Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

377 lines
11 KiB

#include "stdafx.h"
#pragma hdrstop
//
// registry information
//
const WCHAR c_szWinLogon[] = L"Software\\Microsoft\\Windows NT\\CurrentVersion\\WinLogon";
const WCHAR c_szAutoLogon[] = L"AutoAdminLogon";
const WCHAR c_szDisableCAD[] = L"DisableCAD";
const WCHAR c_szDefUserName[] = L"DefaultUserName";
const WCHAR c_szDefDomain[] = L"DefaultDomainName";
const WCHAR c_szDefPassword[] = L"DefaultPassword";
const WCHAR c_szDefaultPwdKey[] = L"DefaultPassword";
//
// registry helpers
//
BOOL _RegSetSZ(HKEY hk, LPCWSTR pszValueName, LPCWSTR pszValue)
{
DWORD dwSize = lstrlen(pszValue)*SIZEOF(WCHAR);
return ERROR_SUCCESS == RegSetValueEx(hk, pszValueName, 0x0, REG_SZ, (BYTE *)pszValue, dwSize);
}
BOOL _RegSetDWORD(HKEY hk, LPCWSTR pszValueName, DWORD dwValue)
{
DWORD dwSize = SIZEOF(dwValue);
return ERROR_SUCCESS == RegSetValueEx(hk, pszValueName, 0x0, REG_DWORD, (BYTE *)&dwValue, dwSize);
}
BOOL _RegDelValue(HKEY hk, LPCWSTR pszValueName)
{
return ERROR_SUCCESS == RegDeleteValue(hk, pszValueName);
}
INT_PTR CALLBACK _CredDlgProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
LPCREDINFO pci = (LPCREDINFO)GetWindowLongPtr(hwnd, DWLP_USER);
switch ( uMsg )
{
case WM_INITDIALOG:
{
pci = (LPCREDINFO)lParam;
SetWindowLongPtr(hwnd, DWLP_USER, lParam);
SetDlgItemText(hwnd, IDC_USER, pci->pszUser);
Edit_LimitText(GetDlgItem(hwnd, IDC_USER), pci->cchUser - 1);
SetDlgItemText(hwnd, IDC_DOMAIN, pci->pszDomain);
Edit_LimitText(GetDlgItem(hwnd, IDC_DOMAIN), pci->cchDomain - 1);
SetDlgItemText(hwnd, IDC_PASSWORD, pci->pszPassword);
Edit_LimitText(GetDlgItem(hwnd, IDC_PASSWORD), pci->cchPassword - 1);
return TRUE;
}
case WM_COMMAND:
{
switch ( LOWORD(wParam) )
{
case IDOK:
{
FetchText(hwnd, IDC_DOMAIN, pci->pszDomain, pci->cchDomain);
FetchText(hwnd, IDC_USER, pci->pszUser, pci->cchUser);
if (StrChr(pci->pszUser, TEXT('@')))
{
*(pci->pszDomain) = 0;
}
GetDlgItemText(hwnd, IDC_PASSWORD, pci->pszPassword, pci->cchPassword);
return EndDialog(hwnd, IDOK);
}
case IDCANCEL:
return EndDialog(hwnd, IDCANCEL);
case IDC_USER:
{
if ( HIWORD(wParam) == EN_CHANGE )
{
EnableWindow(GetDlgItem(hwnd, IDOK), FetchTextLength(hwnd, IDC_USER) > 0);
EnableDomainForUPN(GetDlgItem(hwnd, IDC_USER), GetDlgItem(hwnd, IDC_DOMAIN));
}
break;
}
}
return TRUE;
}
}
return FALSE;
}
//
// attempt to join a domain/workgroup using the specified names and OU.
//
HRESULT _AttemptJoin(HWND hwnd, DWORD dwFlags, LPCWSTR pszDomain, LPCWSTR pszUser, LPCWSTR pszUserDomain, LPCWSTR pszPassword)
{
HRESULT hr = S_OK;
#ifndef DONT_JOIN
TCHAR szDomainUser[MAX_DOMAINUSER + 1];
if ( pszUser )
MakeDomainUserString(pszUserDomain, pszUser, szDomainUser, ARRAYSIZE(szDomainUser));
NET_API_STATUS nas = NetJoinDomain(NULL, pszDomain, NULL, szDomainUser, pszPassword, dwFlags);
if ( (nas == ERROR_ACCESS_DENIED) )
{
// perhaps an account exists, but we can't delete it so try and remove
// the account create flag
if ( dwFlags & NETSETUP_ACCT_CREATE )
{
dwFlags &= ~NETSETUP_ACCT_CREATE;
nas = NetJoinDomain(NULL, pszDomain, NULL, szDomainUser, *pszPassword ? pszPassword : NULL, dwFlags);
}
}
if ( (nas != NERR_Success) && (nas != NERR_SetupAlreadyJoined) )
{
TCHAR szMessage[512];
if (!FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, (DWORD) nas, 0, szMessage, ARRAYSIZE(szMessage), NULL))
LoadString(g_hinst, IDS_ERR_UNEXPECTED, szMessage, ARRAYSIZE(szMessage));
::DisplayFormatMessage(hwnd, IDS_ERR_CAPTION, IDS_NAW_JOIN_GENERICERROR, MB_OK|MB_ICONERROR, szMessage);
hr = HRESULT_FROM_WIN32(nas);
}
#endif
return hr;
}
void _ShowDcNotFoundErrorDialog(HWND hwnd, LPCWSTR pszDomain, LPCWSTR pszTitle)
{
typedef void (*pfnShowDcNotFoundErrorDialog)(HWND, PCWSTR, PCWSTR);
static HMODULE hNetID = NULL;
static pfnShowDcNotFoundErrorDialog ShowDcNotFoundErrorDialog = NULL;
if (!hNetID)
{
hNetID = LoadLibrary(L"netid.dll");
}
if (hNetID)
{
ShowDcNotFoundErrorDialog = (pfnShowDcNotFoundErrorDialog) GetProcAddress(hNetID, "ShowDcNotFoundErrorDialog");
if (ShowDcNotFoundErrorDialog)
{
ShowDcNotFoundErrorDialog(hwnd, pszDomain, pszTitle);
}
}
}
//
// Handle moving from to a workgroup or domain. To do this we are passed
// a structure containing all the information we need.
//
HRESULT JoinDomain(HWND hwnd, BOOL fDomain, LPCWSTR pszDomain, CREDINFO* pci, BOOL *pfReboot)
{
HRESULT hres = E_FAIL;
DWORD dwFlags = 0x0;
LPWSTR pszCurrentDomain = NULL;
NET_API_STATUS nas;
BOOL fPassedCredentials = (pci && pci->pszUser && pci->pszUser[0] && pci->pszPassword);
CWaitCursor cur;
//
// lets validate the domain name before we go and use it, therefore avoiding
// orphaning the computer too badly
//
nas = NetValidateName(NULL, pszDomain, NULL, NULL, fDomain ? NetSetupDomain:NetSetupWorkgroup);
if (fDomain && (ERROR_NO_SUCH_DOMAIN == nas))
{
WCHAR szTitle[256];
LoadString(g_hinst, IDS_NETWIZCAPTION, szTitle, ARRAYSIZE(szTitle));
_ShowDcNotFoundErrorDialog(hwnd, pszDomain, szTitle);
return E_FAIL;
}
if ( NERR_Success != nas )
{
ShellMessageBox(g_hinst, hwnd,
fDomain ? MAKEINTRESOURCE(IDS_ERR_BADDOMAIN) : MAKEINTRESOURCE(IDS_ERR_BADWORKGROUP),
MAKEINTRESOURCE(IDS_NETWIZCAPTION),
MB_OK|MB_ICONWARNING,
pszDomain);
return E_FAIL;
}
//
// now attempt to join the domain, prompt for credentails if the ones
// specified are not good enough
//
if ( fDomain )
{
dwFlags |= NETSETUP_JOIN_DOMAIN|NETSETUP_ACCT_CREATE|NETSETUP_DOMAIN_JOIN_IF_JOINED;
}
else
{
nas = NetUnjoinDomain(NULL, NULL, NULL, NETSETUP_ACCT_DELETE);
if ( (nas != NERR_Success) && (nas != NERR_SetupNotJoined) )
{
nas = NetUnjoinDomain(NULL, NULL, NULL, 0x0);
}
if ( (nas != NERR_Success) && (nas != NERR_SetupNotJoined) )
{
hres = E_UNEXPECTED;
goto exit_gracefully;
}
*pfReboot = TRUE; // we changed the domain
}
if ( !fDomain || fPassedCredentials)
{
if (fPassedCredentials)
{
hres = _AttemptJoin(hwnd, dwFlags, pszDomain, pci->pszUser, pci->pszDomain, pci->pszPassword);
}
else
{
hres = _AttemptJoin(hwnd, dwFlags, pszDomain, NULL, NULL, NULL);
}
}
if ( fDomain && ((FAILED(hres) || (!fPassedCredentials))) )
{
do
{
if ( IDCANCEL == DialogBoxParam(g_hinst, MAKEINTRESOURCE(IDD_PSW_JOINCREDENTIALS),
hwnd, _CredDlgProc, (LPARAM)pci) )
{
hres = E_FAIL;
goto exit_gracefully;
}
// The dialog box changed the cursor from a wait cursor to an arrow cursor, so the cursor
// needs to be changed back.. This call could be moved to _AttemptJoin (along with a call to
// reset the cursor). This call is made synchronously from the message loop for this hwnd
cur.WaitCursor();
hres = _AttemptJoin(hwnd, dwFlags, pszDomain, pci->pszUser, pci->pszDomain, pci->pszPassword);
}
while ( FAILED(hres) );
}
exit_gracefully:
if ( SUCCEEDED(hres) )
{
ClearAutoLogon();
*pfReboot = TRUE; // we changed the domain
}
NetApiBufferFree(pszCurrentDomain);
return hres;
}
//
// set and clear the auto admin logon state.
//
// we set the default user and default domain to the specified strings, we then blow away
// the clear text password stored in the registry to replace it with a password stored
// in the LSA secret space.
//
NTSTATUS _SetDefaultPassword(LPCWSTR PasswordBuffer)
{
NTSTATUS Status = STATUS_SUCCESS;
OBJECT_ATTRIBUTES ObjectAttributes;
LSA_HANDLE LsaHandle = NULL;
UNICODE_STRING SecretName;
UNICODE_STRING SecretValue;
InitializeObjectAttributes(&ObjectAttributes, NULL, 0L, (HANDLE)NULL, NULL);
Status = LsaOpenPolicy(NULL, &ObjectAttributes, POLICY_CREATE_SECRET, &LsaHandle);
if (!NT_SUCCESS(Status))
return Status;
RtlInitUnicodeString(&SecretName, c_szDefaultPwdKey);
RtlInitUnicodeString(&SecretValue, PasswordBuffer);
Status = LsaStorePrivateData(LsaHandle, &SecretName, &SecretValue);
LsaClose(LsaHandle);
return Status;
}
//
// Set and clear auto logon for a particular
//
void SetAutoLogon(LPCWSTR pszUserName, LPCWSTR pszPassword)
{
#ifndef DONT_JOIN
WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH+1];
DWORD dwComputerName = ARRAYSIZE(szComputerName);
HKEY hk;
GetComputerName(szComputerName, &dwComputerName);
SetDefAccount(pszUserName, szComputerName); // also clears auto logon
if ( ERROR_SUCCESS == RegOpenKeyEx(HKEY_LOCAL_MACHINE, c_szWinLogon, 0x0, KEY_WRITE, &hk) )
{
_RegSetSZ(hk, c_szAutoLogon, L"1"); // auto admin logon
_RegDelValue(hk, c_szDefPassword); // use the LSA secret for the password
RegCloseKey (hk);
}
_SetDefaultPassword(pszPassword);
#endif
}
//
// clear the auto admin logon
//
STDAPI ClearAutoLogon(VOID)
{
#ifndef DONT_JOIN
HKEY hk;
if ( ERROR_SUCCESS == RegOpenKeyEx(HKEY_LOCAL_MACHINE, c_szWinLogon, 0x0, KEY_WRITE, &hk) )
{
_RegSetSZ(hk, c_szAutoLogon, L"0"); // no auto admin logon
_RegDelValue(hk, c_szDefPassword);
RegCloseKey(hk);
}
_SetDefaultPassword(L""); // clear the LSA secret
#endif
return S_OK;
}
//
// set the default account
//
void SetDefAccount(LPCWSTR pszUser, LPCWSTR pszDomain)
{
#ifndef DONT_JOIN
ClearAutoLogon();
HKEY hk;
if ( ERROR_SUCCESS == RegOpenKeyEx(HKEY_LOCAL_MACHINE, c_szWinLogon, 0x0, KEY_WRITE, &hk) )
{
_RegSetSZ(hk, c_szDefUserName, pszUser);
_RegSetSZ(hk, c_szDefDomain, pszDomain);
RegCloseKey(hk);
}
#endif
}