= Client Setup Logic for 6.0 Clients = [[T(VersionSix)]] Major differences from version 5 are: * Implements account-based sandboxing by creating unprivileged accounts for BOINC. * It moves the BOINC data directory if needed, and BOINC executables are in a separate directory. * User no longer selects install type. This document describes the various changes to the installer including: * User Accounts and Groups * Data Directory * Executables Directory * User Interface Changes * Custom Action Changes * Reverting to a previous version of BOINC == User Accounts == Two user accounts will be created, one to execute boinc.exe, and one that boinc.exe can use to launch science applications. Users: {{{ boinc boinc_project }}} Both 'boinc' and 'boinc_project' will be setup so that their passwords never expire. A file will be created by the installer in the BOINC data directory called client_init.xml which contains the username and base64 encoded password for `boinc_project_`. The first time the client starts up after install it will read the file and store an encrypted form of the data in a new file using !CryptProtectData/CryptUnprotectData. After reading in the client_init.xml file it will be deleted. Each time an installation occurs, both of the account passwords will be reset and a new randomly generated password will be used. NOTE: If the computer being installed upon is a domain controller, then the account names will have the computer name appeneded on to them. Groups: {{{ boinc_administrators boinc_project }}} Each group will contain the following members: || boinc_administrators || Administrator [[BR]] [[BR]] 'boinc' || || boinc_project || 'boinc_project' || == Data Directory == All data, configuration files, and logs will be moved to the following default location: {{{ Vista: C:\Users\All Users\BOINC 2000/XP: C:\Documents and Settings\All Users\Application Data\BOINC }}} Under BOINC there will be a 'projects' and 'slots' directory. Directories will have the following permissions: || BOINC || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Deny All) || || BOINC\projects || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Modify, Read & Execute, List Folder Contents, Read, Write) || || BOINC\slots || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Modify, Read & Execute, List Folder Contents, Read, Write) || Notes: What to do if an organization has disabled the 'Bypass Traverse Checking' user right for Everyone? See http://support.microsoft.com/kb/823659 for more details. == Executables Directory == Same location as the previous releases. {{{ C:\Program Files\BOINC }}} Directory will have the following permissions: || BOINC || SYSTEM (Full Control) [[BR]] Administrators (Full Control) [[BR]] boinc_administrators (Modify, Read & Execute, List Folder Contents, Read, Write) [[BR]] boinc_projects (Deny All) || == User Interface == === Welcome Screen === Same as before. === License Screen === Same as before. === Configuration Screen === ==== Setup Type Button Group ==== Two radio buttons, graphics compatible installation and secure installation, will be displayed with the secure installation being the default. Graphics compatible installations will be the same as the single-user installation of the v5 generation of clients. The manager will be responsible for launching the core client, and all applications will be launched in the same security context as the user who logged into the system. Choose this option if you would like to see graphics from older as well as newer science applications, or projects who have long running tasks which won't complete for awhile. Secure installations will install BOINC as a service on Windows, and will be executed using the 'boinc' user account security context. BOINC science applications will be executed as the 'boinc_project' security context. Graphics will be available only for newer (Version 6) science applications. Choose this option if you are concerned about security. Descriptions for both installation methods should appear underneith each installation option. ==== Options ==== A checkbox will be displayed, Launch BOINC Manager at startup, which will be checked by default. A checkbox will be displayed, Configure BOINC as my screensaver, which will be checked by default. A button will be displayed, Advanced Configuration, which when pressed will save the current configuration options, and switch to the advanced configuration screen. NOTE: The advanced configuration button will be disabled if the graphics compatible installation is selected. === Advanced Configuration === A text box will be displayed for the default data directory, a browse button will appear to the right of the text box. Clicking on the browse button will display the directory chooser dialog. A text box will be displayed for the executable directory, a browse button will appear to the right of the text box. Clicking on the browse button will display the directory chooser dialog. A text box will be displayed requesting which user account should be used as the 'boinc' account. A password text box should be displayed to the right of the 'boinc' username text box. A text box will be displayed requesting which user account should be used as the 'boinc_project' account. A password text box should be displayed to the right of the 'boinc_project' username text box. Both the 'boinc' and 'boinc_project' accounts should be validated before the user is allowed to proceed to the next screen. If the user specifies an account to use for the 'boinc' account, then automatic account creation will be disabled for the 'boinc' account. If the user specifies an account to use for the 'boinc_project' account, then automatic account creation will be disabled for the 'boinc_project' account. === Confirmation Screen === Same as before. == Custom Actions == Several specialized pieces of code will manage the migration from the v5 data directory to v6 data directory structure. These custom pieces of code will all be executed during the execution phase of setup and will be introduced in between the following standard custom actions: {{{ ... MSI: Validates installaton package ... CAValidateSetup CAShutdownBOINC CAShutdownBOINCManager CAShutdownBOINCManager95 CAShutdownBOINCScreensaver ... ... MSI: Remove older version if it exists ... CACleanupOldBinaries CAMigratex86x64 CAMigrateCPDNBBC CACreateBOINCAccounts (New in Version 6.0) CACreateBOINCGroups (New in Version 6.0) CAMigrateBOINCData (New in Version 6.0) ... ... MSI: Begin installation process }}} === CAValidateSetup === Checks that the parameters passed into the installation program are valid for the installation type. Otherwise it reports an error to the user. This is a backup check for validating the parameters passed in via the command line, if the user is installing via the GUI this shouldn't ever be a problem. {{{ IF SetupType == 'Single-User' THEN IF ALLUSERS == 1 THEN ABORT END IF IF SERVICE* IS NOT NULL THEN ABORT END IF ELSE IF SERVICE* IS NULL THEN ABORT END IF END IF }}} === CAShutdownBOINC === Kills boinc.exe if it is currently executing on the system. {{{ TerminateProcessByName("boinc.exe") }}} === CAShutdownBOINCManager === Kills boincmgr.exe if it is currently executing on the system. {{{ TerminateProcessByName("boincmgr.exe") }}} === CAShutdownBOINCManager95 === Kills boincmgr.exe if it is currently executing on the system using Win9x compatible means. {{{ TerminateProcessByName95("boincmgr.exe") }}} === CAShutdownBOINCScreensaver === Kills boinc.scr if it is currently executing on the system. {{{ TerminateProcessByName95("boinc.scr") }}} === CACleanupOldBinaries === Deletes any lingering files left over from a previous BOINC installation, this can sometimes happen if a user replaces a stock client with a optimized one. {{{ DeleteFile(strInstallDirectory + _T("\\boinc.exe")); DeleteFile(strInstallDirectory + _T("\\boincmgr.exe")); DeleteFile(strInstallDirectory + _T("\\boinccmd.exe")); DeleteFile(strInstallDirectory + _T("\\boinc.dll")); DeleteFile(strInstallDirectory + _T("\\libcurl.dll")); DeleteFile(strInstallDirectory + _T("\\libeay32.dll")); DeleteFile(strInstallDirectory + _T("\\ssleay32.dll")); DeleteFile(strInstallDirectory + _T("\\zlib1.dll")); DeleteFile(strInstallDirectory + _T("\\dbghelp.dll")); DeleteFile(strInstallDirectory + _T("\\dbghelp95.dll")); DeleteFile(strInstallDirectory + _T("\\srcsrv.dll")); DeleteFile(strInstallDirectory + _T("\\symsrv.dll")); }}} === CAMigratex86x64 === Migrate any data files from "C:\Program Files (x86)\BOINC" to "C:\Program Files\BOINC" if "C:\Program Files\BOINC" doesn't already exist. {{{ MoveFileEx("C:\\Program Files (x86)\\BOINC", strInstallDirectory, MOVEFILE_COPY_ALLOWED|MOVEFILE_WRITE_THROUGH); }}} === CAMigrateCPDNBBC === Migrate any data files from "C:\Program Files\Climate Change Experiment" to "C:\Program Files\BOINC" if "C:\Program Files\BOINC" doesn't already exist. {{{ MoveFileEx("C:\\Program Files\\Climate Change Experiment", strInstallDirectory, MOVEFILE_COPY_ALLOWED|MOVEFILE_WRITE_THROUGH); }}} === CACreateBOINCAccounts === Creates the two user accounts that BOINC will need to complete a secure installation. Passwords are base64 encoded before being stored to disk. {{{ strComputerName = GetComputerName() bIsDomainController = IsDomainController() GetProperty("BOINC_USERNAME", strBOINCUsername) GetProperty("BOINC_PROJECT_USERNAME", strBOINCProjectUsername) IF bIsDomainController THEN IF strBOINCUsername IS NULL THEN strBOINCUsername = "boinc_" + strComputerName END IF IF strBOINCProjectUsername IS NULL THEN strBOINCProjectUsername = "boinc_project_" + strComputerName END IF ELSE IF strBOINCUsername IS NULL THEN strBOINCUsername = "boinc" END IF IF strBOINCProjectUsername IS NULL THEN strBOINCProjectUsername = "boinc_project" END IF END IF strBOINCAccountPassword = GenerateNewPassword() strBOINCProjectAccountPassword = GenerateNewPassword() IF GetUserAccount(strBOINCUsername) EXISTS THEN ResetUserAccountPassword(strBOINCUsername, strBOINCAccountPassword); ELSE CreateUserAccount(strBOINCUsername, strBOINCAccountPassword) SetUserAccountProperty(strBOINCUsername, "PasswordNeverExpires") END IF IF GetUserAccount(strBOINCProjectUsername) EXISTS THEN ResetUserAccountPasswordstrBOINCProjectUsername, strBOINCProjectAccountPassword); ELSE CreateUserAccount(strBOINCProjectUsername, strBOINCProjectAccountPassword) SetUserAccountProperty(strBOINCProjectUsername, "PasswordNeverExpires") END IF WriteAccountsToDisk(strBOINCUsername, strBOINCAccountPassword, strBOINCProjectUsername, strBOINCProjectAccountPassword) }}} === CACreateBOINCGroups === Creates the two security groups that BOINC will need to complete a secure installation. {{{ strComputerName = GetComputerName() bIsDomainController = IsDomainController() GetProperty("BOINC_USERNAME", strBOINCUsername) GetProperty("BOINC_PROJECT_USERNAME", strBOINCProjectUsername) IF bIsDomainController THEN IF strBOINCUsername IS NULL THEN strBOINCUsername = "boinc_" + strComputerName END IF IF strBOINCProjectUsername IS NULL THEN strBOINCProjectUsername = "boinc_project_" + strComputerName END IF ELSE IF strBOINCUsername IS NULL THEN strBOINCUsername = "boinc" END IF IF strBOINCProjectUsername IS NULL THEN strBOINCProjectUsername = "boinc_project" END IF END IF IF GetGroup("boinc_administrators") NOT EXISTS THEN CreateGroup("boinc_administrators") AddUserToGroup("Administrator") AddUserToGroup(GetCurrentUsername()) AddUserToGroup(strBOINCUsername) END IF IF GetGroup("boinc_project") NOT EXISTS THEN CreateGroup("boinc_project") AddUserToGroup(strBOINCProjectUsername) END IF }}} === CAMigrateBOINCData === Migrate any data files from "C:\Program Files\BOINC" to all users application data location if the all users application data location doesn't already exist. {{{ MoveFileEx("C:\\Program Files\\BOINC", strDataDirectory, MOVEFILE_COPY_ALLOWED|MOVEFILE_WRITE_THROUGH); }}} == Reverting to a previous version of BOINC == Instructions will be provided on the website for copying the data files from the new location back to the old location, and how to delete the newly created users and groups.