[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r9487: Make default NT service user be LocalService. Again, I have (in tor/trunk: . src/or)

Author: nickm
Date: 2007-02-05 16:15:52 -0500 (Mon, 05 Feb 2007)
New Revision: 9487

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/src/or/main.c
Log:
 r11646@catbus:  nickm | 2007-02-05 16:15:48 -0500
 Make default NT service user be LocalService.  Again, I have no idea if this compiles, let alone if it works.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r11646] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2007-02-05 20:45:02 UTC (rev 9486)
+++ tor/trunk/ChangeLog	2007-02-05 21:15:52 UTC (rev 9487)
@@ -14,7 +14,7 @@
       trying to flush.
 
   o Major bugfixes (NT services):
-    - Install as NT_AUTHORITY\NetworkService rather than as SYSTEM; add a
+    - Install as NT_AUTHORITY\LocalService rather than as SYSTEM; add a
       command-line flag so that admins can override the default by saying
       "tor --service install --user "SomeUser"".  This will not effect
       existing installed services.

Modified: tor/trunk/src/or/main.c
===================================================================
--- tor/trunk/src/or/main.c	2007-02-05 20:45:02 UTC (rev 9486)
+++ tor/trunk/src/or/main.c	2007-02-05 21:15:52 UTC (rev 9487)
@@ -77,7 +77,7 @@
 #define GENSRV_DISPLAYNAME  TEXT("Tor Win32 Service")
 #define GENSRV_DESCRIPTION  \
   TEXT("Provides an anonymous Internet communication system")
-#define GENSRV_USERACCT TEXT("NT AUTHORITY\\NetworkService")
+#define GENSRV_USERACCT TEXT("NT AUTHORITY\\LocalService")
 
 // Cheating: using the pre-defined error codes, tricks Windows into displaying
 //           a semi-related human-readable error message if startup fails as
@@ -1766,9 +1766,18 @@
                              DWORD dwNumServiceArgs,
                              LPCTSTR* lpServiceArgVectors);
 
+  BOOL (WINAPI *LookupAccountNameA_fn)(
+                             LPCTSTR lpSystemName,
+                             LPCTSTR lpAccountName,
+                             PSID Sid,
+                             LPDWORD cbSid,
+                             LPTSTR ReferencedDomainName,
+                             LPDWORD cchReferencedDomainName,
+                             PSID_NAME_USE peUse);
 } service_fns = { 0,
                   NULL, NULL, NULL, NULL, NULL, NULL,
-                  NULL, NULL, NULL, NULL, NULL, NULL };
+                  NULL, NULL, NULL, NULL, NULL, NULL,
+                  NULL};
 
 /** Loads functions used by NT services. Returns 0 on success, or -1 on
  * error. */
@@ -1811,6 +1820,7 @@
   LOAD(SetServiceStatus);
   LOAD(StartServiceCtrlDispatcherA);
   LOAD(StartServiceA);
+  LOAD(LookupAccountNameA);
 
   service_fns.loaded = 1;
 
@@ -2145,7 +2155,8 @@
   char *command;
   char *errmsg;
   const char *user_acct = GENSRV_USERACCT;
-  int i;
+  int i,r;
+  SID_NAMED_USE sidUse;
 
   if (nt_service_loadlibrary()<0)
     return -1;
@@ -2166,6 +2177,20 @@
     }
   }
 
+  if (service_fns.LookupAccountNameA_fn(NULL, // On this system
+                                        user_acct,
+                                        NULL, 0, // Don't care about the SID
+                                        NULL, 0, // Don't care about the domain
+                                        &sidUse) == 0) {
+    printf("User \"%s\" doesn't seem to exist.\n", user_acct);
+    if (user_acct != GENSRV_USERACCT)
+      return -1;
+    /* On Win2k, there is no LocalService account, so we actually need to
+     * check for it. Yay win2k. */
+    printf("Falling back to SYSTEM account.\n");
+    user_acct = NULL;
+  }
+
   /* Create the Tor service, set to auto-start on boot */
   if ((hService = service_fns.CreateServiceA_fn(hSCManager, GENSRV_SERVICENAME,
                                 GENSRV_DISPLAYNAME,