diff --git a/CHANGES b/CHANGES index 630164ab74..29ba1e8292 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2663. [func] win32: allow named to run as a service using + "NT AUTHORITY\LocalService" as the account. [RT #19977] + 2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr() returned a misleading error code when lwresd was down. [RT #20028] diff --git a/bin/win32/BINDInstall/BINDInstallDlg.cpp b/bin/win32/BINDInstall/BINDInstallDlg.cpp index 581f3be3fb..a09766418f 100644 --- a/bin/win32/BINDInstall/BINDInstallDlg.cpp +++ b/bin/win32/BINDInstall/BINDInstallDlg.cpp @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: BINDInstallDlg.cpp,v 1.43 2009/08/25 06:47:06 marka Exp $ */ +/* $Id: BINDInstallDlg.cpp,v 1.44 2009/09/01 06:51:47 marka Exp $ */ /* * Copyright (c) 1999-2000 by Nortel Networks Corporation @@ -69,6 +69,8 @@ #define MAX_GROUPS 100 #define MAX_PRIVS 50 +#define LOCAL_SERVICE "NT AUTHORITY\\LocalService" + #ifdef _DEBUG #define new DEBUG_NEW #undef THIS_FILE @@ -410,7 +412,7 @@ void CBINDInstallDlg::OnInstall() { UpdateData(); - if (!m_toolsOnly) { + if (!m_toolsOnly && m_accountName != LOCAL_SERVICE) { /* * Check that the Passwords entered match. */ @@ -454,6 +456,11 @@ void CBINDInstallDlg::OnInstall() { return; } } + } else if (m_accountName == LOCAL_SERVICE) { + /* The LocalService always exists. */ + m_accountExists = TRUE; + if (m_accountName != m_currentAccount) + m_accountUsed = FALSE; } /* Directories */ @@ -728,13 +735,16 @@ CBINDInstallDlg::GetCurrentServiceAccountName() { } RegCloseKey(hKey); - if(keyFound == FALSE) + if (keyFound == FALSE) m_accountName = ""; - else { - /* - * LocalSystem is not a regular account and is equivalent - * to no account but with lots of privileges - */ + else if (!strcmp(accountName, LOCAL_SERVICE)) { + m_accountName = LOCAL_SERVICE; + m_accountUsed = TRUE; + } else { + /* + * LocalSystem is not a regular account and is equivalent + * to no account but with lots of privileges + */ Tmp = accountName; if (Tmp == ".\\LocalSystem") m_accountName = ""; @@ -790,23 +800,23 @@ void CBINDInstallDlg::RegisterService() { SC_HANDLE hSCManager; SC_HANDLE hService; - CString StartName = ".\\" + m_accountName; - - if(m_toolsOnly) - return; + CString StartName; + if (m_accountName == LOCAL_SERVICE) + StartName = LOCAL_SERVICE; + else + StartName = ".\\" + m_accountName; /* * We need to change the service rather than create it * if the service already exists. Do nothing if we are already * using that account */ - if(m_serviceExists == TRUE) { - if(m_accountUsed == FALSE) { - UpdateService(); + if (m_serviceExists == TRUE) { + if (m_accountUsed == FALSE) { + UpdateService(StartName); SetItemStatus(IDC_REG_SERVICE); return; - } - else { + } else { SetItemStatus(IDC_REG_SERVICE); return; } @@ -845,10 +855,9 @@ CBINDInstallDlg::RegisterService() { } void -CBINDInstallDlg::UpdateService() { +CBINDInstallDlg::UpdateService(CString StartName) { SC_HANDLE hSCManager; SC_HANDLE hService; - CString StartName = ".\\" + m_accountName; if(m_toolsOnly) return; @@ -878,11 +887,10 @@ CBINDInstallDlg::UpdateService() { if (hSCManager) CloseServiceHandle(hSCManager); return; - } - else { + } else { if (ChangeServiceConfig(hService, dwServiceType, dwStart, SERVICE_ERROR_NORMAL, namedLoc, NULL, NULL, NULL, - StartName, m_accountPassword,BIND_DISPLAY_NAME) + StartName, m_accountPassword, BIND_DISPLAY_NAME) != TRUE) { DWORD err = GetLastError(); MsgBox(IDS_ERR_UPDATE_SERVICE, GetErrMessage()); diff --git a/bin/win32/BINDInstall/BINDInstallDlg.h b/bin/win32/BINDInstall/BINDInstallDlg.h index f8e02968c0..9cbc4c4c62 100644 --- a/bin/win32/BINDInstall/BINDInstallDlg.h +++ b/bin/win32/BINDInstall/BINDInstallDlg.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: BINDInstallDlg.h,v 1.10 2009/08/25 23:47:51 tbox Exp $ */ +/* $Id: BINDInstallDlg.h,v 1.11 2009/09/01 06:51:47 marka Exp $ */ /* * Copyright (c) 1999-2000 by Nortel Networks Corporation @@ -73,7 +73,7 @@ protected: void DeleteFiles(BOOL uninstall); void RegisterService(); - void UpdateService(); + void UpdateService(CString StartName); void UnregisterService(BOOL uninstall); void RegisterMessages(); diff --git a/win32utils/readme1st.txt b/win32utils/readme1st.txt index 5acc294f59..f93164dafb 100644 --- a/win32utils/readme1st.txt +++ b/win32utils/readme1st.txt @@ -2,7 +2,7 @@ Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC") Copyright (C) 2001, 2003 Internet Software Consortium. See COPYRIGHT in the source root or http://isc.org/copyright.html for terms. -$Id: readme1st.txt,v 1.23 2009/06/22 23:47:53 tbox Exp $ +$Id: readme1st.txt,v 1.24 2009/09/01 06:51:47 marka Exp $ Release of BIND 9.7 for Windows and later. @@ -11,7 +11,7 @@ This is a release of BIND 9.7 for Windows XP and later. Important Kit Installation Information As of release 9.3.0, BINDInstall requires that you install it under -an account with restricted privileges. The installer will prompt +a account with restricted privileges. The installer will prompt you for an account name, the default is "named", and a password for that account. It will also check for the existence of that account. If it does not exist is will create it with only the privileges @@ -28,6 +28,11 @@ or for master zones supporting dynamic updates. The account will also need read access to the named.conf and any other file that it needs to read. +"NT AUTHORITY\LocalService" is also an acceptable account. This +account is built into Windows and no password is required. Appropriate +file permissions will also need to be set for "NT AUTHORITY\LocalService" +similar to those that would have been required for the "named" account. + It is important that on Windows the directory directive is used in the options section to tell BIND where to find the files used in named.conf (default %WINDOWS%\system32\dns\etc\named.conf).