Home | History | Annotate | Download | only in Scripts
      1 #!/bin/sh
      2 
      3 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
      4 # Use of this source code is governed by a BSD-style license that can be
      5 # found in the LICENSE file.
      6 
      7 # Version = @@VERSION@@
      8 
      9 HELPERTOOLS=/Library/PrivilegedHelperTools
     10 SERVICE_NAME=org.chromium.chromoting
     11 CONFIG_FILE="$HELPERTOOLS/$SERVICE_NAME.json"
     12 SCRIPT_FILE="$HELPERTOOLS/$SERVICE_NAME.me2me.sh"
     13 USERS_TMP_FILE="$SCRIPT_FILE.users"
     14 PLIST=/Library/LaunchAgents/org.chromium.chromoting.plist
     15 PAM_CONFIG=/etc/pam.d/chrome-remote-desktop
     16 ENABLED_FILE="$HELPERTOOLS/$SERVICE_NAME.me2me_enabled"
     17 ENABLED_FILE_BACKUP="$ENABLED_FILE.backup"
     18 LOG_FILE=/var/log/org.chromium.chromoting.log
     19 
     20 KSADMIN=/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin
     21 KSUPDATE=https://tools.google.com/service/update2
     22 KSPID=com.google.chrome_remote_desktop
     23 KSPVERSION=@@VERSION@@
     24 
     25 function on_error {
     26   logger An error occurred during Chrome Remote Desktop setup.
     27   exit 1
     28 }
     29 
     30 function find_login_window_for_user {
     31   # This function mimics the behaviour of pgrep, which may not be installed
     32   # on Mac OS X.
     33   local user=$1
     34   ps -ec -u "$user" -o comm,pid | awk '$1 == "loginwindow" { print $2; exit }'
     35 }
     36 
     37 trap on_error ERR
     38 trap 'rm -f "$USERS_TMP_FILE"' EXIT
     39 
     40 logger Running Chrome Remote Desktop postflight script @@VERSION@@
     41 
     42 # Register a ticket with Keystone to keep this package up to date.
     43 $KSADMIN --register --productid "$KSPID" --version "$KSPVERSION" \
     44     --xcpath "$PLIST" --url "$KSUPDATE"
     45 
     46 # If there is a backup _enabled file, re-enable the service.
     47 if [[ -f "$ENABLED_FILE_BACKUP" ]]; then
     48   mv "$ENABLED_FILE_BACKUP" "$ENABLED_FILE"
     49 fi
     50 
     51 # Create the PAM configuration unless it already exists and has been edited.
     52 update_pam=1
     53 CONTROL_LINE="# If you edit this file, please delete this line."
     54 if [[ -f "$PAM_CONFIG" ]] && ! grep -qF "$CONTROL_LINE" "$PAM_CONFIG"; then
     55   update_pam=0
     56 fi
     57 
     58 if [[ "$update_pam" == "1" ]]; then
     59   logger Creating PAM config.
     60   cat > "$PAM_CONFIG" <<EOF
     61 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
     62 # Use of this source code is governed by a BSD-style license that can be
     63 # found in the LICENSE file.
     64 
     65 auth       required   pam_deny.so
     66 account    required   pam_permit.so
     67 password   required   pam_deny.so
     68 session    required   pam_deny.so
     69 
     70 # This file is auto-updated by the Chrome Remote Desktop installer.
     71 $CONTROL_LINE
     72 EOF
     73 else
     74   logger PAM config has local edits. Not updating.
     75 fi
     76 
     77 # Create the log file (if this isn't created ahead of time
     78 # then directing output from the service there won't work).
     79 # Make sure admins have write privileges (CRD users are
     80 # typically admins)
     81 touch "$LOG_FILE"
     82 chown :admin "$LOG_FILE"
     83 chmod 660 "$LOG_FILE"
     84 
     85 # Load the service for each user for whom the service was unloaded in the
     86 # preflight script (this includes the root user, in case only the login screen
     87 # is being remoted and this is a Keystone-triggered update).
     88 # Also, in case this is a fresh install, load the service for the user running
     89 # the installer, so they don't have to log out and back in again.
     90 if [[ -n "$USER" && "$USER" != "root" ]]; then
     91   id -u "$USER" >> "$USERS_TMP_FILE"
     92 fi
     93 
     94 if [[ -r "$USERS_TMP_FILE" ]]; then
     95   for uid in $(sort "$USERS_TMP_FILE" | uniq); do
     96     logger Starting service for user "$uid".
     97 
     98     if [[ "$uid" = "0" ]]; then
     99       context="LoginWindow"
    100     else
    101       context="Aqua"
    102     fi
    103 
    104     # Load the launchd agent in the bootstrap context of user $uid's graphical
    105     # session, so that screen-capture and input-injection can work. To do this,
    106     # find the PID of a process which is running in that context. The
    107     # loginwindow process is a good candidate since the user (if logged in to
    108     # a session) will definitely be running it.
    109     pid="$(find_login_window_for_user "$uid")"
    110     if [[ -n "$pid" ]]; then
    111       launchctl bsexec "$pid" sudo -u "#$uid" launchctl load -w -S Aqua "$PLIST"
    112       launchctl bsexec "$pid" sudo -u "#$uid" launchctl start "$SERVICE_NAME"
    113     fi
    114   done
    115 fi
    116