Quick Updates

svn path=/trunk/boinc/; revision=24788
2011-12-14 00:24:34 +00:00 · 2011-12-14 00:24:34 +00:00 · ade8957656
parent 65dde8f6bf
commit ade8957656
10 changed files with 121 additions and 19 deletions
--- a/client/win/res/progress.ico
+++ b/client/win/res/progress.ico
--- a/win_build/installerv2/redist/Progress/progress.ico
+++ b/win_build/installerv2/redist/Progress/progress.ico
--- a/win_build/installerv2/redist/Windows/Win32/boinccas.dll
+++ b/win_build/installerv2/redist/Windows/Win32/boinccas.dll
--- a/win_build/installerv2/redist/Windows/Win32/boinccas95.dll
+++ b/win_build/installerv2/redist/Windows/Win32/boinccas95.dll
--- a/win_build/installerv2/redist/Windows/src/boinccas/CALaunchBOINCManager.cpp
+++ b/win_build/installerv2/redist/Windows/src/boinccas/CALaunchBOINCManager.cpp
@ -25,6 +25,22 @@
 #define CUSTOMACTION_NAME               _T("CALaunchBOINCManager")
 #define CUSTOMACTION_PROGRESSTITLE      _T("Launching BOINC Manager")

+#ifndef SECURITY_MANDATORY_LABEL_AUTHORITY
+
+#define SECURITY_MANDATORY_LABEL_AUTHORITY          {0,0,0,0,0,16}
+#define SECURITY_MANDATORY_MEDIUM_RID               (0x00002000L)
+#define SE_GROUP_INTEGRITY                          (0x00000020L)
+
+typedef struct _TOKEN_MANDATORY_LABEL {
+    SID_AND_ATTRIBUTES Label;
+} TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL;
+
+typedef enum MY_TOKEN_INFORMATION_CLASS {
+    TokenVirtualizationEnabled = 24,
+    TokenIntegrityLevel = 25
+} MY_TOKEN_INFORMATION_CLASS, *PMY_TOKEN_INFORMATION_CLASS;
+
+#endif

 /////////////////////////////////////////////////////////////////////
 // 
@ -59,56 +75,140 @@ CALaunchBOINCManager::~CALaunchBOINCManager()
 //
 /////////////////////////////////////////////////////////////////////

+typedef BOOL (__stdcall *tSCREATEL)( IN DWORD, IN DWORD, IN DWORD, OUT SAFER_LEVEL_HANDLE*, OUT LPVOID );
+typedef BOOL (__stdcall *tSCTFL)( IN SAFER_LEVEL_HANDLE, IN HANDLE, OUT HANDLE*, IN DWORD, OUT LPVOID );
+typedef BOOL (__stdcall *tSCLOSEL)( IN SAFER_LEVEL_HANDLE );
+
 UINT CALaunchBOINCManager::OnExecution()
 {
+    static HMODULE advapi32lib = NULL;
+    static tSCREATEL pSCREATEL = NULL;
+    static tSCTFL pSCTFL = NULL;
+    static tSCLOSEL pSCLOSEL = NULL;
    PROCESS_INFORMATION process_info;
    STARTUPINFO startup_info;
-    HANDLE hProcessToken;
+    SAFER_LEVEL_HANDLE hSaferHandle;
    HANDLE hRestrictedToken;
+    SID_IDENTIFIER_AUTHORITY siaMLA = SECURITY_MANDATORY_LABEL_AUTHORITY;
+    PSID  pSidMedium = NULL;
+    TOKEN_MANDATORY_LABEL TIL = {0};
+    DWORD dwEnableVirtualization = 1;
    tstring strInstallDirectory;
    tstring strBuffer;
    UINT uiReturnValue = -1;
+    FILE* f;

    memset(&process_info, 0, sizeof(process_info));
    memset(&startup_info, 0, sizeof(startup_info));
    startup_info.cb = sizeof(startup_info);
+    startup_info.dwFlags = STARTF_USESHOWWINDOW;
+    startup_info.wShowWindow = SW_SHOW;
+
+    f = fopen("LaunchManager.txt", "w");
+
+    if (!advapi32lib) {
+        advapi32lib = LoadLibraryA("advapi32.dll");
+        if (advapi32lib) {
+            pSCREATEL = (tSCREATEL)GetProcAddress(advapi32lib, "SaferCreateLevel");
+            pSCTFL = (tSCTFL)GetProcAddress(advapi32lib, "SaferComputeTokenFromLevel");
+            pSCLOSEL = (tSCLOSEL)GetProcAddress(advapi32lib, "SaferCloseLevel");
+        }
+    }
+
+    if (!pSCREATEL || !pSCTFL || !pSCLOSEL) {
+        return ERROR_FILE_NOT_FOUND;
+    }

    uiReturnValue = GetProperty( _T("INSTALLDIR"), strInstallDirectory );
    if ( uiReturnValue ) return uiReturnValue;

-    OpenProcessToken( GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY, &hProcessToken );
-    CreateRestrictedToken( hProcessToken, DISABLE_MAX_PRIVILEGE, 0, 0, 0, 0, 0, 0, &hRestrictedToken );

-    strBuffer = strInstallDirectory + _T("\\boincmgr.exe");
-    if (CreateProcessAsUser( hRestrictedToken, strBuffer.c_str(), NULL, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &startup_info, &process_info ))
+    // Calculate a restricted token from the current token.
+    if (!pSCREATEL( SAFER_SCOPEID_USER, SAFER_LEVELID_NORMALUSER, SAFER_LEVEL_OPEN, &hSaferHandle, NULL ))
    {
+        fwprintf(f, _T("SaferCreateLevel retval: '%d'\n"), GetLastError());
+    }
+
+    if (!pSCTFL( hSaferHandle, NULL, &hRestrictedToken, NULL, NULL ))
+    {
+        fwprintf(f, _T("SaferComputeTokenFromLevel retval: '%d'\n"), GetLastError());
+    }
+
+    AllocateAndInitializeSid(&siaMLA, 1, SECURITY_MANDATORY_MEDIUM_RID, 0, 0, 0, 0, 0, 0, 0, &pSidMedium);
+
+    TIL.Label.Attributes = SE_GROUP_INTEGRITY;
+    TIL.Label.Sid        = pSidMedium;
+
+    if (!SetTokenInformation(hRestrictedToken, (TOKEN_INFORMATION_CLASS)TokenIntegrityLevel, &TIL, sizeof(TOKEN_MANDATORY_LABEL)))
+    {
+        fwprintf(f, _T("SaferComputeTokenFromLevel (TokenIntegrityLevel) retval: '%d'\n"), GetLastError());
+    }
+
+    if (!SetTokenInformation(hRestrictedToken, (TOKEN_INFORMATION_CLASS)TokenVirtualizationEnabled, &dwEnableVirtualization, sizeof(DWORD)))
+    {
+        fwprintf(f, _T("SaferComputeTokenFromLevel (TokenVirtualizationEnabled) retval: '%d'\n"), GetLastError());
+    }
+
+
+    strBuffer = tstring(_T("\"")) + strInstallDirectory + tstring(_T("boincmgr.exe\""));
+    fwprintf(f, _T("Attempting to launch boincmgr.exe\n"));
+    fwprintf(f, _T("Launching: '%s'\n"), strBuffer.c_str());
+    if (CreateProcessAsUser( hRestrictedToken, NULL, (LPWSTR)strBuffer.c_str(), NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &startup_info, &process_info ))
+    {
+        fwprintf(f, _T("Success!!!\n"));
        CloseHandle( process_info.hProcess );
        CloseHandle( process_info.hThread );
    }
-
-    strBuffer = strInstallDirectory + _T("\\gridrepublic.exe");
-    if (CreateProcessAsUser( hRestrictedToken, strBuffer.c_str(), NULL, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &startup_info, &process_info ))
+    else
    {
+        fwprintf(f, _T("CreateProcessAsUser retval: '%d'\n"), GetLastError());
+    }
+
+    strBuffer = tstring(_T("\"")) + strInstallDirectory + tstring(_T("gridrepublic.exe\""));
+    fwprintf(f, _T("Attempting to launch gridrepublic.exe\n"));
+    fwprintf(f, _T("Launching: '%s'\n"), strBuffer.c_str());
+    if (CreateProcessAsUser( hRestrictedToken, NULL, (LPWSTR)strBuffer.c_str(), NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &startup_info, &process_info ))
+    {
+        fwprintf(f, _T("Success!!!\n"));
        CloseHandle( process_info.hProcess );
        CloseHandle( process_info.hThread );
    }
-
-    strBuffer = strInstallDirectory + _T("\\charityengine.exe");
-    if (CreateProcessAsUser( hRestrictedToken, strBuffer.c_str(), NULL, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &startup_info, &process_info ))
+    else
    {
+        fwprintf(f, _T("CreateProcessAsUser retval: '%d'\n"), GetLastError());
+    }
+
+    strBuffer = tstring(_T("\"")) + strInstallDirectory + tstring(_T("charityengine.exe\""));
+    fwprintf(f, _T("Attempting to launch charityengine.exe\n"));
+    fwprintf(f, _T("Launching: '%s'\n"), strBuffer.c_str());
+    if (CreateProcessAsUser( hRestrictedToken, NULL, (LPWSTR)strBuffer.c_str(), NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &startup_info, &process_info ))
+    {
+        fwprintf(f, _T("Success!!!\n"));
        CloseHandle( process_info.hProcess );
        CloseHandle( process_info.hThread );
    }
-
-    strBuffer = strInstallDirectory + _T("\\progressthruprocessors.exe");
-    if (CreateProcessAsUser( hRestrictedToken, strBuffer.c_str(), NULL, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &startup_info, &process_info ))
+    else
    {
+        fwprintf(f, _T("CreateProcessAsUser retval: '%d'\n"), GetLastError());
+    }
+
+    strBuffer = tstring(_T("\"")) + strInstallDirectory + tstring(_T("progressthruprocessors.exe\""));
+    fwprintf(f, _T("Attempting to launch progressthruprocessors.exe\n"));
+    fwprintf(f, _T("Launching: '%s'\n"), strBuffer.c_str());
+    if (CreateProcessAsUser( hRestrictedToken, NULL, (LPWSTR)strBuffer.c_str(), NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &startup_info, &process_info ))
+    {
+        fwprintf(f, _T("Success!!!\n"));
        CloseHandle( process_info.hProcess );
        CloseHandle( process_info.hThread );
    }
+    else
+    {
+        fwprintf(f, _T("CreateProcessAsUser retval: '%d'\n"), GetLastError());
+    }

+    fclose(f);
    CloseHandle( hRestrictedToken );
-    CloseHandle( hProcessToken );
+    pSCLOSEL( hSaferHandle );
 
    return ERROR_SUCCESS;
 }
--- a/win_build/installerv2/redist/Windows/src/boinccas/boinccas.def
+++ b/win_build/installerv2/redist/Windows/src/boinccas/boinccas.def
@ -26,4 +26,5 @@ EXPORTS
 	SetPermissionBOINCData
 	SetPermissionBOINCDataProjects
 	SetPermissionBOINCDataSlots
+	LaunchBOINCManager
 	
--- a/win_build/installerv2/redist/Windows/src/boinccas/boinccas.rc
+++ b/win_build/installerv2/redist/Windows/src/boinccas/boinccas.rc
@ -53,8 +53,8 @@ END
 //

 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,0,0,160
- PRODUCTVERSION 1,0,0,160
+ FILEVERSION 1,0,0,165
+ PRODUCTVERSION 1,0,0,165
 FILEFLAGSMASK 0x17L
 #ifdef _DEBUG
 FILEFLAGS 0x1L
@ -70,12 +70,12 @@ BEGIN
        BLOCK "040904b0"
        BEGIN
            VALUE "FileDescription", "BOINC Dynamic Link Library"
-            VALUE "FileVersion", "1.0.0.160"
+            VALUE "FileVersion", "1.0.0.165"
            VALUE "InternalName", "BOINC"
            VALUE "LegalCopyright", "Copyright (C) 2005-2011"
            VALUE "OriginalFilename", "BOINC.dll"
            VALUE "ProductName", " BOINC Dynamic Link Library"
-            VALUE "ProductVersion", "1.0.0.160"
+            VALUE "ProductVersion", "1.0.0.165"
        END
    END
    BLOCK "VarFileInfo"
--- a/win_build/installerv2/redist/Windows/src/boinccas/stdafx.h
+++ b/win_build/installerv2/redist/Windows/src/boinccas/stdafx.h
@ -79,6 +79,7 @@
 #include <sddl.h>
 #include <wincrypt.h>
 #include <aclapi.h>
+#include <winsafer.h>

 // CRT Header Files:
 #include <time.h>
--- a/win_build/installerv2/redist/Windows/x64/boinccas.dll
+++ b/win_build/installerv2/redist/Windows/x64/boinccas.dll
--- a/win_build/installerv2/redist/Windows/x64/boinccas95.dll
+++ b/win_build/installerv2/redist/Windows/x64/boinccas95.dll