https://git.reactos.org/?p=reactos.git;a=commitdiff;h=0edaeba452c21a7e8b3a3e157577303fe18f6da6
commit 0edaeba452c21a7e8b3a3e157577303fe18f6da6 Author: Eric Kohl <[email protected]> AuthorDate: Sat Jan 30 09:38:00 2021 +0100 Commit: Eric Kohl <[email protected]> CommitDate: Sat Jan 30 09:38:00 2021 +0100 [SYSSETUP][INF] Add account settings - Add EnableAdminAccount and EnableGuestAccount options - Fix typo: TICKS_PER_SECOND --> TICKS_PER_MINUTE --- dll/win32/syssetup/security.c | 192 +++++++++++++++++++++++++++++++++++++++++- media/inf/defltsv.inf | 7 ++ media/inf/defltwk.inf | 7 ++ 3 files changed, 203 insertions(+), 3 deletions(-) diff --git a/dll/win32/syssetup/security.c b/dll/win32/syssetup/security.c index 4a2f0b41e29..834962298da 100644 --- a/dll/win32/syssetup/security.c +++ b/dll/win32/syssetup/security.c @@ -19,7 +19,7 @@ #include <debug.h> #define TICKS_PER_DAY -864000000000LL -#define TICKS_PER_SECOND -600000000LL +#define TICKS_PER_MINUTE -600000000LL /* FUNCTIONS ****************************************************************/ @@ -1055,7 +1055,7 @@ ApplyLockoutSettings( { if (nValue >= 0) { - LockoutInfo.LockoutObservationWindow.QuadPart = (LONGLONG)nValue * TICKS_PER_SECOND; + LockoutInfo.LockoutObservationWindow.QuadPart = (LONGLONG)nValue * TICKS_PER_MINUTE; } } } @@ -1073,7 +1073,7 @@ ApplyLockoutSettings( } else if ((nValue >= 0) && (nValue < 100000)) { - LockoutInfo.LockoutDuration.QuadPart = (LONGLONG)nValue * TICKS_PER_SECOND; + LockoutInfo.LockoutDuration.QuadPart = (LONGLONG)nValue * TICKS_PER_MINUTE; } } } @@ -1102,6 +1102,191 @@ done: } +static +VOID +ApplyAccountSettings( + _In_ HINF hSecurityInf, + _In_ PWSTR pszSectionName) +{ + INFCONTEXT InfContext; + PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; + LSA_OBJECT_ATTRIBUTES ObjectAttributes; + LSA_HANDLE PolicyHandle = NULL; + SAM_HANDLE ServerHandle = NULL; + SAM_HANDLE DomainHandle = NULL; + SAM_HANDLE UserHandle = NULL; + USER_CONTROL_INFORMATION ControlInfo; + INT nValue; + NTSTATUS Status; + + DPRINT("ApplyAccountSettings()\n"); + + memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); + ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); + + Status = LsaOpenPolicy(NULL, + &ObjectAttributes, + POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, + &PolicyHandle); + if (Status != STATUS_SUCCESS) + { + DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status); + return; + } + + Status = LsaQueryInformationPolicy(PolicyHandle, + PolicyAccountDomainInformation, + (PVOID *)&OrigInfo); + if (!NT_SUCCESS(Status)) + { + DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status); + goto done; + } + + Status = SamConnect(NULL, + &ServerHandle, + SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, + NULL); + if (!NT_SUCCESS(Status)) + { + DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status); + goto done; + } + + Status = SamOpenDomain(ServerHandle, + DOMAIN_LOOKUP, + OrigInfo->DomainSid, + &DomainHandle); + if (!NT_SUCCESS(Status)) + { + DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status); + goto done; + } + +#if 0 + if (SetupFindFirstLineW(hSecurityInf, + pszSectionName, + L"LSAAnonymousNameLookup", + &InfContext)) + { + if (SetupGetIntField(&InfContext, 1, &nValue)) + { + if (nValue == 0) + { + } + else + { + } + + } + } +#endif + + if (SetupFindFirstLineW(hSecurityInf, + pszSectionName, + L"EnableAdminAccount", + &InfContext)) + { + if (SetupGetIntField(&InfContext, 1, &nValue)) + { + Status = SamOpenUser(DomainHandle, + USER_READ_ACCOUNT | USER_WRITE_ACCOUNT, + DOMAIN_USER_RID_ADMIN, + &UserHandle); + if (NT_SUCCESS(Status)) + { + Status = SamQueryInformationUser(UserHandle, + UserControlInformation, + (PVOID)&ControlInfo); + if (NT_SUCCESS(Status)) + { + if (nValue == 0) + { + ControlInfo.UserAccountControl |= USER_ACCOUNT_DISABLED; + } + else + { + ControlInfo.UserAccountControl &= ~USER_ACCOUNT_DISABLED; + } + + SamSetInformationUser(UserHandle, + UserControlInformation, + (PVOID)&ControlInfo); + } + + SamCloseHandle(UserHandle); + } + } + } + + if (SetupFindFirstLineW(hSecurityInf, + pszSectionName, + L"EnableGuestAccount", + &InfContext)) + { + if (SetupGetIntField(&InfContext, 1, &nValue)) + { + Status = SamOpenUser(DomainHandle, + USER_READ_ACCOUNT | USER_WRITE_ACCOUNT, + DOMAIN_USER_RID_GUEST, + &UserHandle); + if (NT_SUCCESS(Status)) + { + Status = SamQueryInformationUser(UserHandle, + UserControlInformation, + (PVOID)&ControlInfo); + if (NT_SUCCESS(Status)) + { + if (nValue == 0) + { + ControlInfo.UserAccountControl |= USER_ACCOUNT_DISABLED; + } + else + { + ControlInfo.UserAccountControl &= ~USER_ACCOUNT_DISABLED; + } + + SamSetInformationUser(UserHandle, + UserControlInformation, + (PVOID)&ControlInfo); + } + + SamCloseHandle(UserHandle); + } + } + } + +#if 0 + if (SetupFindFirstLineW(hSecurityInf, + pszSectionName, + L"NewAdministratorName", + &InfContext)) + { + } + + if (SetupFindFirstLineW(hSecurityInf, + pszSectionName, + L"NewGuestName", + &InfContext)) + { + } +#endif + +done: + if (DomainHandle != NULL) + SamCloseHandle(DomainHandle); + + if (ServerHandle != NULL) + SamCloseHandle(ServerHandle); + + if (OrigInfo != NULL) + LsaFreeMemory(OrigInfo); + + if (PolicyHandle != NULL) + LsaClose(PolicyHandle); +} + + static VOID ApplyAuditEvents( @@ -1270,6 +1455,7 @@ InstallSecurity(VOID) ApplyPasswordSettings(hSecurityInf, L"System Access"); ApplyLockoutSettings(hSecurityInf, L"System Access"); + ApplyAccountSettings(hSecurityInf, L"System Access"); ApplyAuditEvents(hSecurityInf); diff --git a/media/inf/defltsv.inf b/media/inf/defltsv.inf index 8aba23b7a60..e96497d06d5 100644 --- a/media/inf/defltsv.inf +++ b/media/inf/defltsv.inf @@ -19,6 +19,13 @@ LockoutBadCount = 0 ;ResetLockoutCount = 30 ;LockoutDuration = 30 +; Account Options +LSAAnonymousLookup = 0 +;EnableAdminAccount = 0 +EnableGuestAccount = 0 +;NewAdministratorName = +;NewGuestName = + [Application Log] MaximumLogSize = 16384 AuditLogRetentionPeriod = 0 diff --git a/media/inf/defltwk.inf b/media/inf/defltwk.inf index 2996a6d94ed..e34f7f587c9 100644 --- a/media/inf/defltwk.inf +++ b/media/inf/defltwk.inf @@ -19,6 +19,13 @@ LockoutBadCount = 0 ;ResetLockoutCount = 30 ;LockoutDuration = 30 +; Account Options +LSAAnonymousNameLookup = 0 +;EnableAdminAccount = 0 +EnableGuestAccount = 0 +;NewAdministratorName = +NewGuestName = Guestore + [Application Log] MaximumLogSize = 512 AuditLogRetentionPeriod = 1
