remoting/host/installer/mac/Scripts/remoting_postflight.sh

   1 #!/bin/sh
   2
   3 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
   4 # Use of this source code is governed by a BSD-style license that can be
   5 # found in the LICENSE file.
   6
   7 # Version = @@VERSION@@
   8
   9 HELPERTOOLS=/Library/PrivilegedHelperTools
  10 SERVICE_NAME=org.chromium.chromoting
  11 CONFIG_FILE="$HELPERTOOLS/$SERVICE_NAME.json"
  12 SCRIPT_FILE="$HELPERTOOLS/$SERVICE_NAME.me2me.sh"
  13 USERS_TMP_FILE="$SCRIPT_FILE.users"
  14 PLIST=/Library/LaunchAgents/org.chromium.chromoting.plist
  15 PAM_CONFIG=/etc/pam.d/chrome-remote-desktop
  16 ENABLED_FILE="$HELPERTOOLS/$SERVICE_NAME.me2me_enabled"
  17 ENABLED_FILE_BACKUP="$ENABLED_FILE.backup"
  18
  19 KSADMIN=/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin
  20 KSUPDATE=https://tools.google.com/service/update2
  21 KSPID=com.google.chrome_remote_desktop
  22 KSPVERSION=@@VERSION@@
  23
  24 function on_error {
  25   logger An error occurred during Chrome Remote Desktop setup.
  26   exit 1
  27 }
  28
  29 function find_login_window_for_user {
  30   # This function mimics the behaviour of pgrep, which may not be installed
  31   # on Mac OS X.
  32   local user=$1
  33   ps -ec -u "$user" -o comm,pid | awk '$1 == "loginwindow" { print $2; exit }'
  34 }
  35
  36 # Return 0 (true) if the current OS is El Capitan (OS X 10.11) or newer.
  37 function is_el_capitan_or_newer {
  38   local full_version=$(sw_vers -productVersion)
  39
  40   # Split the OS version into an array.
  41   local version
  42   IFS='.' read -a version <<< "${full_version}"
  43   local v0="${version[0]}"
  44   local v1="${version[1]}"
  45   if [[ $v0 -gt 10 || ( $v0 -eq 10 && $v1 -ge 11 ) ]]; then
  46     return 0
  47   else
  48     return 1
  49   fi
  50 }
  51
  52 trap on_error ERR
  53 trap 'rm -f "$USERS_TMP_FILE"' EXIT
  54
  55 logger Running Chrome Remote Desktop postflight script @@VERSION@@
  56
  57 # Register a ticket with Keystone to keep this package up to date.
  58 $KSADMIN --register --productid "$KSPID" --version "$KSPVERSION" \
  59     --xcpath "$PLIST" --url "$KSUPDATE"
  60
  61 # If there is a backup _enabled file, re-enable the service.
  62 if [[ -f "$ENABLED_FILE_BACKUP" ]]; then
  63   mv "$ENABLED_FILE_BACKUP" "$ENABLED_FILE"
  64 fi
  65
  66 # Create the PAM configuration unless it already exists and has been edited.
  67 update_pam=1
  68 CONTROL_LINE="# If you edit this file, please delete this line."
  69 if [[ -f "$PAM_CONFIG" ]] && ! grep -qF "$CONTROL_LINE" "$PAM_CONFIG"; then
  70   update_pam=0
  71 fi
  72
  73 if [[ "$update_pam" == "1" ]]; then
  74   logger Creating PAM config.
  75   cat > "$PAM_CONFIG" <<EOF
  76 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
  77 # Use of this source code is governed by a BSD-style license that can be
  78 # found in the LICENSE file.
  79
  80 auth       required   pam_deny.so
  81 account    required   pam_permit.so
  82 password   required   pam_deny.so
  83 session    required   pam_deny.so
  84
  85 # This file is auto-updated by the Chrome Remote Desktop installer.
  86 $CONTROL_LINE
  87 EOF
  88 else
  89   logger PAM config has local edits. Not updating.
  90 fi
  91
  92 # Load the service for each user for whom the service was unloaded in the
  93 # preflight script (this includes the root user, in case only the login screen
  94 # is being remoted and this is a Keystone-triggered update).
  95 # Also, in case this is a fresh install, load the service for the user running
  96 # the installer, so they don't have to log out and back in again.
  97 if [[ -n "$USER" && "$USER" != "root" ]]; then
  98   id -u "$USER" >> "$USERS_TMP_FILE"
  99 fi
 100
 101 if [[ -r "$USERS_TMP_FILE" ]]; then
 102   for uid in $(sort "$USERS_TMP_FILE" | uniq); do
 103     logger Starting service for user "$uid".
 104
 105     sudo_user="sudo -u #$uid"
 106     load="launchctl load -w -S Aqua $PLIST"
 107     start="launchctl start $SERVICE_NAME"
 108
 109     if is_el_capitan_or_newer; then
 110       boostrap_user="launchctl asuser $uid"
 111     else
 112       # Load the launchd agent in the bootstrap context of user $uid's
 113       # graphical session, so that screen-capture and input-injection can
 114       # work. To do this, find the PID of a process which is running in that
 115       # context. The loginwindow process is a good candidate since the user
 116       # (if logged in to a session) will definitely be running it.
 117       pid="$(find_login_window_for_user "$uid")"
 118       if [[ ! -n "$pid" ]]; then
 119         exit 1
 120       fi
 121       bootstrap_user="launchctl bsexec $pid"
 122     fi
 123
 124     $bootstrap_user $sudo_user $load
 125     $bootstrap_user $sudo_user $start
 126   done
 127 fi