17 May
2012
17 May
'12
9:30 p.m.
Author: ekohl
Date: Thu May 17 21:30:30 2012
New Revision: 56607
URL: http://svn.reactos.org/svn/reactos?rev=56607&view=rev
Log:
[SYSSETUP]
- Create builtin LSA accounts.
- Add privileges to the accounts.
Modified:
trunk/reactos/dll/win32/syssetup/globals.h
trunk/reactos/dll/win32/syssetup/install.c
trunk/reactos/dll/win32/syssetup/precomp.h
trunk/reactos/dll/win32/syssetup/security.c
Modified: trunk/reactos/dll/win32/syssetup/globals.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/syssetup/globals…
==============================================================================
--- trunk/reactos/dll/win32/syssetup/globals.h [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/syssetup/globals.h [iso-8859-1] Thu May 17 21:30:30 2012
@@ -64,6 +64,7 @@
/* security.c */
NTSTATUS SetAccountDomain(LPCWSTR DomainName,
PSID DomainSid);
+VOID InstallSecurity(VOID);
/* wizard.c */
VOID InstallWizard (VOID);
Modified: trunk/reactos/dll/win32/syssetup/install.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/syssetup/install…
==============================================================================
--- trunk/reactos/dll/win32/syssetup/install.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/syssetup/install.c [iso-8859-1] Thu May 17 21:30:30 2012
@@ -956,6 +956,8 @@
InstallWizard();
+ InstallSecurity();
+
/* Create the Administrator account */
if (!SamCreateUser(L"Administrator", L"", AdminSid))
{
Modified: trunk/reactos/dll/win32/syssetup/precomp.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/syssetup/precomp…
==============================================================================
--- trunk/reactos/dll/win32/syssetup/precomp.h [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/syssetup/precomp.h [iso-8859-1] Thu May 17 21:30:30 2012
@@ -22,7 +22,9 @@
#include <string.h>
#include <pseh/pseh2.h>
#include <time.h>
+#include <ntlsa.h>
#include <ntsecapi.h>
+#include <sddl.h>
#include "globals.h"
#include "resource.h"
Modified: trunk/reactos/dll/win32/syssetup/security.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/syssetup/securit…
==============================================================================
--- trunk/reactos/dll/win32/syssetup/security.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/syssetup/security.c [iso-8859-1] Thu May 17 21:30:30 2012
@@ -85,3 +85,188 @@
return Status;
}
+
+
+static
+VOID
+InstallBuiltinAccounts(VOID)
+{
+ LPWSTR BuiltinAccounts[] = {
+ L"S-1-1-0", /* Everyone */
+ L"S-1-5-4", /* Interactive */
+ L"S-1-5-6", /* Service */
+ L"S-1-5-19", /* Local Service */
+ L"S-1-5-20", /* Network Service */
+ L"S-1-5-32-544", /* Administrators */
+ L"S-1-5-32-545", /* Users */
+ L"S-1-5-32-547", /* Power Users */
+ L"S-1-5-32-551", /* Backup Operators */
+ L"S-1-5-32-555"}; /* Remote Desktop Users */
+ LSA_OBJECT_ATTRIBUTES ObjectAttributes;
+ NTSTATUS Status;
+ LSA_HANDLE PolicyHandle = NULL;
+ LSA_HANDLE AccountHandle = NULL;
+ PSID AccountSid;
+ ULONG i;
+
+ DPRINT("InstallBuiltinAccounts()\n");
+
+ memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
+
+ Status = LsaOpenPolicy(NULL,
+ &ObjectAttributes,
+ POLICY_CREATE_ACCOUNT,
+ &PolicyHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
+ return;
+ }
+
+ for (i = 0; i < 10; i++)
+ {
+ ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid);
+
+ Status = LsaCreateAccount(PolicyHandle,
+ AccountSid,
+ 0,
+ &AccountHandle);
+ if (NT_SUCCESS(Status))
+ {
+ LsaClose(AccountHandle);
+ }
+
+ LocalFree(AccountSid);
+ }
+
+ LsaClose(PolicyHandle);
+}
+
+
+static
+VOID
+InstallPrivileges(VOID)
+{
+ HINF hSecurityInf = INVALID_HANDLE_VALUE;
+ LSA_OBJECT_ATTRIBUTES ObjectAttributes;
+ WCHAR szPrivilegeString[256];
+ WCHAR szSidString[256];
+ INFCONTEXT InfContext;
+ DWORD i;
+ PRIVILEGE_SET PrivilegeSet;
+ PSID AccountSid;
+ NTSTATUS Status;
+ LSA_HANDLE PolicyHandle = NULL;
+ LSA_HANDLE AccountHandle;
+
+ DPRINT("InstallPrivileges()\n");
+
+ hSecurityInf = SetupOpenInfFileW(L"defltws.inf", //szNameBuffer,
+ NULL,
+ INF_STYLE_WIN4,
+ NULL);
+ if (hSecurityInf == INVALID_HANDLE_VALUE)
+ {
+ DPRINT1("SetupOpenInfFileW failed\n");
+ return;
+ }
+
+ memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
+
+ Status = LsaOpenPolicy(NULL,
+ &ObjectAttributes,
+ POLICY_CREATE_ACCOUNT,
+ &PolicyHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
+ goto done;
+ }
+
+ if (!SetupFindFirstLineW(hSecurityInf,
+ L"Privilege Rights",
+ NULL,
+ &InfContext))
+ {
+ DPRINT1("SetupFindfirstLineW failed\n");
+ goto done;
+ }
+
+ PrivilegeSet.PrivilegeCount = 1;
+ PrivilegeSet.Control = 0;
+
+ do
+ {
+ /* Retrieve the privilege name */
+ if (!SetupGetStringFieldW(&InfContext,
+ 0,
+ szPrivilegeString,
+ 256,
+ NULL))
+ {
+ DPRINT1("SetupGetStringFieldW() failed\n");
+ goto done;
+ }
+ DPRINT("Privilege: %S\n", szPrivilegeString);
+
+ if (!LookupPrivilegeValueW(NULL,
+ szPrivilegeString,
+ &(PrivilegeSet.Privilege[0].Luid)))
+ {
+ DPRINT1("LookupPrivilegeNameW() failed\n");
+ goto done;
+ }
+
+ PrivilegeSet.Privilege[0].Attributes = 0;
+
+ for (i = 0; i < SetupGetFieldCount(&InfContext); i++)
+ {
+ if (!SetupGetStringFieldW(&InfContext,
+ i + 1,
+ szSidString,
+ 256,
+ NULL))
+ {
+ DPRINT1("SetupGetStringFieldW() failed\n");
+ goto done;
+ }
+ DPRINT("SID: %S\n", szSidString);
+
+ ConvertStringSidToSid(szSidString, &AccountSid);
+
+ Status = LsaOpenAccount(PolicyHandle,
+ AccountSid,
+ ACCOUNT_VIEW | ACCOUNT_ADJUST_PRIVILEGES,
+ &AccountHandle);
+ if (NT_SUCCESS(Status))
+ {
+ Status = LsaAddPrivilegesToAccount(AccountHandle,
+ &PrivilegeSet);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("LsaAddPrivilegesToAccount() failed (Status
%08lx)\n", Status);
+ }
+
+ LsaClose(AccountHandle);
+ }
+
+ LocalFree(AccountSid);
+ }
+
+ }
+ while (SetupFindNextLine(&InfContext, &InfContext));
+
+done:
+ if (PolicyHandle != NULL)
+ LsaClose(PolicyHandle);
+
+ if (hSecurityInf != INVALID_HANDLE_VALUE)
+ SetupCloseInfFile(hSecurityInf);
+}
+
+VOID
+InstallSecurity(VOID)
+{
+ InstallBuiltinAccounts();
+ InstallPrivileges();
+}