From: Mark Andrews Date: Wed, 2 Sep 2009 00:30:44 +0000 (+0000) Subject: 2663. [func] win32: allow named to run as a service using X-Git-Tag: v9.5.2rc1~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c7574cf6f6095763f7054a6ef0368b7d31d109ef;p=thirdparty%2Fbind9.git 2663. [func] win32: allow named to run as a service using "NT AUTHORITY\LocalService" as the account. [RT #19977] --- diff --git a/CHANGES b/CHANGES index e9529c65a4b..f6d49b4c474 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2663. [func] win32: allow named to run as a service using + "NT AUTHORITY\LocalService" as the account. [RT #19977] + 2656. [func] win32: add a "tools only" check box to the installer which causes it to only install dig, host, nslookup, nsupdate and relevent dlls. [RT #19998] diff --git a/bin/win32/BINDInstall/BINDInstallDlg.cpp b/bin/win32/BINDInstall/BINDInstallDlg.cpp index bd7ff8a46c1..c836a11d01b 100644 --- a/bin/win32/BINDInstall/BINDInstallDlg.cpp +++ b/bin/win32/BINDInstall/BINDInstallDlg.cpp @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: BINDInstallDlg.cpp,v 1.37.24.3 2009/09/02 00:29:56 marka Exp $ */ +/* $Id: BINDInstallDlg.cpp,v 1.37.24.4 2009/09/02 00:30:44 marka Exp $ */ /* * Copyright (c) 1999-2000 by Nortel Networks Corporation @@ -67,6 +67,8 @@ #define MAX_GROUPS 100 #define MAX_PRIVS 50 +#define LOCAL_SERVICE "NT AUTHORITY\\LocalService" + #ifdef _DEBUG #define new DEBUG_NEW #undef THIS_FILE @@ -401,7 +403,7 @@ void CBINDInstallDlg::OnInstall() { UpdateData(); - if (!m_toolsOnly) { + if (!m_toolsOnly && m_accountName != LOCAL_SERVICE) { /* * Check that the Passwords entered match. */ @@ -445,6 +447,11 @@ void CBINDInstallDlg::OnInstall() { return; } } + } else if (m_accountName == LOCAL_SERVICE) { + /* The LocalService always exists. */ + m_accountExists = TRUE; + if (m_accountName != m_currentAccount) + m_accountUsed = FALSE; } /* Directories */ @@ -719,13 +726,16 @@ CBINDInstallDlg::GetCurrentServiceAccountName() { } RegCloseKey(hKey); - if(keyFound == FALSE) + if (keyFound == FALSE) m_accountName = ""; - else { - /* - * LocalSystem is not a regular account and is equivalent - * to no account but with lots of privileges - */ + else if (!strcmp(accountName, LOCAL_SERVICE)) { + m_accountName = LOCAL_SERVICE; + m_accountUsed = TRUE; + } else { + /* + * LocalSystem is not a regular account and is equivalent + * to no account but with lots of privileges + */ Tmp = accountName; if (Tmp == ".\\LocalSystem") m_accountName = ""; @@ -781,23 +791,23 @@ void CBINDInstallDlg::RegisterService() { SC_HANDLE hSCManager; SC_HANDLE hService; - CString StartName = ".\\" + m_accountName; - - if(m_toolsOnly) - return; + CString StartName; + if (m_accountName == LOCAL_SERVICE) + StartName = LOCAL_SERVICE; + else + StartName = ".\\" + m_accountName; /* * We need to change the service rather than create it * if the service already exists. Do nothing if we are already * using that account */ - if(m_serviceExists == TRUE) { - if(m_accountUsed == FALSE) { - UpdateService(); + if (m_serviceExists == TRUE) { + if (m_accountUsed == FALSE) { + UpdateService(StartName); SetItemStatus(IDC_REG_SERVICE); return; - } - else { + } else { SetItemStatus(IDC_REG_SERVICE); return; } @@ -836,10 +846,9 @@ CBINDInstallDlg::RegisterService() { } void -CBINDInstallDlg::UpdateService() { +CBINDInstallDlg::UpdateService(CString StartName) { SC_HANDLE hSCManager; SC_HANDLE hService; - CString StartName = ".\\" + m_accountName; if(m_toolsOnly) return; @@ -869,11 +878,10 @@ CBINDInstallDlg::UpdateService() { if (hSCManager) CloseServiceHandle(hSCManager); return; - } - else { + } else { if (ChangeServiceConfig(hService, dwServiceType, dwStart, SERVICE_ERROR_NORMAL, namedLoc, NULL, NULL, NULL, - StartName, m_accountPassword,BIND_DISPLAY_NAME) + StartName, m_accountPassword, BIND_DISPLAY_NAME) != TRUE) { DWORD err = GetLastError(); MsgBox(IDS_ERR_UPDATE_SERVICE, GetErrMessage()); diff --git a/bin/win32/BINDInstall/BINDInstallDlg.h b/bin/win32/BINDInstall/BINDInstallDlg.h index 616c488faa0..80189a064e5 100644 --- a/bin/win32/BINDInstall/BINDInstallDlg.h +++ b/bin/win32/BINDInstall/BINDInstallDlg.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: BINDInstallDlg.h,v 1.8.128.1 2009/09/02 00:29:56 marka Exp $ */ +/* $Id: BINDInstallDlg.h,v 1.8.128.2 2009/09/02 00:30:44 marka Exp $ */ /* * Copyright (c) 1999-2000 by Nortel Networks Corporation @@ -73,7 +73,7 @@ protected: void DeleteFiles(BOOL uninstall); void RegisterService(); - void UpdateService(); + void UpdateService(CString StartName); void UnregisterService(BOOL uninstall); void RegisterMessages(); diff --git a/win32utils/readme1st.txt b/win32utils/readme1st.txt index c787fd0eaaa..bfa9adca149 100644 --- a/win32utils/readme1st.txt +++ b/win32utils/readme1st.txt @@ -2,7 +2,7 @@ Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 2001, 2003 Internet Software Consortium. See COPYRIGHT in the source root or http://isc.org/copyright.html for terms. -$Id: readme1st.txt,v 1.18.168.4 2009/06/22 23:46:43 tbox Exp $ +$Id: readme1st.txt,v 1.18.168.5 2009/09/02 00:30:44 marka Exp $ Release of BIND 9.5 for Windows XP and later. @@ -11,7 +11,7 @@ This is a release of BIND 9.5 for Windows XP and later. Important Kit Installation Information As of release 9.3.0, BINDInstall requires that you install it under -an account with restricted privileges. The installer will prompt +a account with restricted privileges. The installer will prompt you for an account name, the default is "named", and a password for that account. It will also check for the existence of that account. If it does not exist is will create it with only the privileges @@ -28,6 +28,11 @@ or for master zones supporting dynamic updates. The account will also need read access to the named.conf and any other file that it needs to read. +"NT AUTHORITY\LocalService" is also an acceptable account. This +account is built into Windows and no password is required. Appropriate +file permissions will also need to be set for "NT AUTHORITY\LocalService" +similar to those that would have been required for the "named" account. + It is important that on Windows the directory directive is used in the options section to tell BIND where to find the files used in named.conf (default %WINDOWS%\system32\dns\etc\named.conf).