Commit 02eedda8 authored by Rom Walton's avatar Rom Walton

- WINSETUP: Explicitly set the permissions on the BOINC Data

        directory structure during every install.

    win_build/
        boincmgr_curl.vcproj
    win_build/installerv2/
        BOINC.ism
    win_build/installerv2/redist/Windows/src/boinccas/
        boinccas.def
        boinccas.rc
        boinccas.vcproj
    win_build/installerv2/redist/Windows/src/boinccas/
        CASetPermissionBOINCData.cpp, .h (Added)
        CASetPermissionBOINCDataProjects.cpp, .h (Added)
        CASetPermissionBOINCDataSlots.cpp, .h (Added)
        dirops.cpp, .h
        stdafx.h
    win_build/installerv2/redist/Windows/Win32/
        boinccas.dll
        boinccas95.dll

    - Tag for 6.1.12 release, all platforms
      boinc_core_release_6_1_12

    /
        configure.ac
        version.h

svn path=/trunk/boinc/; revision=14989
parent 06c1d139
......@@ -2852,3 +2852,33 @@ David Mar 31 2008
api
graphics2.h
graphics2_win.C
Rom Mar 31 2008
- WINSETUP: Explicitly set the permissions on the BOINC Data
directory structure during every install.
win_build/
boincmgr_curl.vcproj
win_build/installerv2/
BOINC.ism
win_build/installerv2/redist/Windows/src/boinccas/
boinccas.def
boinccas.rc
boinccas.vcproj
win_build/installerv2/redist/Windows/src/boinccas/
CASetPermissionBOINCData.cpp, .h (Added)
CASetPermissionBOINCDataProjects.cpp, .h (Added)
CASetPermissionBOINCDataSlots.cpp, .h (Added)
dirops.cpp, .h
stdafx.h
win_build/installerv2/redist/Windows/Win32/
boinccas.dll
boinccas95.dll
Rom Mar 31 2008 (HEAD)
- Tag for 6.1.12 release, all platforms
boinc_core_release_6_1_12
/
configure.ac
version.h
......@@ -9,7 +9,7 @@ dnl not sure exactly what the minimum version is (but 2.13 wont work)
AC_PREREQ(2.57)
dnl Set the BOINC version here. You can also use the set-version script.
AC_INIT(BOINC, 6.1.11)
AC_INIT(BOINC, 6.1.12)
AC_ARG_ENABLE(debug,
AS_HELP_STRING([--enable-debug],
......
......@@ -26,32 +26,6 @@
#include "win_util.h"
#define WINSTA_ALL ( \
WINSTA_ACCESSCLIPBOARD | WINSTA_ACCESSGLOBALATOMS | \
WINSTA_CREATEDESKTOP | WINSTA_ENUMDESKTOPS | \
WINSTA_ENUMERATE | WINSTA_EXITWINDOWS | \
WINSTA_READATTRIBUTES | WINSTA_READSCREEN | \
WINSTA_WRITEATTRIBUTES | DELETE | \
READ_CONTROL | WRITE_DAC | \
WRITE_OWNER \
)
#define DESKTOP_ALL ( \
DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | \
DESKTOP_ENUMERATE | DESKTOP_HOOKCONTROL | \
DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | \
DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | \
DESKTOP_WRITEOBJECTS | DELETE | \
READ_CONTROL | WRITE_DAC | \
WRITE_OWNER \
)
#define GENERIC_ACCESS ( \
GENERIC_READ | GENERIC_WRITE | \
GENERIC_EXECUTE | GENERIC_ALL \
)
/**
* Find out if we are on a Windows 2000 compatible system
**/
......@@ -393,7 +367,7 @@ BOOL AddAceToWindowStation(HWINSTA hwinsta, PSID psid)
INHERIT_ONLY_ACE | OBJECT_INHERIT_ACE;
pace->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE) +
GetLengthSid(psid) - sizeof(DWORD);
pace->Mask = GENERIC_ACCESS;
pace->Mask = GENERIC_ALL;
if (!CopySid(GetLengthSid(psid), &pace->SidStart, psid))
throw;
......@@ -407,10 +381,10 @@ BOOL AddAceToWindowStation(HWINSTA hwinsta, PSID psid)
)
throw;
// Add the second ACE to the window station.
// Add an ACE to the window station.
pace->Header.AceFlags = NO_PROPAGATE_INHERIT_ACE;
pace->Mask = WINSTA_ALL;
pace->Mask = GENERIC_ALL;
if (!AddAce(
pNewAcl,
......@@ -619,7 +593,7 @@ BOOL AddAceToDesktop(HDESK hdesk, PSID psid)
if (!AddAccessAllowedAce(
pNewAcl,
ACL_REVISION,
DESKTOP_ALL,
GENERIC_ALL,
psid)
)
throw;
......
......@@ -10,10 +10,10 @@
#define BOINC_MINOR_VERSION 1
/* Release part of BOINC version number */
#define BOINC_RELEASE 11
#define BOINC_RELEASE 12
/* String representation of BOINC version number */
#define BOINC_VERSION_STRING "6.1.11"
#define BOINC_VERSION_STRING "6.1.12"
#if (defined(_WIN32) || defined(__APPLE__))
/* Name of package */
......@@ -26,13 +26,13 @@
#define PACKAGE_NAME "BOINC"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "BOINC 6.1.11"
#define PACKAGE_STRING "BOINC 6.1.12"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "boinc"
/* Define to the version of this package. */
#define PACKAGE_VERSION "6.1.11"
#define PACKAGE_VERSION "6.1.12"
#endif /* #if (defined(_WIN32) || defined(__APPLE__)) */
......
......@@ -457,7 +457,7 @@
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="MSVCRT.LIB MSVCPRT.LIB kernel32.lib user32.lib gdi32.lib ole32.lib oleacc.lib shell32.lib comdlg32.lib advapi32.lib oldnames.lib uuid.lib rpcrt4.lib comctl32.lib wsock32.lib wininet.lib userenv.lib wxbase28.lib wxbase28_net.lib wxbase28_xml.lib wxmsw28_adv.lib wxmsw28_core.lib wxmsw28_html.lib wxregex.lib wxexpat.lib wxpng.lib wxzlib.lib boinc_dll.lib"
AdditionalDependencies="MSVCRT.LIB MSVCPRT.LIB kernel32.lib user32.lib gdi32.lib ole32.lib oleacc.lib shell32.lib comdlg32.lib advapi32.lib oldnames.lib uuid.lib rpcrt4.lib comctl32.lib wsock32.lib wininet.lib userenv.lib wxbase26.lib wxbase26_net.lib wxbase26_xml.lib wxmsw26_adv.lib wxmsw26_core.lib wxmsw26_html.lib wxregex.lib wxexpat.lib wxpng.lib wxzlib.lib boinc_dll.lib"
OutputFile=".\Build\$(PlatformName)\$(ConfigurationName)\$(ProjectName).exe"
LinkIncremental="1"
AdditionalLibraryDirectories="&quot;$(OutDir)&quot;;&quot;$(WXWINPROD)\lib\vc_lib&quot;;&quot;$(WXWINPROD)\contrib\lib&quot;"
......
// Berkeley Open Infrastructure for Network Computing
// http://boinc.berkeley.edu
// Copyright (C) 2005 University of California
//
// This is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation;
// either version 2.1 of the License, or (at your option) any later version.
//
// This software is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// To view the GNU Lesser General Public License visit
// http://www.gnu.org/copyleft/lesser.html
// or write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
//
#include "stdafx.h"
#include "boinccas.h"
#include "CASetPermissionBOINCData.h"
#include "dirops.h"
#define CUSTOMACTION_NAME _T("CASetPermissionBOINCData")
#define CUSTOMACTION_PROGRESSTITLE _T("Setting permissions on the BOINC Data directory.")
/////////////////////////////////////////////////////////////////////
//
// Function:
//
// Description:
//
/////////////////////////////////////////////////////////////////////
CASetPermissionBOINCData::CASetPermissionBOINCData(MSIHANDLE hMSIHandle) :
BOINCCABase(hMSIHandle, CUSTOMACTION_NAME, CUSTOMACTION_PROGRESSTITLE)
{}
/////////////////////////////////////////////////////////////////////
//
// Function:
//
// Description:
//
/////////////////////////////////////////////////////////////////////
CASetPermissionBOINCData::~CASetPermissionBOINCData()
{
BOINCCABase::~BOINCCABase();
}
/////////////////////////////////////////////////////////////////////
//
// Function:
//
// Description:
//
/////////////////////////////////////////////////////////////////////
UINT CASetPermissionBOINCData::OnExecution()
{
DWORD dwRes = 0;
PACL pACL = NULL;
PSID psidAdministrators = NULL;
EXPLICIT_ACCESS ea[4];
tstring strBOINCAdminsGroupAlias;
tstring strBOINCUsersGroupAlias;
tstring strBOINCProjectsGroupAlias;
tstring strBOINCDataDirectory;
UINT uiReturnValue = -1;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
uiReturnValue = GetProperty( _T("BOINC_ADMINS_GROUPNAME"), strBOINCAdminsGroupAlias );
if ( uiReturnValue ) return uiReturnValue;
uiReturnValue = GetProperty( _T("BOINC_USERS_GROUPNAME"), strBOINCUsersGroupAlias );
if ( uiReturnValue ) return uiReturnValue;
uiReturnValue = GetProperty( _T("BOINC_PROJECTS_GROUPNAME"), strBOINCProjectsGroupAlias );
if ( uiReturnValue ) return uiReturnValue;
uiReturnValue = GetProperty( _T("DATADIR"), strBOINCDataDirectory );
if ( uiReturnValue ) return uiReturnValue;
// Initialize an EXPLICIT_ACCESS structure for all ACEs.
ZeroMemory(&ea, 4 * sizeof(EXPLICIT_ACCESS));
// Administrators
AllocateAndInitializeSid(
&SIDAuthNT,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&psidAdministrators
);
ea[0].grfAccessPermissions = GENERIC_ALL;
ea[0].grfAccessMode = SET_ACCESS;
ea[0].grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR)psidAdministrators;
// boinc_admins
ea[1].grfAccessPermissions = GENERIC_ALL;
ea[1].grfAccessMode = SET_ACCESS;
ea[1].grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[1].Trustee.ptstrName = (LPTSTR)strBOINCAdminsGroupAlias.c_str();
// boinc_users
ea[2].grfAccessPermissions = GENERIC_READ;
ea[2].grfAccessMode = SET_ACCESS;
ea[2].grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[2].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[2].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[2].Trustee.ptstrName = (LPTSTR)strBOINCUsersGroupAlias.c_str();
// boinc_projects
ea[3].grfAccessPermissions = FILE_TRAVERSE;
ea[3].grfAccessMode = SET_ACCESS;
ea[3].grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[3].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[3].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[3].Trustee.ptstrName = (LPTSTR)strBOINCProjectsGroupAlias.c_str();
// Create a new ACL that contains the new ACEs.
dwRes = SetEntriesInAcl(4, &ea[0], NULL, &pACL);
if (ERROR_SUCCESS != dwRes)
{
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
GetLastError(),
_T("SetEntriesInAcl Error")
);
return ERROR_INSTALL_FAILURE;
}
// Set the ACL on the Data Directory itself.
dwRes = SetNamedSecurityInfo(
(LPWSTR)strBOINCDataDirectory.c_str(),
SE_FILE_OBJECT,
DACL_SECURITY_INFORMATION,
NULL,
NULL,
pACL,
NULL
);
if (ERROR_SUCCESS != dwRes)
{
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
GetLastError(),
_T("SetNamedSecurityInfo Error")
);
return ERROR_INSTALL_FAILURE;
}
// Set ACLs on all files and sub folders.
RecursiveSetPermissions(strBOINCDataDirectory, pACL);
if (pACL)
LocalFree(pACL);
if (psidAdministrators)
LocalFree(psidAdministrators);
return ERROR_SUCCESS;
}
/////////////////////////////////////////////////////////////////////
//
// Function: SetPermissionBOINCData
//
// Description:
//
/////////////////////////////////////////////////////////////////////
UINT __stdcall SetPermissionBOINCData(MSIHANDLE hInstall)
{
UINT uiReturnValue = 0;
CASetPermissionBOINCData* pCA = new CASetPermissionBOINCData(hInstall);
uiReturnValue = pCA->Execute();
delete pCA;
return uiReturnValue;
}
// Berkeley Open Infrastructure for Network Computing
// http://boinc.berkeley.edu
// Copyright (C) 2005 University of California
//
// This is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation;
// either version 2.1 of the License, or (at your option) any later version.
//
// This software is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// To view the GNU Lesser General Public License visit
// http://www.gnu.org/copyleft/lesser.html
// or write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
//
#ifndef _CASETPERMISSIONBOINCDATA_H_
#define _CASETPERMISSIONBOINCDATA_H_
class CASetPermissionBOINCData : public BOINCCABase
{
public:
CASetPermissionBOINCData(MSIHANDLE hMSIHandle);
~CASetPermissionBOINCData();
virtual UINT OnExecution();
};
#endif
// Berkeley Open Infrastructure for Network Computing
// http://boinc.berkeley.edu
// Copyright (C) 2005 University of California
//
// This is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation;
// either version 2.1 of the License, or (at your option) any later version.
//
// This software is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// To view the GNU Lesser General Public License visit
// http://www.gnu.org/copyleft/lesser.html
// or write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
//
#include "stdafx.h"
#include "boinccas.h"
#include "CASetPermissionBOINCDataProjects.h"
#include "dirops.h"
#define CUSTOMACTION_NAME _T("CASetPermissionBOINCDataProjects")
#define CUSTOMACTION_PROGRESSTITLE _T("Setting permissions on the BOINC Projects directory.")
/////////////////////////////////////////////////////////////////////
//
// Function:
//
// Description:
//
/////////////////////////////////////////////////////////////////////
CASetPermissionBOINCDataProjects::CASetPermissionBOINCDataProjects(MSIHANDLE hMSIHandle) :
BOINCCABase(hMSIHandle, CUSTOMACTION_NAME, CUSTOMACTION_PROGRESSTITLE)
{}
/////////////////////////////////////////////////////////////////////
//
// Function:
//
// Description:
//
/////////////////////////////////////////////////////////////////////
CASetPermissionBOINCDataProjects::~CASetPermissionBOINCDataProjects()
{
BOINCCABase::~BOINCCABase();
}
/////////////////////////////////////////////////////////////////////
//
// Function:
//
// Description:
//
/////////////////////////////////////////////////////////////////////
UINT CASetPermissionBOINCDataProjects::OnExecution()
{
DWORD dwRes = 0;
PACL pACL = NULL;
PSID psidAdministrators = NULL;
EXPLICIT_ACCESS ea[4];
tstring strBOINCAdminsGroupAlias;
tstring strBOINCUsersGroupAlias;
tstring strBOINCProjectsGroupAlias;
tstring strBOINCDataDirectory;
tstring strBOINCDataProjectsDirectory;
UINT uiReturnValue = -1;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
uiReturnValue = GetProperty( _T("BOINC_ADMINS_GROUPNAME"), strBOINCAdminsGroupAlias );
if ( uiReturnValue ) return uiReturnValue;
uiReturnValue = GetProperty( _T("BOINC_USERS_GROUPNAME"), strBOINCUsersGroupAlias );
if ( uiReturnValue ) return uiReturnValue;
uiReturnValue = GetProperty( _T("BOINC_PROJECTS_GROUPNAME"), strBOINCProjectsGroupAlias );
if ( uiReturnValue ) return uiReturnValue;
uiReturnValue = GetProperty( _T("DATADIR"), strBOINCDataDirectory );
if ( uiReturnValue ) return uiReturnValue;
strBOINCDataProjectsDirectory = strBOINCDataDirectory + _T("\\projects");
// Initialize an EXPLICIT_ACCESS structure for all ACEs.
ZeroMemory(&ea, 4 * sizeof(EXPLICIT_ACCESS));
// Administrators
AllocateAndInitializeSid(
&SIDAuthNT,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&psidAdministrators
);
ea[0].grfAccessPermissions = GENERIC_ALL;
ea[0].grfAccessMode = SET_ACCESS;
ea[0].grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR)psidAdministrators;
// boinc_admins
ea[1].grfAccessPermissions = GENERIC_ALL;
ea[1].grfAccessMode = SET_ACCESS;
ea[1].grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[1].Trustee.ptstrName = (LPTSTR)strBOINCAdminsGroupAlias.c_str();
// boinc_users
ea[2].grfAccessPermissions = GENERIC_READ;
ea[2].grfAccessMode = SET_ACCESS;
ea[2].grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[2].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[2].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[2].Trustee.ptstrName = (LPTSTR)strBOINCUsersGroupAlias.c_str();
// boinc_projects
ea[3].grfAccessPermissions = GENERIC_ALL;
ea[3].grfAccessMode = SET_ACCESS;
ea[3].grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[3].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
ea[3].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[3].Trustee.ptstrName = (LPTSTR)strBOINCProjectsGroupAlias.c_str();
// Create a new ACL that contains the new ACEs.
dwRes = SetEntriesInAcl(4, &ea[0], NULL, &pACL);
if (ERROR_SUCCESS != dwRes)
{
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
GetLastError(),
_T("SetEntriesInAcl Error")
);
return ERROR_INSTALL_FAILURE;
}
// Set the ACL on the Data Directory itself.
dwRes = SetNamedSecurityInfo(
(LPWSTR)strBOINCDataProjectsDirectory.c_str(),
SE_FILE_OBJECT,
DACL_SECURITY_INFORMATION,
NULL,
NULL,
pACL,
NULL
);
if (ERROR_SUCCESS != dwRes)
{
LogMessage(
INSTALLMESSAGE_ERROR,
NULL,
NULL,
NULL,
GetLastError(),
_T("SetNamedSecurityInfo Error")
);
return ERROR_INSTALL_FAILURE;
}
// Set ACLs on all files and sub folders.
RecursiveSetPermissions(strBOINCDataProjectsDirectory, pACL);
if (pACL)
LocalFree(pACL);
if (psidAdministrators)
LocalFree(psidAdministrators);
return ERROR_SUCCESS;
}
/////////////////////////////////////////////////////////////////////
//
// Function: SetPermissionBOINCDataProjects
//
// Description:
//
/////////////////////////////////////////////////////////////////////
UINT __stdcall SetPermissionBOINCDataProjects(MSIHANDLE hInstall)
{
UINT uiReturnValue = 0;
CASetPermissionBOINCDataProjects* pCA = new CASetPermissionBOINCDataProjects(hInstall);
uiReturnValue = pCA->Execute();
delete pCA;
return uiReturnValue;
}
// Berkeley Open Infrastructure for Network Computing
// http://boinc.berkeley.edu
// Copyright (C) 2005 University of California
//
// This is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation;
// either version 2.1 of the License, or (at your option) any later version.
//
// This software is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// To view the GNU Lesser General Public License visit
// http://www.gnu.org/copyleft/lesser.html
// or write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA