Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-04-25 16:10:29 +00:00
Code Issues Projects Releases Packages Wiki Activity

[SYSSETUP][INF] Add account settings

Browse source 
- Add EnableAdminAccount and EnableGuestAccount options
- Fix typo: TICKS_PER_SECOND --> TICKS_PER_MINUTE
This commit is contained in:
Eric Kohl 2021-01-30 09:38:00 +01:00
parent 6a4c6ea5d0
commit 0edaeba452
3 changed files with 203 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

192
dll/win32/syssetup/security.c
View file

@ -19,7 +19,7 @@
#include <debug.h> #include <debug.h>
#define TICKS_PER_DAY -864000000000LL #define TICKS_PER_DAY -864000000000LL
#define TICKS_PER_SECOND -600000000LL #define TICKS_PER_MINUTE -600000000LL
/* FUNCTIONS ****************************************************************/ /* FUNCTIONS ****************************************************************/
@ -1055,7 +1055,7 @@ ApplyLockoutSettings(
{ {
if (nValue >= 0) if (nValue >= 0)
{ {
LockoutInfo.LockoutObservationWindow.QuadPart = (LONGLONG)nValue * TICKS_PER_SECOND; LockoutInfo.LockoutObservationWindow.QuadPart = (LONGLONG)nValue * TICKS_PER_MINUTE;
} }
} }
} }
@ -1073,7 +1073,7 @@ ApplyLockoutSettings(
} }
else if ((nValue >= 0) && (nValue < 100000)) else if ((nValue >= 0) && (nValue < 100000))
{ {
LockoutInfo.LockoutDuration.QuadPart = (LONGLONG)nValue * TICKS_PER_SECOND; LockoutInfo.LockoutDuration.QuadPart = (LONGLONG)nValue * TICKS_PER_MINUTE;
} }
} }
} }
@ -1102,6 +1102,191 @@ done:
} }
static
VOID
ApplyAccountSettings(
_In_ HINF hSecurityInf,
_In_ PWSTR pszSectionName)
{
INFCONTEXT InfContext;
PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
LSA_HANDLE PolicyHandle = NULL;
SAM_HANDLE ServerHandle = NULL;
SAM_HANDLE DomainHandle = NULL;
SAM_HANDLE UserHandle = NULL;
USER_CONTROL_INFORMATION ControlInfo;
INT nValue;
NTSTATUS Status;
DPRINT("ApplyAccountSettings()\n");
memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
Status = LsaOpenPolicy(NULL,
&ObjectAttributes,
POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
&PolicyHandle);
if (Status != STATUS_SUCCESS)
{
DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
return;
}
Status = LsaQueryInformationPolicy(PolicyHandle,
PolicyAccountDomainInformation,
(PVOID *)&OrigInfo);
if (!NT_SUCCESS(Status))
{
DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
goto done;
}
Status = SamConnect(NULL,
&ServerHandle,
SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
NULL);
if (!NT_SUCCESS(Status))
{
DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
goto done;
}
Status = SamOpenDomain(ServerHandle,
DOMAIN_LOOKUP,
OrigInfo->DomainSid,
&DomainHandle);
if (!NT_SUCCESS(Status))
{
DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
goto done;
}
#if 0
if (SetupFindFirstLineW(hSecurityInf,
pszSectionName,
L"LSAAnonymousNameLookup",
&InfContext))
{
if (SetupGetIntField(&InfContext, 1, &nValue))
{
if (nValue == 0)
{
}
else
{
}
}
}
#endif
if (SetupFindFirstLineW(hSecurityInf,
pszSectionName,
L"EnableAdminAccount",
&InfContext))
{
if (SetupGetIntField(&InfContext, 1, &nValue))
{
Status = SamOpenUser(DomainHandle,
USER_READ_ACCOUNT | USER_WRITE_ACCOUNT,
DOMAIN_USER_RID_ADMIN,
&UserHandle);
if (NT_SUCCESS(Status))
{
Status = SamQueryInformationUser(UserHandle,
UserControlInformation,
(PVOID)&ControlInfo);
if (NT_SUCCESS(Status))
{
if (nValue == 0)
{
ControlInfo.UserAccountControl |= USER_ACCOUNT_DISABLED;
}
else
{
ControlInfo.UserAccountControl &= ~USER_ACCOUNT_DISABLED;
}
SamSetInformationUser(UserHandle,
UserControlInformation,
(PVOID)&ControlInfo);
}
SamCloseHandle(UserHandle);
}
}
}
if (SetupFindFirstLineW(hSecurityInf,
pszSectionName,
L"EnableGuestAccount",
&InfContext))
{
if (SetupGetIntField(&InfContext, 1, &nValue))
{
Status = SamOpenUser(DomainHandle,
USER_READ_ACCOUNT | USER_WRITE_ACCOUNT,
DOMAIN_USER_RID_GUEST,
&UserHandle);
if (NT_SUCCESS(Status))
{
Status = SamQueryInformationUser(UserHandle,
UserControlInformation,
(PVOID)&ControlInfo);
if (NT_SUCCESS(Status))
{
if (nValue == 0)
{
ControlInfo.UserAccountControl |= USER_ACCOUNT_DISABLED;
}
else
{
ControlInfo.UserAccountControl &= ~USER_ACCOUNT_DISABLED;
}
SamSetInformationUser(UserHandle,
UserControlInformation,
(PVOID)&ControlInfo);
}
SamCloseHandle(UserHandle);
}
}
}
#if 0
if (SetupFindFirstLineW(hSecurityInf,
pszSectionName,
L"NewAdministratorName",
&InfContext))
{
}
if (SetupFindFirstLineW(hSecurityInf,
pszSectionName,
L"NewGuestName",
&InfContext))
{
}
#endif
done:
if (DomainHandle != NULL)
SamCloseHandle(DomainHandle);
if (ServerHandle != NULL)
SamCloseHandle(ServerHandle);
if (OrigInfo != NULL)
LsaFreeMemory(OrigInfo);
if (PolicyHandle != NULL)
LsaClose(PolicyHandle);
}
static static
VOID VOID
ApplyAuditEvents( ApplyAuditEvents(
@ -1270,6 +1455,7 @@ InstallSecurity(VOID)
ApplyPasswordSettings(hSecurityInf, L"System Access"); ApplyPasswordSettings(hSecurityInf, L"System Access");
ApplyLockoutSettings(hSecurityInf, L"System Access"); ApplyLockoutSettings(hSecurityInf, L"System Access");
ApplyAccountSettings(hSecurityInf, L"System Access");
ApplyAuditEvents(hSecurityInf); ApplyAuditEvents(hSecurityInf);

7
media/inf/defltsv.inf
View file

@ -19,6 +19,13 @@ LockoutBadCount = 0
;ResetLockoutCount = 30 ;ResetLockoutCount = 30
;LockoutDuration = 30 ;LockoutDuration = 30
; Account Options
LSAAnonymousLookup = 0
;EnableAdminAccount = 0
EnableGuestAccount = 0
;NewAdministratorName =
;NewGuestName =
[Application Log] [Application Log]
MaximumLogSize = 16384 MaximumLogSize = 16384
AuditLogRetentionPeriod = 0 AuditLogRetentionPeriod = 0

7
media/inf/defltwk.inf
View file

@ -19,6 +19,13 @@ LockoutBadCount = 0
;ResetLockoutCount = 30 ;ResetLockoutCount = 30
;LockoutDuration = 30 ;LockoutDuration = 30
; Account Options
LSAAnonymousNameLookup = 0
;EnableAdminAccount = 0
EnableGuestAccount = 0
;NewAdministratorName =
NewGuestName = Guestore
[Application Log] [Application Log]
MaximumLogSize = 512 MaximumLogSize = 512
AuditLogRetentionPeriod = 1 AuditLogRetentionPeriod = 1