// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2008 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see .
// Code to run a BOINC application (main or graphics) under Windows
// Don't include this in applications
#if defined(_WIN32) && !defined(__STDWX_H__)
#include "boinc_win.h"
#elif defined(_WIN32) && defined(__STDWX_H__)
#include "stdwx.h"
#endif
#include "win_util.h"
#include "filesys.h"
#include "error_numbers.h"
#include "common_defs.h"
#include "util.h"
#include "parse.h"
#include "base64.h"
HANDLE sandbox_account_interactive_token = NULL;
HANDLE sandbox_account_service_token = NULL;
void get_sandbox_account_interactive_token() {
FILE* f;
char buf[256];
std::string encoded_username_str;
std::string encoded_password_str;
std::string username_str;
std::string domainname_str;
std::string password_str;
int retval = 0;
static bool first = true;
PSID sandbox_account_sid = NULL;
if (!first) return;
first = false;
f = fopen(CLIENT_AUTH_FILENAME, "r");
if (!f) return;
while (fgets(buf, 256, f)) {
if (parse_str(buf, "", encoded_username_str)) continue;
if (parse_str(buf, "", encoded_password_str)) continue;
}
fclose(f);
password_str = r_base64_decode(encoded_password_str);
if (std::string::npos != encoded_username_str.find('\\')) {
domainname_str = encoded_username_str.substr(
0, encoded_username_str.find('\\')
);
username_str = encoded_username_str.substr(
encoded_username_str.rfind(_T('\\')) + 1,
encoded_username_str.length() - encoded_username_str.rfind(_T('\\')) - 1
);
retval = LogonUserA(
username_str.c_str(),
domainname_str.c_str(),
password_str.c_str(),
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
&sandbox_account_interactive_token
);
if (retval) {
GetAccountSid(domainname_str.c_str(), username_str.c_str(), &sandbox_account_sid);
}
} else {
username_str = encoded_username_str;
retval = LogonUserA(
username_str.c_str(),
NULL,
password_str.c_str(),
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
&sandbox_account_interactive_token
);
if (retval) {
GetAccountSid(NULL, username_str.c_str(), &sandbox_account_sid);
}
}
if (!retval) {
sandbox_account_interactive_token = NULL;
sandbox_account_sid = NULL;
} else {
// Adjust the permissions on the current desktop and window station
// to allow the sandbox user account to create windows and such.
//
if (!AddAceToWindowStation(GetProcessWindowStation(), sandbox_account_sid)) {
fprintf(stderr, "Failed to add ACE to current WindowStation\n");
}
if (!AddAceToDesktop(GetThreadDesktop(GetCurrentThreadId()), sandbox_account_sid)) {
fprintf(stderr, "Failed to add ACE to current Desktop\n");
}
}
}
void get_sandbox_account_service_token() {
FILE* f;
char buf[256];
std::string encoded_username_str;
std::string encoded_password_str;
std::string username_str;
std::string domainname_str;
std::string password_str;
int retval = 0;
static bool first=true;
if (!first) return;
first = false;
f = fopen(CLIENT_AUTH_FILENAME, "r");
if (!f) return;
while (fgets(buf, 256, f)) {
if (parse_str(buf, "", encoded_username_str)) continue;
if (parse_str(buf, "", encoded_password_str)) continue;
}
fclose(f);
password_str = r_base64_decode(encoded_password_str);
if (std::string::npos != encoded_username_str.find('\\')) {
domainname_str = encoded_username_str.substr(
0, encoded_username_str.find('\\')
);
username_str = encoded_username_str.substr(
encoded_username_str.rfind(_T('\\')) + 1,
encoded_username_str.length() - encoded_username_str.rfind(_T('\\')) - 1
);
retval = LogonUserA(
username_str.c_str(),
domainname_str.c_str(),
password_str.c_str(),
LOGON32_LOGON_SERVICE,
LOGON32_PROVIDER_DEFAULT,
&sandbox_account_service_token
);
} else {
username_str = encoded_username_str;
retval = LogonUserA(
username_str.c_str(),
NULL,
password_str.c_str(),
LOGON32_LOGON_SERVICE,
LOGON32_PROVIDER_DEFAULT,
&sandbox_account_service_token
);
}
if (!retval) {
sandbox_account_service_token = NULL;
}
}
// Run application, Windows.
// chdir into the given directory, and run a program there.
// argv is set up Unix-style, i.e. argv[0] is the program name
//
// CreateEnvironmentBlock
typedef BOOL (WINAPI *tCEB)(LPVOID *lpEnvironment, HANDLE hToken, BOOL bInherit);
// DestroyEnvironmentBlock
typedef BOOL (WINAPI *tDEB)(LPVOID lpEnvironment);
int run_app_windows(
const char* dir, const char* file, int argc, char *const argv[], HANDLE& id
) {
int retval;
PROCESS_INFORMATION process_info;
STARTUPINFOA startup_info;
LPVOID environment_block = NULL;
char cmdline[1024];
char error_msg[1024];
memset(&process_info, 0, sizeof(process_info));
memset(&startup_info, 0, sizeof(startup_info));
startup_info.cb = sizeof(startup_info);
strcpy(cmdline, "");
for (int i=0; i