wiki:ClientSetupLogicWinSix

Version 23 (modified by davea, 17 years ago) (diff)

--

Windows installer logic for version 6

T(VersionSix)?

Major differences from version 5 are:

  • Account-based sandboxing using unprivileged accounts.
  • Moves the BOINC data directory if needed.
  • BOINC executables are in a separate directory.
  • Simplified installer user experience.

Sandboxing

The installer offers two modes: 'Graphics compatible' and 'Secure'.

Graphics compatible installations is the same as the single-user installation of the v5. The manager will be responsible for launching the core client, and all applications will be launched in the same security context as the user who logged into the system. This allows users to see graphics from older as well as newer science applications, or projects with long running tasks which won't complete for a while.

If the user selects Secure, the core client will run as a serice. Two accounts and two groups will be created:

Accounts:

boinc_master
The core client runs under this account.
boinc_project
Apps and graphics app run under this account.

If the computer being installed upon is a domain controller, then the account names will have the computer name appended on to them.

Groups:

boinc_admins
Members of this group can change the configuration and protection settings for the BOINC client (for example the GUI RPC password and host list) and can also run the BOINC Manager and screensaver.
boinc_users
Members of this group can run the BOINC Manager and screensaver.

Initially, each group contains the following members:

boinc_admins Administrator
<Installing User>
'boinc_master'
boinc_users Everyone (if 'Allow everyone to use BOINC' is checked), else empty

Account passwords are managed as follows:

  • The installer creates a file 'client_auth.xml' in the BOINC data directory containing the name and base64 encoded password of the boinc_project account.
  • The password properties are added to SecureCustomProperties to prevent them being logged.
  • The password for boinc_master is managed by Windows.

On each installation, both of the account passwords are randomly regenerated.

Data directory

All data, configuration files, and logs will be moved to the following default location:

Vista:
C:\Users\All Users\BOINC

2000/XP:
C:\Documents and Settings\All Users\Application Data\BOINC

Under the data directory there will be 'projects' and 'slots' directories.

Directories will have the following permissions:

BOINC SYSTEM (Full Control)
Administrators (Full Control)
boinc_admins (Modify, Read & Execute, List Folder Contents, Read, Write)
boinc_users (Read & Execute, List Folder Contents, Read)
boinc_project (Deny All)
BOINC\projects SYSTEM (Full Control)
Administrators (Full Control)
boinc_admins (Modify, Read & Execute, List Folder Contents, Read, Write)
boinc_users (Read & Execute, List Folder Contents, Read)
boinc_project (Modify, Read & Execute, List Folder Contents, Read, Write)
BOINC\slots SYSTEM (Full Control)
Administrators (Full Control)
boinc_admins (Modify, Read & Execute, List Folder Contents, Read, Write)
boinc_users (Read & Execute, List Folder Contents, Read)
boinc_project (Modify, Read & Execute, List Folder Contents, Read, Write)

Notes: What to do if an organization has disabled the 'Bypass Traverse Checking' user right for Everyone? See http://support.microsoft.com/kb/823659 for more details.

Executables directory

Same default location as previous versions, C:\Program Files\BOINC

Directory will have the following permissions:

BOINC SYSTEM (Full Control)
Administrators (Full Control)
boinc_admins (Modify, Read & Execute, List Folder Contents, Read, Write)
boinc_users (Read & Execute, List Folder Contents, Read)
boinc_project (Deny All)

User Interface

Welcome Screen

Same as before.

License Screen

Same as before.

Configuration Screen

This dialog displays:

Click Next to use installation defaults.
Click Advanced to use customize.

[Advanced] [Next]

Advanced goes to the advanced configuration page. Next goes to the Confirmation screen.

Advanced Configuration

Data directory: [...] [Browse]
Program directory: [...] [Browse]

[] Launch BOINC on system startup
[] Use BOINC Screensaver
[] Protected application execution.
   If checked, you will have increased protection against misbehaving BOINC project applications.
   However, this may cause screensaver graphics to not work for older applications.
[] Allow all users on this computer to control BOINC
[Next]

Checkboxes are off by default. If any values are present from previous install, use them. The "Allow users" checkbox is disabled unless the "Protected" checkbox is set.

'Next' goes to 'Confimation' screen.

Confirmation Screen

Same as before.

Custom Actions

Several specialized pieces of code will manage the migration from the v5 data directory to v6 data directory structure. These custom pieces of code will all be executed during the execution phase of setup and will be introduced in between the following standard custom actions:

    ... MSI: Validates installation package
    ...
    CAValidateSetup
    CAShutdownBOINC
    CAShutdownBOINCManager
    CAShutdownBOINCManager95
    CAShutdownBOINCScreensaver
    ...
    ... MSI: Remove older version if it exists
    ...
    CACleanupOldBinaries
    CAMigratex86x64
    CAMigrateCPDNBBC
    CACreateBOINCAccounts (New in Version 6.0)
    CACreateBOINCGroups (New in Version 6.0)
    CAMigrateBOINCData (New in Version 6.0)
    ...
    ... MSI: Begin installation process

CAValidateSetup

Checks that the parameters passed into the installation program are valid for the installation type. Otherwise it reports an error to the user. This is a backup check for validating the parameters passed in via the command line, if the user is installing via the GUI this shouldn't ever be a problem.

IF SetupType == 'Single-User' THEN
    IF ALLUSERS == 1 THEN
        ABORT
    END IF
    IF SERVICE* IS NOT NULL THEN
        ABORT
    END IF
ELSE
    IF SERVICE* IS NULL THEN
        ABORT
    END IF
END IF

CAShutdownBOINC

Kills boinc.exe if it is currently executing on the system.

TerminateProcessByName("boinc.exe")

CAShutdownBOINCManager

Kills boincmgr.exe if it is currently executing on the system.

TerminateProcessByName("boincmgr.exe")

CAShutdownBOINCManager95

Kills boincmgr.exe if it is currently executing on the system using Win9x compatible means.

TerminateProcessByName95("boincmgr.exe")

CAShutdownBOINCScreensaver

Kills boinc.scr if it is currently executing on the system.

TerminateProcessByName95("boinc.scr")

CACleanupOldBinaries

Deletes any lingering files left over from a previous BOINC installation, this can sometimes happen if a user replaces a stock client with a optimized one.

DeleteFile(strInstallDirectory + _T("\\boinc.exe"));
DeleteFile(strInstallDirectory + _T("\\boincmgr.exe"));
DeleteFile(strInstallDirectory + _T("\\boinccmd.exe"));
DeleteFile(strInstallDirectory + _T("\\boinc.dll"));
DeleteFile(strInstallDirectory + _T("\\libcurl.dll"));
DeleteFile(strInstallDirectory + _T("\\libeay32.dll"));
DeleteFile(strInstallDirectory + _T("\\ssleay32.dll"));
DeleteFile(strInstallDirectory + _T("\\zlib1.dll"));
DeleteFile(strInstallDirectory + _T("\\dbghelp.dll"));
DeleteFile(strInstallDirectory + _T("\\dbghelp95.dll"));
DeleteFile(strInstallDirectory + _T("\\srcsrv.dll"));
DeleteFile(strInstallDirectory + _T("\\symsrv.dll"));

CAMigratex86x64

Migrate any data files from "C:\Program Files (x86)\BOINC" to "C:\Program Files\BOINC" if "C:\Program Files\BOINC" doesn't already exist.

MoveFileEx("C:\\Program Files (x86)\\BOINC", strInstallDirectory, MOVEFILE_COPY_ALLOWED|MOVEFILE_WRITE_THROUGH);

CAMigrateCPDNBBC

Migrate any data files from "C:\Program Files\Climate Change Experiment" to "C:\Program Files\BOINC" if "C:\Program Files\BOINC" doesn't already exist.

MoveFileEx("C:\\Program Files\\Climate Change Experiment", strInstallDirectory, MOVEFILE_COPY_ALLOWED|MOVEFILE_WRITE_THROUGH);

CACreateBOINCAccounts

Creates the two user accounts that BOINC will need to complete a secure installation. Passwords are base64 encoded before being stored to disk.

strComputerName = GetComputerName()
bIsDomainController = IsDomainController()

GetProperty("BOINC_USERNAME", strBOINCUsername)
GetProperty("BOINC_PROJECT_USERNAME", strBOINCProjectUsername)

IF bIsDomainController THEN
    IF strBOINCUsername IS NULL THEN
        strBOINCUsername = "boinc_" + strComputerName
    END IF
    IF strBOINCProjectUsername IS NULL THEN
        strBOINCProjectUsername = "boinc_project_" + strComputerName
    END IF
ELSE
    IF strBOINCUsername IS NULL THEN
        strBOINCUsername = "boinc"
    END IF
    IF strBOINCProjectUsername IS NULL THEN
        strBOINCProjectUsername = "boinc_project"
    END IF
END IF

strBOINCAccountPassword = GenerateNewPassword()
strBOINCProjectAccountPassword = GenerateNewPassword()

IF GetUserAccount(strBOINCUsername) EXISTS THEN
    ResetUserAccountPassword(strBOINCUsername, strBOINCAccountPassword);
ELSE
    CreateUserAccount(strBOINCUsername, strBOINCAccountPassword)
    SetUserAccountProperty(strBOINCUsername, "PasswordNeverExpires")
END IF
    
IF GetUserAccount(strBOINCProjectUsername) EXISTS THEN
    ResetUserAccountPasswordstrBOINCProjectUsername, strBOINCProjectAccountPassword);
ELSE
    CreateUserAccount(strBOINCProjectUsername, strBOINCProjectAccountPassword)
    SetUserAccountProperty(strBOINCProjectUsername, "PasswordNeverExpires")
END IF

WriteAccountsToDisk(strBOINCUsername, strBOINCAccountPassword, strBOINCProjectUsername, strBOINCProjectAccountPassword)

CACreateBOINCGroups

Creates the two security groups that BOINC will need to complete a secure installation.

strComputerName = GetComputerName()
bIsDomainController = IsDomainController()

GetProperty("BOINC_USERNAME", strBOINCUsername)
GetProperty("BOINC_PROJECT_USERNAME", strBOINCProjectUsername)

IF bIsDomainController THEN
    IF strBOINCUsername IS NULL THEN
        strBOINCUsername = "boinc_" + strComputerName
    END IF
    IF strBOINCProjectUsername IS NULL THEN
        strBOINCProjectUsername = "boinc_project_" + strComputerName
    END IF
ELSE
    IF strBOINCUsername IS NULL THEN
        strBOINCUsername = "boinc"
    END IF
    IF strBOINCProjectUsername IS NULL THEN
        strBOINCProjectUsername = "boinc_project"
    END IF
END IF

IF GetGroup("boinc_administrators") NOT EXISTS THEN
    CreateGroup("boinc_administrators")
    AddUserToGroup("Administrator")
    AddUserToGroup(GetCurrentUsername())
    AddUserToGroup(strBOINCUsername)
END IF
    
IF GetGroup("boinc_project") NOT EXISTS THEN
    CreateGroup("boinc_project")
    AddUserToGroup(strBOINCProjectUsername)
END IF

CAMigrateBOINCData

Migrate any data files from "C:\Program Files\BOINC" to all users application data location if the all users application data location doesn't already exist.

MoveFileEx("C:\\Program Files\\BOINC", strDataDirectory, MOVEFILE_COPY_ALLOWED|MOVEFILE_WRITE_THROUGH);

Reverting to a previous version of BOINC

Instructions will be provided on the website for copying the data files from the new location back to the old location, and how to delete the newly created users and groups. The user and group deletion should be handled by the uninstaller.