r11646@catbus: nickm | 2007-02-05 16:15:48 -0500

Make default NT service user be LocalService. Again, I have no idea if this compiles, let alone if it works. svn:r9487
2025-02-22 22:25:51 +01:00 · 2007-02-05 21:15:52 +00:00 · 2007-02-05 21:15:52 +00:00 · 8b238404de
commit 8b238404de
parent 337fdb7eb6
2 changed files with 29 additions and 4 deletions
--- a/2
+++ b/2
@ -14,7 +14,7 @@ Changes in version 0.1.2.7-alpha - 2007-??-??
      trying to flush.

  o Major bugfixes (NT services):
-    - Install as NT_AUTHORITY\NetworkService rather than as SYSTEM; add a
+    - Install as NT_AUTHORITY\LocalService rather than as SYSTEM; add a
      command-line flag so that admins can override the default by saying
      "tor --service install --user "SomeUser"".  This will not effect
      existing installed services.
--- a/src/or/main.c
+++ b/src/or/main.c
@ -77,7 +77,7 @@ int has_completed_circuit=0;
 #define GENSRV_DISPLAYNAME  TEXT("Tor Win32 Service")
 #define GENSRV_DESCRIPTION  \
  TEXT("Provides an anonymous Internet communication system")
-#define GENSRV_USERACCT TEXT("NT AUTHORITY\\NetworkService")
+#define GENSRV_USERACCT TEXT("NT AUTHORITY\\LocalService")

 // Cheating: using the pre-defined error codes, tricks Windows into displaying
 //           a semi-related human-readable error message if startup fails as
@ -1766,9 +1766,18 @@ struct service_fns {
                             DWORD dwNumServiceArgs,
                             LPCTSTR* lpServiceArgVectors);

+  BOOL (WINAPI *LookupAccountNameA_fn)(
+                             LPCTSTR lpSystemName,
+                             LPCTSTR lpAccountName,
+                             PSID Sid,
+                             LPDWORD cbSid,
+                             LPTSTR ReferencedDomainName,
+                             LPDWORD cchReferencedDomainName,
+                             PSID_NAME_USE peUse);
 } service_fns = { 0,
                  NULL, NULL, NULL, NULL, NULL, NULL,
-                  NULL, NULL, NULL, NULL, NULL, NULL };
+                  NULL, NULL, NULL, NULL, NULL, NULL,
+                  NULL};

 /** Loads functions used by NT services. Returns 0 on success, or -1 on
 * error. */
@ -1811,6 +1820,7 @@ nt_service_loadlibrary(void)
  LOAD(SetServiceStatus);
  LOAD(StartServiceCtrlDispatcherA);
  LOAD(StartServiceA);
+  LOAD(LookupAccountNameA);

  service_fns.loaded = 1;

@ -2145,7 +2155,8 @@ nt_service_install(int argc, char **argv)
  char *command;
  char *errmsg;
  const char *user_acct = GENSRV_USERACCT;
-  int i;
+  int i,r;
+  SID_NAMED_USE sidUse;

  if (nt_service_loadlibrary()<0)
    return -1;
@ -2166,6 +2177,20 @@ nt_service_install(int argc, char **argv)
    }
  }

+  if (service_fns.LookupAccountNameA_fn(NULL, // On this system
+                                        user_acct,
+                                        NULL, 0, // Don't care about the SID
+                                        NULL, 0, // Don't care about the domain
+                                        &sidUse) == 0) {
+    printf("User \"%s\" doesn't seem to exist.\n", user_acct);
+    if (user_acct != GENSRV_USERACCT)
+      return -1;
+    /* On Win2k, there is no LocalService account, so we actually need to
+     * check for it. Yay win2k. */
+    printf("Falling back to SYSTEM account.\n");
+    user_acct = NULL;
+  }
+
  /* Create the Tor service, set to auto-start on boot */
  if ((hService = service_fns.CreateServiceA_fn(hSCManager, GENSRV_SERVICENAME,
                                GENSRV_DISPLAYNAME,