 switch (dwType)
528 {
529 case REG_SZ:
530 case REG_EXPAND_SZ:
531 SetupGetStringField(&InfContext,
532 2,
533 NULL,
534 0,
535 &dwLength);
536 dwLength *= sizeof(WCHAR);
537 break;
538
539 case REG_BINARY:
540 SetupGetBinaryField(&InfContext,
541 2,
542 NULL,
543 0,
544 &dwLength);
545 break;
546
547 case REG_DWORD:
548 dwLength = sizeof(INT);
549 break;
550
551 case REG_MULTI_SZ:
552 SetupGetMultiSzField(&InfContext,
553 2,
554 NULL,
555 0,
556 &dwLength);
557 dwLength *= sizeof(WCHAR);
558 break;
559 }
560
561 if (dwLength == 0)
562 {
563 DPRINT1("Failed to determine the required buffer size!\n");
564 break;
565 }
566
567 dwError = RegCreateKeyExW(hRootKey,
568 szKeyName,
569 0,
570 NULL,
572 KEY_WRITE,
573 NULL,
574 &hKey,
575 NULL);
576 if (dwError != ERROR_SUCCESS)
577 {
578 DPRINT1("Failed to create the key %S (Error %lu)\n", szKeyName, dwError);
579 break;
580 }
581
583 if (pBuffer)
584 {
585 switch (dwType)
586 {
587 case REG_SZ:
588 case REG_EXPAND_SZ:
589 SetupGetStringField(&InfContext,
590 2,
591 pBuffer,
592 dwLength / sizeof(WCHAR),
593 &dwLength);
594 dwLength *= sizeof(WCHAR);
595 break;
596
597 case REG_BINARY:
598 SetupGetBinaryField(&InfContext,
599 2,
600 pBuffer,
601 dwLength,
602 &dwLength);
603 break;
604
605 case REG_DWORD:
606 SetupGetIntField(&InfContext,
607 2,
608 pBuffer);
609 break;
610
611 case REG_MULTI_SZ:
612 SetupGetMultiSzField(&InfContext,
613 2,
614 pBuffer,
615 dwLength / sizeof(WCHAR),
616 &dwLength);
617 dwLength *= sizeof(WCHAR);
618 break;
619 }
620
622 szValueName,
623 0,
624 dwType,
625 pBuffer,
626 dwLength);
627
629 }
630
632 }
633 }
634 while (SetupFindNextLine(&InfContext, &InfContext));
635}
636
637
638static
639VOID
641 _In_ HINF hSecurityInf,
642 _In_ PWSTR pszSectionName,
643 _In_ PWSTR pszLogName)
644{
645 INFCONTEXT InfContext;
646 HKEY hServiceKey = NULL, hLogKey = NULL;
647 DWORD dwValue, dwError;
648 BOOL bValueSet;
649
650 DPRINT("ApplyEventlogSettings(%p %S %S)\n",
651 hSecurityInf, pszSectionName, pszLogName);
652
654 L"System\\CurrentControlSet\\Services\\Eventlog",
655 0,
656 NULL,
658 KEY_WRITE,
659 NULL,
660 &hServiceKey,
661 NULL);
662 if (dwError != ERROR_SUCCESS)
663 {
664 DPRINT1("Failed to create the Eventlog Service key (Error %lu)\n", dwError);
665 return;
666 }
667
668 dwError = RegCreateKeyExW(hServiceKey,
669 pszLogName,
670 0,
671 NULL,
673 KEY_WRITE,
674 NULL,
675 &hLogKey,
676 NULL);
677 if (dwError != ERROR_SUCCESS)
678 {
679 DPRINT1("Failed to create the key %S (Error %lu)\n", pszLogName, dwError);
680 RegCloseKey(hServiceKey);
681 return;
682 }
683
684 if (SetupFindFirstLineW(hSecurityInf,
685 pszSectionName,
686 L"MaximumLogSize",
687 &InfContext))
688 {
689 DPRINT("MaximumLogSize\n");
690 dwValue = 0;
691 SetupGetIntField(&InfContext,
692 1,
693 (PINT)&dwValue);
694
695 DPRINT("MaximumLogSize: %lu (kByte)\n", dwValue);
696 if (dwValue >= 64 && dwValue <= 4194240)
697 {
698 dwValue *= 1024;
699
700 DPRINT("MaxSize: %lu\n", dwValue);
701 RegSetValueEx(hLogKey,
702 L"MaxSize",
703 0,
704 REG_DWORD,
705 (LPBYTE)&dwValue,
706 sizeof(dwValue));
707 }
708 }
709
710 if (SetupFindFirstLineW(hSecurityInf,
711 pszSectionName,
712 L"AuditLogRetentionPeriod",
713 &InfContext))
714 {
715 bValueSet = FALSE;
716 dwValue = 0;
717 SetupGetIntField(&InfContext,
718 1,
719 (PINT)&dwValue);
720 if (dwValue == 0)
721 {
722 bValueSet = TRUE;
723 }
724 else if (dwValue == 1)
725 {
726 if (SetupFindFirstLineW(hSecurityInf,
727 pszSectionName,
728 L"RetentionDays",
729 &InfContext))
730 {
731 SetupGetIntField(&InfContext,
732 1,
733 (PINT)&dwValue);
734 dwValue *= 86400;
735 bValueSet = TRUE;
736 }
737 }
738 else if (dwValue == 2)
739 {
740 dwValue = (DWORD)-1;
741 bValueSet = TRUE;
742 }
743
744 if (bValueSet)
745 {
746 DPRINT("Retention: %lu\n", dwValue);
747 RegSetValueEx(hLogKey,
748 L"Retention",
749 0,
750 REG_DWORD,
751 (LPBYTE)&dwValue,
752 sizeof(dwValue));
753 }
754 }
755
756 if (SetupFindFirstLineW(hSecurityInf,
757 pszSectionName,
758 L"RestrictGuestAccess",
759 &InfContext))
760 {
761 dwValue = 0;
762 SetupGetIntField(&InfContext,
763 1,
764 (PINT)&dwValue);
765 if (dwValue == 0 || dwValue == 1)
766 {
767 DPRINT("RestrictGuestAccess: %lu\n", dwValue);
768 RegSetValueEx(hLogKey,
769 L"RestrictGuestAccess",
770 0,
771 REG_DWORD,
772 (LPBYTE)&dwValue,
773 sizeof(dwValue));
774 }
775 }
776
777 RegCloseKey(hLogKey);
778 RegCloseKey(hServiceKey);
779}
780
781
782static
783VOID
785 _In_ HINF hSecurityInf,
786 _In_ PWSTR pszSectionName)
787{
788 INFCONTEXT InfContext;
789 PDOMAIN_PASSWORD_INFORMATION PasswordInfo = NULL;
792 LSA_HANDLE PolicyHandle = NULL;
793 SAM_HANDLE ServerHandle = NULL;
794 SAM_HANDLE DomainHandle = NULL;
795 INT nValue;
797
798 DPRINT("ApplyPasswordSettings()\n");
799
802
806 &PolicyHandle);
807 if (Status != STATUS_SUCCESS)
808 {
809 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
810 return;
811 }
812
813 Status = LsaQueryInformationPolicy(PolicyHandle,
815 (PVOID *)&OrigInfo);
816 if (!NT_SUCCESS(Status))
817 {
818 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
819 goto done;
820 }
821
823 &ServerHandle,
825 NULL);
826 if (!NT_SUCCESS(Status))
827 {
828 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
829 goto done;
830 }
831
832 Status = SamOpenDomain(ServerHandle,
834 OrigInfo->DomainSid,
835 &DomainHandle);
836 if (!NT_SUCCESS(Status))
837 {
838 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
839 goto done;
840 }
841
842 Status = SamQueryInformationDomain(DomainHandle,
844 (PVOID*)&PasswordInfo);
845 if (!NT_SUCCESS(Status))
846 {
847 DPRINT1("SamQueryInformationDomain() failed (Status %08lx)\n", Status);
848 goto done;
849 }
850
851 DPRINT("MaximumPasswordAge (OldValue) : 0x%I64x\n", PasswordInfo->MaxPasswordAge.QuadPart);
852 if (SetupFindFirstLineW(hSecurityInf,
853 pszSectionName,
854 L"MaximumPasswordAge",
855 &InfContext))
856 {
857 if (SetupGetIntField(&InfContext, 1, &nValue))
858 {
859 DPRINT("Value: %ld\n", nValue);
860 if (nValue == -1)
861 {
862 PasswordInfo->MaxPasswordAge.QuadPart = 0x8000000000000000;
863 }
864 else if ((nValue >= 1) && (nValue < 1000))
865 {
866 PasswordInfo->MaxPasswordAge.QuadPart = (LONGLONG)nValue * TICKS_PER_DAY;
867 }
868 DPRINT("MaximumPasswordAge (NewValue) : 0x%I64x\n", PasswordInfo->MaxPasswordAge.QuadPart);
869 }
870 }
871
872 DPRINT("MinimumPasswordAge (OldValue) : 0x%I64x\n", PasswordInfo->MinPasswordAge.QuadPart);
873 if (SetupFindFirstLineW(hSecurityInf,
874 pszSectionName,
875 L"MinimumPasswordAge",
876 &InfContext))
877 {
878 if (SetupGetIntField(&InfContext, 1, &nValue))
879 {
880 DPRINT("Wert: %ld\n", nValue);
881 if ((nValue >= 0) && (nValue < 1000))
882 {
883 if (PasswordInfo->MaxPasswordAge.QuadPart < (LONGLONG)nValue * TICKS_PER_DAY)
884 PasswordInfo->MinPasswordAge.QuadPart = (LONGLONG)nValue * TICKS_PER_DAY;
885 }
886 DPRINT("MinimumPasswordAge (NewValue) : 0x%I64x\n", PasswordInfo->MinPasswordAge.QuadPart);
887 }
888 }
889
890 DPRINT("MinimumPasswordLength (OldValue) : %lu\n", PasswordInfo->MinPasswordLength);
891 if (SetupFindFirstLineW(hSecurityInf,
892 pszSectionName,
893 L"MinimumPasswordLength",
894 &InfContext))
895 {
896 if (SetupGetIntField(&InfContext, 1, &nValue))
897 {
898 DPRINT("Value: %ld\n", nValue);
899 if ((nValue >= 0) && (nValue <= 65535))
900 {
901 PasswordInfo->MinPasswordLength = nValue;
902 }
903 DPRINT("MinimumPasswordLength (NewValue) : %lu\n", PasswordInfo->MinPasswordLength);
904 }
905 }
906
907 DPRINT("PasswordHistoryLength (OldValue) : %lu\n", PasswordInfo->PasswordHistoryLength);
908 if (SetupFindFirstLineW(hSecurityInf,
909 pszSectionName,
910 L"PasswordHistorySize",
911 &InfContext))
912 {
913 if (SetupGetIntField(&InfContext, 1, &nValue))
914 {
915 DPRINT("Value: %ld\n", nValue);
916 if ((nValue >= 0) && (nValue <= 65535))
917 {
918 PasswordInfo->PasswordHistoryLength = nValue;
919 }
920 DPRINT("PasswordHistoryLength (NewValue) : %lu\n", PasswordInfo->PasswordHistoryLength);
921 }
922 }
923
924 if (SetupFindFirstLineW(hSecurityInf,
925 pszSectionName,
926 L"PasswordComplexity",
927 &InfContext))
928 {
929 if (SetupGetIntField(&InfContext, 1, &nValue))
930 {
931 if (nValue == 0)
932 {
933 PasswordInfo->PasswordProperties &= ~DOMAIN_PASSWORD_COMPLEX;
934 }
935 else
936 {
938 }
939 }
940 }
941
942 if (SetupFindFirstLineW(hSecurityInf,
943 pszSectionName,
944 L"ClearTextPassword",
945 &InfContext))
946 {
947 if (SetupGetIntField(&InfContext, 1, &nValue))
948 {
949 if (nValue == 0)
950 {
951 PasswordInfo->PasswordProperties &= ~DOMAIN_PASSWORD_STORE_CLEARTEXT;
952 }
953 else
954 {
956 }
957 }
958 }
959
960 /* Windows ignores the RequireLogonToChangePassword option */
961
962 Status = SamSetInformationDomain(DomainHandle,
964 PasswordInfo);
965 if (!NT_SUCCESS(Status))
966 {
967 DPRINT1("SamSetInformationDomain() failed (Status %08lx)\n", Status);
968 goto done;
969 }
970
971done:
972 if (PasswordInfo != NULL)
973 SamFreeMemory(PasswordInfo);
974
975 if (DomainHandle != NULL)
976 SamCloseHandle(DomainHandle);
977
978 if (ServerHandle != NULL)
979 SamCloseHandle(ServerHandle);
980
981 if (OrigInfo != NULL)
982 LsaFreeMemory(OrigInfo);
983
984 if (PolicyHandle != NULL)
985 LsaClose(PolicyHandle);
986}
987
988
989static
990VOID
992 _In_ HINF hSecurityInf,
993 _In_ PWSTR pszSectionName)
994{
995 INFCONTEXT InfContext;
996 PDOMAIN_LOCKOUT_INFORMATION LockoutInfo = NULL;
999 LSA_HANDLE PolicyHandle = NULL;
1000 SAM_HANDLE ServerHandle = NULL;
1001 SAM_HANDLE DomainHandle = NULL;
1002 INT nValue;
1004
1005 DPRINT("ApplyLockoutSettings()\n");
1006
1009
1013 &PolicyHandle);
1014 if (Status != STATUS_SUCCESS)
1015 {
1016 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
1017 return;
1018 }
1019
1020 Status = LsaQueryInformationPolicy(PolicyHandle,
1022 (PVOID *)&OrigInfo);
1023 if (!NT_SUCCESS(Status))
1024 {
1025 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
1026 goto done;
1027 }
1028
1030 &ServerHandle,
1032 NULL);
1033 if (!NT_SUCCESS(Status))
1034 {
1035 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
1036 goto done;
1037 }
1038
1039 Status = SamOpenDomain(ServerHandle,
1041 OrigInfo->DomainSid,
1042 &DomainHandle);
1043 if (!NT_SUCCESS(Status))
1044 {
1045 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
1046 goto done;
1047 }
1048
1049 Status = SamQueryInformationDomain(DomainHandle,
1051 (PVOID*)&LockoutInfo);
1052 if (!NT_SUCCESS(Status))
1053 {
1054 DPRINT1("SamQueryInformationDomain() failed (Status %08lx)\n", Status);
1055 goto done;
1056 }
1057
1058 if (SetupFindFirstLineW(hSecurityInf,
1059 pszSectionName,
1060 L"LockoutBadCount",
1061 &InfContext))
1062 {
1063 if (SetupGetIntField(&InfContext, 1, &nValue))
1064 {
1065 if (nValue >= 0)
1066 {
1067 LockoutInfo->LockoutThreshold = nValue;
1068 }
1069 }
1070 }
1071
1072 if (SetupFindFirstLineW(hSecurityInf,
1073 pszSectionName,
1074 L"ResetLockoutCount",
1075 &InfContext))
1076 {
1077 if (SetupGetIntField(&InfContext, 1, &nValue))
1078 {
1079 if (nValue >= 0)
1080 {
1082 }
1083 }
1084 }
1085
1086 if (SetupFindFirstLineW(hSecurityInf,
1087 pszSectionName,
1088 L"LockoutDuration",
1089 &InfContext))
1090 {
1091 if (SetupGetIntField(&InfContext, 1, &nValue))
1092 {
1093 if (nValue == -1)
1094 {
1095 LockoutInfo->LockoutDuration.QuadPart = 0x8000000000000000LL;
1096 }
1097 else if ((nValue >= 0) && (nValue < 100000))
1098 {
1099 LockoutInfo->LockoutDuration.QuadPart = (LONGLONG)nValue * TICKS_PER_MINUTE;
1100 }
1101 }
1102 }
1103
1104 Status = SamSetInformationDomain(DomainHandle,
1106 LockoutInfo);
1107 if (!NT_SUCCESS(Status))
1108 {
1109 DPRINT1("SamSetInformationDomain() failed (Status %08lx)\n", Status);
1110 goto done;
1111 }
1112
1113done:
1114 if (LockoutInfo != NULL)
1115 SamFreeMemory(LockoutInfo);
1116
1117 if (DomainHandle != NULL)
1118 SamCloseHandle(DomainHandle);
1119
1120 if (ServerHandle != NULL)
1121 SamCloseHandle(ServerHandle);
1122
1123 if (OrigInfo != NULL)
1124 LsaFreeMemory(OrigInfo);
1125
1126 if (PolicyHandle != NULL)
1127 LsaClose(PolicyHandle);
1128}
1129
1130
1131static
1132VOID
1134 _In_ HINF hSecurityInf,
1135 _In_ PWSTR pszSectionName)
1136{
1137#if 0
1138 INFCONTEXT InfContext;
1139 INT nValue = 0;
1140
1141 DPRINT1("SetLsaAnonymousNameLookup()\n");
1142
1143 if (!SetupFindFirstLineW(hSecurityInf,
1144 pszSectionName,
1145 L"LSAAnonymousNameLookup",
1146 &InfContext))
1147 {
1148 return;
1149 }
1150
1151 if (!SetupGetIntField(&InfContext, 1, &nValue))
1152 {
1153 return;
1154 }
1155
1156 if (nValue == 0)
1157 {
1158 }
1159 else
1160 {
1161 }
1162#endif
1163}
1164
1165
1166static
1167VOID
1169 _In_ HINF hSecurityInf,
1170 _In_ PWSTR pszSectionName,
1171 _In_ PWSTR pszValueName,
1172 _In_ SAM_HANDLE DomainHandle,
1173 _In_ DWORD dwAccountRid)
1174{
1175 INFCONTEXT InfContext;
1176 SAM_HANDLE UserHandle = NULL;
1177 PUSER_CONTROL_INFORMATION ControlInfo = NULL;
1178 INT nValue = 0;
1180
1181 DPRINT("EnableAccount()\n");
1182
1183 if (!SetupFindFirstLineW(hSecurityInf,
1184 pszSectionName,
1185 pszValueName,
1186 &InfContext))
1187 return;
1188
1189 if (!SetupGetIntField(&InfContext, 1, &nValue))
1190 {
1191 DPRINT1("No valid integer value\n");
1192 goto done;
1193 }
1194
1195 DPRINT("Value: %d\n", nValue);
1196
1197 Status = SamOpenUser(DomainHandle,
1199 dwAccountRid,
1200 &UserHandle);
1201 if (!NT_SUCCESS(Status))
1202 {
1203 DPRINT1("SamOpenUser() failed (Status: 0x%08lx)\n", Status);
1204 goto done;
1205 }
1206
1207 Status = SamQueryInformationUser(UserHandle,
1209 (PVOID*)&ControlInfo);
1210 if (!NT_SUCCESS(Status))
1211 {
1212 DPRINT1("SamQueryInformationUser() failed (Status: 0x%08lx)\n", Status);
1213 goto done;
1214 }
1215
1216 if (nValue == 0)
1217 {
1219 }
1220 else
1221 {
1222 ControlInfo->UserAccountControl &= ~USER_ACCOUNT_DISABLED;
1223 }
1224
1225 Status = SamSetInformationUser(UserHandle,
1227 ControlInfo);
1228 if (!NT_SUCCESS(Status))
1229 {
1230 DPRINT1("SamSetInformationUser() failed (Status: 0x%08lx)\n", Status);
1231 }
1232
1233done:
1234 if (ControlInfo != NULL)
1235 SamFreeMemory(ControlInfo);
1236
1237 if (UserHandle != NULL)
1238 SamCloseHandle(UserHandle);
1239}
1240
1241
1242static
1243VOID
1245 _In_ HINF hSecurityInf,
1246 _In_ PWSTR pszSectionName,
1247 _In_ PWSTR pszValueName,
1248 _In_ SAM_HANDLE DomainHandle,
1249 _In_ DWORD dwAccountRid)
1250{
1251 INFCONTEXT InfContext;
1252 DWORD dwLength = 0;
1253 PWSTR pszName = NULL;
1254 SAM_HANDLE UserHandle = NULL;
1255 USER_NAME_INFORMATION NameInfo;
1257
1258 DPRINT("SetNewAccountName()\n");
1259
1260 if (!SetupFindFirstLineW(hSecurityInf,
1261 pszSectionName,
1262 pszValueName,
1263 &InfContext))
1264 return;
1265
1266 SetupGetStringFieldW(&InfContext,
1267 1,
1268 NULL,
1269 0,
1270 &dwLength);
1271 if (dwLength == 0)
1272 return;
1273
1275
1276 pszName = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwLength * sizeof(WCHAR));
1277 if (pszName == NULL)
1278 {
1279 DPRINT1("HeapAlloc() failed\n");
1280 return;
1281 }
1282
1283 if (!SetupGetStringFieldW(&InfContext,
1284 1,
1285 pszName,
1286 dwLength,
1287 &dwLength))
1288 {
1289 DPRINT1("No valid string value\n");
1290 goto done;
1291 }
1292
1293 DPRINT("NewAccountName: '%S'\n", pszName);
1294
1295 Status = SamOpenUser(DomainHandle,
1297 dwAccountRid,
1298 &UserHandle);
1299 if (!NT_SUCCESS(Status))
1300 {
1301 DPRINT1("SamOpenUser() failed (Status: 0x%08lx)\n", Status);
1302 goto done;
1303 }
1304
1305 NameInfo.UserName.Length = (USHORT)wcslen(pszName) * sizeof(WCHAR);
1306 NameInfo.UserName.MaximumLength = NameInfo.UserName.Length + sizeof(WCHAR);
1307 NameInfo.UserName.Buffer = pszName;
1308 NameInfo.FullName.Length = 0;
1309 NameInfo.FullName.MaximumLength = 0;
1310 NameInfo.FullName.Buffer = NULL;
1311
1312 Status = SamSetInformationUser(UserHandle,
1314 &NameInfo);
1315 if (!NT_SUCCESS(Status))
1316 {
1317 DPRINT1("SamSetInformationUser() failed (Status: 0x%08lx)\n", Status);
1318 }
1319
1320done:
1321 if (UserHandle != NULL)
1322 SamCloseHandle(UserHandle);
1323
1324 if (pszName != NULL)
1325 HeapFree(GetProcessHeap(), 0, pszName);
1326}
1327
1328
1329static
1330VOID
1332 _In_ HINF hSecurityInf,
1333 _In_ PWSTR pszSectionName)
1334{
1337 LSA_HANDLE PolicyHandle = NULL;
1338 SAM_HANDLE ServerHandle = NULL;
1339 SAM_HANDLE DomainHandle = NULL;
1341
1342 DPRINT("ApplyAccountSettings()\n");
1343
1346
1350 &PolicyHandle);
1351 if (Status != STATUS_SUCCESS)
1352 {
1353 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
1354 return;
1355 }
1356
1357 Status = LsaQueryInformationPolicy(PolicyHandle,
1359 (PVOID *)&OrigInfo);
1360 if (!NT_SUCCESS(Status))
1361 {
1362 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
1363 goto done;
1364 }
1365
1367 &ServerHandle,
1369 NULL);
1370 if (!NT_SUCCESS(Status))
1371 {
1372 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
1373 goto done;
1374 }
1375
1376 Status = SamOpenDomain(ServerHandle,
1378 OrigInfo->DomainSid,
1379 &DomainHandle);
1380 if (!NT_SUCCESS(Status))
1381 {
1382 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
1383 goto done;
1384 }
1385
1386 SetLsaAnonymousNameLookup(hSecurityInf,
1387 pszSectionName);
1388
1389 EnableAccount(hSecurityInf,
1390 pszSectionName,
1391 L"EnableAdminAccount",
1392 DomainHandle,
1394
1395 EnableAccount(hSecurityInf,
1396 pszSectionName,
1397 L"EnableGuestAccount",
1398 DomainHandle,
1400
1401 SetNewAccountName(hSecurityInf,
1402 pszSectionName,
1403 L"NewAdministratorName",
1404 DomainHandle,
1406
1407 SetNewAccountName(hSecurityInf,
1408 pszSectionName,
1409 L"NewGuestName",
1410 DomainHandle,
1412
1413done:
1414 if (DomainHandle != NULL)
1415 SamCloseHandle(DomainHandle);
1416
1417 if (ServerHandle != NULL)
1418 SamCloseHandle(ServerHandle);
1419
1420 if (OrigInfo != NULL)
1421 LsaFreeMemory(OrigInfo);
1422
1423 if (PolicyHandle != NULL)
1424 LsaClose(PolicyHandle);
1425}
1426
1427
1428static
1429VOID
1431 _In_ HINF hSecurityInf)
1432{
1434 INFCONTEXT InfContext;
1435 WCHAR szOptionName[256];
1436 INT nValue;
1437 LSA_HANDLE PolicyHandle = NULL;
1438 POLICY_AUDIT_EVENTS_INFO AuditInfo;
1439 PULONG AuditOptions = NULL;
1441
1442 DPRINT("ApplyAuditEvents(%p)\n", hSecurityInf);
1443
1444 if (!SetupFindFirstLineW(hSecurityInf,
1445 L"Event Audit",
1446 NULL,
1447 &InfContext))
1448 {
1449 DPRINT1("SetupFindFirstLineW failed\n");
1450 return;
1451 }
1452
1454
1458 &PolicyHandle);
1459 if (!NT_SUCCESS(Status))
1460 {
1461 DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
1462 return;
1463 }
1464
1465 AuditOptions = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
1466 (AuditCategoryAccountLogon + 1) * sizeof(ULONG));
1467 if (AuditOptions == NULL)
1468 {
1469 DPRINT1("Failed to allocate the auditiing options array!\n");
1470 goto done;
1471 }
1472
1473 AuditInfo.AuditingMode = TRUE;
1474 AuditInfo.EventAuditingOptions = AuditOptions;
1476
1477 do
1478 {
1479 /* Retrieve the group name */
1480 if (!SetupGetStringFieldW(&InfContext,
1481 0,
1482 szOptionName,
1483 ARRAYSIZE(szOptionName),
1484 NULL))
1485 {
1486 DPRINT1("SetupGetStringFieldW() failed\n");
1487 continue;
1488 }
1489
1490 DPRINT("Option: '%S'\n", szOptionName);
1491
1492 if (!SetupGetIntField(&InfContext,
1493 1,
1494 &nValue))
1495 {
1496 DPRINT1("SetupGetStringFieldW() failed\n");
1497 continue;
1498 }
1499
1500 DPRINT("Value: %d\n", nValue);
1501
1502 if ((nValue < POLICY_AUDIT_EVENT_UNCHANGED) || (nValue > POLICY_AUDIT_EVENT_NONE))
1503 {
1504 DPRINT1("Invalid audit option!\n");
1505 continue;
1506 }
1507
1508 if (_wcsicmp(szOptionName, L"AuditSystemEvents") == 0)
1509 {
1510 AuditOptions[AuditCategorySystem] = (ULONG)nValue;
1511 }
1512 else if (_wcsicmp(szOptionName, L"AuditLogonEvents") == 0)
1513 {
1514 AuditOptions[AuditCategoryLogon] = (ULONG)nValue;
1515 }
1516 else if (_wcsicmp(szOptionName, L"AuditObjectAccess") == 0)
1517 {
1518 AuditOptions[AuditCategoryObjectAccess] = (ULONG)nValue;
1519 }
1520 else if (_wcsicmp(szOptionName, L"AuditPrivilegeUse") == 0)
1521 {
1522 AuditOptions[AuditCategoryPrivilegeUse] = (ULONG)nValue;
1523 }
1524 else if (_wcsicmp(szOptionName, L"AuditProcessTracking") == 0)
1525 {
1526 AuditOptions[AuditCategoryDetailedTracking] = (ULONG)nValue;
1527 }
1528 else if (_wcsicmp(szOptionName, L"AuditPolicyChange") == 0)
1529 {
1530 AuditOptions[AuditCategoryPolicyChange] = (ULONG)nValue;
1531 }
1532 else if (_wcsicmp(szOptionName, L"AuditAccountManage") == 0)
1533 {
1534 AuditOptions[AuditCategoryAccountManagement] = (ULONG)nValue;
1535 }
1536 else if (_wcsicmp(szOptionName, L"AuditDSAccess") == 0)
1537 {
1538 AuditOptions[AuditCategoryDirectoryServiceAccess] = (ULONG)nValue;
1539 }
1540 else if (_wcsicmp(szOptionName, L"AuditAccountLogon") == 0)
1541 {
1542 AuditOptions[AuditCategoryAccountLogon] = (ULONG)nValue;
1543 }
1544 else
1545 {
1546 DPRINT1("Invalid auditing option '%S'\n", szOptionName);
1547 }
1548 }
1549 while (SetupFindNextLine(&InfContext, &InfContext));
1550
1551 Status = LsaSetInformationPolicy(PolicyHandle,
1553 (PVOID)&AuditInfo);
1554 if (Status != STATUS_SUCCESS)
1555 {
1556 DPRINT1("LsaSetInformationPolicy() failed (Status 0x%08lx)\n", Status);
1557 }
1558
1559done:
1560 if (AuditOptions != NULL)
1561 HeapFree(GetProcessHeap(), 0, AuditOptions);
1562
1563 if (PolicyHandle != NULL)
1564 LsaClose(PolicyHandle);
1565}
1566
1567
1568VOID
1570{
1571 HINF hSecurityInf;
1572 PWSTR pszSecurityInf;
1573
1574// if (IsServer())
1575// pszSecurityInf = L"defltsv.inf";
1576// else
1577 pszSecurityInf = L"defltwk.inf";
1578
1580
1581 hSecurityInf = SetupOpenInfFileW(pszSecurityInf,
1582 NULL,
1584 NULL);
1585 if (hSecurityInf != INVALID_HANDLE_VALUE)
1586 {
1587 InstallPrivileges(hSecurityInf);
1588 ApplyRegistryValues(hSecurityInf);
1589
1590 ApplyEventlogSettings(hSecurityInf, L"Application Log", L"Application");
1591 ApplyEventlogSettings(hSecurityInf, L"Security Log", L"Security");
1592 ApplyEventlogSettings(hSecurityInf, L"System Log", L"System");
1593
1594 ApplyPasswordSettings(hSecurityInf, L"System Access");
1595 ApplyLockoutSettings(hSecurityInf, L"System Access");
1596 ApplyAccountSettings(hSecurityInf, L"System Access");
1597
1598 ApplyAuditEvents(hSecurityInf);
1599
1600 SetupCloseInfFile(hSecurityInf);
1601 }
1602
1603 /* Hack */
1604 SetPrimaryDomain(L"WORKGROUP", NULL);
1605}
1606
1607
1610{
1612 PUSER_ACCOUNT_NAME_INFORMATION AccountNameInfo = NULL;
1613 USER_SET_PASSWORD_INFORMATION PasswordInfo;
1615 LSA_HANDLE PolicyHandle = NULL;
1616 SAM_HANDLE ServerHandle = NULL;
1617 SAM_HANDLE DomainHandle = NULL;
1618 SAM_HANDLE UserHandle = NULL;
1620
1621 DPRINT("SYSSETUP: SetAdministratorPassword(%p)\n", Password);
1622
1625
1629 &PolicyHandle);
1630 if (Status != STATUS_SUCCESS)
1631 {
1632 DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
1633 return Status;
1634 }
1635
1636 Status = LsaQueryInformationPolicy(PolicyHandle,
1638 (PVOID *)&OrigInfo);
1639 if (!NT_SUCCESS(Status))
1640 {
1641 DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
1642 goto done;
1643 }
1644
1646 &ServerHandle,
1648 NULL);
1649 if (!NT_SUCCESS(Status))
1650 {
1651 DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
1652 goto done;
1653 }
1654
1655 Status = SamOpenDomain(ServerHandle,
1657 OrigInfo->DomainSid,
1658 &DomainHandle);
1659 if (!NT_SUCCESS(Status))
1660 {
1661 DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
1662 goto done;
1663 }
1664
1665 Status = SamOpenUser(DomainHandle,
1668 &UserHandle);
1669 if (!NT_SUCCESS(Status))
1670 {
1671 DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status);
1672 goto done;
1673 }
1674
1675 RtlInitUnicodeString(&PasswordInfo.Password, Password);
1676 PasswordInfo.PasswordExpired = FALSE;
1677
1678 Status = SamSetInformationUser(UserHandle,
1680 &PasswordInfo);
1681 if (!NT_SUCCESS(Status))
1682 {
1683 DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status);
1684 goto done;
1685 }
1686
1687 Status = SamQueryInformationUser(UserHandle,
1689 (PVOID*)&AccountNameInfo);
1690 if (!NT_SUCCESS(Status))
1691 {
1692 DPRINT1("SamQueryInformationUser() failed (Status 0x%08lx)\n", Status);
1693 goto done;
1694 }
1695
1696 AdminInfo.Name = RtlAllocateHeap(RtlGetProcessHeap(),
1698 AccountNameInfo->UserName.Length + sizeof(WCHAR));
1699 if (AdminInfo.Name != NULL)
1701 AccountNameInfo->UserName.Buffer,
1702 AccountNameInfo->UserName.Length);
1703
1704 AdminInfo.Domain = RtlAllocateHeap(RtlGetProcessHeap(),
1706 OrigInfo->DomainName.Length + sizeof(WCHAR));
1707 if (AdminInfo.Domain != NULL)
1709 OrigInfo->DomainName.Buffer,
1710 OrigInfo->DomainName.Length);
1711
1712 AdminInfo.Password = RtlAllocateHeap(RtlGetProcessHeap(),
1713 0,
1714 (wcslen(Password) + 1) * sizeof(WCHAR));
1715 if (AdminInfo.Password != NULL)
1717
1718 DPRINT("Administrator Name: %S\n", AdminInfo.Name);
1719 DPRINT("Administrator Domain: %S\n", AdminInfo.Domain);
1720 DPRINT("Administrator Password: %S\n", AdminInfo.Password);
1721
1722done:
1723 if (AccountNameInfo != NULL)
1724 SamFreeMemory(AccountNameInfo);
1725
1726 if (OrigInfo != NULL)
1727 LsaFreeMemory(OrigInfo);
1728
1729 if (PolicyHandle != NULL)
1730 LsaClose(PolicyHandle);
1731
1732 if (UserHandle != NULL)
1733 SamCloseHandle(UserHandle);
1734
1735 if (DomainHandle != NULL)
1736 SamCloseHandle(DomainHandle);
1737
1738 if (ServerHandle != NULL)
1739 SamCloseHandle(ServerHandle);
1740
1741 DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status);
1742
1743 return Status;
1744}
1745
1746
1747VOID
1749{
1750 WCHAR szAutoAdminLogon[2];
1751 HKEY hKey = NULL;
1752 DWORD dwType;
1753 DWORD dwSize;
1754 LONG lError;
1755
1757 L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
1758 0,
1760 &hKey);
1761 if (lError != ERROR_SUCCESS)
1762 return;
1763
1764 dwSize = 2 * sizeof(WCHAR);
1765 lError = RegQueryValueExW(hKey,
1766 L"AutoAdminLogon",
1767 NULL,
1768 &dwType,
1769 (LPBYTE)szAutoAdminLogon,
1770 &dwSize);
1771 if (lError != ERROR_SUCCESS)
1772 goto done;
1773
1774 if (wcscmp(szAutoAdminLogon, L"1") == 0)
1775 {
1777 L"DefaultDomainName",
1778 0,
1779 REG_SZ,
1781 (wcslen(AdminInfo.Domain) + 1) * sizeof(WCHAR));
1782
1784 L"DefaultUserName",
1785 0,
1786 REG_SZ,
1788 (wcslen(AdminInfo.Name) + 1) * sizeof(WCHAR));
1789
1791 L"DefaultPassword",
1792 0,
1793 REG_SZ,
1795 (wcslen(AdminInfo.Password) + 1) * sizeof(WCHAR));
1796 }
1797
1798done:
1799 if (hKey != NULL)
1801}
1802
1803
1804/* EOF */
1805
LONG NTSTATUS
Definition: precomp.h:26
#define DPRINT1
Definition: precomp.h:8
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:590
#define RegCloseKey(hKey)
Definition: registry.h:49
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define ERROR_SUCCESS
Definition: deptool.c:10
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
LONG WINAPI RegCreateKeyExW(_In_ HKEY hKey, _In_ LPCWSTR lpSubKey, _In_ DWORD Reserved, _In_opt_ LPWSTR lpClass, _In_ DWORD dwOptions, _In_ REGSAM samDesired, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes, _Out_ PHKEY phkResult, _Out_opt_ LPDWORD lpdwDisposition)
Definition: reg.c:1096
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3333
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
Definition: reg.c:4882
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4103
NTSTATUS WINAPI LsaSetInformationPolicy(IN LSA_HANDLE PolicyHandle, IN POLICY_INFORMATION_CLASS InformationClass, IN PVOID Buffer)
Definition: lsa.c:1948
NTSTATUS WINAPI LsaOpenPolicy(IN PLSA_UNICODE_STRING SystemName OPTIONAL, IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE PolicyHandle)
Definition: lsa.c:1183
NTSTATUS WINAPI LsaCreateAccount(IN LSA_HANDLE PolicyHandle, IN PSID AccountSid, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE AccountHandle)
Definition: lsa.c:219
NTSTATUS WINAPI LsaQueryInformationPolicy(IN LSA_HANDLE PolicyHandle, IN POLICY_INFORMATION_CLASS InformationClass, OUT PVOID *Buffer)
Definition: lsa.c:1473
NTSTATUS WINAPI LsaLookupNames2(IN LSA_HANDLE PolicyHandle, IN ULONG Flags, IN ULONG Count, IN PLSA_UNICODE_STRING Names, OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, OUT PLSA_TRANSLATED_SID2 *Sids)
Definition: lsa.c:906
NTSTATUS WINAPI LsaAddAccountRights(IN LSA_HANDLE PolicyHandle, IN PSID AccountSid, IN PLSA_UNICODE_STRING UserRights, IN ULONG CountOfRights)
Definition: lsa.c:105
NTSTATUS WINAPI LsaFreeMemory(IN PVOID Buffer)
Definition: lsa.c:701
NTSTATUS WINAPI LsaClose(IN LSA_HANDLE ObjectHandle)
Definition: lsa.c:194
#define wcschr
Definition: compat.h:17
#define GetProcessHeap()
Definition: compat.h:736
#define wcsrchr
Definition: compat.h:16
#define INVALID_HANDLE_VALUE
Definition: compat.h:731
#define HeapAlloc
Definition: compat.h:733
#define MAX_PATH
Definition: compat.h:34
#define HeapFree(x, y, z)
Definition: compat.h:735
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
static DWORD DWORD * dwLength
Definition: fusion.c:86
HINF WINAPI SetupOpenInfFileW(PCWSTR name, PCWSTR class, DWORD style, UINT *error)
Definition: parser.c:1229
ADMIN_INFO AdminInfo
Definition: install.c:38
#define TICKS_PER_MINUTE
Definition: security.c:22
VOID SetAutoAdminLogon(VOID)
Definition: security.c:1748
static VOID InstallPrivileges(HINF hSecurityInf)
Definition: security.c:297
static VOID ApplyPasswordSettings(_In_ HINF hSecurityInf, _In_ PWSTR pszSectionName)
Definition: security.c:784
static VOID ApplyAuditEvents(_In_ HINF hSecurityInf)
Definition: security.c:1430
static VOID InstallBuiltinAccounts(VOID)
Definition: security.c:237
NTSTATUS SetAdministratorPassword(LPCWSTR Password)
Definition: security.c:1609
VOID InstallSecurity(VOID)
Definition: security.c:1569
static VOID ApplyLockoutSettings(_In_ HINF hSecurityInf, _In_ PWSTR pszSectionName)
Definition: security.c:991
static NTSTATUS SetPrimaryDomain(LPCWSTR DomainName, PSID DomainSid)
Definition: security.c:153
#define TICKS_PER_DAY
Definition: security.c:21
static VOID ApplyRegistryValues(HINF hSecurityInf)
Definition: security.c:441
static VOID ApplyAccountSettings(_In_ HINF hSecurityInf, _In_ PWSTR pszSectionName)
Definition: security.c:1331
static VOID EnableAccount(_In_ HINF hSecurityInf, _In_ PWSTR pszSectionName, _In_ PWSTR pszValueName, _In_ SAM_HANDLE DomainHandle, _In_ DWORD dwAccountRid)
Definition: security.c:1168
static VOID SetLsaAnonymousNameLookup(_In_ HINF hSecurityInf, _In_ PWSTR pszSectionName)
Definition: security.c:1133
static VOID ApplyEventlogSettings(_In_ HINF hSecurityInf, _In_ PWSTR pszSectionName, _In_ PWSTR pszLogName)
Definition: security.c:640
NTSTATUS WINAPI SetAccountsDomainSid(PSID DomainSid, LPCWSTR DomainName)
Definition: security.c:28
static VOID SetNewAccountName(_In_ HINF hSecurityInf, _In_ PWSTR pszSectionName, _In_ PWSTR pszValueName, _In_ SAM_HANDLE DomainHandle, _In_ DWORD dwAccountRid)
Definition: security.c:1244
unsigned int BOOL
Definition: ntddk_ex.h:94
unsigned long DWORD
Definition: ntddk_ex.h:95
FxAutoRegKey hKey
Status
Definition: gdiplustypes.h:25
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define INF_STYLE_WIN4
Definition: infsupp.h:41
#define REG_SZ
Definition: layer.c:22
#define ASSERT(a)
Definition: mode.c:44
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
Definition: env.c:56
#define _In_
Definition: ms_sal.h:308
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1133
#define REG_BINARY
Definition: nt_native.h:1496
#define KEY_READ
Definition: nt_native.h:1023
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define REG_OPTION_NON_VOLATILE
Definition: nt_native.h:1057
#define REG_MULTI_SZ
Definition: nt_native.h:1501
#define KEY_WRITE
Definition: nt_native.h:1031
#define DWORD
Definition: nt_native.h:44
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
#define UNICODE_NULL
#define UNICODE_STRING_MAX_CHARS
#define USER_READ_GENERAL
Definition: ntsam.h:126
@ DomainNameInformation
Definition: ntsam.h:345
@ DomainPasswordInformation
Definition: ntsam.h:341
@ DomainLockoutInformation
Definition: ntsam.h:352
#define USER_FORCE_PASSWORD_CHANGE
Definition: ntsam.h:133
#define DOMAIN_WRITE_OTHER_PARAMETERS
Definition: ntsam.h:36
#define DOMAIN_LOOKUP
Definition: ntsam.h:42
#define USER_WRITE_ACCOUNT
Definition: ntsam.h:131
#define USER_READ_ACCOUNT
Definition: ntsam.h:130
#define DOMAIN_PASSWORD_STORE_CLEARTEXT
Definition: ntsam.h:258
#define SAM_SERVER_LOOKUP_DOMAIN
Definition: ntsam.h:104
@ UserAccountNameInformation
Definition: ntsam.h:520
@ UserNameInformation
Definition: ntsam.h:519
@ UserSetPasswordInformation
Definition: ntsam.h:528
@ UserControlInformation
Definition: ntsam.h:529
#define SAM_SERVER_CONNECT
Definition: ntsam.h:99
#define DOMAIN_WRITE_PASSWORD_PARAMS
Definition: ntsam.h:34
#define DOMAIN_READ_PASSWORD_PARAMETERS
Definition: ntsam.h:33
#define DOMAIN_PASSWORD_COMPLEX
Definition: ntsam.h:254
#define USER_ACCOUNT_DISABLED
Definition: ntsam.h:167
#define POLICY_AUDIT_EVENT_NONE
Definition: ntsecapi.h:81
@ PolicyAuditEventsInformation
Definition: ntsecapi.h:244
@ PolicyPrimaryDomainInformation
Definition: ntsecapi.h:245
@ PolicyAccountDomainInformation
Definition: ntsecapi.h:247
#define POLICY_AUDIT_EVENT_UNCHANGED
Definition: ntsecapi.h:78
#define POLICY_CREATE_ACCOUNT
Definition: ntsecapi.h:65
struct _LSA_OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES
#define POLICY_TRUST_ADMIN
Definition: ntsecapi.h:64
@ AuditCategoryLogon
Definition: ntsecapi.h:261
@ AuditCategoryAccountManagement
Definition: ntsecapi.h:266
@ AuditCategoryAccountLogon
Definition: ntsecapi.h:268
@ AuditCategoryPolicyChange
Definition: ntsecapi.h:265
@ AuditCategorySystem
Definition: ntsecapi.h:260
@ AuditCategoryObjectAccess
Definition: ntsecapi.h:262
@ AuditCategoryDirectoryServiceAccess
Definition: ntsecapi.h:267
@ AuditCategoryDetailedTracking
Definition: ntsecapi.h:264
@ AuditCategoryPrivilegeUse
Definition: ntsecapi.h:263
#define POLICY_VIEW_LOCAL_INFORMATION
Definition: ntsecapi.h:61
#define POLICY_SET_AUDIT_REQUIREMENTS
Definition: ntsecapi.h:69
#define POLICY_LOOKUP_NAMES
Definition: ntsecapi.h:72
#define L(x)
Definition: ntvdm.h:50
long LONG
Definition: pedump.c:60
unsigned short USHORT
Definition: pedump.c:61
#define INT
Definition: polytest.cpp:20
PVOID pBuffer
NTSTATUS NTAPI SamQueryInformationUser(IN SAM_HANDLE UserHandle, IN USER_INFORMATION_CLASS UserInformationClass, OUT PVOID *Buffer)
Definition: samlib.c:1731
NTSTATUS NTAPI SamQueryInformationDomain(IN SAM_HANDLE DomainHandle, IN DOMAIN_INFORMATION_CLASS DomainInformationClass, OUT PVOID *Buffer)
Definition: samlib.c:1677
NTSTATUS NTAPI SamOpenUser(IN SAM_HANDLE DomainHandle, IN ACCESS_MASK DesiredAccess, IN ULONG UserId, OUT PSAM_HANDLE UserHandle)
Definition: samlib.c:1535
NTSTATUS NTAPI SamSetInformationUser(IN SAM_HANDLE UserHandle, IN USER_INFORMATION_CLASS UserInformationClass, IN PVOID Buffer)
Definition: samlib.c:2000
NTSTATUS NTAPI SamFreeMemory(IN PVOID Buffer)
Definition: samlib.c:983
NTSTATUS NTAPI SamConnect(IN OUT PUNICODE_STRING ServerName OPTIONAL, OUT PSAM_HANDLE ServerHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: samlib.c:519
NTSTATUS NTAPI SamCloseHandle(IN SAM_HANDLE SamHandle)
Definition: samlib.c:497
NTSTATUS NTAPI SamOpenDomain(IN SAM_HANDLE ServerHandle, IN ACCESS_MASK DesiredAccess, IN PSID DomainId, OUT PSAM_HANDLE DomainHandle)
Definition: samlib.c:1477
NTSTATUS NTAPI SamSetInformationDomain(IN SAM_HANDLE DomainHandle, IN DOMAIN_INFORMATION_CLASS DomainInformationClass, IN PVOID Buffer)
Definition: samlib.c:1946
#define REG_DWORD
Definition: sdbapi.c:596
#define ConvertStringSidToSid
Definition: sddl.h:161
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
_CRTIMP wchar_t *__cdecl wcscpy(_Out_writes_z_(_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
_CRTIMP wchar_t *__cdecl wcsncpy(wchar_t *_Dest, const wchar_t *_Source, size_t _Count)
_Check_return_ _CRTIMP int __cdecl wcscmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
#define memset(x, y, z)
Definition: compat.h:39
#define SetupGetStringField
Definition: setupapi.h:2639
#define SetupGetMultiSzField
Definition: setupapi.h:2635
#define STATUS_SUCCESS
Definition: shellext.h:65
#define DPRINT
Definition: sndvol32.h:71
LPWSTR Password
Definition: globals.h:25
LPWSTR Name
Definition: globals.h:23
LPWSTR Domain
Definition: globals.h:24
LARGE_INTEGER LockoutObservationWindow
Definition: ntsam.h:451
LARGE_INTEGER LockoutDuration
Definition: ntsam.h:450
UNICODE_STRING DomainName
Definition: ntsam.h:409
LARGE_INTEGER MinPasswordAge
Definition: ntsam.h:376
LARGE_INTEGER MaxPasswordAge
Definition: ntsam.h:375
USHORT MaximumLength
Definition: ntsecapi.h:164
LSA_UNICODE_STRING DomainName
Definition: ntsecapi.h:566
PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions
Definition: ntsecapi.h:562
LSA_UNICODE_STRING Name
Definition: ntsecapi.h:570
USHORT MaximumLength
Definition: env_spec_w32.h:370
UNICODE_STRING UserName
Definition: ntsam.h:623
UNICODE_STRING FullName
Definition: ntsam.h:618
UNICODE_STRING UserName
Definition: ntsam.h:617
UNICODE_STRING Password
Definition: ntsam.h:664
@ Password
Definition: telnetd.h:65
uint16_t * PWSTR
Definition: typedefs.h:56
uint32_t * PULONG
Definition: typedefs.h:59
unsigned char * LPBYTE
Definition: typedefs.h:53
int64_t LONGLONG
Definition: typedefs.h:68
ULONG_PTR SIZE_T
Definition: typedefs.h:80
int32_t INT
Definition: typedefs.h:58
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
uint32_t ULONG_PTR
Definition: typedefs.h:65
uint32_t ULONG
Definition: typedefs.h:59
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONGLONG QuadPart
Definition: typedefs.h:114
BOOL WINAPI SetupGetStringFieldW(IN PINFCONTEXT Context, IN ULONG FieldIndex, OUT PWSTR ReturnBuffer, IN ULONG ReturnBufferSize, OUT PULONG RequiredSize)
Definition: infsupp.c:186
BOOL WINAPI SetupFindFirstLineW(IN HINF InfHandle, IN PCWSTR Section, IN PCWSTR Key, IN OUT PINFCONTEXT Context)
Definition: infsupp.c:56
BOOL WINAPI SetupGetIntField(IN PINFCONTEXT Context, IN ULONG FieldIndex, OUT INT *IntegerValue)
Definition: infsupp.c:148
ULONG WINAPI SetupGetFieldCount(IN PINFCONTEXT Context)
Definition: infsupp.c:93
BOOL WINAPI SetupFindNextLine(IN PINFCONTEXT ContextIn, OUT PINFCONTEXT ContextOut)
Definition: infsupp.c:82
VOID WINAPI SetupCloseInfFile(IN HINF InfHandle)
Definition: infsupp.c:45
BOOL WINAPI SetupGetBinaryField(IN PINFCONTEXT Context, IN ULONG FieldIndex, OUT PUCHAR ReturnBuffer, IN ULONG ReturnBufferSize, OUT PULONG RequiredSize)
Definition: infsupp.c:128
_Must_inspect_result_ _In_ WDFCHILDLIST _In_ PWDF_CHILD_LIST_ITERATOR _Out_ WDFDEVICE _Inout_opt_ PWDF_CHILD_RETRIEVE_INFO Info
Definition: wdfchildlist.h:690
#define ZeroMemory
Definition: winbase.h:1712
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
int * PINT
Definition: windef.h:177
#define WINAPI
Definition: msvc.h:6
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12
#define RegSetValueEx
Definition: winreg.h:533
#define DOMAIN_USER_RID_ADMIN
Definition: setypes.h:631
#define DOMAIN_USER_RID_GUEST
Definition: setypes.h:632
__wchar_t WCHAR
Definition: xmlstorage.h:180
WCHAR * LPWSTR
Definition: xmlstorage.h:184
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185