// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2020 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see .
/* PostInstall.cpp */
// Notes on command-line installation to a remote Mac:
//
// When the installer is run from the Finder, this Postinstall.app will
// display up to two dialogs, asking the user whether or not to:
// [1] allow non-administrative users to run the BOINC Manager
// (asked only if this Mac has any non-administrative users)
// [2] set BOINC as the screensaver for all users who can run BOINC
// (asked only if BOINC screensaver is not already set for them)
//
// The installer can also be run from the command line. This is useful
// for installation on remote Macs. However, there is no way to respond
// to dialogs during a command-line install.
//
// Apple's command-line installer sets the following environment variable:
// COMMAND_LINE_INSTALL=1
// The postinstall script, postupgrade script, and this Postinstall.app
// detect this environment variable and do the following:
// * Redirect the Postinstall.app log output to a file
// /tmp/BOINCInstallLog.txt
// * Suppress the 2 dialogs
// * test for the existence of a file /tmp/nonadminusersok.txt; if the
// file exists, allow non-administrative users to run BOINC Manager
// * test for the existence of a file /tmp/setboincsaver.txt; if the
// file exists, set BOINC as the screensaver for all BOINC users.
//
// The BOINC installer package to be used for command line installs can
// be found embedded inside the GUI BOINC Installer application at:
// "..../BOINC Installer.app/Contents/Resources/BOINC.pkg"
//
// Example: To install on a remote Mac from the command line, allowing
// non-admin users to run the BOINC Manager and setting BOINC as the
// screensaver:
// * First SCP the "BOINC.pkg" to the remote Mac's /tmp
// directory, then SSh into the remote Mac and enter the following
// $ touch /tmp/nonadminusersok.txt
// $ touch /tmp/setboincsaver.txt
// $ sudo installer -pkg /tmp/BOINC.pkg -tgt /
// $ sudo reboot
//
#define VERBOSE_TEST 0 /* for debugging callPosixSpawn */
#if VERBOSE_TEST
#define CREATE_LOG 1 /* for debugging */
#else
#define CREATE_LOG 0 /* for debugging */
#endif
#define USE_OSASCRIPT_FOR_ALL_LOGGED_IN_USERS false
#include
#include
#include // getpwname, getpwuid, getuid
#include // getpwname, getpwuid, getuid
#include // getgrnam
#include // waitpid
#include
#include // for MAXPATHLEN
#include // for chmod
#include
#include
#include
#include
#include // for time()
#include
#include
#define DLOPEN_NO_WARN
#include
#include
#include "url.h"
#include "mac_branding.h"
using std::vector;
using std::string;
#include "mac_util.h"
#include "SetupSecurity.h"
#include "translate.h"
#include "file_names.h"
#include "util.h"
#define admin_group_name "admin"
#define boinc_master_user_name "boinc_master"
#define boinc_master_group_name "boinc_master"
#define boinc_project_user_name "boinc_project"
#define boinc_project_group_name "boinc_project"
OSErr Initialize(void); /* function prototypes */
Boolean myFilterProc(DialogRef theDialog, EventRecord *theEvent, DialogItemIndex *itemHit);
int DeleteReceipt(void);
Boolean IsRestartNeeded();
void CheckUserAndGroupConflicts();
Boolean SetLoginItemOSAScript(long brandID, Boolean deleteLogInItem, char *userName);
Boolean SetLoginItemLaunchAgent(long brandID, long oldBrandID, Boolean deleteLogInItem, passwd *pw);
OSErr GetCurrentScreenSaverSelection(passwd *pw, char *moduleName, size_t maxLen);
OSErr SetScreenSaverSelection(char *moduleName, char *modulePath, int type);
static void DeleteScreenSaverLaunchAgent(passwd *pw);
void SetSkinInUserPrefs(char *userName, char *nameOfSkin);
Boolean CheckDeleteFile(char *name);
static void FixLaunchServicesDataBase(uid_t userID, long brandID);
void SetEUIDBackToUser (void);
static char * PersistentFGets(char *buf, size_t buflen, FILE *f);
static void LoadPreferredLanguages();
static Boolean ShowMessage(Boolean askYesNo, const char *format, ...);
Boolean IsUserMemberOfGroup(const char *userName, const char *groupName);
int CountGroupMembershipEntries(const char *userName, const char *groupName);
OSErr UpdateAllVisibleUsers(long brandID, long oldBrandID);
static Boolean IsUserLoggedIn(const char *userName);
void FindAllVisibleUsers(void);
long GetBrandID(char *path);
int TestRPCBind(void);
pid_t FindProcessPID(char* name, pid_t thePID);
static void SleepSeconds(double seconds);
static OSErr QuitAppleEventHandler(const AppleEvent *appleEvt, AppleEvent* reply, UInt32 refcon);
int callPosixSpawn(const char *cmd);
void print_to_log(const char *format, ...);
void strip_cr(char *buf);
void CopyPreviousErrorsToLog(void);
extern int check_security(
char *bundlePath, char *dataPath,
int use_sandbox, int isManager,
char* path_to_error, int len
);
/* BEGIN TEMPORARY ITEMS TO ALLOW TRANSLATORS TO START WORK */
void notused() {
ShowMessage(true, (char *)_("Yes"));
ShowMessage(true, (char *)_("No"));
// Future feature
ShowMessage(true, (char *)_("Should BOINC run even when no user is logged in?"));
}
/* END TEMPORARY ITEMS TO ALLOW TRANSLATORS TO START WORK */
#define MAX_LANGUAGES_TO_TRY 5
static char * Catalog_Name = (char *)"BOINC-Setup";
static char * Catalogs_Dir = (char *)"/Library/Application Support/BOINC Data/locale/";
#define REPORT_ERROR(isError) if (isError) print_to_log("BOINC PostInstall error at line %d", __LINE__);
/* globals */
static Boolean gCommandLineInstall = false;
static Boolean gQuitFlag = false;
static Boolean currentUserCanRunBOINC = false;
static char loginName[256];
static char tempDirName[MAXPATHLEN];
static time_t waitPermissionsStartTime;
static vector human_user_names;
static vector human_user_IDs;
enum { launchWhenDone,
logoutRequired,
restartRequired,
nothingrequired
};
/******************************************************************
*** ***
*** NOTE: ***
*** ***
*** On entry, the postinstall or postupgrade script has set the ***
*** current directory to the top level of our installer package ***
*** ***
******************************************************************/
int main(int argc, char *argv[])
{
Boolean Success;
long brandID = 0;
long oldBrandID = 0;
int i;
pid_t installerPID = 0, coreClientPID = 0;
OSStatus err;
FILE *f;
char s[2048];
char path[MAXPATHLEN];
#ifndef SANDBOX
group *grp;
#endif // SANDBOX
printf("\nStarting PostInstall app %s\n\n", argv[1]);
fflush(stdout);
if (!check_branding_arrays(s, sizeof(s))) {
ShowMessage(false, (char *)_("Branding array has too few entries: %s"), s);
return -1;
}
// getlogin() gives unreliable results under OS 10.6.2, so use environment
strncpy(loginName, getenv("USER"), sizeof(loginName)-1);
if (loginName[0] == '\0') {
ShowMessage(false, (char *)_("Could not get user login name"));
return 0;
}
printf("login name = %s\n", loginName);
fflush(stdout);
snprintf(tempDirName, sizeof(tempDirName), "InstallBOINC-%s", loginName);
CopyPreviousErrorsToLog();
if (getenv("COMMAND_LINE_INSTALL") != NULL) {
gCommandLineInstall = true;
puts("command-line install\n");
fflush(stdout);
}
for (i=0; i= RETRY_LIMIT);
continue;
}
// err = SetBOINCAppOwnersGroupsAndPermissions("/Applications/GridRepublic Desktop.app");
err = SetBOINCAppOwnersGroupsAndPermissions(appPath[brandID]);
if (err != noErr) {
printf("SetBOINCAppOwnersGroupsAndPermissions returned %d (repetition=%d)", err, i);
fflush(stdout);
REPORT_ERROR(i >= RETRY_LIMIT);
continue;
}
err = SetBOINCDataOwnersGroupsAndPermissions();
if (err != noErr) {
printf("SetBOINCDataOwnersGroupsAndPermissions returned %d (repetition=%d)", err, i);
fflush(stdout);
REPORT_ERROR(i >= RETRY_LIMIT);
continue;
}
err = check_security(
appPath[brandID],
"/Library/Application Support/BOINC Data",
true, false, NULL, 0
);
if (err != noErr) {
printf("check_security returned %d (repetition=%d)", err, i);
fflush(stdout);
REPORT_ERROR(i >= RETRY_LIMIT);
} else {
break;
}
}
#else // ! defined(SANDBOX)
// The BOINC Manager and Core Client have the set-user-ID-on-execution
// flag set, so their ownership is important and must match the
// ownership of the BOINC Data directory.
// Find an appropriate admin user to set as owner of installed files
// First, try the user currently logged in
grp = getgrnam(admin_group_name);
i = 0;
while ((p = grp->gr_mem[i]) != NULL) { // Step through all users in group admin
if (strcmp(p, loginName) == 0) {
Success = true; // Logged in user is a member of group admin
break;
}
++i;
}
// If currently logged in user is not admin, use first non-root admin user
if (!Success) {
i = 0;
while ((p = grp->gr_mem[i]) != NULL) { // Step through all users in group admin
if (strcmp(p, "root") != 0)
break;
++i;
}
}
// Set owner of branded BOINCManager and contents, including core client
// "chown -Rf username \"/Applications/GridRepublic Desktop.app\""
sprintf(s, "chown -Rf %s \"%s\"", p, appPath[brandID]);
err = callPosixSpawn (s);
REPORT_ERROR(err);
// Set owner of BOINC Screen Saver
// "chown -Rf username \"/Library/Screen Savers/GridRepublic.saver\""
sprintf(s, "chown -Rf %s \"/Library/Screen Savers/%s.saver\"", p, saverName[brandID]);
err = callPosixSpawn (s);
REPORT_ERROR(err);
// We don't customize BOINC Data directory name for branding
// "chown -Rf username \"/Library/Application Support/BOINC Data\""
sprintf(s, "chown -Rf %s \"/Library/Application Support/BOINC Data\"", p);
err = callPosixSpawn (s);
REPORT_ERROR(err);
// "chmod -R a+s \"/Applications/GridRepublic Desktop.app\""
sprintf(s, "chmod -R a+s \"%s\"", appPath[brandID]);
err = callPosixSpawn (s);
REPORT_ERROR(err);
#endif // ! defined(SANDBOX)
// Remove any branded versions of BOINC other than ours (i.e., old versions)
for (i=0; i< NUMBRANDS; i++) {
if (i == brandID) continue;
// "rm -rf \"/Applications/GridRepublic Desktop.app\""
sprintf(s, "rm -rf \"%s\"", appPath[i]);
err = callPosixSpawn (s);
REPORT_ERROR(err);
// "rm -rf \"/Library/Screen Savers/GridRepublic.saver\""
sprintf(s, "rm -rf \"/Library/Screen Savers/%s.saver\"", saverName[i]);
err = callPosixSpawn (s);
REPORT_ERROR(err);
}
if (brandID == 0) { // Installing generic BOINC
err = callPosixSpawn ("rm -f \"/Library/Application Support/BOINC Data/Branding\"");
REPORT_ERROR(err);
}
CFStringRef CFAppPath = CFStringCreateWithCString(kCFAllocatorDefault, appPath[brandID],
kCFStringEncodingUTF8);
if (CFAppPath) {
// urlref = CFURLCreateWithFileSystemPath(NULL, "/Applications/GridRepublic Desktop.app", kCFURLPOSIXPathStyle, true);
CFURLRef urlref = CFURLCreateWithFileSystemPath(NULL, CFAppPath, kCFURLPOSIXPathStyle, true);
CFRelease(CFAppPath);
if (urlref) {
err = LSRegisterURL(urlref, true);
CFRelease(urlref);
REPORT_ERROR(err);
}
}
if (compareOSVersionTo(10, 13) >= 0) {
getPathToThisApp(path, sizeof(path));
strncat(path, "/Contents/Resources/boinc_Finish_Install", sizeof(path)-1);
snprintf(s, sizeof(s), "cp -f \"%s\" \"/Library/Application Support/BOINC Data/%s_Finish_Install\"", path, appName[brandID]);
err = callPosixSpawn(s);
REPORT_ERROR(err);
if (err) {
printf("Command %s returned error %d\n", s, err);
fflush(stdout);
}
snprintf(s, sizeof(s), "/Library/Application Support/BOINC Data/%s_Finish_Install\"\n", appName[brandID]);
chmod(s, 0755);
#ifdef SANDBOX
group *bmgrp = getgrnam(boinc_master_group_name);
passwd *bmpw = getpwnam(boinc_master_user_name);
if (bmgrp && bmpw) {
chown(s, bmpw->pw_uid, bmgrp->gr_gid);
}
#endif
}
err = UpdateAllVisibleUsers(brandID, oldBrandID);
if (err != noErr) {
REPORT_ERROR(true);
return err;
}
#if 0 // WaitPermissions is not needed when using wrapper
#ifdef SANDBOX
pid_t waitPermissionsPID = 0;
uid_t saved_euid, saved_uid, b_m_uid;
passwd *pw;
Boolean restartNeeded;
DialogRef theWin;
restartNeeded = IsRestartNeeded();
printf("IsRestartNeeded() returned %d\n", (int)restartNeeded);
fflush(stdout);
if (!restartNeeded) {
// Wait for BOINC's RPC socket address to become available to user boinc_master, in
// case we are upgrading from a version which did not run as user boinc_master.
saved_uid = getuid();
saved_euid = geteuid();
pw = getpwnam(boinc_master_user_name);
b_m_uid = pw->pw_uid;
seteuid(b_m_uid);
for (i=0; i<120; i++) {
err = TestRPCBind();
if (err == noErr)
break;
sleep(1);
}
seteuid(saved_euid);
// When we first create the boinc_master group and add the current user to the
// new group, there is a delay before the new group membership is recognized.
// If we launch the BOINC Manager too soon, it will fail with a -1037 permissions
// error, so we wait until the current user can access the switcher application.
// Apparently, in order to get the changed permissions / group membership, we must
// launch a new process belonging to the user. It may also need to be in a new
// process group or new session. Neither system() nor popen() works, even after
// setting the uid and euid back to the logged in user, but LSOpenFSRef() does.
// The WaitPermissions application loops until it can access the switcher
// application.
CFStringRef CFAppPath = CFStringCreateWithCString(kCFAllocatorDefault,
"/Library/Application Support/BOINC Data/WaitPermissions.app",
kCFStringEncodingUTF8);
if (CFAppPath) {
// urlref = CFURLCreateWithFileSystemPath(NULL, "/Applications/GridRepublic Desktop.app", kCFURLPOSIXPathStyle, true);
CFURLRef urlref = CFURLCreateWithFileSystemPath(NULL, CFAppPath, kCFURLPOSIXPathStyle, true);
CFRelease(CFAppPath);
if (urlref) {
err = LSOpenCFURLRef(urlref, NULL);
CFRelease(urlref);
}
}
if (err) {
printf("LSOpenCFURLRef(WaitPermissions) returned error %ld\n", err);
fflush(stdout);
}
waitPermissionsStartTime = time(NULL);
for (i=0; i<15; i++) { // Show "Please wait..." alert after 15 seconds
waitPermissionsPID = FindProcessPID("WaitPermissions", 0);
if (waitPermissionsPID == 0) {
return 0;
}
sleep(1);
}
if (gCommandLineInstall) {
printf("Finishing install. Please wait ...\n");
printf("This may take a few more minutes.\n");
fflush(stdout);
} else {
CreateStandardAlert(kAlertNoteAlert, CFSTR("Finishing install. Please wait ..."), CFSTR("This may take a few more minutes."), NULL, &theWin);
HideDialogItem(theWin, kStdOkItemIndex);
RemoveDialogItems(theWin, kStdOkItemIndex, 1, false);
RunStandardAlert(theWin, &myFilterProc, &itemHit);
}
}
#endif // SANDBOX
#endif // WaitPermissions is not needed when using wrapper
return 0;
}
Boolean myFilterProc(DialogRef theDialog, EventRecord *theEvent, DialogItemIndex *itemHit) {
static time_t lastCheckTime = 0;
time_t now = time(NULL);
pid_t waitPermissionsPID = 0;
if (now != lastCheckTime) {
waitPermissionsPID = FindProcessPID("WaitPermissions", 0);
if (waitPermissionsPID == 0) {
*itemHit = kStdOkItemIndex;
return true;
}
lastCheckTime = now;
// Limit delay to 3 minutes
if ((now - waitPermissionsStartTime) > 180) {
*itemHit = kStdOkItemIndex;
return true;
}
}
return false;
}
// After installation has completed, delete the installer receipt.
// If we don't need to logout the user, also launch BOINC Manager.
int DeleteReceipt()
{
long brandID = 0;
int i;
pid_t installerPID = 0;
OSStatus err;
Boolean restartNeeded = true;
char s[MAXPATHLEN];
struct stat sbuf;
passwd *pw;
Boolean launchForThisUser;
if (Initialize() != noErr) {
REPORT_ERROR(true);
return 0;
}
restartNeeded = IsRestartNeeded();
printf("IsRestartNeeded() returned %d\n", (int)restartNeeded);
fflush(stdout);
// The new branding (if any) is in the resources of this PostInstall.app
getPathToThisApp(s, sizeof(s));
strncat(s, "/Contents/Resources/Branding", sizeof(s)-1);
brandID = GetBrandID(s);
// Remove installer package receipt so we can run installer again if needed to fix permissions
// "rm -rf /Library/Receipts/GridRepublic.pkg"
sprintf(s, "rm -rf \"%s\"", receiptName[brandID]);
err = callPosixSpawn (s);
REPORT_ERROR(err);
if (!restartNeeded) {
// If system is set up to run BOINC Client as a daemon using launchd, launch it
// as a daemon and allow time for client to start before launching BOINC Manager.
err = stat("/Library/LaunchDaemons/edu.berkeley.boinc.plist", &sbuf);
if (err == noErr) {
callPosixSpawn("launchctl unload /Library/LaunchDaemons/edu.berkeley.boinc.plist");
i = callPosixSpawn("launchctl load /Library/LaunchDaemons/edu.berkeley.boinc.plist");
if (i == 0) sleep (2);
}
#ifdef SANDBOX
pw = getpwnam(loginName);
REPORT_ERROR(!pw);
if (pw) {
Boolean isBMGroupMember = IsUserMemberOfGroup(pw->pw_name, boinc_master_group_name);
if (!isBMGroupMember){
return 0; // Current user is not authorized to run BOINC Manager
}
}
#endif
installerPID = getPidIfRunning("com.apple.installer");
if (installerPID) {
// Launch BOINC Manager when user closes installer or after 15 seconds
for (i=0; i<15; i++) { // Wait 15 seconds max for installer to quit
sleep (1);
if (FindProcessPID(NULL, installerPID) == 0) {
break;
}
}
}
CFStringRef CFAppPath = CFStringCreateWithCString(kCFAllocatorDefault, appPath[brandID],
kCFStringEncodingUTF8);
if (CFAppPath) {
// urlref = CFURLCreateWithFileSystemPath(NULL, "/Applications/GridRepublic Desktop.app", kCFURLPOSIXPathStyle, true);
CFURLRef urlref = CFURLCreateWithFileSystemPath(NULL, CFAppPath, kCFURLPOSIXPathStyle, true);
if (urlref) {
err = LSOpenCFURLRef(urlref, NULL);
REPORT_ERROR(err);
CFRelease(urlref);
CFRelease(CFAppPath);
}
}
boinc_sleep(10); // Allow time for current user's Manager to launch client'
FindAllVisibleUsers();
for (i=0; i<(int)human_user_IDs.size(); ++i) {
pw = getpwuid(human_user_IDs[i]);
if (pw == NULL) {
continue;
}
if (strcmp(loginName, pw->pw_name) == 0) continue;
#ifdef SANDBOX
launchForThisUser = false;
if (IsUserLoggedIn(pw->pw_name)) {
launchForThisUser = (IsUserMemberOfGroup(pw->pw_name, admin_group_name)
|| IsUserMemberOfGroup(pw->pw_name, boinc_master_group_name));
}
#else // SANDBOX
launchForThisUser = true;
#endif // SANDBOX
if (launchForThisUser) {
// Launch Manager hidden (in background, without opening windows)
sprintf(s, "su -l \"%s\" -c 'open -jg \"%s\" --args -s'", pw->pw_name, appPath[brandID]);
err = callPosixSpawn(s);
printf("command: %s returned error %d\n", s, err);
}
}
}
return 0;
}
// BOINC Installer.app wrote a file to tell us whether a restart is required
Boolean IsRestartNeeded() {
char s[MAXPATHLEN];
FILE *restartNeededFile;
int value;
snprintf(s, sizeof(s), "/tmp/%s/BOINC_restart_flag", tempDirName);
restartNeededFile = fopen(s, "r");
if (restartNeededFile) {
fscanf(restartNeededFile,"%d", &value);
fclose(restartNeededFile);
return (value != 0);
}
return true;
}
// Some newer versions of the OS define users and groups which may conflict with
// our previously created boinc_master or boinc_project user or group. This could
// also happen when the user installs new software. So we must check for such
// duplicate UserIDs and groupIDs; if found, we delete our user or group so that
// the PostInstall application will create a new one that does not conflict.
//
// Older versions of the installer created our users and groups at the first
// unused IDs at or above 25. Apple now recommends using IDs at or above 501,
// to reduce the likelihood of conflicts with future UserIDs and groupIDs.
// If we have previously created UserIDs and / or groupIDs below 501, this code
// now removes them so we can create new ones above 500.
void CheckUserAndGroupConflicts()
{
#ifdef SANDBOX
passwd *pw = NULL;
group *grp = NULL;
gid_t boinc_master_gid = 0, boinc_project_gid = 0;
uid_t boinc_master_uid = 0, boinc_project_uid = 0;
FILE *f;
char cmd[256], buf[256];
int entryCount;
OSErr err = noErr;
if (compareOSVersionTo(10, 5) < 0) {
// This fails under OS 10.4, but should not be needed under OS 10.4
return;
}
printf("Checking user and group conflicts\n");
fflush(stdout);
entryCount = 0;
grp = getgrnam(boinc_master_group_name);
if (grp) {
boinc_master_gid = grp->gr_gid;
printf("boinc_master group ID = %d\n", (int)boinc_master_gid);
fflush(stdout);
if (boinc_master_gid > 500) {
sprintf(cmd, "dscl . -search /Groups PrimaryGroupID %d", boinc_master_gid);
f = popen(cmd, "r");
REPORT_ERROR(!f);
if (f) {
while (PersistentFGets(buf, sizeof(buf), f)) {
if (strstr(buf, "PrimaryGroupID")) {
++entryCount;
}
}
pclose(f);
}
}
}
if ((boinc_master_gid < 501) || (entryCount > 1)) {
err = callPosixSpawn ("dscl . -delete /groups/boinc_master");
// User boinc_master must have group boinc_master as its primary group.
// Since this group no longer exists, delete the user as well.
if (err) {
fprintf(stdout, "dscl . -delete /groups/boinc_master returned %d\n", err);
fflush(stdout);
}
err = callPosixSpawn ("dscl . -delete /users/boinc_master");
if (err) {
fprintf(stdout, "dscl . -delete /users/boinc_master returned %d\n", err);
fflush(stdout);
}
ResynchDSSystem();
}
entryCount = 0;
grp = getgrnam(boinc_project_group_name);
if (grp) {
boinc_project_gid = grp->gr_gid;
printf("boinc_project group ID = %d\n", (int)boinc_project_gid);
fflush(stdout);
if (boinc_project_gid > 500) {
sprintf(cmd, "dscl . -search /Groups PrimaryGroupID %d", boinc_project_gid);
f = popen(cmd, "r");
REPORT_ERROR(!f);
if (f) {
while (PersistentFGets(buf, sizeof(buf), f)) {
if (strstr(buf, "PrimaryGroupID")) {
++entryCount;
}
}
pclose(f);
}
}
}
if ((boinc_project_gid < 501) || (entryCount > 1)) {
err = callPosixSpawn ("dscl . -delete /groups/boinc_project");
if (err) {
fprintf(stdout, "dscl . -delete /groups/boinc_project returned %d\n", err);
fflush(stdout);
}
// User boinc_project must have group boinc_project as its primary group.
// Since this group no longer exists, delete the user as well.
err = callPosixSpawn ("dscl . -delete /users/boinc_project");
if (err) {
fprintf(stdout, "dscl . -delete /users/boinc_project returned %d\n", err);
fflush(stdout);
}
ResynchDSSystem();
}
if ((boinc_master_gid < 500) && (boinc_project_gid < 500)) {
return;
}
entryCount = 0;
pw = getpwnam(boinc_master_user_name);
REPORT_ERROR(!pw);
if (pw) {
boinc_master_uid = pw->pw_uid;
printf("boinc_master user ID = %d\n", (int)boinc_master_uid);
fflush(stdout);
sprintf(cmd, "dscl . -search /Users UniqueID %d", boinc_master_uid);
f = popen(cmd, "r");
REPORT_ERROR(!f);
if (f) {
while (PersistentFGets(buf, sizeof(buf), f)) {
if (strstr(buf, "UniqueID")) {
++entryCount;
}
}
pclose(f);
}
}
if (entryCount > 1) {
err = callPosixSpawn ("dscl . -delete /users/boinc_master");
if (err) {
REPORT_ERROR(true);
fprintf(stdout, "dscl . -delete /users/boinc_master returned %d\n", err);
fflush(stdout);
}
ResynchDSSystem();
}
entryCount = 0;
pw = getpwnam(boinc_project_user_name);
REPORT_ERROR(!pw);
if (pw) {
boinc_project_uid = pw->pw_uid;
printf("boinc_project user ID = %d\n", (int)boinc_project_uid);
fflush(stdout);
sprintf(cmd, "dscl . -search /Users UniqueID %d", boinc_project_uid);
f = popen(cmd, "r");
REPORT_ERROR(!f);
if (f) {
while (PersistentFGets(buf, sizeof(buf), f)) {
if (strstr(buf, "UniqueID")) {
++entryCount;
}
}
pclose(f);
}
}
if (entryCount > 1) {
err = callPosixSpawn ("dscl . -delete /users/boinc_project");
if (err) {
REPORT_ERROR(true);
fprintf(stdout, "dscl . -delete /users/boinc_project returned %d\n", err);
fflush(stdout);
}
ResynchDSSystem();
}
#endif // SANDBOX
}
enum {
kSystemEventsCreator = 'sevs'
};
CFStringRef kSystemEventsBundleID = CFSTR("com.apple.systemevents");
char *systemEventsAppName = "System Events";
Boolean SetLoginItemOSAScript(long brandID, Boolean deleteLogInItem, char *userName)
{
int i, j;
char cmd[2048];
char systemEventsPath[1024];
pid_t systemEventsPID;
OSErr err, err2;
#if USE_OSASCRIPT_FOR_ALL_LOGGED_IN_USERS
// NOTE: It may not be necessary to kill and relaunch the
// System Events application for each logged in user under High Sierra
Boolean isHighSierraOrLater = (compareOSVersionTo(10, 13) >= 0);
#endif
fprintf(stdout, "Adjusting login items for user %s\n", userName);
fflush(stdout);
// We must launch the System Events application for the target user
err = noErr;
systemEventsPath[0] = '\0';
err = GetPathToAppFromID(kSystemEventsCreator, kSystemEventsBundleID, systemEventsPath, sizeof(systemEventsPath));
REPORT_ERROR(err);
#if CREATE_LOG
if (err == noErr) {
print_to_log("SystemEvents is at %s\n", systemEventsPath);
} else {
print_to_log("GetPathToAppFromID(kSystemEventsCreator, kSystemEventsBundleID) returned error %d ", (int) err);
}
#endif
if (err == noErr) {
// Find SystemEvents process. If found, quit it in case
// it is running under a different user.
fprintf(stdout, "Telling System Events to quit (at start of SetLoginItemOSAScript)\n");
fflush(stdout);
systemEventsPID = FindProcessPID(systemEventsAppName, 0);
if (systemEventsPID != 0) {
err = kill(systemEventsPID, SIGKILL);
}
if (err != noErr) {
REPORT_ERROR(true);
fprintf(stdout, "(systemEventsPID, SIGKILL) returned error %d \n", (int) err);
fflush(stdout);
}
// Wait for the process to be gone
for (i=0; i<50; ++i) { // 5 seconds max delay
SleepSeconds(0.1); // 1/10 second
systemEventsPID = FindProcessPID(systemEventsAppName, 0);
if (systemEventsPID == 0) break;
}
if (i >= 50) {
REPORT_ERROR(true);
fprintf(stdout, "Failed to make System Events quit\n");
fflush(stdout);
err = noErr;
goto cleanupSystemEvents;
}
sleep(4);
}
if (systemEventsPath[0] != '\0') {
fprintf(stdout, "Launching SystemEvents for user %s\n", userName);
fflush(stdout);
for (j=0; j<5; ++j) {
sprintf(cmd, "sudo -u \"%s\" -b \"%s/Contents/MacOS/System Events\" &", userName, systemEventsPath);
err = callPosixSpawn(cmd);
if (err) {
REPORT_ERROR(true);
fprintf(stdout, "[2] Command: %s returned error %d (try %d of 5)\n", cmd, (int) err, j);
}
// Wait for the process to start
for (i=0; i<50; ++i) { // 5 seconds max delay
SleepSeconds(0.1); // 1/10 second
systemEventsPID = FindProcessPID(systemEventsAppName, 0);
if (systemEventsPID != 0) break;
}
if (i < 50) break; // Exit j loop on success
}
if (j >= 5) {
fprintf(stdout, "Failed to launch System Events for user %s\n", userName);
REPORT_ERROR(true);
fflush(stdout);
err = noErr;
goto cleanupSystemEvents;
}
}
sleep(2);
for (i=0; i= 50) {
REPORT_ERROR(true);
fprintf(stdout, "Failed to make System Events quit\n");
fflush(stdout);
}
sleep(4);
return (err == noErr);
}
// Under OS 10.13 High Sierra, telling System Events to modify Login Items for
// users who are not currently logged in no longer works, even when System Events
// is running as that user.
// So we create a LaunchAgent for that user. The next time that user logs in, the
// LaunchAgent will make the desired changes to that user's Login Items, launch
// BOINC Manager if appropriate, and delete itself.
//
// While we could just use a LaunchAgent to launch BOINC Manager on every login
// instead of using it to create a Login Item, we still need to remove any branded
// Login Items kept from an earlier installation (perhaps before the user upgraded
// the OS to High Sierra.) Also, I prefer Login Items because:
// * they are more readily visible to a less technically aware user through
// System Preferences, and
// * they are more easily added or removed through System Preferences, and
// * continuing to use them is consistent with older versions of BOINC Manager.
//
Boolean SetLoginItemLaunchAgent(long brandID, long oldBrandID, Boolean deleteLogInItem, passwd *pw)
{
struct stat sbuf;
char s[2048];
// Create a LaunchAgent for the specified user, replacing any LaunchAgent created
// previously (such as by Uninstaller or by installing a differently branded BOINC.)
// Create LaunchAgents directory for this user if it does not yet exist
snprintf(s, sizeof(s), "/Users/%s/Library/LaunchAgents", pw->pw_name);
if (stat(s, &sbuf) != 0) {
mkdir(s, 0755);
chown(s, pw->pw_uid, pw->pw_gid);
}
snprintf(s, sizeof(s), "/Users/%s/Library/LaunchAgents/edu.berkeley.boinc.plist", pw->pw_name);
FILE* f = fopen(s, "w");
if (!f) return false;
fprintf(f, "\n");
fprintf(f, "\n");
fprintf(f, "\n");
fprintf(f, "\n");
fprintf(f, "\tLabel\n");
fprintf(f, "\tedu.berkeley.fix_login_items\n");
fprintf(f, "\tProgramArguments\n");
fprintf(f, "\t\n");
fprintf(f, "\t\t/Library/Application Support/BOINC Data/%s_Finish_Install\n", appName[brandID]);
if (deleteLogInItem || (brandID != oldBrandID)) {
// If this user was previously authorized to run the Manager, there
// may still be a Login Item for this user, and the Login Item may
// launch the Manager before the LaunchAgent deletes the Login Item.
// To guard against this, we have the LaunchAgent kill the Manager
// (for this user only) if it is running.
//
fprintf(f, "\t\t-d\n");
fprintf(f, "\t\t%s\n", appName[oldBrandID]);
}
if (!deleteLogInItem) {
fprintf(f, "\t\t-a\n");
fprintf(f, "\t\t%s\n", appName[brandID]);
}
fprintf(f, "\t\n");
fprintf(f, "\tRunAtLoad\n");
fprintf(f, "\t\n");
fprintf(f, "\n");
fprintf(f, "\n");
fclose(f);
chmod(s, 0644);
chown(s, pw->pw_uid, pw->pw_gid);
if (IsUserLoggedIn(pw->pw_name)) {
sprintf(s, "su -l \"%s\" -c 'launchctl unload /Users/%s/Library/LaunchAgents/edu.berkeley.boinc.plist'", pw->pw_name, pw->pw_name);
callPosixSpawn(s);
sprintf(s, "su -l \"%s\" -c 'launchctl load /Users/%s/Library/LaunchAgents/edu.berkeley.boinc.plist'", pw->pw_name, pw->pw_name);
callPosixSpawn(s);
}
return true;
}
void DeleteScreenSaverLaunchAgent(passwd *pw) {
char cmd[MAXPATHLEN];
sprintf(cmd, "/Users/%s/Library/LaunchAgents/edu.berkeley.boinc-sshelper.plist", pw->pw_name);
if (boinc_file_exists(cmd)) {
sprintf(cmd, "su -l \"%s\" -c 'launchctl unload /Users/%s/Library/LaunchAgents/edu.berkeley.boinc-sshelper.plist'", pw->pw_name, pw->pw_name);
callPosixSpawn(cmd);
snprintf(cmd, sizeof(cmd),
"/Users/%s/Library/LaunchAgents/edu.berkeley.boinc-sshelper.plist",
pw->pw_name);
boinc_delete_file(cmd);
}
}
// Sets the skin selection in the specified user's preferences to the specified skin
void SetSkinInUserPrefs(char *userName, char *nameOfSkin)
{
passwd *pw;
FILE *oldPrefs, *newPrefs;
char oldFileName[MAXPATHLEN], tempFilename[MAXPATHLEN];
char buf[1024];
int wroteSkinName;
struct stat sbuf;
group *grp;
OSStatus statErr;
if (nameOfSkin[0]) {
sprintf(oldFileName, "/Users/%s/Library/Preferences/BOINC Manager Preferences", userName);
sprintf(tempFilename, "/Users/%s/Library/Preferences/BOINC Manager NewPrefs", userName);
newPrefs = fopen(tempFilename, "w");
REPORT_ERROR(!newPrefs);
if (newPrefs) {
wroteSkinName = 0;
statErr = stat(oldFileName, &sbuf);
oldPrefs = fopen(oldFileName, "r");
if (oldPrefs) {
while (fgets(buf, sizeof(buf), oldPrefs)) {
if (strstr(buf, "Skin=")) {
fprintf(newPrefs, "Skin=%s\n", nameOfSkin);
wroteSkinName = 1;
} else {
fputs(buf, newPrefs);
}
}
fclose(oldPrefs);
}
if (! wroteSkinName)
fprintf(newPrefs, "Skin=%s\n", nameOfSkin);
fclose(newPrefs);
rename(tempFilename, oldFileName); // Deletes old file
if (! statErr) {
chown(oldFileName, sbuf.st_uid, sbuf.st_gid);
chmod(oldFileName, sbuf.st_mode);
} else {
chmod(oldFileName, 0664);
pw = getpwnam(userName);
grp = getgrnam(userName);
if (pw && grp)
chown(oldFileName, pw->pw_uid, grp->gr_gid);
}
}
}
}
// Returns true if the user name is in the nologinitems.txt, else false
Boolean CheckDeleteFile(char *name)
{
FILE *f;
char buf[64];
size_t len;
f = fopen("/Library/Application Support/BOINC Data/nologinitems.txt", "r");
if (!f)
return false;
while (true) {
*buf = '\0';
len = sizeof(buf);
fgets(buf, len, f);
if (feof(f)) break;
strip_cr(buf);
if (strcmp(buf, name) == 0) {
fclose(f);
return true;
}
}
fclose(f);
return false;
}
// If there are other copies of BOINC Manager with different branding
// on the system, Noitifications may display the icon for the wrong
// branding, due to the Launch Services database having one of the
// other copies of BOINC Manager as the first entry. Each user has
// their own copy of the Launch Services database, so this must be
// done for each user.
//
// This probably will happen only on BOINC development systems where
// Xcode has generated copies of BOINC Manager.
static void FixLaunchServicesDataBase(uid_t userID, long brandID) {
uid_t saved_uid;
char boincPath[MAXPATHLEN];
char cmd[MAXPATHLEN+250];
long i, n;
CFArrayRef appRefs = NULL;
OSStatus err;
if (compareOSVersionTo(10, 8) < 0) {
return; // Notifications before OS 10.8 just bounce our Dock icon
}
saved_uid = geteuid();
CFStringRef bundleID = CFSTR("edu.berkeley.boinc");
if (LSCopyApplicationURLsForBundleIdentifier) { // Weak linked; not available before OS 10.10
seteuid(userID); // Temporarily set effective uid to this user
appRefs = LSCopyApplicationURLsForBundleIdentifier(bundleID, NULL);
seteuid(saved_uid); // Set effective uid back to privileged user
if (appRefs == NULL) {
printf("Call to LSCopyApplicationURLsForBundleIdentifier returned NULL\n");
goto registerOurApp;
}
n = CFArrayGetCount(appRefs); // Returns all results at once, in database order
printf("LSCopyApplicationURLsForBundleIdentifier returned %ld results\n", n);
} else {
n = 500; // Prevent infinite loop
}
for (i=0; ipw_uid;
setuid(login_uid);
seteuid(login_uid);
}
static char * PersistentFGets(char *buf, size_t buflen, FILE *f) {
char *p = buf;
size_t len = buflen;
size_t datalen = 0;
memset(buf, 0, buflen);
while (datalen < (buflen - 1)) {
fgets(p, len, f);
if (feof(f)) break;
if (ferror(f) && (errno != EINTR)) break;
if (strchr(buf, '\n')) break;
datalen = strlen(buf);
p = buf + datalen;
len -= datalen;
}
return (buf[0] ? buf : NULL);
}
// Because language preferences are set on a per-user basis, we
// must get the preferred languages while set to the current
// user, before the Apple Installer switches us to root.
// So we get the preferred languages in our BOINC Installer.app
// which writes them to a temporary file which we retrieve here.
// We must do it this way because, for unknown reasons, the
// CFBundleCopyLocalizationsForPreferences() API does not work
// correctly if we seteuid and setuid to the logged in user by
// calling SetEUIDBackToUser() after running as root.
//
static void LoadPreferredLanguages(){
char s[MAXPATHLEN];
FILE *f;
int i;
char *p;
char language[32];
BOINCTranslationInit();
// BOINC Installer.app wrote a list of our preferred languages to a temp file
snprintf(s, sizeof(s), "/tmp/%s/BOINC_preferred_languages", tempDirName);
f = fopen(s, "r");
if (!f) return;
for (i=0; igr_mem[i]) != NULL) { // Step through all users in group groupName
if (strcmp(p, userName) == 0) {
return true;
}
++i;
}
return false;
}
// OS 10.7 dscl merge command has a bug such that the command:
// dscl . -merge /Groups/GROUPNAME users USERNAME
// adds the user to the group even if it was already a member, resulting in
// duplicate (multiple) entries. Earlier BOINC versions used this command
// but did not check for this, so we remove duplicate entries if present.
// Note: We now avoid this problem by instead using the command:
// dscl . -merge /Groups/GROUPNAME GroupMembership USERNAME
// which correctly avoids duplication.
int CountGroupMembershipEntries(const char *userName, const char *groupName) {
int count = 0;
char cmd[512], buf[2048], escapedUserName[1024];
FILE *f;
char *p, *q;
// getgrnam(groupName)->gr_mem[] only returns one entry, so we must use dscl
escape_url(userName, escapedUserName, sizeof(escapedUserName)); // Avoid confusion if name has embedded spaces
sprintf(cmd, "dscl -url . -read /Groups/%s GroupMembership", groupName);
f = popen(cmd, "r");
if (f == NULL) {
REPORT_ERROR(true);
return 0;
}
while (PersistentFGets(buf, sizeof(buf), f))
{
p = buf;
while (p) {
p = strstr(p, escapedUserName);
if (p) {
q = p-1;
p += strlen(escapedUserName);
// Count only whole words (preceded and followed by white space) so
// that if we have both 'jon' and 'jones' we don't count 'jon' twice
if (isspace(*q) && isspace(*p)) {
++ count;
}
}
}
}
pclose(f);
return count;
}
// Find all visible users.
// If user is a member of group admin, add user to groups boinc_master and boinc_project.
// Optionally add non-admin users to group boinc_master but not to group boinc_project.
// Set login item for all members of group boinc_master to launch BOINC Manager.
// If our install package included a skin, set those user's preferences to use that skin.
// Optionally set BOINC as screensaver for all users running BOINC.
OSErr UpdateAllVisibleUsers(long brandID, long oldBrandID)
{
passwd *pw;
uid_t saved_uid;
Boolean deleteLoginItem;
char human_user_name[256];
char s[256];
Boolean saverAlreadySetForAll = true;
Boolean setSaverForAllUsers = false;
Boolean allNonAdminUsersAreSet = true;
Boolean allowNonAdminUsersToRunBOINC = false;
int err;
Boolean isAdminGroupMember, isBMGroupMember, isBPGroupMember;
struct stat sbuf;
char cmd[256];
#ifdef SANDBOX
int BMGroupMembershipCount, BPGroupMembershipCount;
int i;
#endif
int userIndex;
// char nameOfSkin[256];
// FindSkinName(nameOfSkin, sizeof(nameOfSkin));
// Step through all users
puts("Beginning first pass through all users\n");
fflush(stdout);
saved_uid = geteuid();
FindAllVisibleUsers();
for (userIndex=0; userIndex< (int)human_user_names.size(); ++userIndex) {
strlcpy(human_user_name, human_user_names[userIndex].c_str(), sizeof(human_user_name));
printf("[1] Checking user %s\n", human_user_name);
fflush(stdout);
// getpwnam works with either the full / login name (pw->pw_gecos)
// or the short / Posix name (pw->pw_name)
pw = getpwnam(human_user_name);
if (pw == NULL) {
printf("[1] %s not in getpwnam data base\n", human_user_name);
fflush(stdout);
continue;
}
printf("[1] User %s: Posix name=%s, Full name=%s\n", human_user_name, pw->pw_name, pw->pw_gecos);
fflush(stdout);
#ifdef SANDBOX
isAdminGroupMember = false;
isBMGroupMember = false;
isAdminGroupMember = IsUserMemberOfGroup(pw->pw_name, admin_group_name);
if (isAdminGroupMember) {
// User is a member of group admin, so add user to groups boinc_master and boinc_project
printf("[1] User %s is a member of group admin\n", pw->pw_name);
fflush(stdout);
} else {
isBMGroupMember = IsUserMemberOfGroup(pw->pw_name, boinc_master_group_name);
if (isBMGroupMember) {
// User is a member of group boinc_master
printf("[1] Non-admin user %s is a member of group boinc_master\n", pw->pw_name);
fflush(stdout);
} else {
allNonAdminUsersAreSet = false;
}
}
#else // SANDBOX
isGroupMember = true;
#endif // SANDBOX
if (isAdminGroupMember || isBMGroupMember) {
if ((strcmp(loginName, human_user_name) == 0)
|| (strcmp(loginName, pw->pw_name) == 0)
|| (strcmp(loginName, pw->pw_gecos) == 0)) {
currentUserCanRunBOINC = true;
}
err = GetCurrentScreenSaverSelection(pw, s, sizeof(s) -1);
if (err == noErr) {
if (strcmp(s, saverName[brandID])) {
saverAlreadySetForAll = false;
}
}
printf("[1] Current Screensaver Selection for user %s is: \"%s\"\n", pw->pw_name, s);
} // End if (isGroupMember)
} // End for (userIndex=0; userIndex< human_user_names.size(); ++userIndex)
ResynchDSSystem();
if (allNonAdminUsersAreSet) {
puts("[2] All non-admin users are already members of group boinc_master\n");
fflush(stdout);
} else {
if (gCommandLineInstall) {
err = stat("/tmp/nonadminusersok.txt", &sbuf);
if (err == noErr) {
puts("nonadminusersok.txt file detected\n");
fflush(stdout);
unlink("/tmp/nonadminusersok.txt");
allowNonAdminUsersToRunBOINC = true;
currentUserCanRunBOINC = true;
saverAlreadySetForAll = false;
}
} else {
if (ShowMessage(true,
(char *)_("Users who are permitted to administer this computer will automatically be allowed to "
"run and control %s.\n\n"
"Do you also want non-administrative users to be able to run and control %s on this Mac?"),
brandName[brandID], brandName[brandID])
) {
allowNonAdminUsersToRunBOINC = true;
currentUserCanRunBOINC = true;
saverAlreadySetForAll = false;
printf("[2] User answered Yes to allowing non-admin users to run %s\n", brandName[brandID]);
fflush(stdout);
} else {
printf("[2] User answered No to allowing non-admin users to run %s\n", brandName[brandID]);
fflush(stdout);
}
}
}
if (! saverAlreadySetForAll) {
if (gCommandLineInstall) {
err = stat("/tmp/setboincsaver.txt", &sbuf);
if (err == noErr) {
puts("setboincsaver.txt file detected\n");
fflush(stdout);
unlink("/tmp/setboincsaver.txt");
setSaverForAllUsers = true;
}
} else {
setSaverForAllUsers = ShowMessage(true,
(char *)_("Do you want to set %s as the screensaver for all %s users on this Mac?"),
brandName[brandID], brandName[brandID]);
}
}
// Step through all users a second time, setting non-admin users and / or our screensaver
puts("Beginning second pass through all users\n");
fflush(stdout);
for (userIndex=0; userIndex<(int)human_user_names.size(); ++userIndex) {
strlcpy(human_user_name, human_user_names[userIndex].c_str(), sizeof(human_user_name));
printf("[2] Checking user %s\n", human_user_name);
fflush(stdout);
pw = getpwnam(human_user_name);
if (pw == NULL) { // "Deleted Users", "Shared", etc.
printf("[2] %s not in getpwnam data base\n", human_user_name);
fflush(stdout);
continue;
}
printf("[2] User %s: Posix name=%s, Full name=%s\n", human_user_name, pw->pw_name, pw->pw_gecos);
fflush(stdout);
#ifdef SANDBOX
isAdminGroupMember = false;
isBMGroupMember = false;
isBPGroupMember = false;
isAdminGroupMember = IsUserMemberOfGroup(pw->pw_name, admin_group_name);
if (isAdminGroupMember) {
// User is a member of group admin, so add user to groups boinc_master and boinc_project
printf("[2] User %s is a member of group admin\n", pw->pw_name);
fflush(stdout);
}
// If allNonAdminUsersAreSet, some older BOINC versions added non-admin users only to group
// boinc_master; ensure all permitted BOINC users are also members of group boinc_project
if (isAdminGroupMember || allowNonAdminUsersToRunBOINC || allNonAdminUsersAreSet) {
// OS 10.7 dscl merge command has a bug that it adds the user to the group even if
// it was already a member, resulting in duplicate (multiple) entries. Earlier BOINC
// versions did not check for this, so we remove duplicate entries if present.
BMGroupMembershipCount = CountGroupMembershipEntries(pw->pw_name, boinc_master_group_name);
printf("[2] User %s found in group %s member list %d times\n",
pw->pw_name, boinc_master_group_name, BMGroupMembershipCount);
fflush(stdout);
if (BMGroupMembershipCount == 0) {
sprintf(cmd, "dscl . -merge /groups/%s GroupMembership \"%s\"", boinc_master_group_name, pw->pw_name);
err = callPosixSpawn(cmd);
REPORT_ERROR(err);
printf("[2] %s returned %d\n", cmd, err);
fflush(stdout);
isBMGroupMember = true;
} else {
isBMGroupMember = true;
for (i=1; ipw_name);
err = callPosixSpawn(cmd);
REPORT_ERROR(err);
printf("[2] %s returned %d\n", cmd, err);
fflush(stdout);
}
}
BPGroupMembershipCount = CountGroupMembershipEntries(pw->pw_name, boinc_project_group_name);
printf("[2] User %s found in group %s member list %d times\n",
pw->pw_name, boinc_project_group_name, BPGroupMembershipCount);
fflush(stdout);
if (BPGroupMembershipCount == 0) {
sprintf(cmd, "dscl . -merge /groups/%s GroupMembership \"%s\"", boinc_project_group_name, pw->pw_name);
err = callPosixSpawn(cmd);
REPORT_ERROR(err);
printf("[2] %s returned %d\n", cmd, err);
fflush(stdout);
isBPGroupMember = true;
} else {
isBPGroupMember = true;
for (i=1; ipw_name);
err = callPosixSpawn(cmd);
REPORT_ERROR(err);
printf("[2] %s returned %d\n", cmd, err);
fflush(stdout);
}
}
}
#else // SANDBOX
isBMGroupMember = true;
#endif // SANDBOX
saved_uid = geteuid();
deleteLoginItem = CheckDeleteFile(human_user_name);
if (CheckDeleteFile(pw->pw_name)) {
deleteLoginItem = true;
}
if (CheckDeleteFile(pw->pw_gecos)) {
deleteLoginItem = true;
}
if (!isBMGroupMember) {
deleteLoginItem = true;
}
// Set login item for this user
bool useOSASript = false;
if ((compareOSVersionTo(10, 13) < 0)
|| (strcmp(loginName, human_user_name) == 0)
|| (strcmp(loginName, pw->pw_name) == 0)
|| (strcmp(loginName, pw->pw_gecos) == 0)) {
useOSASript = true;
}
#if USE_OSASCRIPT_FOR_ALL_LOGGED_IN_USERS
if (! useOSASript) {
useOSASript = IsUserLoggedIn(pw->pw_name);
}
#endif
if (useOSASript) {
snprintf(s, sizeof(s), "/Users/%s/Library/LaunchAgents/edu.berkeley.boinc.plist", pw->pw_name);
boinc_delete_file(s);
printf("[2] calling SetLoginItemOSAScript for user %s, euid = %d, deleteLoginItem = %d\n",
pw->pw_name, geteuid(), deleteLoginItem);
fflush(stdout);
SetLoginItemOSAScript(brandID, deleteLoginItem, pw->pw_name);
printf("[2] calling FixLaunchServicesDataBase for user %s\n", pw->pw_name);
FixLaunchServicesDataBase(pw->pw_uid, brandID);
} else {
printf("[2] calling SetLoginItemLaunchAgent for user %s, euid = %d, deleteLoginItem = %d\n",
pw->pw_name, geteuid(), deleteLoginItem);
fflush(stdout);
// SetLoginItemLaunchAgent will run helper app which will call FixLaunchServicesDataBase()
SetLoginItemLaunchAgent(brandID, oldBrandID, deleteLoginItem, pw);
}
if (isBMGroupMember) {
// For some reason we need to call getpwnam again on OS 10.5
pw = getpwnam(human_user_name);
if (pw == NULL) { // "Deleted Users", "Shared", etc.
printf("[2] ERROR: %s was in getpwnam data base but now is not!\n", human_user_name);
fflush(stdout);
continue;
}
SetSkinInUserPrefs(pw->pw_name, skinName[brandID]);
if (setSaverForAllUsers) {
seteuid(pw->pw_uid); // Temporarily set effective uid to this user
sprintf(s, "/Library/Screen Savers/%s.saver", saverName[brandID]);
err = SetScreenSaverSelection(saverName[brandID], s, 0);
seteuid(saved_uid); // Set effective uid back to privileged user
// This seems to work also:
// sprintf(s, "su -l \"%s\" -c 'defaults -currentHost write com.apple.screensaver moduleDict -dict moduleName \"%s\" path \"/Library/Screen Savers/%s.saver\" type 0'", pw->pw_name, saverName[brandID], s);
// callPosixSpawn(s);
}
if (compareOSVersionTo(10, 15) >= 0) {
// Under Catalina, Screensaver output files are put in the user's Containers
// directory. Create the directory if it doesn't exist and create a symbolic
// link to it in the normal per-user BOINC directory
snprintf(s, sizeof(s),
"/Users/%s/Library/Application Support/BOINC", pw->pw_name);
if (stat(s, &sbuf) != 0) {
snprintf(cmd, sizeof(cmd), "sudo -u \"%s\" mkdir -p -m 0775 \"/Users/%s/Library/Application Support/BOINC\"",
pw->pw_name, pw->pw_name);
err = callPosixSpawn(cmd);
REPORT_ERROR(err);
printf("[2] %s returned %d\n", cmd, err);
fflush(stdout);
}
snprintf(s, sizeof(s), "/Users/%s/Library/Containers/com.apple.ScreenSaver.Engine.legacyScreenSaver/Data/Library/Application Support/BOINC",
pw->pw_name);
if (stat(s, &sbuf) != 0) {
// mkdir -p creates intermediate directories as required
snprintf(cmd, sizeof(cmd), "sudo -u \"%s\" mkdir -p -m 0700 \"/Users/%s/Library/Containers/com.apple.ScreenSaver.Engine.legacyScreenSaver/Data/Library/Application Support\"",
pw->pw_name, pw->pw_name);
err = callPosixSpawn(cmd);
REPORT_ERROR(err);
printf("[2] %s returned %d\n", cmd, err);
fflush(stdout);
snprintf(cmd, sizeof(cmd), "sudo -u \"%s\" mkdir -m 0775 \"/Users/%s/Library/Containers/com.apple.ScreenSaver.Engine.legacyScreenSaver/Data/Library/Application Support/BOINC\"",
pw->pw_name, pw->pw_name);
err = callPosixSpawn(cmd);
REPORT_ERROR(err);
printf("[2] %s returned %d\n", cmd, err);
fflush(stdout);
}
snprintf(s, sizeof(s),
"/Users/%s/Library/Application Support/BOINC/ScreenSaver Logs",
pw->pw_name);
if (lstat(s, &sbuf) != 0) {
snprintf(cmd, sizeof(cmd), "sudo -u \"%s\" ln -s \"/Users/%s/Library/Containers/com.apple.ScreenSaver.Engine.legacyScreenSaver/Data/Library/Application Support/BOINC\" \"/Users/%s/Library/Application Support/BOINC/ScreenSaver Logs\"", pw->pw_name, pw->pw_name, pw->pw_name);
err = callPosixSpawn(cmd);
REPORT_ERROR(err);
printf("[2] %s returned %d\n", cmd, err);
fflush(stdout);
}
}
}
// We no longer use a ScreenSaver LaunchAgent.
// Delete it if it was installed by an older version of BOINC
DeleteScreenSaverLaunchAgent(pw);
// Delete the BOINC Manager's wxSingleInstanceChecker lock file, in case
// it was not deleted (such as due to a crash.)
// Lock file name always has "BOINC Manager" even if the application is
// branded, due to SetAppName(wxT("BOINC Manager")) in CBOINCGUIApp::OnInit().
// This path must match that in CBOINCGUIApp::DetectDuplicateInstance()
sprintf(cmd, "sudo -u \"%s\" rm -f \"/Users/%s/Library/Application Support/BOINC/BOINC Manager-%s\"",
pw->pw_name, pw->pw_name, pw->pw_name);
err = callPosixSpawn(cmd);
REPORT_ERROR(err);
printf("[2] %s returned %d\n", cmd, err);
fflush(stdout);
} // End for (userIndex=0; userIndex< human_user_names.size(); ++userIndex)
ResynchDSSystem();
BOINCTranslationCleanup();
return noErr;
}
OSErr GetCurrentScreenSaverSelection(passwd *pw, char *moduleName, size_t maxLen) {
char buf[1024];
FILE *f;
char *p, *q;
int i;
*moduleName = '\0';
sprintf(buf, "su -l \"%s\" -c 'defaults -currentHost read com.apple.screensaver moduleDict'", pw->pw_name);
f = popen(buf, "r");
if (f == NULL) {
REPORT_ERROR(true);
return 0;
}
while (PersistentFGets(buf, sizeof(buf), f))
{
p = strstr(buf, "moduleName = ");
if (p) {
p += 13; // Point past "moduleName = "
q = moduleName;
for (i=0; i buf) {
if (*p != ' ') break;
--p;
}
*(p+1) = '\0';
human_user_names.push_back(string(buf));
*(p+1) = ' ';
}
}
pclose(f);
}
for (userIndex=human_user_names.size(); userIndex>0; --userIndex) {
flag = 0;
strlcpy(human_user_name, human_user_names[userIndex-1].c_str(), sizeof(human_user_name));
sprintf(cmd, "dscl . -read \"/Users/%s\" NFSHomeDirectory", human_user_name);
f = popen(cmd, "r");
REPORT_ERROR(!f);
if (f) {
while (PersistentFGets(buf, sizeof(buf), f)) {
p = strrchr(buf, ' ');
if (p) {
if (strstr(p, "/var/empty") != NULL) {
flag = 1;
break;
}
}
}
pclose(f);
}
if (flag) {
sprintf(cmd, "dscl . -read \"/Users/%s\" UserShell", human_user_name);
f = popen(cmd, "r");
REPORT_ERROR(!f);
if (f) {
while (PersistentFGets(buf, sizeof(buf), f)) {
p = strrchr(buf, ' ');
if (p) {
if (strstr(p, "/usr/bin/false") != NULL) {
flag |= 2;
break;
}
}
}
pclose(f);
}
}
if (flag == 3) { // if (Home Directory == "/var/empty") && (UserShell == "/usr/bin/false")
human_user_names.erase(human_user_names.begin()+userIndex-1);
human_user_IDs.erase(human_user_IDs.begin()+userIndex-1);
}
}
}
long GetBrandID(char *path)
{
long iBrandId;
iBrandId = 0; // Default value
FILE *f = fopen(path, "r");
if (f) {
fscanf(f, "BrandId=%ld\n", &iBrandId);
fclose(f);
}
if ((iBrandId < 0) || (iBrandId > (NUMBRANDS-1))) {
iBrandId = 0;
}
return iBrandId;
}
int TestRPCBind()
{
sockaddr_in addr;
int lsock;
int retval;
lsock = (int)socket(AF_INET, SOCK_STREAM, 0);
if (lsock < 0)
return -153;
memset(&addr, 0, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(31416);
addr.sin_addr.s_addr = htonl(INADDR_ANY);
int one = 1;
retval = setsockopt(lsock, SOL_SOCKET, SO_REUSEADDR, (char*)&one, 4);
if (! retval)
retval = bind(lsock, (const sockaddr*)(&addr), (socklen_t)sizeof(addr));
if (! retval)
retval = listen(lsock, 999);
close(lsock);
return retval;
}
pid_t FindProcessPID(char* name, pid_t thePID)
{
FILE *f;
char buf[1024];
size_t n = 0;
pid_t aPID;
if (name != NULL) // Search ny name
n = strlen(name);
f = popen("ps -a -x -c -o command,pid", "r");
if (f == NULL) {
REPORT_ERROR(true);
return 0;
}
while (PersistentFGets(buf, sizeof(buf), f))
{
if (name != NULL) { // Search by name
if (strncmp(buf, name, n) == 0)
{
aPID = atol(buf+16);
pclose(f);
return aPID;
}
} else { // Search by PID
aPID = atol(buf+16);
if (aPID == thePID) {
pclose(f);
return aPID;
}
}
}
pclose(f);
return 0;
}
// Uses usleep to sleep for full duration even if a signal is received
static void SleepSeconds(double seconds) {
double end_time = dtime() + seconds - 0.01;
// sleep() and usleep() can be interrupted by SIGALRM,
// so we may need multiple calls
//
while (1) {
if (seconds >= 1) {
sleep((unsigned int) seconds);
} else {
usleep((int)fmod(seconds*1000000, 1000000));
}
seconds = end_time - dtime();
if (seconds <= 0) break;
}
}
static OSErr QuitAppleEventHandler( const AppleEvent *appleEvt, AppleEvent* reply, UInt32 refcon )
{
gQuitFlag = true;
return noErr;
}
#define NOT_IN_TOKEN 0
#define IN_SINGLE_QUOTED_TOKEN 1
#define IN_DOUBLE_QUOTED_TOKEN 2
#define IN_UNQUOTED_TOKEN 3
static int parse_posic_spawn_command_line(char* p, char** argv) {
int state = NOT_IN_TOKEN;
int argc=0;
while (*p) {
switch(state) {
case NOT_IN_TOKEN:
if (isspace(*p)) {
} else if (*p == '\'') {
p++;
argv[argc++] = p;
state = IN_SINGLE_QUOTED_TOKEN;
break;
} else if (*p == '\"') {
p++;
argv[argc++] = p;
state = IN_DOUBLE_QUOTED_TOKEN;
break;
} else {
argv[argc++] = p;
state = IN_UNQUOTED_TOKEN;
}
break;
case IN_SINGLE_QUOTED_TOKEN:
if (*p == '\'') {
if (*(p-1) == '\\') break;
*p = 0;
state = NOT_IN_TOKEN;
}
break;
case IN_DOUBLE_QUOTED_TOKEN:
if (*p == '\"') {
if (*(p-1) == '\\') break;
*p = 0;
state = NOT_IN_TOKEN;
}
break;
case IN_UNQUOTED_TOKEN:
if (isspace(*p)) {
*p = 0;
state = NOT_IN_TOKEN;
}
break;
}
p++;
}
argv[argc] = 0;
return argc;
}
#include
int callPosixSpawn(const char *cmdline) {
char command[1024];
char progName[1024];
char progPath[MAXPATHLEN];
char* argv[100];
int argc = 0;
char *p;
pid_t thePid = 0;
int result = 0;
int status = 0;
extern char **environ;
// Make a copy of cmdline because parse_posic_spawn_command_line modifies it
strlcpy(command, cmdline, sizeof(command));
argc = parse_posic_spawn_command_line(const_cast(command), argv);
strlcpy(progPath, argv[0], sizeof(progPath));
strlcpy(progName, argv[0], sizeof(progName));
p = strrchr(progName, '/');
if (p) {
argv[0] = p+1;
} else {
argv[0] = progName;
}
#if VERBOSE_TEST
print_to_log("***********");
for (int i=0; i