2663. [func] win32: allow named to run as a service using

                        "NT AUTHORITY\LocalService" as the account. [RT #19977]

CHANGES

+2663.	[func]		win32:  allow named to run as a service using
+			"NT AUTHORITY\LocalService" as the account. [RT #19977]
+
 2662.	[bug]		lwres_getipnodebyname() and lwres_getipnodebyaddr() 
 			returned a misleading error code when lwresd was
 			down. [RT #20028]

bin/win32/BINDInstall/BINDInstallDlg.cpp

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: BINDInstallDlg.cpp,v 1.43 2009/08/25 06:47:06 marka Exp $ */
+/* $Id: BINDInstallDlg.cpp,v 1.44 2009/09/01 06:51:47 marka Exp $ */
 
 /*
  * Copyright (c) 1999-2000 by Nortel Networks Corporation
@@ -69,6 +69,8 @@
 #define MAX_GROUPS	100
 #define MAX_PRIVS	 50
 
+#define LOCAL_SERVICE "NT AUTHORITY\\LocalService"
+
 #ifdef _DEBUG
 #define new DEBUG_NEW
 #undef THIS_FILE
@@ -410,7 +412,7 @@ void CBINDInstallDlg::OnInstall() {
 
 	UpdateData();
 
-	if (!m_toolsOnly) {
+	if (!m_toolsOnly && m_accountName != LOCAL_SERVICE) {
 		/*
 		 * Check that the Passwords entered match.
 		 */
@@ -454,6 +456,11 @@ void CBINDInstallDlg::OnInstall() {
 				return;
 			}
 		}
+	} else if (m_accountName == LOCAL_SERVICE) {
+		/* The LocalService always exists. */
+		m_accountExists = TRUE;
+		if (m_accountName != m_currentAccount)
+			m_accountUsed = FALSE;
 	}
 
 	/* Directories */
@@ -728,13 +735,16 @@ CBINDInstallDlg::GetCurrentServiceAccountName() {
 	}
 
 	RegCloseKey(hKey);
-	if(keyFound == FALSE)
+	if (keyFound == FALSE)
 		m_accountName = "";
-	else {
-	/*
-	 * LocalSystem is not a regular account and is equivalent
-	 * to no account but with lots of privileges
-	 */
+	else if (!strcmp(accountName, LOCAL_SERVICE)) {
+		m_accountName = LOCAL_SERVICE;
+		m_accountUsed = TRUE;
+	} else {
+		/*
+		 * LocalSystem is not a regular account and is equivalent
+		 * to no account but with lots of privileges
+		 */
 		Tmp = accountName;
 		if (Tmp == ".\\LocalSystem")
 			m_accountName = "";
@@ -790,23 +800,23 @@ void
 CBINDInstallDlg::RegisterService() {
 	SC_HANDLE hSCManager;
 	SC_HANDLE hService;
-	CString StartName = ".\\" + m_accountName;
-
-	if(m_toolsOnly)
-		return;
+	CString StartName;
 
+	if (m_accountName == LOCAL_SERVICE)
+		StartName = LOCAL_SERVICE;
+	else
+		StartName = ".\\" + m_accountName;
 	/*
 	 * We need to change the service rather than create it
 	 * if the service already exists. Do nothing if we are already
 	 * using that account
 	 */
-	if(m_serviceExists == TRUE) {
-		if(m_accountUsed == FALSE) {
-			UpdateService();
+	if (m_serviceExists == TRUE) {
+		if (m_accountUsed == FALSE) {
+			UpdateService(StartName);
 			SetItemStatus(IDC_REG_SERVICE);
 			return;
-		}
-		else {
+		} else {
 			SetItemStatus(IDC_REG_SERVICE);
 			return;
 		}
@@ -845,10 +855,9 @@ CBINDInstallDlg::RegisterService() {
 }
 
 void
-CBINDInstallDlg::UpdateService() {
+CBINDInstallDlg::UpdateService(CString StartName) {
 	SC_HANDLE hSCManager;
 	SC_HANDLE hService;
-	CString StartName = ".\\" + m_accountName;
 
 	if(m_toolsOnly)
 		return;
@@ -878,11 +887,10 @@ CBINDInstallDlg::UpdateService() {
 		if (hSCManager)
 			CloseServiceHandle(hSCManager);
 		return;
-	}
-	else {
+	} else {
 		if (ChangeServiceConfig(hService, dwServiceType, dwStart,
 			SERVICE_ERROR_NORMAL, namedLoc, NULL, NULL, NULL,
-			StartName, m_accountPassword,BIND_DISPLAY_NAME)
+			StartName, m_accountPassword, BIND_DISPLAY_NAME)
 			!= TRUE) {
 			DWORD err = GetLastError();
 			MsgBox(IDS_ERR_UPDATE_SERVICE, GetErrMessage());

bin/win32/BINDInstall/BINDInstallDlg.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: BINDInstallDlg.h,v 1.10 2009/08/25 23:47:51 tbox Exp $ */
+/* $Id: BINDInstallDlg.h,v 1.11 2009/09/01 06:51:47 marka Exp $ */
 
 /*
  * Copyright (c) 1999-2000 by Nortel Networks Corporation
@@ -73,7 +73,7 @@ protected:
 	void DeleteFiles(BOOL uninstall);
 
 	void RegisterService();
-	void UpdateService();
+	void UpdateService(CString StartName);
 	void UnregisterService(BOOL uninstall);
 
 	void RegisterMessages();

win32utils/readme1st.txt

@@ -2,7 +2,7 @@ Copyright (C) 2004, 2005, 2007-2009  Internet Systems Consortium, Inc. ("ISC")
 Copyright (C) 2001, 2003  Internet Software Consortium.
 See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
 
-$Id: readme1st.txt,v 1.23 2009/06/22 23:47:53 tbox Exp $
+$Id: readme1st.txt,v 1.24 2009/09/01 06:51:47 marka Exp $
 
 	   Release of BIND 9.7 for Windows and later.
 
@@ -11,7 +11,7 @@ This is a release of BIND 9.7 for Windows XP and later.
 	Important Kit Installation Information
 
 As of release 9.3.0, BINDInstall requires that you install it under
-an account with restricted privileges. The installer will prompt
+a account with restricted privileges. The installer will prompt
 you for an account name, the default is "named", and a password for
 that account. It will also check for the existence of that account.
 If it does not exist is will create it with only the privileges
@@ -28,6 +28,11 @@ or for master zones supporting dynamic updates. The account will
 also need read access to the named.conf and any other file that it
 needs to read.
 
+"NT AUTHORITY\LocalService" is also an acceptable account.  This
+account is built into Windows and no password is required.  Appropriate
+file permissions will also need to be set for "NT AUTHORITY\LocalService"
+similar to those that would have been required for the "named" account.
+
 It is important that on Windows the directory directive is used in
 the options section to tell BIND where to find the files used in
 named.conf (default %WINDOWS%\system32\dns\etc\named.conf).