https://git.reactos.org/?p=reactos.git;a=commitdiff;h=0edaeba452c21a7e8b3a3…
commit 0edaeba452c21a7e8b3a3e157577303fe18f6da6
Author: Eric Kohl <eric.kohl(a)reactos.org>
AuthorDate: Sat Jan 30 09:38:00 2021 +0100
Commit: Eric Kohl <eric.kohl(a)reactos.org>
CommitDate: Sat Jan 30 09:38:00 2021 +0100
[SYSSETUP][INF] Add account settings
- Add EnableAdminAccount and EnableGuestAccount options
- Fix typo: TICKS_PER_SECOND --> TICKS_PER_MINUTE
---
dll/win32/syssetup/security.c | 192 +++++++++++++++++++++++++++++++++++++++++-
media/inf/defltsv.inf | 7 ++
media/inf/defltwk.inf | 7 ++
3 files changed, 203 insertions(+), 3 deletions(-)
diff --git a/dll/win32/syssetup/security.c b/dll/win32/syssetup/security.c
index 4a2f0b41e29..834962298da 100644
--- a/dll/win32/syssetup/security.c
+++ b/dll/win32/syssetup/security.c
@@ -19,7 +19,7 @@
#include <debug.h>
#define TICKS_PER_DAY -864000000000LL
-#define TICKS_PER_SECOND -600000000LL
+#define TICKS_PER_MINUTE -600000000LL
/* FUNCTIONS ****************************************************************/
@@ -1055,7 +1055,7 @@ ApplyLockoutSettings(
{
if (nValue >= 0)
{
- LockoutInfo.LockoutObservationWindow.QuadPart = (LONGLONG)nValue *
TICKS_PER_SECOND;
+ LockoutInfo.LockoutObservationWindow.QuadPart = (LONGLONG)nValue *
TICKS_PER_MINUTE;
}
}
}
@@ -1073,7 +1073,7 @@ ApplyLockoutSettings(
}
else if ((nValue >= 0) && (nValue < 100000))
{
- LockoutInfo.LockoutDuration.QuadPart = (LONGLONG)nValue *
TICKS_PER_SECOND;
+ LockoutInfo.LockoutDuration.QuadPart = (LONGLONG)nValue *
TICKS_PER_MINUTE;
}
}
}
@@ -1102,6 +1102,191 @@ done:
}
+static
+VOID
+ApplyAccountSettings(
+ _In_ HINF hSecurityInf,
+ _In_ PWSTR pszSectionName)
+{
+ INFCONTEXT InfContext;
+ PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
+ LSA_OBJECT_ATTRIBUTES ObjectAttributes;
+ LSA_HANDLE PolicyHandle = NULL;
+ SAM_HANDLE ServerHandle = NULL;
+ SAM_HANDLE DomainHandle = NULL;
+ SAM_HANDLE UserHandle = NULL;
+ USER_CONTROL_INFORMATION ControlInfo;
+ INT nValue;
+ NTSTATUS Status;
+
+ DPRINT("ApplyAccountSettings()\n");
+
+ memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
+ ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
+
+ Status = LsaOpenPolicy(NULL,
+ &ObjectAttributes,
+ POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
+ &PolicyHandle);
+ if (Status != STATUS_SUCCESS)
+ {
+ DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
+ return;
+ }
+
+ Status = LsaQueryInformationPolicy(PolicyHandle,
+ PolicyAccountDomainInformation,
+ (PVOID *)&OrigInfo);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n",
Status);
+ goto done;
+ }
+
+ Status = SamConnect(NULL,
+ &ServerHandle,
+ SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
+ NULL);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ Status = SamOpenDomain(ServerHandle,
+ DOMAIN_LOOKUP,
+ OrigInfo->DomainSid,
+ &DomainHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
+ goto done;
+ }
+
+#if 0
+ if (SetupFindFirstLineW(hSecurityInf,
+ pszSectionName,
+ L"LSAAnonymousNameLookup",
+ &InfContext))
+ {
+ if (SetupGetIntField(&InfContext, 1, &nValue))
+ {
+ if (nValue == 0)
+ {
+ }
+ else
+ {
+ }
+
+ }
+ }
+#endif
+
+ if (SetupFindFirstLineW(hSecurityInf,
+ pszSectionName,
+ L"EnableAdminAccount",
+ &InfContext))
+ {
+ if (SetupGetIntField(&InfContext, 1, &nValue))
+ {
+ Status = SamOpenUser(DomainHandle,
+ USER_READ_ACCOUNT | USER_WRITE_ACCOUNT,
+ DOMAIN_USER_RID_ADMIN,
+ &UserHandle);
+ if (NT_SUCCESS(Status))
+ {
+ Status = SamQueryInformationUser(UserHandle,
+ UserControlInformation,
+ (PVOID)&ControlInfo);
+ if (NT_SUCCESS(Status))
+ {
+ if (nValue == 0)
+ {
+ ControlInfo.UserAccountControl |= USER_ACCOUNT_DISABLED;
+ }
+ else
+ {
+ ControlInfo.UserAccountControl &= ~USER_ACCOUNT_DISABLED;
+ }
+
+ SamSetInformationUser(UserHandle,
+ UserControlInformation,
+ (PVOID)&ControlInfo);
+ }
+
+ SamCloseHandle(UserHandle);
+ }
+ }
+ }
+
+ if (SetupFindFirstLineW(hSecurityInf,
+ pszSectionName,
+ L"EnableGuestAccount",
+ &InfContext))
+ {
+ if (SetupGetIntField(&InfContext, 1, &nValue))
+ {
+ Status = SamOpenUser(DomainHandle,
+ USER_READ_ACCOUNT | USER_WRITE_ACCOUNT,
+ DOMAIN_USER_RID_GUEST,
+ &UserHandle);
+ if (NT_SUCCESS(Status))
+ {
+ Status = SamQueryInformationUser(UserHandle,
+ UserControlInformation,
+ (PVOID)&ControlInfo);
+ if (NT_SUCCESS(Status))
+ {
+ if (nValue == 0)
+ {
+ ControlInfo.UserAccountControl |= USER_ACCOUNT_DISABLED;
+ }
+ else
+ {
+ ControlInfo.UserAccountControl &= ~USER_ACCOUNT_DISABLED;
+ }
+
+ SamSetInformationUser(UserHandle,
+ UserControlInformation,
+ (PVOID)&ControlInfo);
+ }
+
+ SamCloseHandle(UserHandle);
+ }
+ }
+ }
+
+#if 0
+ if (SetupFindFirstLineW(hSecurityInf,
+ pszSectionName,
+ L"NewAdministratorName",
+ &InfContext))
+ {
+ }
+
+ if (SetupFindFirstLineW(hSecurityInf,
+ pszSectionName,
+ L"NewGuestName",
+ &InfContext))
+ {
+ }
+#endif
+
+done:
+ if (DomainHandle != NULL)
+ SamCloseHandle(DomainHandle);
+
+ if (ServerHandle != NULL)
+ SamCloseHandle(ServerHandle);
+
+ if (OrigInfo != NULL)
+ LsaFreeMemory(OrigInfo);
+
+ if (PolicyHandle != NULL)
+ LsaClose(PolicyHandle);
+}
+
+
static
VOID
ApplyAuditEvents(
@@ -1270,6 +1455,7 @@ InstallSecurity(VOID)
ApplyPasswordSettings(hSecurityInf, L"System Access");
ApplyLockoutSettings(hSecurityInf, L"System Access");
+ ApplyAccountSettings(hSecurityInf, L"System Access");
ApplyAuditEvents(hSecurityInf);
diff --git a/media/inf/defltsv.inf b/media/inf/defltsv.inf
index 8aba23b7a60..e96497d06d5 100644
--- a/media/inf/defltsv.inf
+++ b/media/inf/defltsv.inf
@@ -19,6 +19,13 @@ LockoutBadCount = 0
;ResetLockoutCount = 30
;LockoutDuration = 30
+; Account Options
+LSAAnonymousLookup = 0
+;EnableAdminAccount = 0
+EnableGuestAccount = 0
+;NewAdministratorName =
+;NewGuestName =
+
[Application Log]
MaximumLogSize = 16384
AuditLogRetentionPeriod = 0
diff --git a/media/inf/defltwk.inf b/media/inf/defltwk.inf
index 2996a6d94ed..e34f7f587c9 100644
--- a/media/inf/defltwk.inf
+++ b/media/inf/defltwk.inf
@@ -19,6 +19,13 @@ LockoutBadCount = 0
;ResetLockoutCount = 30
;LockoutDuration = 30
+; Account Options
+LSAAnonymousNameLookup = 0
+;EnableAdminAccount = 0
+EnableGuestAccount = 0
+;NewAdministratorName =
+NewGuestName = Guestore
+
[Application Log]
MaximumLogSize = 512
AuditLogRetentionPeriod = 1