mirror of
https://github.com/reactos/reactos.git
synced 2025-05-07 10:46:58 +00:00
[SYSSETUP]
- Create builtin LSA accounts. - Add privileges to the accounts. svn path=/trunk/; revision=56607
This commit is contained in:
Eric Kohl
parent
c73fd0768f
commit
ec7cfde16c
4 changed files with 190 additions and 0 deletions
|
|
@ -64,6 +64,7 @@ extern SETUPDATA SetupData;
|
|||
/* security.c */
|
||||
NTSTATUS SetAccountDomain(LPCWSTR DomainName,
|
||||
PSID DomainSid);
|
||||
VOID InstallSecurity(VOID);
|
||||
|
||||
/* wizard.c */
|
||||
VOID InstallWizard (VOID);
|
||||
|
|
|
|||
|
|
@ -956,6 +956,8 @@ InstallReactOS(HINSTANCE hInstance)
|
|||
|
||||
InstallWizard();
|
||||
|
||||
InstallSecurity();
|
||||
|
||||
/* Create the Administrator account */
|
||||
if (!SamCreateUser(L"Administrator", L"", AdminSid))
|
||||
{
|
||||
|
|
|
|||
|
|
@ -22,7 +22,9 @@
|
|||
#include <string.h>
|
||||
#include <pseh/pseh2.h>
|
||||
#include <time.h>
|
||||
#include <ntlsa.h>
|
||||
#include <ntsecapi.h>
|
||||
#include <sddl.h>
|
||||
|
||||
#include "globals.h"
|
||||
#include "resource.h"
|
||||
|
|
|
|||
|
|
@ -85,3 +85,188 @@ SetAccountDomain(LPCWSTR DomainName,
|
|||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
static
|
||||
VOID
|
||||
InstallBuiltinAccounts(VOID)
|
||||
{
|
||||
LPWSTR BuiltinAccounts[] = {
|
||||
L"S-1-1-0", /* Everyone */
|
||||
L"S-1-5-4", /* Interactive */
|
||||
L"S-1-5-6", /* Service */
|
||||
L"S-1-5-19", /* Local Service */
|
||||
L"S-1-5-20", /* Network Service */
|
||||
L"S-1-5-32-544", /* Administrators */
|
||||
L"S-1-5-32-545", /* Users */
|
||||
L"S-1-5-32-547", /* Power Users */
|
||||
L"S-1-5-32-551", /* Backup Operators */
|
||||
L"S-1-5-32-555"}; /* Remote Desktop Users */
|
||||
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
|
||||
NTSTATUS Status;
|
||||
LSA_HANDLE PolicyHandle = NULL;
|
||||
LSA_HANDLE AccountHandle = NULL;
|
||||
PSID AccountSid;
|
||||
ULONG i;
|
||||
|
||||
DPRINT("InstallBuiltinAccounts()\n");
|
||||
|
||||
memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
|
||||
|
||||
Status = LsaOpenPolicy(NULL,
|
||||
&ObjectAttributes,
|
||||
POLICY_CREATE_ACCOUNT,
|
||||
&PolicyHandle);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
|
||||
return;
|
||||
}
|
||||
|
||||
for (i = 0; i < 10; i++)
|
||||
{
|
||||
ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid);
|
||||
|
||||
Status = LsaCreateAccount(PolicyHandle,
|
||||
AccountSid,
|
||||
0,
|
||||
&AccountHandle);
|
||||
if (NT_SUCCESS(Status))
|
||||
{
|
||||
LsaClose(AccountHandle);
|
||||
}
|
||||
|
||||
LocalFree(AccountSid);
|
||||
}
|
||||
|
||||
LsaClose(PolicyHandle);
|
||||
}
|
||||
|
||||
|
||||
static
|
||||
VOID
|
||||
InstallPrivileges(VOID)
|
||||
{
|
||||
HINF hSecurityInf = INVALID_HANDLE_VALUE;
|
||||
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
|
||||
WCHAR szPrivilegeString[256];
|
||||
WCHAR szSidString[256];
|
||||
INFCONTEXT InfContext;
|
||||
DWORD i;
|
||||
PRIVILEGE_SET PrivilegeSet;
|
||||
PSID AccountSid;
|
||||
NTSTATUS Status;
|
||||
LSA_HANDLE PolicyHandle = NULL;
|
||||
LSA_HANDLE AccountHandle;
|
||||
|
||||
DPRINT("InstallPrivileges()\n");
|
||||
|
||||
hSecurityInf = SetupOpenInfFileW(L"defltws.inf", //szNameBuffer,
|
||||
NULL,
|
||||
INF_STYLE_WIN4,
|
||||
NULL);
|
||||
if (hSecurityInf == INVALID_HANDLE_VALUE)
|
||||
{
|
||||
DPRINT1("SetupOpenInfFileW failed\n");
|
||||
return;
|
||||
}
|
||||
|
||||
memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
|
||||
|
||||
Status = LsaOpenPolicy(NULL,
|
||||
&ObjectAttributes,
|
||||
POLICY_CREATE_ACCOUNT,
|
||||
&PolicyHandle);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!SetupFindFirstLineW(hSecurityInf,
|
||||
L"Privilege Rights",
|
||||
NULL,
|
||||
&InfContext))
|
||||
{
|
||||
DPRINT1("SetupFindfirstLineW failed\n");
|
||||
goto done;
|
||||
}
|
||||
|
||||
PrivilegeSet.PrivilegeCount = 1;
|
||||
PrivilegeSet.Control = 0;
|
||||
|
||||
do
|
||||
{
|
||||
/* Retrieve the privilege name */
|
||||
if (!SetupGetStringFieldW(&InfContext,
|
||||
0,
|
||||
szPrivilegeString,
|
||||
256,
|
||||
NULL))
|
||||
{
|
||||
DPRINT1("SetupGetStringFieldW() failed\n");
|
||||
goto done;
|
||||
}
|
||||
DPRINT("Privilege: %S\n", szPrivilegeString);
|
||||
|
||||
if (!LookupPrivilegeValueW(NULL,
|
||||
szPrivilegeString,
|
||||
&(PrivilegeSet.Privilege[0].Luid)))
|
||||
{
|
||||
DPRINT1("LookupPrivilegeNameW() failed\n");
|
||||
goto done;
|
||||
}
|
||||
|
||||
PrivilegeSet.Privilege[0].Attributes = 0;
|
||||
|
||||
for (i = 0; i < SetupGetFieldCount(&InfContext); i++)
|
||||
{
|
||||
if (!SetupGetStringFieldW(&InfContext,
|
||||
i + 1,
|
||||
szSidString,
|
||||
256,
|
||||
NULL))
|
||||
{
|
||||
DPRINT1("SetupGetStringFieldW() failed\n");
|
||||
goto done;
|
||||
}
|
||||
DPRINT("SID: %S\n", szSidString);
|
||||
|
||||
ConvertStringSidToSid(szSidString, &AccountSid);
|
||||
|
||||
Status = LsaOpenAccount(PolicyHandle,
|
||||
AccountSid,
|
||||
ACCOUNT_VIEW | ACCOUNT_ADJUST_PRIVILEGES,
|
||||
&AccountHandle);
|
||||
if (NT_SUCCESS(Status))
|
||||
{
|
||||
Status = LsaAddPrivilegesToAccount(AccountHandle,
|
||||
&PrivilegeSet);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
DPRINT1("LsaAddPrivilegesToAccount() failed (Status %08lx)\n", Status);
|
||||
}
|
||||
|
||||
LsaClose(AccountHandle);
|
||||
}
|
||||
|
||||
LocalFree(AccountSid);
|
||||
}
|
||||
|
||||
}
|
||||
while (SetupFindNextLine(&InfContext, &InfContext));
|
||||
|
||||
done:
|
||||
if (PolicyHandle != NULL)
|
||||
LsaClose(PolicyHandle);
|
||||
|
||||
if (hSecurityInf != INVALID_HANDLE_VALUE)
|
||||
SetupCloseInfFile(hSecurityInf);
|
||||
}
|
||||
|
||||
VOID
|
||||
InstallSecurity(VOID)
|
||||
{
|
||||
InstallBuiltinAccounts();
|
||||
InstallPrivileges();
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue