3 ClientSetupLogicWinSix
Vitalii Koshura edited this page 2023-04-12 19:55:20 +02:00

Windows installer version 6 implementation notes

Introduction

This document describes the implementation the BOINC V6 Windows installer. For info on how the Microsoft Installer technology works, see the Windows Installer reference.

Users

If "secure" is checked, the installer creates these accounts:

boinc_master: The core client runs under this account.

boinc_project: Apps and graphics app run under this account.

If the computer is a domain controller, the account names will have the computer name appended to them.

Account passwords are managed as follows:

  • The installer creates a file 'client_auth.xml' in the BOINC data directory containing the name and base64 encoded password of the boinc_project account.
  • The password properties are added to SecureCustomProperties to prevent them being logged.
  • The password for boinc_master is managed by Windows.

On each installation, both of the account passwords are randomly regenerated.

Groups

If "secure" is checked, the installer creates three groups:

boinc_admins: Members of this group can change the configuration and protection settings for the BOINC client (for example the GUI RPC password and host list) and can also run the BOINC Manager and screensaver.

boinc_users: Members of this group can run the BOINC Manager and screensaver.

boinc_projects: workaround for a deficiency in MSI.

Initially, each group contains the following members:

boinc_admins Administrator 'boinc_master'
boinc_users Public installs: Everyone; Private installs: empty
boinc_projects 'boinc_project'

User Rights Assignment

boinc_master Deny logon locally Deny access to this computer from the network Log on as a service Bypass traverse checking
boinc_project Deny logon locally Deny access to this computer from the network

Data directory

Under the data directory there will be 'projects' and 'slots' directories.

Directories will have the following permissions:

BOINC SYSTEM (Full Control) Administrators (Full Control) boinc_admins (Modify, Read & Execute, List Folder Contents, Read, Write) boinc_users (Read & Execute, List Folder Contents, Read) boinc_projects (Deny All)
BOINC\projects SYSTEM (Full Control) Administrators (Full Control) boinc_admins (Modify, Read & Execute, List Folder Contents, Read, Write) boinc_users (Read & Execute, List Folder Contents, Read) boinc_projects (Modify, Read & Execute, List Folder Contents, Read, Write)
BOINC\slots SYSTEM (Full Control) Administrators (Full Control) boinc_admins (Modify, Read & Execute, List Folder Contents, Read, Write) boinc_users (Read & Execute, List Folder Contents, Read) boinc_projects (Modify, Read & Execute, List Folder Contents, Read, Write)

Executables directory

Directory will have the following permissions:

BOINC SYSTEM (Full Control) Administrators (Full Control) boinc_admins (Modify, Read & Execute, List Folder Contents, Read, Write) boinc_users (Read & Execute, List Folder Contents, Read) boinc_projects (Deny All)

Custom Actions

Custom actions are executed in the following sequence:

    ... MSI: Validates installation package
    ...
    CAValidateSetup
    CAShutdownBOINC
    CAShutdownBOINCManager
    CAShutdownBOINCManager95
    CAShutdownBOINCScreensaver
    ...
    ... MSI: Remove older version if it exists
    ...
    CACleanupOldBinaries
    CAMigratex86x64
    CAMigrateCPDNBBC
    CACreateBOINCAccounts (New in Version 6.0)
    CACreateBOINCGroups (New in Version 6.0)
    CAMigrateBOINCData (New in Version 6.0)
    ...
    ... MSI: Begin installation process

CAValidateSetup

Checks that the parameters passed into the installation program are valid for the installation type. Otherwise it reports an error to the user. This is a backup check for validating the parameters passed in via the command line, if the user is installing via the GUI this shouldn't ever be a problem.

IF SetupType == 'Single-User' THEN
    IF ALLUSERS == 1 THEN
        ABORT
    END IF
    IF SERVICE* IS NOT NULL THEN
        ABORT
    END IF
ELSE
    IF SERVICE* IS NULL THEN
        ABORT
    END IF
END IF

CAShutdownBOINC

Kills boinc.exe if it is currently executing on the system.

TerminateProcessByName("boinc.exe")

CAShutdownBOINCManager

Kills boincmgr.exe if it is currently executing on the system.

TerminateProcessByName("boincmgr.exe")

CAShutdownBOINCManager95

Kills boincmgr.exe if it is currently executing on the system using Win9x compatible means.

TerminateProcessByName95("boincmgr.exe")

CAShutdownBOINCScreensaver

Kills boinc.scr if it is currently executing on the system.

TerminateProcessByName95("boinc.scr")

CACleanupOldBinaries

Deletes any lingering files left over from a previous BOINC installation. This can sometimes happen if a user replaces a stock client with a optimized one.

DeleteFile(strInstallDirectory + _T("\\boinc.exe"));
DeleteFile(strInstallDirectory + _T("\\boincmgr.exe"));
DeleteFile(strInstallDirectory + _T("\\boinccmd.exe"));
DeleteFile(strInstallDirectory + _T("\\boinc.dll"));
DeleteFile(strInstallDirectory + _T("\\libcurl.dll"));
DeleteFile(strInstallDirectory + _T("\\libeay32.dll"));
DeleteFile(strInstallDirectory + _T("\\ssleay32.dll"));
DeleteFile(strInstallDirectory + _T("\\zlib1.dll"));
DeleteFile(strInstallDirectory + _T("\\dbghelp.dll"));
DeleteFile(strInstallDirectory + _T("\\dbghelp95.dll"));
DeleteFile(strInstallDirectory + _T("\\srcsrv.dll"));
DeleteFile(strInstallDirectory + _T("\\symsrv.dll"));

CAMigratex86x64

Migrate any data files from "C:\Program Files (x86)\BOINC" to "C:\Program Files\BOINC" if "C:\Program Files\BOINC" doesn't already exist. This handles the case where the user is upgrading from a 32-bit BOINC to a 64-bit BOINC on Win64.

MoveFileEx("C:\\Program Files (x86)\\BOINC", strInstallDirectory, MOVEFILE_COPY_ALLOWED|MOVEFILE_WRITE_THROUGH);

CAMigrateCPDNBBC

Migrate any data files from "C:\Program Files\Climate Change Experiment" to "C:\Program Files\BOINC" if "C:\Program Files\BOINC" doesn't already exist. Handles case where user is upgrading from BBC to V6.

MoveFileEx("C:\\Program Files\\Climate Change Experiment", strInstallDirectory, MOVEFILE_COPY_ALLOWED|MOVEFILE_WRITE_THROUGH);

CACreateBOINCAccounts

Creates the two user accounts used for a protected installation. Passwords are base64 encoded before being stored to disk.

strComputerName = GetComputerName()
bIsDomainController = IsDomainController()

GetProperty("BOINC_USERNAME", strBOINCUsername)
GetProperty("BOINC_PROJECT_USERNAME", strBOINCProjectUsername)

IF bIsDomainController THEN
    IF strBOINCUsername IS NULL THEN
        strBOINCUsername = "boinc_" + strComputerName
    END IF
    IF strBOINCProjectUsername IS NULL THEN
        strBOINCProjectUsername = "boinc_project_" + strComputerName
    END IF
ELSE
    IF strBOINCUsername IS NULL THEN
        strBOINCUsername = "boinc"
    END IF
    IF strBOINCProjectUsername IS NULL THEN
        strBOINCProjectUsername = "boinc_project"
    END IF
END IF

strBOINCAccountPassword = GenerateNewPassword()
strBOINCProjectAccountPassword = GenerateNewPassword()

IF GetUserAccount(strBOINCUsername) EXISTS THEN
    ResetUserAccountPassword(strBOINCUsername, strBOINCAccountPassword);
ELSE
    CreateUserAccount(strBOINCUsername, strBOINCAccountPassword)
    SetUserAccountProperty(strBOINCUsername, "PasswordNeverExpires")
END IF

IF GetUserAccount(strBOINCProjectUsername) EXISTS THEN
    ResetUserAccountPasswordstrBOINCProjectUsername, strBOINCProjectAccountPassword);
ELSE
    CreateUserAccount(strBOINCProjectUsername, strBOINCProjectAccountPassword)
    SetUserAccountProperty(strBOINCProjectUsername, "PasswordNeverExpires")
END IF

WriteAccountsToDisk(strBOINCUsername, strBOINCAccountPassword, strBOINCProjectUsername, strBOINCProjectAccountPassword)

CACreateBOINCGroups

Creates the two security groups that BOINC will need to complete a secure installation.

strComputerName = GetComputerName()
bIsDomainController = IsDomainController()

GetProperty("BOINC_USERNAME", strBOINCUsername)
GetProperty("BOINC_PROJECT_USERNAME", strBOINCProjectUsername)

IF bIsDomainController THEN
    IF strBOINCUsername IS NULL THEN
        strBOINCUsername = "boinc_" + strComputerName
    END IF
    IF strBOINCProjectUsername IS NULL THEN
        strBOINCProjectUsername = "boinc_project_" + strComputerName
    END IF
ELSE
    IF strBOINCUsername IS NULL THEN
        strBOINCUsername = "boinc"
    END IF
    IF strBOINCProjectUsername IS NULL THEN
        strBOINCProjectUsername = "boinc_project"
    END IF
END IF

IF GetGroup("boinc_admins") NOT EXISTS THEN
    CreateGroup("boinc_administrators")
    AddUserToGroup("Administrator")
    AddUserToGroup(GetCurrentUsername())
    AddUserToGroup(strBOINCUsername)
END IF

IF GetGroup("boinc_project") NOT EXISTS THEN
    CreateGroup("boinc_project")
    AddUserToGroup(strBOINCProjectUsername)
END IF

CAMigrateBOINCData

Look in the registry for the old data directory, else "C:\Program Files\BOINC". Move data files from old data dir to all users application data location if the all users application data location doesn't already exist.

old_data_dir = registry_lookup
MoveFileEx(old_data_dir, strDataDirectory, MOVEFILE_COPY_ALLOWED|MOVEFILE_WRITE_THROUGH);

Migration Paths:

5.10.45 -> 6.2.10 (Migration Occurs)

5.10.45 -> 6.2.10 -> 5.10.45 (Migration Occurs)

6.2.10 -> 5.10.45 (Migration Skips)

6.2.10 -> 6.2.11 (Migration Skips)

6.2.11 -> 6.2.10 (Migration Skips)

Notes:

  • Migration should only occur if an older version of BOINC was detected. If v6 was installed first and then v5 was installed, no migration would occur for either install.