Author: ekohl Date: Sat Aug 13 19:25:31 2016 New Revision: 72217 URL: http://svn.reactos.org/svn/reactos?rev=72217&view=rev Log: [SYSSETUP] InstallPrivileges: - Use LsaAddAccountRights instead of LsaAddPrivilegesToAccount. This enables us to add privileges and user rights to a given account. - Identify SIDs by a leading asterisk. Account names do not start with an asterisk. defltws.inf: - Add user rights. - Add an asterisk before all SIDs. Modified: trunk/reactos/dll/win32/syssetup/security.c trunk/reactos/media/inf/defltws.inf Modified: trunk/reactos/dll/win32/syssetup/security.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/syssetup/securit… ============================================================================== --- trunk/reactos/dll/win32/syssetup/security.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/syssetup/security.c [iso-8859-1] Sat Aug 13 19:25:31 2016 @@ -279,11 +279,11 @@ WCHAR szSidString[256]; INFCONTEXT InfContext; DWORD i; - PRIVILEGE_SET PrivilegeSet; - PSID AccountSid; + PSID AccountSid = NULL; NTSTATUS Status; LSA_HANDLE PolicyHandle = NULL; - LSA_HANDLE AccountHandle; + LSA_UNICODE_STRING RightString; + PLSA_TRANSLATED_SID2 Sids = NULL; DPRINT("InstallPrivileges()\n"); @@ -301,7 +301,7 @@ Status = LsaOpenPolicy(NULL, &ObjectAttributes, - POLICY_CREATE_ACCOUNT, + POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES, &PolicyHandle); if (!NT_SUCCESS(Status)) { @@ -317,9 +317,6 @@ DPRINT1("SetupFindfirstLineW failed\n"); goto done; } - - PrivilegeSet.PrivilegeCount = 1; - PrivilegeSet.Control = 0; do { @@ -334,16 +331,6 @@ goto done; } DPRINT("Privilege: %S\n", szPrivilegeString); - - if (!LookupPrivilegeValueW(NULL, - szPrivilegeString, - &(PrivilegeSet.Privilege[0].Luid))) - { - DPRINT1("LookupPrivilegeNameW() failed\n"); - goto done; - } - - PrivilegeSet.Privilege[0].Attributes = 0; for (i = 0; i < SetupGetFieldCount(&InfContext); i++) { @@ -358,29 +345,47 @@ } DPRINT("SID: %S\n", szSidString); - if (!ConvertStringSidToSid(szSidString, &AccountSid)) + if (szSidString[0] == UNICODE_NULL) + continue; + + if (szSidString[0] == L'*') { - DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", szSidString, GetLastError()); + DPRINT("Account Sid: %S\n", &szSidString[1]); + + if (!ConvertStringSidToSid(&szSidString[1], &AccountSid)) + { + DPRINT1("ConvertStringSidToSid(%S) failed: %lu\n", szSidString, GetLastError()); + continue; + } + } + else + { + DPRINT("Account name: %S\n", szSidString); continue; + } - Status = LsaOpenAccount(PolicyHandle, - AccountSid, - ACCOUNT_VIEW | ACCOUNT_ADJUST_PRIVILEGES, - &AccountHandle); - if (NT_SUCCESS(Status)) + RtlInitUnicodeString(&RightString, szPrivilegeString); + Status = LsaAddAccountRights(PolicyHandle, + (AccountSid != NULL) ? AccountSid : Sids[0].Sid, + &RightString, + 1); + if (!NT_SUCCESS(Status)) { - Status = LsaAddPrivilegesToAccount(AccountHandle, - &PrivilegeSet); - if (!NT_SUCCESS(Status)) - { - DPRINT1("LsaAddPrivilegesToAccount() failed (Status %08lx)\n", Status); - } - - LsaClose(AccountHandle); + DPRINT1("LsaAddAccountRights() failed (Status %08lx)\n", Status); } - LocalFree(AccountSid); + if (Sids != NULL) + { + LsaFreeMemory(Sids); + Sids = NULL; + } + + if (AccountSid != NULL) + { + LocalFree(AccountSid); + AccountSid = NULL; + } } } Modified: trunk/reactos/media/inf/defltws.inf URL: http://svn.reactos.org/svn/reactos/trunk/reactos/media/inf/defltws.inf?rev=… ============================================================================== Binary files - no diff available.