[SYSETUP][INF] Add name support for account privilege setup

2024-11-19 05:22:59 +00:00 · 2021-01-16 13:18:08 +01:00 · 2021-01-16 13:18:08 +01:00 · baf9ff45bb
commit baf9ff45bb
parent 69dffed3f7
2 changed files with 37 additions and 5 deletions
--- a/dll/win32/syssetup/security.c
+++ b/dll/win32/syssetup/security.c
@ -282,7 +282,8 @@ InstallPrivileges(
    PSID AccountSid = NULL;
    NTSTATUS Status;
    LSA_HANDLE PolicyHandle = NULL;
-    LSA_UNICODE_STRING RightString;
+    LSA_UNICODE_STRING RightString, AccountName;
+    PLSA_REFERENCED_DOMAIN_LIST ReferencedDomains = NULL;
    PLSA_TRANSLATED_SID2 Sids = NULL;

    DPRINT("InstallPrivileges()\n");
@ -351,8 +352,33 @@ InstallPrivileges(
            else
            {
                DPRINT("Account name: %S\n", szSidString);
-                continue;

+                ReferencedDomains = NULL;
+                Sids = NULL;
+                RtlInitUnicodeString(&AccountName, szSidString);
+                Status = LsaLookupNames2(PolicyHandle,
+                                         0,
+                                         1,
+                                         &AccountName,
+                                         &ReferencedDomains,
+                                         &Sids);
+                if (ReferencedDomains != NULL)
+                {
+                    LsaFreeMemory(ReferencedDomains);
+                }
+
+                if (!NT_SUCCESS(Status))
+                {
+                    DPRINT1("LsaLookupNames2() failed (Status 0x%08lx)\n", Status);
+
+                    if (Sids != NULL)
+                    {
+                        LsaFreeMemory(Sids);
+                        Sids = NULL;
+                    }
+
+                    continue;
+                }
            }

            RtlInitUnicodeString(&RightString, szPrivilegeString);
--- a/media/inf/defltwk.inf
+++ b/media/inf/defltwk.inf
@ -42,7 +42,7 @@ SeEnableDelegationPrivilege =
 SeImpersonatePrivilege = *S-1-5-6, *S-1-5-32-544
 SeIncreaseBasePriorityPrivilege = *S-1-5-32-544
 SeIncreaseQuotaPrivilege = *S-1-5-19, *S-1-5-20, *S-1-5-32-544
-SeInteractiveLogonRight = *S-1-5-32-544, *S-1-5-32-545, *S-1-5-32-547, *S-1-5-32-551
+SeInteractiveLogonRight = *S-1-5-32-544, *S-1-5-32-545, *S-1-5-32-547, *S-1-5-32-551, %SceInfGuest%
 SeLoadDriverPrivilege = *S-1-5-32-544
 SeLockMemoryPrivilege =
 SeMachineAccountPrivilege =
@ -79,3 +79,9 @@ MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCap
 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText = 7, ""
 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon = 4, 1
 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon = 4, 1
+
+[Strings]
+SceInfGuest = "Guest"
+
+[Strings.0407]
+SceInfGuest = "Gast"