1#!/bin/sh 2 3# Copyright (c) 2012 The Chromium Authors. All rights reserved. 4# Use of this source code is governed by a BSD-style license that can be 5# found in the LICENSE file. 6 7# Version = @@VERSION@@ 8 9HELPERTOOLS=/Library/PrivilegedHelperTools 10SERVICE_NAME=org.chromium.chromoting 11CONFIG_FILE="$HELPERTOOLS/$SERVICE_NAME.json" 12SCRIPT_FILE="$HELPERTOOLS/$SERVICE_NAME.me2me.sh" 13USERS_TMP_FILE="$SCRIPT_FILE.users" 14PLIST=/Library/LaunchAgents/org.chromium.chromoting.plist 15PAM_CONFIG=/etc/pam.d/chrome-remote-desktop 16ENABLED_FILE="$HELPERTOOLS/$SERVICE_NAME.me2me_enabled" 17ENABLED_FILE_BACKUP="$ENABLED_FILE.backup" 18LOG_FILE=/var/log/org.chromium.chromoting.log 19 20KSADMIN=/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin 21KSUPDATE=https://tools.google.com/service/update2 22KSPID=com.google.chrome_remote_desktop 23KSPVERSION=@@VERSION@@ 24 25function on_error { 26 logger An error occurred during Chrome Remote Desktop setup. 27 exit 1 28} 29 30function find_login_window_for_user { 31 # This function mimics the behaviour of pgrep, which may not be installed 32 # on Mac OS X. 33 local user=$1 34 ps -ec -u "$user" -o comm,pid | awk '$1 == "loginwindow" { print $2; exit }' 35} 36 37trap on_error ERR 38trap 'rm -f "$USERS_TMP_FILE"' EXIT 39 40logger Running Chrome Remote Desktop postflight script @@VERSION@@ 41 42# Register a ticket with Keystone to keep this package up to date. 43$KSADMIN --register --productid "$KSPID" --version "$KSPVERSION" \ 44 --xcpath "$PLIST" --url "$KSUPDATE" 45 46# If there is a backup _enabled file, re-enable the service. 47if [[ -f "$ENABLED_FILE_BACKUP" ]]; then 48 mv "$ENABLED_FILE_BACKUP" "$ENABLED_FILE" 49fi 50 51# Create the PAM configuration unless it already exists and has been edited. 52update_pam=1 53CONTROL_LINE="# If you edit this file, please delete this line." 54if [[ -f "$PAM_CONFIG" ]] && ! grep -qF "$CONTROL_LINE" "$PAM_CONFIG"; then 55 update_pam=0 56fi 57 58if [[ "$update_pam" == "1" ]]; then 59 logger Creating PAM config. 60 cat > "$PAM_CONFIG" <<EOF 61# Copyright (c) 2012 The Chromium Authors. All rights reserved. 62# Use of this source code is governed by a BSD-style license that can be 63# found in the LICENSE file. 64 65auth required pam_deny.so 66account required pam_permit.so 67password required pam_deny.so 68session required pam_deny.so 69 70# This file is auto-updated by the Chrome Remote Desktop installer. 71$CONTROL_LINE 72EOF 73else 74 logger PAM config has local edits. Not updating. 75fi 76 77# Create the log file (if this isn't created ahead of time 78# then directing output from the service there won't work). 79# Make sure admins have write privileges (CRD users are 80# typically admins) 81touch "$LOG_FILE" 82chown :admin "$LOG_FILE" 83chmod 660 "$LOG_FILE" 84 85# Load the service for each user for whom the service was unloaded in the 86# preflight script (this includes the root user, in case only the login screen 87# is being remoted and this is a Keystone-triggered update). 88# Also, in case this is a fresh install, load the service for the user running 89# the installer, so they don't have to log out and back in again. 90if [[ -n "$USER" && "$USER" != "root" ]]; then 91 id -u "$USER" >> "$USERS_TMP_FILE" 92fi 93 94if [[ -r "$USERS_TMP_FILE" ]]; then 95 for uid in $(sort "$USERS_TMP_FILE" | uniq); do 96 logger Starting service for user "$uid". 97 98 if [[ "$uid" = "0" ]]; then 99 context="LoginWindow" 100 else 101 context="Aqua" 102 fi 103 104 # Load the launchd agent in the bootstrap context of user $uid's graphical 105 # session, so that screen-capture and input-injection can work. To do this, 106 # find the PID of a process which is running in that context. The 107 # loginwindow process is a good candidate since the user (if logged in to 108 # a session) will definitely be running it. 109 pid="$(find_login_window_for_user "$uid")" 110 if [[ -n "$pid" ]]; then 111 launchctl bsexec "$pid" sudo -u "#$uid" launchctl load -w -S Aqua "$PLIST" 112 launchctl bsexec "$pid" sudo -u "#$uid" launchctl start "$SERVICE_NAME" 113 fi 114 done 115fi 116