From 7ff250120135686e37932bdb822bbb845566b66e Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 10 Jan 2019 22:43:43 +0100 Subject: [PATCH] Install the windows service as "NT AUTHORITY\NetworkService" Untested Maybe Fixes #686 --- dnscrypt-proxy/main.go | 3 +++ dnscrypt-proxy/privilege_linux.go | 4 ++++ dnscrypt-proxy/privilege_others.go | 4 ++++ dnscrypt-proxy/privilege_windows.go | 5 +++++ 4 files changed, 16 insertions(+) diff --git a/dnscrypt-proxy/main.go b/dnscrypt-proxy/main.go index 71dcfc43..8eb8e8ab 100644 --- a/dnscrypt-proxy/main.go +++ b/dnscrypt-proxy/main.go @@ -35,6 +35,9 @@ func main() { Description: "Encrypted/authenticated DNS proxy", WorkingDirectory: pwd, } + if serviceUserName := serviceStartupUserName(), serviceUserName != nil { + svcConfig.UserName = *serviceUserName + } svcFlag := flag.String("service", "", fmt.Sprintf("Control the system service: %q", service.ControlAction)) app := &App{} svc, err := service.New(app, svcConfig) diff --git a/dnscrypt-proxy/privilege_linux.go b/dnscrypt-proxy/privilege_linux.go index 76e168fd..006c6eff 100644 --- a/dnscrypt-proxy/privilege_linux.go +++ b/dnscrypt-proxy/privilege_linux.go @@ -12,6 +12,10 @@ import ( "github.com/jedisct1/dlog" ) +func serviceStartupUserName() *string { + return nil +} + func (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) { currentUser, err := user.Current() if err != nil && currentUser.Uid != "0" { diff --git a/dnscrypt-proxy/privilege_others.go b/dnscrypt-proxy/privilege_others.go index b860e6ab..ad825d1f 100644 --- a/dnscrypt-proxy/privilege_others.go +++ b/dnscrypt-proxy/privilege_others.go @@ -14,6 +14,10 @@ import ( "github.com/jedisct1/dlog" ) +func serviceStartupUserName() *string { + return nil +} + func (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) { currentUser, err := user.Current() if err != nil && currentUser.Uid != "0" { diff --git a/dnscrypt-proxy/privilege_windows.go b/dnscrypt-proxy/privilege_windows.go index 61c08d1b..c8e5cc93 100644 --- a/dnscrypt-proxy/privilege_windows.go +++ b/dnscrypt-proxy/privilege_windows.go @@ -2,4 +2,9 @@ package main import "os" +func serviceStartupUserName() *string { + userName := "NT AUTHORITY\\NetworkService" + return &userName +} + func (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) {}