From 8beb21568e4f77dd875a8c176dcbe74ac4095a13 Mon Sep 17 00:00:00 2001
From: NextTurn <45985406+NextTurn@users.noreply.github.com>
Date: Tue, 27 Nov 2018 00:00:00 +0800
Subject: [PATCH] Merge <domain> and <user> to support User Principal Name

---
 src/Core/ServiceWrapper/Program.cs                    |  4 ++--
 src/Core/WinSWCore/Configuration/DefaultSettings.cs   |  2 +-
 .../WinSWCore/Configuration/IWinSWConfiguration.cs    |  2 +-
 src/Core/WinSWCore/Native/Security.cs                 | 11 +++++------
 src/Core/WinSWCore/ServiceDescriptor.cs               |  8 ++------
 src/Test/winswTests/ServiceDescriptorTests.cs         | 11 ++++-------
 6 files changed, 15 insertions(+), 23 deletions(-)

diff --git a/src/Core/ServiceWrapper/Program.cs b/src/Core/ServiceWrapper/Program.cs
index 96d5920..0b58156 100644
--- a/src/Core/ServiceWrapper/Program.cs
+++ b/src/Core/ServiceWrapper/Program.cs
@@ -211,7 +211,7 @@ namespace winsw
                 {
                     if (descriptor.HasServiceAccount())
                     {
-                        username = descriptor.ServiceAccountUser;
+                        username = descriptor.ServiceAccountUserName;
                         password = descriptor.ServiceAccountPassword;
                         allowServiceLogonRight = descriptor.AllowServiceAcountLogonRight;
                     }
@@ -219,7 +219,7 @@ namespace winsw
 
                 if (allowServiceLogonRight)
                 {
-                    Security.AddServiceLogonRight(descriptor.ServiceAccountDomain!, descriptor.ServiceAccountName!);
+                    Security.AddServiceLogonRight(descriptor.ServiceAccountUserName!);
                 }
 
                 using Service sc = scm.CreateService(
diff --git a/src/Core/WinSWCore/Configuration/DefaultSettings.cs b/src/Core/WinSWCore/Configuration/DefaultSettings.cs
index 7ed874e..4b30bd3 100644
--- a/src/Core/WinSWCore/Configuration/DefaultSettings.cs
+++ b/src/Core/WinSWCore/Configuration/DefaultSettings.cs
@@ -23,7 +23,7 @@ namespace winsw.Configuration
         // Installation
         public bool AllowServiceAcountLogonRight => false;
         public string? ServiceAccountPassword => null;
-        public string? ServiceAccountUser => null;
+        public string? ServiceAccountUserName => null;
         public Native.SC_ACTION[] FailureActions => new Native.SC_ACTION[0];
         public TimeSpan ResetFailureAfter => TimeSpan.FromDays(1);
 
diff --git a/src/Core/WinSWCore/Configuration/IWinSWConfiguration.cs b/src/Core/WinSWCore/Configuration/IWinSWConfiguration.cs
index 5161639..0a98e44 100644
--- a/src/Core/WinSWCore/Configuration/IWinSWConfiguration.cs
+++ b/src/Core/WinSWCore/Configuration/IWinSWConfiguration.cs
@@ -20,7 +20,7 @@ namespace winsw.Configuration
         // Installation
         bool AllowServiceAcountLogonRight { get; }
         string? ServiceAccountPassword { get; }
-        string? ServiceAccountUser { get; }
+        string? ServiceAccountUserName { get; }
         Native.SC_ACTION[] FailureActions { get; }
         TimeSpan ResetFailureAfter { get; }
 
diff --git a/src/Core/WinSWCore/Native/Security.cs b/src/Core/WinSWCore/Native/Security.cs
index 7383af6..0d146e0 100644
--- a/src/Core/WinSWCore/Native/Security.cs
+++ b/src/Core/WinSWCore/Native/Security.cs
@@ -8,9 +8,9 @@ namespace winsw.Native
     internal static class Security
     {
         /// <exception cref="Win32Exception" />
-        internal static void AddServiceLogonRight(string domain, string user)
+        internal static void AddServiceLogonRight(string userName)
         {
-            IntPtr sid = GetAccountSid(domain, user);
+            IntPtr sid = GetAccountSid(userName);
 
             try
             {
@@ -24,17 +24,16 @@ namespace winsw.Native
         }
 
         /// <exception cref="Win32Exception" />
-        private static IntPtr GetAccountSid(string domain, string user)
+        private static IntPtr GetAccountSid(string accountName)
         {
             int sidSize = 0;
             int domainNameLength = 0;
 
-            if (domain == ".")
+            if (accountName.StartsWith(".\\"))
             {
-                domain = Environment.MachineName;
+                accountName = Environment.MachineName + accountName.Substring(1);
             }
 
-            string accountName = domain + "\\" + user;
             _ = LookupAccountName(null, accountName, IntPtr.Zero, ref sidSize, IntPtr.Zero, ref domainNameLength, out _);
 
             IntPtr sid = Marshal.AllocHGlobal(sidSize);
diff --git a/src/Core/WinSWCore/ServiceDescriptor.cs b/src/Core/WinSWCore/ServiceDescriptor.cs
index 8fd30fc..7ea3500 100755
--- a/src/Core/WinSWCore/ServiceDescriptor.cs
+++ b/src/Core/WinSWCore/ServiceDescriptor.cs
@@ -645,17 +645,13 @@ namespace winsw
 
         protected string? AllowServiceLogon => GetServiceAccountPart("allowservicelogon");
 
-        protected internal string? ServiceAccountDomain => GetServiceAccountPart("domain");
-
-        protected internal string? ServiceAccountName => GetServiceAccountPart("user");
-
         public string? ServiceAccountPassword => GetServiceAccountPart("password");
 
-        public string? ServiceAccountUser => ServiceAccountName is null ? null : (ServiceAccountDomain ?? ".") + "\\" + ServiceAccountName;
+        public string? ServiceAccountUserName => GetServiceAccountPart("username");
 
         public bool HasServiceAccount()
         {
-            return !string.IsNullOrEmpty(ServiceAccountName);
+            return !string.IsNullOrEmpty(ServiceAccountUserName);
         }
 
         public bool AllowServiceAcountLogonRight
diff --git a/src/Test/winswTests/ServiceDescriptorTests.cs b/src/Test/winswTests/ServiceDescriptorTests.cs
index 301d7ec..f39ec9a 100644
--- a/src/Test/winswTests/ServiceDescriptorTests.cs
+++ b/src/Test/winswTests/ServiceDescriptorTests.cs
@@ -30,8 +30,7 @@ $@"<service>
   <arguments>My Arguments</arguments>
   <log mode=""roll""></log>
   <serviceaccount>
-    <domain>{Domain}</domain>
-    <user>{Username}</user>
+    <username>{Domain}\{Username}</username>
     <password>{Password}</password>
     <allowservicelogon>{AllowServiceAccountLogonRight}</allowservicelogon>
   </serviceaccount>
@@ -60,8 +59,7 @@ $@"<service>
   <startmode>roll</startmode>
   <log mode=""roll""></log>
   <serviceaccount>
-    <domain>{Domain}</domain>
-    <user>{Username}</user>
+    <username>{Domain}\{Username}</username>
     <password>{Password}</password>
     <allowservicelogon>{AllowServiceAccountLogonRight}</allowservicelogon>
   </serviceaccount>
@@ -86,8 +84,7 @@ $@"<service>
   <startmode>manual</startmode>
   <log mode=""roll""></log>
   <serviceaccount>
-    <domain>{Domain}</domain>
-    <user>{Username}</user>
+    <username>{Domain}\{Username}</username>
     <password>{Password}</password>
     <allowservicelogon>{AllowServiceAccountLogonRight}</allowservicelogon>
   </serviceaccount>
@@ -116,7 +113,7 @@ $@"<service>
         public void VerifyUsername()
         {
             Debug.WriteLine("_extendedServiceDescriptor.WorkingDirectory :: " + _extendedServiceDescriptor.WorkingDirectory);
-            Assert.That(_extendedServiceDescriptor.ServiceAccountUser, Is.EqualTo(Domain + "\\" + Username));
+            Assert.That(_extendedServiceDescriptor.ServiceAccountUserName, Is.EqualTo(Domain + "\\" + Username));
         }
 
         [Test]