https://git.reactos.org/?p=reactos.git;a=commitdiff;h=86a65fccb6a61541cacde…
commit 86a65fccb6a61541cacdebadd347d45de121a0db
Author: Eric Kohl <eric.kohl(a)reactos.org>
AuthorDate: Sat Jan 30 13:52:14 2021 +0100
Commit: Eric Kohl <eric.kohl(a)reactos.org>
CommitDate: Sat Jan 30 13:52:14 2021 +0100
[SYSSETUP] Refactor ApplyAccountSettings() and add NewAdministratorName and
NewGuestName options
---
dll/win32/syssetup/security.c | 331 ++++++++++++++++++++++++++++--------------
1 file changed, 219 insertions(+), 112 deletions(-)
diff --git a/dll/win32/syssetup/security.c b/dll/win32/syssetup/security.c
index 834962298da..47123e7286a 100644
--- a/dll/win32/syssetup/security.c
+++ b/dll/win32/syssetup/security.c
@@ -1104,19 +1104,208 @@ done:
static
VOID
-ApplyAccountSettings(
+SetLsaAnonymousNameLookup(
_In_ HINF hSecurityInf,
_In_ PWSTR pszSectionName)
+{
+#if 0
+ INFCONTEXT InfContext;
+ INT nValue = 0;
+
+ DPRINT1("SetLsaAnonymousNameLookup()\n");
+
+ if (!SetupFindFirstLineW(hSecurityInf,
+ pszSectionName,
+ L"LSAAnonymousNameLookup",
+ &InfContext))
+ {
+ return;
+ }
+
+ if (!SetupGetIntField(&InfContext, 1, &nValue))
+ {
+ return;
+ }
+
+ if (nValue == 0)
+ {
+ }
+ else
+ {
+ }
+#endif
+}
+
+
+static
+VOID
+EnableAccount(
+ _In_ HINF hSecurityInf,
+ _In_ PWSTR pszSectionName,
+ _In_ PWSTR pszValueName,
+ _In_ SAM_HANDLE DomainHandle,
+ _In_ DWORD dwAccountRid)
+{
+ INFCONTEXT InfContext;
+ SAM_HANDLE UserHandle = NULL;
+ USER_CONTROL_INFORMATION ControlInfo;
+ INT nValue = 0;
+ NTSTATUS Status;
+
+ DPRINT("EnableAccount()\n");
+
+ if (!SetupFindFirstLineW(hSecurityInf,
+ pszSectionName,
+ pszValueName,
+ &InfContext))
+ return;
+
+ if (!SetupGetIntField(&InfContext, 1, &nValue))
+ {
+ DPRINT1("No valid integer value\n");
+ goto done;
+ }
+
+ DPRINT("Value: %d\n", nValue);
+
+ Status = SamOpenUser(DomainHandle,
+ USER_READ_ACCOUNT | USER_WRITE_ACCOUNT,
+ dwAccountRid,
+ &UserHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("SamOpenUser() failed (Status: 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ Status = SamQueryInformationUser(UserHandle,
+ UserControlInformation,
+ (PVOID)&ControlInfo);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("SamQueryInformationUser() failed (Status: 0x%08lx)\n",
Status);
+ goto done;
+ }
+
+ if (nValue == 0)
+ {
+ ControlInfo.UserAccountControl |= USER_ACCOUNT_DISABLED;
+ }
+ else
+ {
+ ControlInfo.UserAccountControl &= ~USER_ACCOUNT_DISABLED;
+ }
+
+ Status = SamSetInformationUser(UserHandle,
+ UserControlInformation,
+ (PVOID)&ControlInfo);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("SamSetInformationUser() failed (Status: 0x%08lx)\n", Status);
+ }
+
+done:
+ if (UserHandle != NULL)
+ SamCloseHandle(UserHandle);
+}
+
+
+static
+VOID
+SetNewAccountName(
+ _In_ HINF hSecurityInf,
+ _In_ PWSTR pszSectionName,
+ _In_ PWSTR pszValueName,
+ _In_ SAM_HANDLE DomainHandle,
+ _In_ DWORD dwAccountRid)
{
INFCONTEXT InfContext;
+ DWORD dwLength = 0;
+ PWSTR pszName = NULL;
+ SAM_HANDLE UserHandle = NULL;
+ USER_NAME_INFORMATION NameInfo;
+ NTSTATUS Status;
+
+ DPRINT("SetNewAccountName()\n");
+
+ if (!SetupFindFirstLineW(hSecurityInf,
+ pszSectionName,
+ pszValueName,
+ &InfContext))
+ return;
+
+ SetupGetStringFieldW(&InfContext,
+ 1,
+ NULL,
+ 0,
+ &dwLength);
+ if (dwLength == 0)
+ return;
+
+ pszName = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwLength * sizeof(WCHAR));
+ if (pszName == NULL)
+ {
+ DPRINT1("HeapAlloc() failed\n");
+ return;
+ }
+
+ if (!SetupGetStringFieldW(&InfContext,
+ 1,
+ pszName,
+ dwLength,
+ &dwLength))
+ {
+ DPRINT1("No valid string value\n");
+ goto done;
+ }
+
+ DPRINT("NewAccountName: '%S'\n", pszName);
+
+ Status = SamOpenUser(DomainHandle,
+ USER_WRITE_ACCOUNT,
+ dwAccountRid,
+ &UserHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("SamOpenUser() failed (Status: 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ NameInfo.UserName.Length = wcslen(pszName) * sizeof(WCHAR);
+ NameInfo.UserName.MaximumLength = NameInfo.UserName.Length + sizeof(WCHAR);
+ NameInfo.UserName.Buffer = pszName;
+ NameInfo.FullName.Length = 0;
+ NameInfo.FullName.MaximumLength = 0;
+ NameInfo.FullName.Buffer = NULL;
+
+ Status = SamSetInformationUser(UserHandle,
+ UserNameInformation,
+ (PVOID)&NameInfo);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("SamSetInformationUser() failed (Status: 0x%08lx)\n", Status);
+ }
+
+done:
+ if (UserHandle != NULL)
+ SamCloseHandle(UserHandle);
+
+ if (pszName != NULL)
+ HeapFree(GetProcessHeap(), 0, pszName);
+}
+
+
+static
+VOID
+ApplyAccountSettings(
+ _In_ HINF hSecurityInf,
+ _In_ PWSTR pszSectionName)
+{
PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
LSA_HANDLE PolicyHandle = NULL;
SAM_HANDLE ServerHandle = NULL;
SAM_HANDLE DomainHandle = NULL;
- SAM_HANDLE UserHandle = NULL;
- USER_CONTROL_INFORMATION ControlInfo;
- INT nValue;
NTSTATUS Status;
DPRINT("ApplyAccountSettings()\n");
@@ -1163,114 +1352,32 @@ ApplyAccountSettings(
goto done;
}
-#if 0
- if (SetupFindFirstLineW(hSecurityInf,
- pszSectionName,
- L"LSAAnonymousNameLookup",
- &InfContext))
- {
- if (SetupGetIntField(&InfContext, 1, &nValue))
- {
- if (nValue == 0)
- {
- }
- else
- {
- }
-
- }
- }
-#endif
-
- if (SetupFindFirstLineW(hSecurityInf,
- pszSectionName,
- L"EnableAdminAccount",
- &InfContext))
- {
- if (SetupGetIntField(&InfContext, 1, &nValue))
- {
- Status = SamOpenUser(DomainHandle,
- USER_READ_ACCOUNT | USER_WRITE_ACCOUNT,
- DOMAIN_USER_RID_ADMIN,
- &UserHandle);
- if (NT_SUCCESS(Status))
- {
- Status = SamQueryInformationUser(UserHandle,
- UserControlInformation,
- (PVOID)&ControlInfo);
- if (NT_SUCCESS(Status))
- {
- if (nValue == 0)
- {
- ControlInfo.UserAccountControl |= USER_ACCOUNT_DISABLED;
- }
- else
- {
- ControlInfo.UserAccountControl &= ~USER_ACCOUNT_DISABLED;
- }
-
- SamSetInformationUser(UserHandle,
- UserControlInformation,
- (PVOID)&ControlInfo);
- }
-
- SamCloseHandle(UserHandle);
- }
- }
- }
-
- if (SetupFindFirstLineW(hSecurityInf,
- pszSectionName,
- L"EnableGuestAccount",
- &InfContext))
- {
- if (SetupGetIntField(&InfContext, 1, &nValue))
- {
- Status = SamOpenUser(DomainHandle,
- USER_READ_ACCOUNT | USER_WRITE_ACCOUNT,
- DOMAIN_USER_RID_GUEST,
- &UserHandle);
- if (NT_SUCCESS(Status))
- {
- Status = SamQueryInformationUser(UserHandle,
- UserControlInformation,
- (PVOID)&ControlInfo);
- if (NT_SUCCESS(Status))
- {
- if (nValue == 0)
- {
- ControlInfo.UserAccountControl |= USER_ACCOUNT_DISABLED;
- }
- else
- {
- ControlInfo.UserAccountControl &= ~USER_ACCOUNT_DISABLED;
- }
-
- SamSetInformationUser(UserHandle,
- UserControlInformation,
- (PVOID)&ControlInfo);
- }
-
- SamCloseHandle(UserHandle);
- }
- }
- }
-
-#if 0
- if (SetupFindFirstLineW(hSecurityInf,
- pszSectionName,
- L"NewAdministratorName",
- &InfContext))
- {
- }
-
- if (SetupFindFirstLineW(hSecurityInf,
- pszSectionName,
- L"NewGuestName",
- &InfContext))
- {
- }
-#endif
+ SetLsaAnonymousNameLookup(hSecurityInf,
+ pszSectionName);
+
+ EnableAccount(hSecurityInf,
+ pszSectionName,
+ L"EnableAdminAccount",
+ DomainHandle,
+ DOMAIN_USER_RID_ADMIN);
+
+ EnableAccount(hSecurityInf,
+ pszSectionName,
+ L"EnableGuestAccount",
+ DomainHandle,
+ DOMAIN_USER_RID_GUEST);
+
+ SetNewAccountName(hSecurityInf,
+ pszSectionName,
+ L"NewAdministratorName",
+ DomainHandle,
+ DOMAIN_USER_RID_ADMIN);
+
+ SetNewAccountName(hSecurityInf,
+ pszSectionName,
+ L"NewGuestName",
+ DomainHandle,
+ DOMAIN_USER_RID_GUEST);
done:
if (DomainHandle != NULL)