Windows installer version 6 implementation notes
Introduction
This document describes the implementation the BOINC V6 Windows installer. For info on how the Microsoft Installer technology works, see the Windows Installer reference.
Users
If "secure" is checked, the installer creates these accounts:
boinc_master: The core client runs under this account.
boinc_project: Apps and graphics app run under this account.
If the computer is a domain controller, the account names will have the computer name appended to them.
Account passwords are managed as follows:
- The installer creates a file 'client_auth.xml' in the BOINC data directory containing the name and base64 encoded password of the boinc_project account.
- The password properties are added to SecureCustomProperties to prevent them being logged.
- The password for boinc_master is managed by Windows.
On each installation, both of the account passwords are randomly regenerated.
Groups
If "secure" is checked, the installer creates three groups:
boinc_admins: Members of this group can change the configuration and protection settings for the BOINC client (for example the GUI RPC password and host list) and can also run the BOINC Manager and screensaver.
boinc_users: Members of this group can run the BOINC Manager and screensaver.
boinc_projects: workaround for a deficiency in MSI.
Initially, each group contains the following members:
boinc_admins | Administrator 'boinc_master' |
boinc_users | Public installs: Everyone; Private installs: empty |
boinc_projects | 'boinc_project' |
User Rights Assignment
boinc_master | Deny logon locally Deny access to this computer from the network Log on as a service Bypass traverse checking |
boinc_project | Deny logon locally Deny access to this computer from the network |
Data directory
Under the data directory there will be 'projects' and 'slots' directories.
Directories will have the following permissions:
BOINC | SYSTEM (Full Control) Administrators (Full Control) boinc_admins (Modify, Read & Execute, List Folder Contents, Read, Write) boinc_users (Read & Execute, List Folder Contents, Read) boinc_projects (Deny All) |
BOINC\projects | SYSTEM (Full Control) Administrators (Full Control) boinc_admins (Modify, Read & Execute, List Folder Contents, Read, Write) boinc_users (Read & Execute, List Folder Contents, Read) boinc_projects (Modify, Read & Execute, List Folder Contents, Read, Write) |
BOINC\slots | SYSTEM (Full Control) Administrators (Full Control) boinc_admins (Modify, Read & Execute, List Folder Contents, Read, Write) boinc_users (Read & Execute, List Folder Contents, Read) boinc_projects (Modify, Read & Execute, List Folder Contents, Read, Write) |
Executables directory
Directory will have the following permissions:
BOINC | SYSTEM (Full Control) Administrators (Full Control) boinc_admins (Modify, Read & Execute, List Folder Contents, Read, Write) boinc_users (Read & Execute, List Folder Contents, Read) boinc_projects (Deny All) |
Custom Actions
Custom actions are executed in the following sequence:
... MSI: Validates installation package
...
CAValidateSetup
CAShutdownBOINC
CAShutdownBOINCManager
CAShutdownBOINCManager95
CAShutdownBOINCScreensaver
...
... MSI: Remove older version if it exists
...
CACleanupOldBinaries
CAMigratex86x64
CAMigrateCPDNBBC
CACreateBOINCAccounts (New in Version 6.0)
CACreateBOINCGroups (New in Version 6.0)
CAMigrateBOINCData (New in Version 6.0)
...
... MSI: Begin installation process
CAValidateSetup
Checks that the parameters passed into the installation program are valid for the installation type. Otherwise it reports an error to the user. This is a backup check for validating the parameters passed in via the command line, if the user is installing via the GUI this shouldn't ever be a problem.
IF SetupType == 'Single-User' THEN
IF ALLUSERS == 1 THEN
ABORT
END IF
IF SERVICE* IS NOT NULL THEN
ABORT
END IF
ELSE
IF SERVICE* IS NULL THEN
ABORT
END IF
END IF
CAShutdownBOINC
Kills boinc.exe if it is currently executing on the system.
TerminateProcessByName("boinc.exe")
CAShutdownBOINCManager
Kills boincmgr.exe if it is currently executing on the system.
TerminateProcessByName("boincmgr.exe")
CAShutdownBOINCManager95
Kills boincmgr.exe if it is currently executing on the system using Win9x compatible means.
TerminateProcessByName95("boincmgr.exe")
CAShutdownBOINCScreensaver
Kills boinc.scr if it is currently executing on the system.
TerminateProcessByName95("boinc.scr")
CACleanupOldBinaries
Deletes any lingering files left over from a previous BOINC installation. This can sometimes happen if a user replaces a stock client with a optimized one.
DeleteFile(strInstallDirectory + _T("\\boinc.exe"));
DeleteFile(strInstallDirectory + _T("\\boincmgr.exe"));
DeleteFile(strInstallDirectory + _T("\\boinccmd.exe"));
DeleteFile(strInstallDirectory + _T("\\boinc.dll"));
DeleteFile(strInstallDirectory + _T("\\libcurl.dll"));
DeleteFile(strInstallDirectory + _T("\\libeay32.dll"));
DeleteFile(strInstallDirectory + _T("\\ssleay32.dll"));
DeleteFile(strInstallDirectory + _T("\\zlib1.dll"));
DeleteFile(strInstallDirectory + _T("\\dbghelp.dll"));
DeleteFile(strInstallDirectory + _T("\\dbghelp95.dll"));
DeleteFile(strInstallDirectory + _T("\\srcsrv.dll"));
DeleteFile(strInstallDirectory + _T("\\symsrv.dll"));
CAMigratex86x64
Migrate any data files from "C:\Program Files (x86)\BOINC" to "C:\Program Files\BOINC" if "C:\Program Files\BOINC" doesn't already exist. This handles the case where the user is upgrading from a 32-bit BOINC to a 64-bit BOINC on Win64.
MoveFileEx("C:\\Program Files (x86)\\BOINC", strInstallDirectory, MOVEFILE_COPY_ALLOWED|MOVEFILE_WRITE_THROUGH);
CAMigrateCPDNBBC
Migrate any data files from "C:\Program Files\Climate Change Experiment" to "C:\Program Files\BOINC" if "C:\Program Files\BOINC" doesn't already exist. Handles case where user is upgrading from BBC to V6.
MoveFileEx("C:\\Program Files\\Climate Change Experiment", strInstallDirectory, MOVEFILE_COPY_ALLOWED|MOVEFILE_WRITE_THROUGH);
CACreateBOINCAccounts
Creates the two user accounts used for a protected installation. Passwords are base64 encoded before being stored to disk.
strComputerName = GetComputerName()
bIsDomainController = IsDomainController()
GetProperty("BOINC_USERNAME", strBOINCUsername)
GetProperty("BOINC_PROJECT_USERNAME", strBOINCProjectUsername)
IF bIsDomainController THEN
IF strBOINCUsername IS NULL THEN
strBOINCUsername = "boinc_" + strComputerName
END IF
IF strBOINCProjectUsername IS NULL THEN
strBOINCProjectUsername = "boinc_project_" + strComputerName
END IF
ELSE
IF strBOINCUsername IS NULL THEN
strBOINCUsername = "boinc"
END IF
IF strBOINCProjectUsername IS NULL THEN
strBOINCProjectUsername = "boinc_project"
END IF
END IF
strBOINCAccountPassword = GenerateNewPassword()
strBOINCProjectAccountPassword = GenerateNewPassword()
IF GetUserAccount(strBOINCUsername) EXISTS THEN
ResetUserAccountPassword(strBOINCUsername, strBOINCAccountPassword);
ELSE
CreateUserAccount(strBOINCUsername, strBOINCAccountPassword)
SetUserAccountProperty(strBOINCUsername, "PasswordNeverExpires")
END IF
IF GetUserAccount(strBOINCProjectUsername) EXISTS THEN
ResetUserAccountPasswordstrBOINCProjectUsername, strBOINCProjectAccountPassword);
ELSE
CreateUserAccount(strBOINCProjectUsername, strBOINCProjectAccountPassword)
SetUserAccountProperty(strBOINCProjectUsername, "PasswordNeverExpires")
END IF
WriteAccountsToDisk(strBOINCUsername, strBOINCAccountPassword, strBOINCProjectUsername, strBOINCProjectAccountPassword)
CACreateBOINCGroups
Creates the two security groups that BOINC will need to complete a secure installation.
strComputerName = GetComputerName()
bIsDomainController = IsDomainController()
GetProperty("BOINC_USERNAME", strBOINCUsername)
GetProperty("BOINC_PROJECT_USERNAME", strBOINCProjectUsername)
IF bIsDomainController THEN
IF strBOINCUsername IS NULL THEN
strBOINCUsername = "boinc_" + strComputerName
END IF
IF strBOINCProjectUsername IS NULL THEN
strBOINCProjectUsername = "boinc_project_" + strComputerName
END IF
ELSE
IF strBOINCUsername IS NULL THEN
strBOINCUsername = "boinc"
END IF
IF strBOINCProjectUsername IS NULL THEN
strBOINCProjectUsername = "boinc_project"
END IF
END IF
IF GetGroup("boinc_admins") NOT EXISTS THEN
CreateGroup("boinc_administrators")
AddUserToGroup("Administrator")
AddUserToGroup(GetCurrentUsername())
AddUserToGroup(strBOINCUsername)
END IF
IF GetGroup("boinc_project") NOT EXISTS THEN
CreateGroup("boinc_project")
AddUserToGroup(strBOINCProjectUsername)
END IF
CAMigrateBOINCData
Look in the registry for the old data directory, else "C:\Program Files\BOINC". Move data files from old data dir to all users application data location if the all users application data location doesn't already exist.
old_data_dir = registry_lookup
MoveFileEx(old_data_dir, strDataDirectory, MOVEFILE_COPY_ALLOWED|MOVEFILE_WRITE_THROUGH);
Migration Paths:
5.10.45 -> 6.2.10 (Migration Occurs)
5.10.45 -> 6.2.10 -> 5.10.45 (Migration Occurs)
6.2.10 -> 5.10.45 (Migration Skips)
6.2.10 -> 6.2.11 (Migration Skips)
6.2.11 -> 6.2.10 (Migration Skips)
Notes:
- Migration should only occur if an older version of BOINC was detected. If v6 was installed first and then v5 was installed, no migration would occur for either install.