Skip to content

Commit

Permalink
Merge pull request #6049 from BOINC/vko_fix_msi_run_boinc_elevated
Browse files Browse the repository at this point in the history 
[windows] Fix installer to start BOINC unelevated.
  • Loading branch information
@AenBleidd
AenBleidd authored Jan 29, 2025
2 parents 094d574 + 2480511 commit fffcf2e
Showing 1 changed file with 72 additions and 31 deletions.
103 changes: 72 additions & 31 deletions clientsetup/win/launcher.cpp
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,19 @@
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2025 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.

#include "stdafx.h"
#include "boinccas.h"
Expand Down Expand Up @@ -88,7 +104,7 @@ inline HRESULT ReducePrivilegesForMediumIL(HANDLE hToken)

SetPrivilege(hToken, SE_BACKUP_NAME, SE_PRIVILEGE_REMOVED);
SetPrivilege(hToken, SE_CREATE_PAGEFILE_NAME, SE_PRIVILEGE_REMOVED);
SetPrivilege(hToken, TEXT("SeCreateSymbolicLinkPrivilege"), SE_PRIVILEGE_REMOVED);
SetPrivilege(hToken, SE_CREATE_SYMBOLIC_LINK_NAME, SE_PRIVILEGE_REMOVED);
SetPrivilege(hToken, SE_DEBUG_NAME, SE_PRIVILEGE_REMOVED);
SetPrivilege(hToken, SE_IMPERSONATE_NAME, SE_PRIVILEGE_REMOVED);
SetPrivilege(hToken, SE_INC_BASE_PRIORITY_NAME, SE_PRIVILEGE_REMOVED);
Expand Down Expand Up @@ -231,38 +247,63 @@ HRESULT CreateProcessWithExplorerIL(LPWSTR szProcessName, LPWSTR szCmdLine)
}

if(SUCCEEDED(hr)) {
HANDLE hProcessToken = NULL;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hProcessToken)) {
hr = HRESULT_FROM_WIN32(GetLastError());
}
else {
SetPrivilege(hProcessToken, SE_INCREASE_QUOTA_NAME);
CloseHandle(hProcessToken);
hr = HRESULT_FROM_WIN32(GetLastError());
}

hr = ReducePrivilegesForMediumIL(hNewToken);

SetTokenInformation(
hNewToken,
TokenVirtualizationEnabled,
&dwEnableVirtualization,
sizeof(DWORD)
);

if(SUCCEEDED(hr)) {
bRet = CreateProcessAsUser(
hNewToken,
szProcessName,
szCmdLine,
NULL,
NULL,
FALSE,
NORMAL_PRIORITY_CLASS,
NULL,
NULL,
&StartupInfo,
&ProcInfo
);
if(bRet) {
CloseHandle(ProcInfo.hThread);
CloseHandle(ProcInfo.hProcess);
} else {
hr = HRESULT_FROM_WIN32(GetLastError());
}
if (SUCCEEDED(hr)) {
hr = ReducePrivilegesForMediumIL(hNewToken);

SetTokenInformation(
hNewToken,
TokenVirtualizationEnabled,
&dwEnableVirtualization,
sizeof(DWORD)
);

if (SUCCEEDED(hr)) {
bRet = CreateProcessWithTokenW(
hNewToken,
0,
szProcessName,
szCmdLine,
0,
NULL,
NULL,
&StartupInfo,
&ProcInfo
);
if (!bRet) {
bRet = CreateProcessAsUser(
hNewToken,
szProcessName,
szCmdLine,
NULL,
NULL,
FALSE,
NORMAL_PRIORITY_CLASS,
NULL,
NULL,
&StartupInfo,
&ProcInfo
);
}
if (bRet) {
CloseHandle(ProcInfo.hThread);
CloseHandle(ProcInfo.hProcess);
}
else {
hr = HRESULT_FROM_WIN32(GetLastError());
}
}
CloseHandle(hNewToken);
}
CloseHandle(hNewToken);
} else {
hr = HRESULT_FROM_WIN32(GetLastError());
}
Expand Down

0 comments on commit fffcf2e

Please sign in to comment.