remoting/host/installer/mac/Scripts/remoting_postflight.sh

   1 #!/bin/sh
   2
   3 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
   4 # Use of this source code is governed by a BSD-style license that can be
   5 # found in the LICENSE file.
   6
   7 # Version = @@VERSION@@
   8
   9 HELPERTOOLS=/Library/PrivilegedHelperTools
  10 SERVICE_NAME=org.chromium.chromoting
  11 CONFIG_FILE="$HELPERTOOLS/$SERVICE_NAME.json"
  12 SCRIPT_FILE="$HELPERTOOLS/$SERVICE_NAME.me2me.sh"
  13 USERS_TMP_FILE="$SCRIPT_FILE.users"
  14 PLIST=/Library/LaunchAgents/org.chromium.chromoting.plist
  15 PAM_CONFIG=/etc/pam.d/chrome-remote-desktop
  16 ENABLED_FILE="$HELPERTOOLS/$SERVICE_NAME.me2me_enabled"
  17 ENABLED_FILE_BACKUP="$ENABLED_FILE.backup"
  18 LOG_FILE=/var/log/org.chromium.chromoting.log
  19
  20 KSADMIN=/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin
  21 KSUPDATE=https://tools.google.com/service/update2
  22 KSPID=com.google.chrome_remote_desktop
  23 KSPVERSION=@@VERSION@@
  24
  25 function on_error {
  26   logger An error occurred during Chrome Remote Desktop setup.
  27   exit 1
  28 }
  29
  30 function find_login_window_for_user {
  31   # This function mimics the behaviour of pgrep, which may not be installed
  32   # on Mac OS X.
  33   local user=$1
  34   ps -ec -u "$user" -o comm,pid | awk '$1 == "loginwindow" { print $2; exit }'
  35 }
  36
  37 trap on_error ERR
  38 trap 'rm -f "$USERS_TMP_FILE"' EXIT
  39
  40 logger Running Chrome Remote Desktop postflight script @@VERSION@@
  41
  42 # Register a ticket with Keystone to keep this package up to date.
  43 $KSADMIN --register --productid "$KSPID" --version "$KSPVERSION" \
  44     --xcpath "$PLIST" --url "$KSUPDATE"
  45
  46 # If there is a backup _enabled file, re-enable the service.
  47 if [[ -f "$ENABLED_FILE_BACKUP" ]]; then
  48   mv "$ENABLED_FILE_BACKUP" "$ENABLED_FILE"
  49 fi
  50
  51 # Create the PAM configuration unless it already exists and has been edited.
  52 update_pam=1
  53 CONTROL_LINE="# If you edit this file, please delete this line."
  54 if [[ -f "$PAM_CONFIG" ]] && ! grep -qF "$CONTROL_LINE" "$PAM_CONFIG"; then
  55   update_pam=0
  56 fi
  57
  58 if [[ "$update_pam" == "1" ]]; then
  59   logger Creating PAM config.
  60   cat > "$PAM_CONFIG" <<EOF
  61 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
  62 # Use of this source code is governed by a BSD-style license that can be
  63 # found in the LICENSE file.
  64
  65 auth       required   pam_deny.so
  66 account    required   pam_permit.so
  67 password   required   pam_deny.so
  68 session    required   pam_deny.so
  69
  70 # This file is auto-updated by the Chrome Remote Desktop installer.
  71 $CONTROL_LINE
  72 EOF
  73 else
  74   logger PAM config has local edits. Not updating.
  75 fi
  76
  77 # Create the log file (if this isn't created ahead of time
  78 # then directing output from the service there won't work).
  79 # Make sure admins have write privileges (CRD users are
  80 # typically admins)
  81 touch "$LOG_FILE"
  82 chown :admin "$LOG_FILE"
  83 chmod 660 "$LOG_FILE"
  84
  85 # Load the service for each user for whom the service was unloaded in the
  86 # preflight script (this includes the root user, in case only the login screen
  87 # is being remoted and this is a Keystone-triggered update).
  88 # Also, in case this is a fresh install, load the service for the user running
  89 # the installer, so they don't have to log out and back in again.
  90 if [[ -n "$USER" && "$USER" != "root" ]]; then
  91   id -u "$USER" >> "$USERS_TMP_FILE"
  92 fi
  93
  94 if [[ -r "$USERS_TMP_FILE" ]]; then
  95   for uid in $(sort "$USERS_TMP_FILE" | uniq); do
  96     logger Starting service for user "$uid".
  97
  98     if [[ "$uid" = "0" ]]; then
  99       context="LoginWindow"
 100     else
 101       context="Aqua"
 102     fi
 103
 104     # Load the launchd agent in the bootstrap context of user $uid's graphical
 105     # session, so that screen-capture and input-injection can work. To do this,
 106     # find the PID of a process which is running in that context. The
 107     # loginwindow process is a good candidate since the user (if logged in to
 108     # a session) will definitely be running it.
 109     pid="$(find_login_window_for_user "$uid")"
 110     if [[ -n "$pid" ]]; then
 111       launchctl bsexec "$pid" sudo -u "#$uid" launchctl load -w -S Aqua "$PLIST"
 112       launchctl bsexec "$pid" sudo -u "#$uid" launchctl start "$SERVICE_NAME"
 113     fi
 114   done
 115 fi