https://git.reactos.org/?p=reactos.git;a=commitdiff;h=baf9ff45bb7f289b02d1b… commit baf9ff45bb7f289b02d1bcc22f85d4a5196f8139 Author: Eric Kohl <eric.kohl(a)reactos.org> AuthorDate: Sat Jan 16 13:18:08 2021 +0100 Commit: Eric Kohl <eric.kohl(a)reactos.org> CommitDate: Sat Jan 16 13:18:08 2021 +0100 [SYSETUP][INF] Add name support for account privilege setup --- dll/win32/syssetup/security.c | 32 +++++++++++++++++++++++++++++--- media/inf/defltwk.inf | 10 ++++++++-- 2 files changed, 37 insertions(+), 5 deletions(-) diff --git a/dll/win32/syssetup/security.c b/dll/win32/syssetup/security.c index 0bf4167ebc0..2ac2c3a4917 100644 --- a/dll/win32/syssetup/security.c +++ b/dll/win32/syssetup/security.c @@ -282,7 +282,8 @@ InstallPrivileges( PSID AccountSid = NULL; NTSTATUS Status; LSA_HANDLE PolicyHandle = NULL; - LSA_UNICODE_STRING RightString; + LSA_UNICODE_STRING RightString, AccountName; + PLSA_REFERENCED_DOMAIN_LIST ReferencedDomains = NULL; PLSA_TRANSLATED_SID2 Sids = NULL; DPRINT("InstallPrivileges()\n"); @@ -351,8 +352,33 @@ InstallPrivileges( else { DPRINT("Account name: %S\n", szSidString); - continue; - + + ReferencedDomains = NULL; + Sids = NULL; + RtlInitUnicodeString(&AccountName, szSidString); + Status = LsaLookupNames2(PolicyHandle, + 0, + 1, + &AccountName, + &ReferencedDomains, + &Sids); + if (ReferencedDomains != NULL) + { + LsaFreeMemory(ReferencedDomains); + } + + if (!NT_SUCCESS(Status)) + { + DPRINT1("LsaLookupNames2() failed (Status 0x%08lx)\n", Status); + + if (Sids != NULL) + { + LsaFreeMemory(Sids); + Sids = NULL; + } + + continue; + } } RtlInitUnicodeString(&RightString, szPrivilegeString); diff --git a/media/inf/defltwk.inf b/media/inf/defltwk.inf index d23b0d861ea..5aa1acf4b48 100644 --- a/media/inf/defltwk.inf +++ b/media/inf/defltwk.inf @@ -42,7 +42,7 @@ SeEnableDelegationPrivilege = SeImpersonatePrivilege = *S-1-5-6, *S-1-5-32-544 SeIncreaseBasePriorityPrivilege = *S-1-5-32-544 SeIncreaseQuotaPrivilege = *S-1-5-19, *S-1-5-20, *S-1-5-32-544 -SeInteractiveLogonRight = *S-1-5-32-544, *S-1-5-32-545, *S-1-5-32-547, *S-1-5-32-551 +SeInteractiveLogonRight = *S-1-5-32-544, *S-1-5-32-545, *S-1-5-32-547, *S-1-5-32-551, %SceInfGuest% SeLoadDriverPrivilege = *S-1-5-32-544 SeLockMemoryPrivilege = SeMachineAccountPrivilege = @@ -78,4 +78,10 @@ MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLas MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption = 1, "" MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText = 7, "" MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon = 4, 1 -MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon = 4, 1 \ No newline at end of file +MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon = 4, 1 + +[Strings] +SceInfGuest = "Guest" + +[Strings.0407] +SceInfGuest = "Gast"