28 May
2018
28 May
'18
5:27 p.m.
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=cd9f22e9e5857e0235fbd…
commit cd9f22e9e5857e0235fbd70ff7908e8840168c09
Author: Eric Kohl <eric.kohl(a)reactos.org>
AuthorDate: Mon May 28 19:26:02 2018 +0200
Commit: Eric Kohl <eric.kohl(a)reactos.org>
CommitDate: Mon May 28 19:26:02 2018 +0200
[SYSSETUP][INF] Add the 'Registry Values' section to the default security
settings and apply it to the registry
---
dll/win32/syssetup/security.c | 222 +++++++++++++++++++++++++++++++++++++++++-
media/inf/defltws.inf | 17 ++++
2 files changed, 235 insertions(+), 4 deletions(-)
diff --git a/dll/win32/syssetup/security.c b/dll/win32/syssetup/security.c
index 221d0152af..385fde1b36 100644
--- a/dll/win32/syssetup/security.c
+++ b/dll/win32/syssetup/security.c
@@ -245,7 +245,7 @@ InstallBuiltinAccounts(VOID)
return;
}
- for (i = 0; i < 10; i++)
+ for (i = 0; i < ARRAYSIZE(BuiltinAccounts); i++)
{
if (!ConvertStringSidToSid(BuiltinAccounts[i], &AccountSid))
{
@@ -314,7 +314,7 @@ InstallPrivileges(VOID)
NULL,
&InfContext))
{
- DPRINT1("SetupFindfirstLineW failed\n");
+ DPRINT1("SetupFindFirstLineW failed\n");
goto done;
}
@@ -324,7 +324,7 @@ InstallPrivileges(VOID)
if (!SetupGetStringFieldW(&InfContext,
0,
szPrivilegeString,
- 256,
+ ARRAYSIZE(szPrivilegeString),
NULL))
{
DPRINT1("SetupGetStringFieldW() failed\n");
@@ -337,7 +337,7 @@ InstallPrivileges(VOID)
if (!SetupGetStringFieldW(&InfContext,
i + 1,
szSidString,
- 256,
+ ARRAYSIZE(szSidString),
NULL))
{
DPRINT1("SetupGetStringFieldW() failed\n");
@@ -400,11 +400,225 @@ done:
}
+static
+VOID
+ApplyRegistryValues(VOID)
+{
+ HINF hSecurityInf = INVALID_HANDLE_VALUE;
+ WCHAR szRegistryPath[MAX_PATH];
+ WCHAR szRootName[MAX_PATH];
+ WCHAR szKeyName[MAX_PATH];
+ WCHAR szValueName[MAX_PATH];
+ INFCONTEXT InfContext;
+ DWORD dwLength, dwType;
+ HKEY hRootKey, hKey;
+ PWSTR Ptr1, Ptr2;
+ DWORD dwError;
+ PVOID pBuffer;
+
+ DPRINT("ApplyRegistryValues()\n");
+
+ hSecurityInf = SetupOpenInfFileW(L"defltws.inf", //szNameBuffer,
+ NULL,
+ INF_STYLE_WIN4,
+ NULL);
+ if (hSecurityInf == INVALID_HANDLE_VALUE)
+ {
+ DPRINT1("SetupOpenInfFileW failed\n");
+ return;
+ }
+
+ if (!SetupFindFirstLineW(hSecurityInf,
+ L"Registry Values",
+ NULL,
+ &InfContext))
+ {
+ DPRINT1("SetupFindFirstLineW failed\n");
+ goto done;
+ }
+
+ do
+ {
+ /* Retrieve the privilege name */
+ if (!SetupGetStringFieldW(&InfContext,
+ 0,
+ szRegistryPath,
+ ARRAYSIZE(szRegistryPath),
+ NULL))
+ {
+ DPRINT1("SetupGetStringFieldW() failed\n");
+ goto done;
+ }
+
+ DPRINT("RegistryPath: %S\n", szRegistryPath);
+
+ Ptr1 = wcschr(szRegistryPath, L'\\');
+ Ptr2 = wcsrchr(szRegistryPath, L'\\');
+ if (Ptr1 != NULL && Ptr2 != NULL && Ptr1 != Ptr2)
+ {
+ dwLength = (DWORD)(((ULONG_PTR)Ptr1 - (ULONG_PTR)szRegistryPath) /
sizeof(WCHAR));
+ wcsncpy(szRootName, szRegistryPath, dwLength);
+ szRootName[dwLength] = UNICODE_NULL;
+
+ Ptr1++;
+ dwLength = (DWORD)(((ULONG_PTR)Ptr2 - (ULONG_PTR)Ptr1) / sizeof(WCHAR));
+ wcsncpy(szKeyName, Ptr1, dwLength);
+ szKeyName[dwLength] = UNICODE_NULL;
+
+ Ptr2++;
+ wcscpy(szValueName, Ptr2);
+
+ DPRINT("RootName: %S\n", szRootName);
+ DPRINT("KeyName: %S\n", szKeyName);
+ DPRINT("ValueName: %S\n", szValueName);
+
+ if (_wcsicmp(szRootName, L"Machine") == 0)
+ {
+ hRootKey = HKEY_LOCAL_MACHINE;
+ }
+ else
+ {
+ DPRINT1("Unsupported root key %S\n", szRootName);
+ break;
+ }
+
+ if (!SetupGetIntField(&InfContext,
+ 1,
+ (PINT)&dwType))
+ {
+ DPRINT1("Failed to create the key %S (Error %lu)\n", szKeyName,
dwError);
+ break;
+ }
+
+ if (dwType != REG_SZ && dwType != REG_EXPAND_SZ && dwType !=
REG_BINARY &&
+ dwType != REG_DWORD && dwType != REG_MULTI_SZ)
+ {
+ DPRINT1("Invalid value type %lu\n", dwType);
+ break;
+ }
+
+ dwLength = 0;
+ switch (dwType)
+ {
+ case REG_SZ:
+ case REG_EXPAND_SZ:
+ SetupGetStringField(&InfContext,
+ 2,
+ NULL,
+ 0,
+ &dwLength);
+ dwLength *= sizeof(WCHAR);
+ break;
+
+ case REG_BINARY:
+ SetupGetBinaryField(&InfContext,
+ 2,
+ NULL,
+ 0,
+ &dwLength);
+ break;
+
+ case REG_DWORD:
+ dwLength = sizeof(INT);
+ break;
+
+ case REG_MULTI_SZ:
+ SetupGetMultiSzField(&InfContext,
+ 2,
+ NULL,
+ 0,
+ &dwLength);
+ dwLength *= sizeof(WCHAR);
+ break;
+ }
+
+ if (dwLength == 0)
+ {
+ DPRINT1("Failed to determine the required buffer size!\n");
+ break;
+ }
+
+ dwError = RegCreateKeyExW(hRootKey,
+ szKeyName,
+ 0,
+ NULL,
+ REG_OPTION_NON_VOLATILE,
+ KEY_WRITE,
+ NULL,
+ &hKey,
+ NULL);
+ if (dwError != ERROR_SUCCESS)
+ {
+ DPRINT1("Failed to create the key %S (Error %lu)\n", szKeyName,
dwError);
+ break;
+ }
+
+ pBuffer = HeapAlloc(GetProcessHeap(), 0, dwLength);
+ if (pBuffer)
+ {
+ switch (dwType)
+ {
+ case REG_SZ:
+ case REG_EXPAND_SZ:
+ SetupGetStringField(&InfContext,
+ 2,
+ pBuffer,
+ dwLength / sizeof(WCHAR),
+ &dwLength);
+ dwLength *= sizeof(WCHAR);
+ break;
+
+ case REG_BINARY:
+ SetupGetBinaryField(&InfContext,
+ 2,
+ pBuffer,
+ dwLength,
+ &dwLength);
+ break;
+
+ case REG_DWORD:
+ SetupGetIntField(&InfContext,
+ 2,
+ pBuffer);
+ break;
+
+ case REG_MULTI_SZ:
+ SetupGetMultiSzField(&InfContext,
+ 2,
+ pBuffer,
+ dwLength / sizeof(WCHAR),
+ &dwLength);
+ dwLength *= sizeof(WCHAR);
+ break;
+ }
+
+ RegSetValueEx(hKey,
+ szValueName,
+ 0,
+ dwType,
+ pBuffer,
+ dwLength);
+
+ HeapFree(GetProcessHeap(), 0, pBuffer);
+ }
+
+ RegCloseKey(hKey);
+ }
+ }
+ while (SetupFindNextLine(&InfContext, &InfContext));
+
+done:
+ if (hSecurityInf != INVALID_HANDLE_VALUE)
+ SetupCloseInfFile(hSecurityInf);
+}
+
+
VOID
InstallSecurity(VOID)
{
InstallBuiltinAccounts();
InstallPrivileges();
+ ApplyRegistryValues();
/* Hack */
SetPrimaryDomain(L"WORKGROUP", NULL);
diff --git a/media/inf/defltws.inf b/media/inf/defltws.inf
index cccca5baba..a2039441f3 100644
--- a/media/inf/defltws.inf
+++ b/media/inf/defltws.inf
@@ -44,3 +44,20 @@ SeSystemTimePrivilege = *S-1-5-32-544
SeTakeOwnershipPrivilege = *S-1-5-32-544
SeTcbPrivilege =
SeUndockPrivilege = *S-1-5-32-544, *S-1-5-32-545
+
+
+[Registry Values]
+; Full registry path = Type, Value
+;
+; Type:
+; 1: REG_SZ
+; 2: REG_EXPAND_SZ
+; 3: REG_BINARY
+; 4: REG_DWORD
+; 7: REG_MULTI_SZ
+
+MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName
= 4, 0
+MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption = 1,
""
+MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText = 7,
""
+MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon =
4, 1
+MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon = 4,
1
\ No newline at end of file