Commit 479b80d4 authored by Mark Andrews's avatar Mark Andrews
Browse files

2663. [func] win32: allow named to run as a service using

                        "NT AUTHORITY\LocalService" as the account. [RT #19977]
parent ef22fffe
2663. [func] win32: allow named to run as a service using
"NT AUTHORITY\LocalService" as the account. [RT #19977]
2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
returned a misleading error code when lwresd was
down. [RT #20028]
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: BINDInstallDlg.cpp,v 1.43 2009/08/25 06:47:06 marka Exp $ */
/* $Id: BINDInstallDlg.cpp,v 1.44 2009/09/01 06:51:47 marka Exp $ */
/*
* Copyright (c) 1999-2000 by Nortel Networks Corporation
......@@ -69,6 +69,8 @@
#define MAX_GROUPS 100
#define MAX_PRIVS 50
#define LOCAL_SERVICE "NT AUTHORITY\\LocalService"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
......@@ -410,7 +412,7 @@ void CBINDInstallDlg::OnInstall() {
UpdateData();
if (!m_toolsOnly) {
if (!m_toolsOnly && m_accountName != LOCAL_SERVICE) {
/*
* Check that the Passwords entered match.
*/
......@@ -454,6 +456,11 @@ void CBINDInstallDlg::OnInstall() {
return;
}
}
} else if (m_accountName == LOCAL_SERVICE) {
/* The LocalService always exists. */
m_accountExists = TRUE;
if (m_accountName != m_currentAccount)
m_accountUsed = FALSE;
}
/* Directories */
......@@ -728,13 +735,16 @@ CBINDInstallDlg::GetCurrentServiceAccountName() {
}
RegCloseKey(hKey);
if(keyFound == FALSE)
if (keyFound == FALSE)
m_accountName = "";
else {
/*
* LocalSystem is not a regular account and is equivalent
* to no account but with lots of privileges
*/
else if (!strcmp(accountName, LOCAL_SERVICE)) {
m_accountName = LOCAL_SERVICE;
m_accountUsed = TRUE;
} else {
/*
* LocalSystem is not a regular account and is equivalent
* to no account but with lots of privileges
*/
Tmp = accountName;
if (Tmp == ".\\LocalSystem")
m_accountName = "";
......@@ -790,23 +800,23 @@ void
CBINDInstallDlg::RegisterService() {
SC_HANDLE hSCManager;
SC_HANDLE hService;
CString StartName = ".\\" + m_accountName;
if(m_toolsOnly)
return;
CString StartName;
if (m_accountName == LOCAL_SERVICE)
StartName = LOCAL_SERVICE;
else
StartName = ".\\" + m_accountName;
/*
* We need to change the service rather than create it
* if the service already exists. Do nothing if we are already
* using that account
*/
if(m_serviceExists == TRUE) {
if(m_accountUsed == FALSE) {
UpdateService();
if (m_serviceExists == TRUE) {
if (m_accountUsed == FALSE) {
UpdateService(StartName);
SetItemStatus(IDC_REG_SERVICE);
return;
}
else {
} else {
SetItemStatus(IDC_REG_SERVICE);
return;
}
......@@ -845,10 +855,9 @@ CBINDInstallDlg::RegisterService() {
}
void
CBINDInstallDlg::UpdateService() {
CBINDInstallDlg::UpdateService(CString StartName) {
SC_HANDLE hSCManager;
SC_HANDLE hService;
CString StartName = ".\\" + m_accountName;
if(m_toolsOnly)
return;
......@@ -878,11 +887,10 @@ CBINDInstallDlg::UpdateService() {
if (hSCManager)
CloseServiceHandle(hSCManager);
return;
}
else {
} else {
if (ChangeServiceConfig(hService, dwServiceType, dwStart,
SERVICE_ERROR_NORMAL, namedLoc, NULL, NULL, NULL,
StartName, m_accountPassword,BIND_DISPLAY_NAME)
StartName, m_accountPassword, BIND_DISPLAY_NAME)
!= TRUE) {
DWORD err = GetLastError();
MsgBox(IDS_ERR_UPDATE_SERVICE, GetErrMessage());
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: BINDInstallDlg.h,v 1.10 2009/08/25 23:47:51 tbox Exp $ */
/* $Id: BINDInstallDlg.h,v 1.11 2009/09/01 06:51:47 marka Exp $ */
/*
* Copyright (c) 1999-2000 by Nortel Networks Corporation
......@@ -73,7 +73,7 @@ protected:
void DeleteFiles(BOOL uninstall);
void RegisterService();
void UpdateService();
void UpdateService(CString StartName);
void UnregisterService(BOOL uninstall);
void RegisterMessages();
......
......@@ -2,7 +2,7 @@ Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 2001, 2003 Internet Software Consortium.
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
$Id: readme1st.txt,v 1.23 2009/06/22 23:47:53 tbox Exp $
$Id: readme1st.txt,v 1.24 2009/09/01 06:51:47 marka Exp $
Release of BIND 9.7 for Windows and later.
......@@ -11,7 +11,7 @@ This is a release of BIND 9.7 for Windows XP and later.
Important Kit Installation Information
As of release 9.3.0, BINDInstall requires that you install it under
an account with restricted privileges. The installer will prompt
a account with restricted privileges. The installer will prompt
you for an account name, the default is "named", and a password for
that account. It will also check for the existence of that account.
If it does not exist is will create it with only the privileges
......@@ -28,6 +28,11 @@ or for master zones supporting dynamic updates. The account will
also need read access to the named.conf and any other file that it
needs to read.
"NT AUTHORITY\LocalService" is also an acceptable account. This
account is built into Windows and no password is required. Appropriate
file permissions will also need to be set for "NT AUTHORITY\LocalService"
similar to those that would have been required for the "named" account.
It is important that on Windows the directory directive is used in
the options section to tell BIND where to find the files used in
named.conf (default %WINDOWS%\system32\dns\etc\named.conf).
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment