Skip to content

Commit 2480511

Browse files
AenBleiddAenBleidd
committed
[windows] Fix installer to start BOINC unelevated.
This fixes #992. Signed-off-by: Vitalii Koshura <[email protected]>
1 parent aef22e5 commit 2480511

File tree

1 file changed

+72
-31
lines changed

1 file changed

+72
-31
lines changed

clientsetup/win/launcher.cpp

Lines changed: 72 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,19 @@
1+
// This file is part of BOINC.
2+
// http://boinc.berkeley.edu
3+
// Copyright (C) 2025 University of California
4+
//
5+
// BOINC is free software; you can redistribute it and/or modify it
6+
// under the terms of the GNU Lesser General Public License
7+
// as published by the Free Software Foundation,
8+
// either version 3 of the License, or (at your option) any later version.
9+
//
10+
// BOINC is distributed in the hope that it will be useful,
11+
// but WITHOUT ANY WARRANTY; without even the implied warranty of
12+
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13+
// See the GNU Lesser General Public License for more details.
14+
//
15+
// You should have received a copy of the GNU Lesser General Public License
16+
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
117

218
#include "stdafx.h"
319
#include "boinccas.h"
@@ -88,7 +104,7 @@ inline HRESULT ReducePrivilegesForMediumIL(HANDLE hToken)
88104

89105
SetPrivilege(hToken, SE_BACKUP_NAME, SE_PRIVILEGE_REMOVED);
90106
SetPrivilege(hToken, SE_CREATE_PAGEFILE_NAME, SE_PRIVILEGE_REMOVED);
91-
SetPrivilege(hToken, TEXT("SeCreateSymbolicLinkPrivilege"), SE_PRIVILEGE_REMOVED);
107+
SetPrivilege(hToken, SE_CREATE_SYMBOLIC_LINK_NAME, SE_PRIVILEGE_REMOVED);
92108
SetPrivilege(hToken, SE_DEBUG_NAME, SE_PRIVILEGE_REMOVED);
93109
SetPrivilege(hToken, SE_IMPERSONATE_NAME, SE_PRIVILEGE_REMOVED);
94110
SetPrivilege(hToken, SE_INC_BASE_PRIORITY_NAME, SE_PRIVILEGE_REMOVED);
@@ -231,38 +247,63 @@ HRESULT CreateProcessWithExplorerIL(LPWSTR szProcessName, LPWSTR szCmdLine)
231247
}
232248

233249
if(SUCCEEDED(hr)) {
250+
HANDLE hProcessToken = NULL;
251+
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hProcessToken)) {
252+
hr = HRESULT_FROM_WIN32(GetLastError());
253+
}
254+
else {
255+
SetPrivilege(hProcessToken, SE_INCREASE_QUOTA_NAME);
256+
CloseHandle(hProcessToken);
257+
hr = HRESULT_FROM_WIN32(GetLastError());
258+
}
234259

235-
hr = ReducePrivilegesForMediumIL(hNewToken);
236-
237-
SetTokenInformation(
238-
hNewToken,
239-
TokenVirtualizationEnabled,
240-
&dwEnableVirtualization,
241-
sizeof(DWORD)
242-
);
243-
244-
if(SUCCEEDED(hr)) {
245-
bRet = CreateProcessAsUser(
246-
hNewToken,
247-
szProcessName,
248-
szCmdLine,
249-
NULL,
250-
NULL,
251-
FALSE,
252-
NORMAL_PRIORITY_CLASS,
253-
NULL,
254-
NULL,
255-
&StartupInfo,
256-
&ProcInfo
257-
);
258-
if(bRet) {
259-
CloseHandle(ProcInfo.hThread);
260-
CloseHandle(ProcInfo.hProcess);
261-
} else {
262-
hr = HRESULT_FROM_WIN32(GetLastError());
263-
}
260+
if (SUCCEEDED(hr)) {
261+
hr = ReducePrivilegesForMediumIL(hNewToken);
262+
263+
SetTokenInformation(
264+
hNewToken,
265+
TokenVirtualizationEnabled,
266+
&dwEnableVirtualization,
267+
sizeof(DWORD)
268+
);
269+
270+
if (SUCCEEDED(hr)) {
271+
bRet = CreateProcessWithTokenW(
272+
hNewToken,
273+
0,
274+
szProcessName,
275+
szCmdLine,
276+
0,
277+
NULL,
278+
NULL,
279+
&StartupInfo,
280+
&ProcInfo
281+
);
282+
if (!bRet) {
283+
bRet = CreateProcessAsUser(
284+
hNewToken,
285+
szProcessName,
286+
szCmdLine,
287+
NULL,
288+
NULL,
289+
FALSE,
290+
NORMAL_PRIORITY_CLASS,
291+
NULL,
292+
NULL,
293+
&StartupInfo,
294+
&ProcInfo
295+
);
296+
}
297+
if (bRet) {
298+
CloseHandle(ProcInfo.hThread);
299+
CloseHandle(ProcInfo.hProcess);
300+
}
301+
else {
302+
hr = HRESULT_FROM_WIN32(GetLastError());
303+
}
304+
}
305+
CloseHandle(hNewToken);
264306
}
265-
CloseHandle(hNewToken);
266307
} else {
267308
hr = HRESULT_FROM_WIN32(GetLastError());
268309
}

0 commit comments

Comments
 (0)