NTSTATUS SetAuditEvent( LSA_HANDLE PolicyHandle, POLICY_AUDIT_EVENT_TYPE EventType, POLICY_AUDIT_EVENT_OPTIONS EventOption ) { PPOLICY_AUDIT_EVENTS_INFO pae; NTSTATUS Status; DWORD i; // index into EventAuditingOptions // // obtain AuditEvents // Status = LsaQueryInformationPolicy( PolicyHandle, PolicyAuditEventsInformation, &pae ); if(Status != STATUS_SUCCESS) return Status; // // insure we were passed a valid EventType and EventOption // if((ULONG)EventType > pae->MaximumAuditEventCount || (!EventOption & POLICY_AUDIT_EVENT_MASK) ) { LsaFreeMemory(pae); return STATUS_INVALID_PARAMETER; } // // set all auditevents to the unchanged status... // for(i = 0 ; i < pae->MaximumAuditEventCount ; i++) { pae->EventAuditingOptions[i] = POLICY_AUDIT_EVENT_UNCHANGED; } // // ...and update only the specified EventType // pae->EventAuditingOptions[EventType] = EventOption; // // set the new AuditEvents // Status = LsaSetInformationPolicy( PolicyHandle, PolicyAuditEventsInformation, pae ); // // free allocated memory // LsaFreeMemory(pae); return Status; }
NTSTATUS SetAuditMode( LSA_HANDLE PolicyHandle, BOOL bEnable ) { PPOLICY_AUDIT_EVENTS_INFO AuditEvents; NTSTATUS Status; DWORD i; // // obtain current AuditEvents // Status = LsaQueryInformationPolicy( PolicyHandle, PolicyAuditEventsInformation, &AuditEvents ); if(Status != STATUS_SUCCESS) return Status; // // update the relevant member // AuditEvents->AuditingMode = bEnable; // // set all auditevents to the unchanged status... // for(i = 0 ; i < AuditEvents->MaximumAuditEventCount ; i++) { AuditEvents->EventAuditingOptions[i] = POLICY_AUDIT_EVENT_UNCHANGED; } // // set the new auditing mode (enabled or disabled) // Status = LsaSetInformationPolicy( PolicyHandle, PolicyAuditEventsInformation, AuditEvents ); LsaFreeMemory(AuditEvents); return Status; }
NTSTATUS SetAccountDomain(LPCWSTR DomainName, PSID DomainSid) { PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL; POLICY_ACCOUNT_DOMAIN_INFO Info; LSA_OBJECT_ATTRIBUTES ObjectAttributes; LSA_HANDLE PolicyHandle; SAM_HANDLE ServerHandle = NULL; SAM_HANDLE DomainHandle = NULL; DOMAIN_NAME_INFORMATION DomainNameInfo; NTSTATUS Status; DPRINT1("SYSSETUP: SetAccountDomain\n"); memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); Status = LsaOpenPolicy(NULL, &ObjectAttributes, POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, &PolicyHandle); if (Status != STATUS_SUCCESS) { DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status); return Status; } Status = LsaQueryInformationPolicy(PolicyHandle, PolicyAccountDomainInformation, (PVOID *)&OrigInfo); if (Status == STATUS_SUCCESS && OrigInfo != NULL) { if (DomainName == NULL) { Info.DomainName.Buffer = OrigInfo->DomainName.Buffer; Info.DomainName.Length = OrigInfo->DomainName.Length; Info.DomainName.MaximumLength = OrigInfo->DomainName.MaximumLength; } else { Info.DomainName.Buffer = (LPWSTR)DomainName; Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR); Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR); } if (DomainSid == NULL) Info.DomainSid = OrigInfo->DomainSid; else Info.DomainSid = DomainSid; } else { Info.DomainName.Buffer = (LPWSTR)DomainName; Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR); Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR); Info.DomainSid = DomainSid; } Status = LsaSetInformationPolicy(PolicyHandle, PolicyAccountDomainInformation, (PVOID)&Info); if (Status != STATUS_SUCCESS) { DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status); } if (OrigInfo != NULL) LsaFreeMemory(OrigInfo); LsaClose(PolicyHandle); DomainNameInfo.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR); DomainNameInfo.DomainName.MaximumLength = (wcslen(DomainName) + 1) * sizeof(WCHAR); DomainNameInfo.DomainName.Buffer = (LPWSTR)DomainName; Status = SamConnect(NULL, &ServerHandle, SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN, NULL); if (NT_SUCCESS(Status)) { Status = SamOpenDomain(ServerHandle, DOMAIN_WRITE_OTHER_PARAMETERS, Info.DomainSid, &DomainHandle); if (NT_SUCCESS(Status)) { Status = SamSetInformationDomain(DomainHandle, DomainNameInformation, (PVOID)&DomainNameInfo); if (!NT_SUCCESS(Status)) { DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status); } SamCloseHandle(DomainHandle); } else { DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status); } SamCloseHandle(ServerHandle); } return Status; }
/* Hack */ static NTSTATUS SetPrimaryDomain(LPCWSTR DomainName, PSID DomainSid) { PPOLICY_PRIMARY_DOMAIN_INFO OrigInfo = NULL; POLICY_PRIMARY_DOMAIN_INFO Info; LSA_OBJECT_ATTRIBUTES ObjectAttributes; LSA_HANDLE PolicyHandle; NTSTATUS Status; DPRINT1("SYSSETUP: SetPrimaryDomain()\n"); memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); Status = LsaOpenPolicy(NULL, &ObjectAttributes, POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN, &PolicyHandle); if (Status != STATUS_SUCCESS) { DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status); return Status; } Status = LsaQueryInformationPolicy(PolicyHandle, PolicyPrimaryDomainInformation, (PVOID *)&OrigInfo); if (Status == STATUS_SUCCESS && OrigInfo != NULL) { if (DomainName == NULL) { Info.Name.Buffer = OrigInfo->Name.Buffer; Info.Name.Length = OrigInfo->Name.Length; Info.Name.MaximumLength = OrigInfo->Name.MaximumLength; } else { Info.Name.Buffer = (LPWSTR)DomainName; Info.Name.Length = wcslen(DomainName) * sizeof(WCHAR); Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR); } if (DomainSid == NULL) Info.Sid = OrigInfo->Sid; else Info.Sid = DomainSid; } else { Info.Name.Buffer = (LPWSTR)DomainName; Info.Name.Length = wcslen(DomainName) * sizeof(WCHAR); Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR); Info.Sid = DomainSid; } Status = LsaSetInformationPolicy(PolicyHandle, PolicyPrimaryDomainInformation, (PVOID)&Info); if (Status != STATUS_SUCCESS) { DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status); } if (OrigInfo != NULL) LsaFreeMemory(OrigInfo); LsaClose(PolicyHandle); return Status; }