mirror of https://github.com/BOINC/boinc.git
Rom Walton
parent
65dde8f6bf
commit
ade8957656
Binary file not shown.
|
Before Width: | Height: | Size: 359 KiB After Width: | Height: | Size: 355 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 359 KiB After Width: | Height: | Size: 355 KiB |
Binary file not shown.
Binary file not shown.
|
|
@ -25,6 +25,22 @@
|
||||||
#define CUSTOMACTION_NAME _T("CALaunchBOINCManager")
|
#define CUSTOMACTION_NAME _T("CALaunchBOINCManager")
|
||||||
#define CUSTOMACTION_PROGRESSTITLE _T("Launching BOINC Manager")
|
#define CUSTOMACTION_PROGRESSTITLE _T("Launching BOINC Manager")
|
||||||
|
|
||||||
|
#ifndef SECURITY_MANDATORY_LABEL_AUTHORITY
|
||||||
|
|
||||||
|
#define SECURITY_MANDATORY_LABEL_AUTHORITY {0,0,0,0,0,16}
|
||||||
|
#define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L)
|
||||||
|
#define SE_GROUP_INTEGRITY (0x00000020L)
|
||||||
|
|
||||||
|
typedef struct _TOKEN_MANDATORY_LABEL {
|
||||||
|
SID_AND_ATTRIBUTES Label;
|
||||||
|
} TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL;
|
||||||
|
|
||||||
|
typedef enum MY_TOKEN_INFORMATION_CLASS {
|
||||||
|
TokenVirtualizationEnabled = 24,
|
||||||
|
TokenIntegrityLevel = 25
|
||||||
|
} MY_TOKEN_INFORMATION_CLASS, *PMY_TOKEN_INFORMATION_CLASS;
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
/////////////////////////////////////////////////////////////////////
|
/////////////////////////////////////////////////////////////////////
|
||||||
//
|
//
|
||||||
|
|
@ -59,56 +75,140 @@ CALaunchBOINCManager::~CALaunchBOINCManager()
|
||||||
//
|
//
|
||||||
/////////////////////////////////////////////////////////////////////
|
/////////////////////////////////////////////////////////////////////
|
||||||
|
|
||||||
|
typedef BOOL (__stdcall *tSCREATEL)( IN DWORD, IN DWORD, IN DWORD, OUT SAFER_LEVEL_HANDLE*, OUT LPVOID );
|
||||||
|
typedef BOOL (__stdcall *tSCTFL)( IN SAFER_LEVEL_HANDLE, IN HANDLE, OUT HANDLE*, IN DWORD, OUT LPVOID );
|
||||||
|
typedef BOOL (__stdcall *tSCLOSEL)( IN SAFER_LEVEL_HANDLE );
|
||||||
|
|
||||||
UINT CALaunchBOINCManager::OnExecution()
|
UINT CALaunchBOINCManager::OnExecution()
|
||||||
{
|
{
|
||||||
|
static HMODULE advapi32lib = NULL;
|
||||||
|
static tSCREATEL pSCREATEL = NULL;
|
||||||
|
static tSCTFL pSCTFL = NULL;
|
||||||
|
static tSCLOSEL pSCLOSEL = NULL;
|
||||||
PROCESS_INFORMATION process_info;
|
PROCESS_INFORMATION process_info;
|
||||||
STARTUPINFO startup_info;
|
STARTUPINFO startup_info;
|
||||||
HANDLE hProcessToken;
|
SAFER_LEVEL_HANDLE hSaferHandle;
|
||||||
HANDLE hRestrictedToken;
|
HANDLE hRestrictedToken;
|
||||||
|
SID_IDENTIFIER_AUTHORITY siaMLA = SECURITY_MANDATORY_LABEL_AUTHORITY;
|
||||||
|
PSID pSidMedium = NULL;
|
||||||
|
TOKEN_MANDATORY_LABEL TIL = {0};
|
||||||
|
DWORD dwEnableVirtualization = 1;
|
||||||
tstring strInstallDirectory;
|
tstring strInstallDirectory;
|
||||||
tstring strBuffer;
|
tstring strBuffer;
|
||||||
UINT uiReturnValue = -1;
|
UINT uiReturnValue = -1;
|
||||||
|
FILE* f;
|
||||||
|
|
||||||
memset(&process_info, 0, sizeof(process_info));
|
memset(&process_info, 0, sizeof(process_info));
|
||||||
memset(&startup_info, 0, sizeof(startup_info));
|
memset(&startup_info, 0, sizeof(startup_info));
|
||||||
startup_info.cb = sizeof(startup_info);
|
startup_info.cb = sizeof(startup_info);
|
||||||
|
startup_info.dwFlags = STARTF_USESHOWWINDOW;
|
||||||
|
startup_info.wShowWindow = SW_SHOW;
|
||||||
|
|
||||||
|
f = fopen("LaunchManager.txt", "w");
|
||||||
|
|
||||||
|
if (!advapi32lib) {
|
||||||
|
advapi32lib = LoadLibraryA("advapi32.dll");
|
||||||
|
if (advapi32lib) {
|
||||||
|
pSCREATEL = (tSCREATEL)GetProcAddress(advapi32lib, "SaferCreateLevel");
|
||||||
|
pSCTFL = (tSCTFL)GetProcAddress(advapi32lib, "SaferComputeTokenFromLevel");
|
||||||
|
pSCLOSEL = (tSCLOSEL)GetProcAddress(advapi32lib, "SaferCloseLevel");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!pSCREATEL || !pSCTFL || !pSCLOSEL) {
|
||||||
|
return ERROR_FILE_NOT_FOUND;
|
||||||
|
}
|
||||||
|
|
||||||
uiReturnValue = GetProperty( _T("INSTALLDIR"), strInstallDirectory );
|
uiReturnValue = GetProperty( _T("INSTALLDIR"), strInstallDirectory );
|
||||||
if ( uiReturnValue ) return uiReturnValue;
|
if ( uiReturnValue ) return uiReturnValue;
|
||||||
|
|
||||||
OpenProcessToken( GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY, &hProcessToken );
|
|
||||||
CreateRestrictedToken( hProcessToken, DISABLE_MAX_PRIVILEGE, 0, 0, 0, 0, 0, 0, &hRestrictedToken );
|
|
||||||
|
|
||||||
strBuffer = strInstallDirectory + _T("\\boincmgr.exe");
|
// Calculate a restricted token from the current token.
|
||||||
if (CreateProcessAsUser( hRestrictedToken, strBuffer.c_str(), NULL, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &startup_info, &process_info ))
|
if (!pSCREATEL( SAFER_SCOPEID_USER, SAFER_LEVELID_NORMALUSER, SAFER_LEVEL_OPEN, &hSaferHandle, NULL ))
|
||||||
{
|
{
|
||||||
|
fwprintf(f, _T("SaferCreateLevel retval: '%d'\n"), GetLastError());
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!pSCTFL( hSaferHandle, NULL, &hRestrictedToken, NULL, NULL ))
|
||||||
|
{
|
||||||
|
fwprintf(f, _T("SaferComputeTokenFromLevel retval: '%d'\n"), GetLastError());
|
||||||
|
}
|
||||||
|
|
||||||
|
AllocateAndInitializeSid(&siaMLA, 1, SECURITY_MANDATORY_MEDIUM_RID, 0, 0, 0, 0, 0, 0, 0, &pSidMedium);
|
||||||
|
|
||||||
|
TIL.Label.Attributes = SE_GROUP_INTEGRITY;
|
||||||
|
TIL.Label.Sid = pSidMedium;
|
||||||
|
|
||||||
|
if (!SetTokenInformation(hRestrictedToken, (TOKEN_INFORMATION_CLASS)TokenIntegrityLevel, &TIL, sizeof(TOKEN_MANDATORY_LABEL)))
|
||||||
|
{
|
||||||
|
fwprintf(f, _T("SaferComputeTokenFromLevel (TokenIntegrityLevel) retval: '%d'\n"), GetLastError());
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!SetTokenInformation(hRestrictedToken, (TOKEN_INFORMATION_CLASS)TokenVirtualizationEnabled, &dwEnableVirtualization, sizeof(DWORD)))
|
||||||
|
{
|
||||||
|
fwprintf(f, _T("SaferComputeTokenFromLevel (TokenVirtualizationEnabled) retval: '%d'\n"), GetLastError());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
strBuffer = tstring(_T("\"")) + strInstallDirectory + tstring(_T("boincmgr.exe\""));
|
||||||
|
fwprintf(f, _T("Attempting to launch boincmgr.exe\n"));
|
||||||
|
fwprintf(f, _T("Launching: '%s'\n"), strBuffer.c_str());
|
||||||
|
if (CreateProcessAsUser( hRestrictedToken, NULL, (LPWSTR)strBuffer.c_str(), NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &startup_info, &process_info ))
|
||||||
|
{
|
||||||
|
fwprintf(f, _T("Success!!!\n"));
|
||||||
CloseHandle( process_info.hProcess );
|
CloseHandle( process_info.hProcess );
|
||||||
CloseHandle( process_info.hThread );
|
CloseHandle( process_info.hThread );
|
||||||
}
|
}
|
||||||
|
else
|
||||||
strBuffer = strInstallDirectory + _T("\\gridrepublic.exe");
|
|
||||||
if (CreateProcessAsUser( hRestrictedToken, strBuffer.c_str(), NULL, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &startup_info, &process_info ))
|
|
||||||
{
|
{
|
||||||
|
fwprintf(f, _T("CreateProcessAsUser retval: '%d'\n"), GetLastError());
|
||||||
|
}
|
||||||
|
|
||||||
|
strBuffer = tstring(_T("\"")) + strInstallDirectory + tstring(_T("gridrepublic.exe\""));
|
||||||
|
fwprintf(f, _T("Attempting to launch gridrepublic.exe\n"));
|
||||||
|
fwprintf(f, _T("Launching: '%s'\n"), strBuffer.c_str());
|
||||||
|
if (CreateProcessAsUser( hRestrictedToken, NULL, (LPWSTR)strBuffer.c_str(), NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &startup_info, &process_info ))
|
||||||
|
{
|
||||||
|
fwprintf(f, _T("Success!!!\n"));
|
||||||
CloseHandle( process_info.hProcess );
|
CloseHandle( process_info.hProcess );
|
||||||
CloseHandle( process_info.hThread );
|
CloseHandle( process_info.hThread );
|
||||||
}
|
}
|
||||||
|
else
|
||||||
strBuffer = strInstallDirectory + _T("\\charityengine.exe");
|
|
||||||
if (CreateProcessAsUser( hRestrictedToken, strBuffer.c_str(), NULL, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &startup_info, &process_info ))
|
|
||||||
{
|
{
|
||||||
|
fwprintf(f, _T("CreateProcessAsUser retval: '%d'\n"), GetLastError());
|
||||||
|
}
|
||||||
|
|
||||||
|
strBuffer = tstring(_T("\"")) + strInstallDirectory + tstring(_T("charityengine.exe\""));
|
||||||
|
fwprintf(f, _T("Attempting to launch charityengine.exe\n"));
|
||||||
|
fwprintf(f, _T("Launching: '%s'\n"), strBuffer.c_str());
|
||||||
|
if (CreateProcessAsUser( hRestrictedToken, NULL, (LPWSTR)strBuffer.c_str(), NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &startup_info, &process_info ))
|
||||||
|
{
|
||||||
|
fwprintf(f, _T("Success!!!\n"));
|
||||||
CloseHandle( process_info.hProcess );
|
CloseHandle( process_info.hProcess );
|
||||||
CloseHandle( process_info.hThread );
|
CloseHandle( process_info.hThread );
|
||||||
}
|
}
|
||||||
|
else
|
||||||
strBuffer = strInstallDirectory + _T("\\progressthruprocessors.exe");
|
|
||||||
if (CreateProcessAsUser( hRestrictedToken, strBuffer.c_str(), NULL, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &startup_info, &process_info ))
|
|
||||||
{
|
{
|
||||||
|
fwprintf(f, _T("CreateProcessAsUser retval: '%d'\n"), GetLastError());
|
||||||
|
}
|
||||||
|
|
||||||
|
strBuffer = tstring(_T("\"")) + strInstallDirectory + tstring(_T("progressthruprocessors.exe\""));
|
||||||
|
fwprintf(f, _T("Attempting to launch progressthruprocessors.exe\n"));
|
||||||
|
fwprintf(f, _T("Launching: '%s'\n"), strBuffer.c_str());
|
||||||
|
if (CreateProcessAsUser( hRestrictedToken, NULL, (LPWSTR)strBuffer.c_str(), NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &startup_info, &process_info ))
|
||||||
|
{
|
||||||
|
fwprintf(f, _T("Success!!!\n"));
|
||||||
CloseHandle( process_info.hProcess );
|
CloseHandle( process_info.hProcess );
|
||||||
CloseHandle( process_info.hThread );
|
CloseHandle( process_info.hThread );
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
fwprintf(f, _T("CreateProcessAsUser retval: '%d'\n"), GetLastError());
|
||||||
|
}
|
||||||
|
|
||||||
|
fclose(f);
|
||||||
CloseHandle( hRestrictedToken );
|
CloseHandle( hRestrictedToken );
|
||||||
CloseHandle( hProcessToken );
|
pSCLOSEL( hSaferHandle );
|
||||||
|
|
||||||
return ERROR_SUCCESS;
|
return ERROR_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -26,4 +26,5 @@ EXPORTS
|
||||||
SetPermissionBOINCData
|
SetPermissionBOINCData
|
||||||
SetPermissionBOINCDataProjects
|
SetPermissionBOINCDataProjects
|
||||||
SetPermissionBOINCDataSlots
|
SetPermissionBOINCDataSlots
|
||||||
|
LaunchBOINCManager
|
||||||
|
|
||||||
|
|
@ -53,8 +53,8 @@ END
|
||||||
//
|
//
|
||||||
|
|
||||||
VS_VERSION_INFO VERSIONINFO
|
VS_VERSION_INFO VERSIONINFO
|
||||||
FILEVERSION 1,0,0,160
|
FILEVERSION 1,0,0,165
|
||||||
PRODUCTVERSION 1,0,0,160
|
PRODUCTVERSION 1,0,0,165
|
||||||
FILEFLAGSMASK 0x17L
|
FILEFLAGSMASK 0x17L
|
||||||
#ifdef _DEBUG
|
#ifdef _DEBUG
|
||||||
FILEFLAGS 0x1L
|
FILEFLAGS 0x1L
|
||||||
|
|
@ -70,12 +70,12 @@ BEGIN
|
||||||
BLOCK "040904b0"
|
BLOCK "040904b0"
|
||||||
BEGIN
|
BEGIN
|
||||||
VALUE "FileDescription", "BOINC Dynamic Link Library"
|
VALUE "FileDescription", "BOINC Dynamic Link Library"
|
||||||
VALUE "FileVersion", "1.0.0.160"
|
VALUE "FileVersion", "1.0.0.165"
|
||||||
VALUE "InternalName", "BOINC"
|
VALUE "InternalName", "BOINC"
|
||||||
VALUE "LegalCopyright", "Copyright (C) 2005-2011"
|
VALUE "LegalCopyright", "Copyright (C) 2005-2011"
|
||||||
VALUE "OriginalFilename", "BOINC.dll"
|
VALUE "OriginalFilename", "BOINC.dll"
|
||||||
VALUE "ProductName", " BOINC Dynamic Link Library"
|
VALUE "ProductName", " BOINC Dynamic Link Library"
|
||||||
VALUE "ProductVersion", "1.0.0.160"
|
VALUE "ProductVersion", "1.0.0.165"
|
||||||
END
|
END
|
||||||
END
|
END
|
||||||
BLOCK "VarFileInfo"
|
BLOCK "VarFileInfo"
|
||||||
|
|
|
||||||
|
|
@ -79,6 +79,7 @@
|
||||||
#include <sddl.h>
|
#include <sddl.h>
|
||||||
#include <wincrypt.h>
|
#include <wincrypt.h>
|
||||||
#include <aclapi.h>
|
#include <aclapi.h>
|
||||||
|
#include <winsafer.h>
|
||||||
|
|
||||||
// CRT Header Files:
|
// CRT Header Files:
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
|
|
|
||||||
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue