Commit 479b80d4 authored by Mark Andrews's avatar Mark Andrews

2663. [func] win32: allow named to run as a service using

                        "NT AUTHORITY\LocalService" as the account. [RT #19977]
parent ef22fffe
2663. [func] win32: allow named to run as a service using
"NT AUTHORITY\LocalService" as the account. [RT #19977]
2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr() 2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
returned a misleading error code when lwresd was returned a misleading error code when lwresd was
down. [RT #20028] down. [RT #20028]
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: BINDInstallDlg.cpp,v 1.43 2009/08/25 06:47:06 marka Exp $ */ /* $Id: BINDInstallDlg.cpp,v 1.44 2009/09/01 06:51:47 marka Exp $ */
/* /*
* Copyright (c) 1999-2000 by Nortel Networks Corporation * Copyright (c) 1999-2000 by Nortel Networks Corporation
...@@ -69,6 +69,8 @@ ...@@ -69,6 +69,8 @@
#define MAX_GROUPS 100 #define MAX_GROUPS 100
#define MAX_PRIVS 50 #define MAX_PRIVS 50
#define LOCAL_SERVICE "NT AUTHORITY\\LocalService"
#ifdef _DEBUG #ifdef _DEBUG
#define new DEBUG_NEW #define new DEBUG_NEW
#undef THIS_FILE #undef THIS_FILE
...@@ -410,7 +412,7 @@ void CBINDInstallDlg::OnInstall() { ...@@ -410,7 +412,7 @@ void CBINDInstallDlg::OnInstall() {
UpdateData(); UpdateData();
if (!m_toolsOnly) { if (!m_toolsOnly && m_accountName != LOCAL_SERVICE) {
/* /*
* Check that the Passwords entered match. * Check that the Passwords entered match.
*/ */
...@@ -454,6 +456,11 @@ void CBINDInstallDlg::OnInstall() { ...@@ -454,6 +456,11 @@ void CBINDInstallDlg::OnInstall() {
return; return;
} }
} }
} else if (m_accountName == LOCAL_SERVICE) {
/* The LocalService always exists. */
m_accountExists = TRUE;
if (m_accountName != m_currentAccount)
m_accountUsed = FALSE;
} }
/* Directories */ /* Directories */
...@@ -728,13 +735,16 @@ CBINDInstallDlg::GetCurrentServiceAccountName() { ...@@ -728,13 +735,16 @@ CBINDInstallDlg::GetCurrentServiceAccountName() {
} }
RegCloseKey(hKey); RegCloseKey(hKey);
if(keyFound == FALSE) if (keyFound == FALSE)
m_accountName = ""; m_accountName = "";
else { else if (!strcmp(accountName, LOCAL_SERVICE)) {
/* m_accountName = LOCAL_SERVICE;
* LocalSystem is not a regular account and is equivalent m_accountUsed = TRUE;
* to no account but with lots of privileges } else {
*/ /*
* LocalSystem is not a regular account and is equivalent
* to no account but with lots of privileges
*/
Tmp = accountName; Tmp = accountName;
if (Tmp == ".\\LocalSystem") if (Tmp == ".\\LocalSystem")
m_accountName = ""; m_accountName = "";
...@@ -790,23 +800,23 @@ void ...@@ -790,23 +800,23 @@ void
CBINDInstallDlg::RegisterService() { CBINDInstallDlg::RegisterService() {
SC_HANDLE hSCManager; SC_HANDLE hSCManager;
SC_HANDLE hService; SC_HANDLE hService;
CString StartName = ".\\" + m_accountName; CString StartName;
if(m_toolsOnly)
return;
if (m_accountName == LOCAL_SERVICE)
StartName = LOCAL_SERVICE;
else
StartName = ".\\" + m_accountName;
/* /*
* We need to change the service rather than create it * We need to change the service rather than create it
* if the service already exists. Do nothing if we are already * if the service already exists. Do nothing if we are already
* using that account * using that account
*/ */
if(m_serviceExists == TRUE) { if (m_serviceExists == TRUE) {
if(m_accountUsed == FALSE) { if (m_accountUsed == FALSE) {
UpdateService(); UpdateService(StartName);
SetItemStatus(IDC_REG_SERVICE); SetItemStatus(IDC_REG_SERVICE);
return; return;
} } else {
else {
SetItemStatus(IDC_REG_SERVICE); SetItemStatus(IDC_REG_SERVICE);
return; return;
} }
...@@ -845,10 +855,9 @@ CBINDInstallDlg::RegisterService() { ...@@ -845,10 +855,9 @@ CBINDInstallDlg::RegisterService() {
} }
void void
CBINDInstallDlg::UpdateService() { CBINDInstallDlg::UpdateService(CString StartName) {
SC_HANDLE hSCManager; SC_HANDLE hSCManager;
SC_HANDLE hService; SC_HANDLE hService;
CString StartName = ".\\" + m_accountName;
if(m_toolsOnly) if(m_toolsOnly)
return; return;
...@@ -878,11 +887,10 @@ CBINDInstallDlg::UpdateService() { ...@@ -878,11 +887,10 @@ CBINDInstallDlg::UpdateService() {
if (hSCManager) if (hSCManager)
CloseServiceHandle(hSCManager); CloseServiceHandle(hSCManager);
return; return;
} } else {
else {
if (ChangeServiceConfig(hService, dwServiceType, dwStart, if (ChangeServiceConfig(hService, dwServiceType, dwStart,
SERVICE_ERROR_NORMAL, namedLoc, NULL, NULL, NULL, SERVICE_ERROR_NORMAL, namedLoc, NULL, NULL, NULL,
StartName, m_accountPassword,BIND_DISPLAY_NAME) StartName, m_accountPassword, BIND_DISPLAY_NAME)
!= TRUE) { != TRUE) {
DWORD err = GetLastError(); DWORD err = GetLastError();
MsgBox(IDS_ERR_UPDATE_SERVICE, GetErrMessage()); MsgBox(IDS_ERR_UPDATE_SERVICE, GetErrMessage());
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: BINDInstallDlg.h,v 1.10 2009/08/25 23:47:51 tbox Exp $ */ /* $Id: BINDInstallDlg.h,v 1.11 2009/09/01 06:51:47 marka Exp $ */
/* /*
* Copyright (c) 1999-2000 by Nortel Networks Corporation * Copyright (c) 1999-2000 by Nortel Networks Corporation
...@@ -73,7 +73,7 @@ protected: ...@@ -73,7 +73,7 @@ protected:
void DeleteFiles(BOOL uninstall); void DeleteFiles(BOOL uninstall);
void RegisterService(); void RegisterService();
void UpdateService(); void UpdateService(CString StartName);
void UnregisterService(BOOL uninstall); void UnregisterService(BOOL uninstall);
void RegisterMessages(); void RegisterMessages();
......
...@@ -2,7 +2,7 @@ Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") ...@@ -2,7 +2,7 @@ Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 2001, 2003 Internet Software Consortium. Copyright (C) 2001, 2003 Internet Software Consortium.
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms. See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
$Id: readme1st.txt,v 1.23 2009/06/22 23:47:53 tbox Exp $ $Id: readme1st.txt,v 1.24 2009/09/01 06:51:47 marka Exp $
Release of BIND 9.7 for Windows and later. Release of BIND 9.7 for Windows and later.
...@@ -11,7 +11,7 @@ This is a release of BIND 9.7 for Windows XP and later. ...@@ -11,7 +11,7 @@ This is a release of BIND 9.7 for Windows XP and later.
Important Kit Installation Information Important Kit Installation Information
As of release 9.3.0, BINDInstall requires that you install it under As of release 9.3.0, BINDInstall requires that you install it under
an account with restricted privileges. The installer will prompt a account with restricted privileges. The installer will prompt
you for an account name, the default is "named", and a password for you for an account name, the default is "named", and a password for
that account. It will also check for the existence of that account. that account. It will also check for the existence of that account.
If it does not exist is will create it with only the privileges If it does not exist is will create it with only the privileges
...@@ -28,6 +28,11 @@ or for master zones supporting dynamic updates. The account will ...@@ -28,6 +28,11 @@ or for master zones supporting dynamic updates. The account will
also need read access to the named.conf and any other file that it also need read access to the named.conf and any other file that it
needs to read. needs to read.
"NT AUTHORITY\LocalService" is also an acceptable account. This
account is built into Windows and no password is required. Appropriate
file permissions will also need to be set for "NT AUTHORITY\LocalService"
similar to those that would have been required for the "named" account.
It is important that on Windows the directory directive is used in It is important that on Windows the directory directive is used in
the options section to tell BIND where to find the files used in the options section to tell BIND where to find the files used in
named.conf (default %WINDOWS%\system32\dns\etc\named.conf). named.conf (default %WINDOWS%\system32\dns\etc\named.conf).
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment