// After installation has completed, delete the installer receipt.
// If we don't need to logout the user, also launch BOINC Manager.
int DeleteReceipt()
{
ProcessSerialNumber installerPSN;
long brandID = 0;
int i;
pid_t installerPID = 0;
OSStatus err;
int finalInstallAction;
FSRef fileRef;
char s[256];
struct stat sbuf;
OSStatus err_fsref;
Initialize();
err = CheckLogoutRequirement(&finalInstallAction);
err = FindProcess ('APPL', 'xins', &installerPSN);
if (err == noErr)
err = GetProcessPID(&installerPSN , &installerPID);
// Launch BOINC Manager when user closes installer or after 15 seconds
for (i=0; i<15; i++) { // Wait 15 seconds max for installer to quit
sleep (1);
if (err == noErr)
if (FindProcessPID(NULL, installerPID) == 0)
break;
}
brandID = GetBrandID();
// Remove installer package receipt so we can run installer again if needed to fix permissions
// "rm -rf /Library/Receipts/GridRepublic.pkg"
sprintf(s, "rm -rf %s", receiptNameEscaped[brandID]);
system (s);
// err_fsref = FSPathMakeRef((StringPtr)"/Applications/GridRepublic Desktop.app", &fileRef, NULL);
err_fsref = FSPathMakeRef((StringPtr)appName[brandID], &fileRef, NULL);
if (finalInstallAction == launchWhenDone) {
// If system is set up to run BOINC Client as a daemon using launchd, launch it
// as a daemon and allow time for client to start before launching BOINC Manager.
err = stat("/Library/LaunchDaemons/edu.berkeley.boinc.plist", &sbuf);
if (err == noErr) {
system("launchctl unload /Library/LaunchDaemons/edu.berkeley.boinc.plist");
i = system("launchctl load /Library/LaunchDaemons/edu.berkeley.boinc.plist");
if (i == 0) sleep (2);
}
err = LSOpenFSRef(&fileRef, NULL);
}
return 0;
}
OSStatus CScreensaver::initBOINCApp() {
char boincPath[2048];
pid_t myPid;
int status;
OSStatus err;
long brandId = 0;
saverState = SaverState_CantLaunchCoreClient;
brandId = GetBrandID();
switch(brandId) {
case 1:
m_BrandText = "GridRepublic Desktop";
break;
case 2:
m_BrandText = "Progress Thru Processors Desktop";
break;
case 3:
m_BrandText = "Charity Engine Desktop";
break;
default:
m_BrandText = "BOINC";
break;
}
m_CoreClientPID = FindProcessPID("boinc", 0);
if (m_CoreClientPID) {
m_wasAlreadyRunning = true;
saverState = SaverState_LaunchingCoreClient;
retryCount = 0;
return noErr;
}
m_wasAlreadyRunning = false;
if (++retryCount > 3) // Limit to 3 relaunches to prevent thrashing
return -1;
// Find boinc client within BOINCManager.app
// First, try default path
strcpy(boincPath, "/Applications/");
if (brandId) {
strcat(boincPath, m_BrandText);
} else {
strcat(boincPath, "BOINCManager");
}
strcat(boincPath, ".app/Contents/Resources/boinc");
// If not at default path, search for it by creator code and bundle identifier
if (!boinc_file_exists(boincPath)) {
err = GetpathToBOINCManagerApp(boincPath, sizeof(boincPath));
if (err) {
saverState = SaverState_CantLaunchCoreClient;
return err;
} else {
strcat(boincPath, "/Contents/Resources/boinc");
}
}
if ( (myPid = fork()) < 0)
return -1;
else if (myPid == 0) // child
{
// We don't customize BOINC Data directory name for branding
#if 0 // Code for separate data in each user's private directory
char buf[256];
safe_strcpy(buf, getenv("HOME"));
safe_strcat(buf, "/Library/Application Support/BOINC Data");
status = chdir(buf);
#else // All users share the same data
status = chdir("/Library/Application Support/BOINC Data");
#endif
if (status) {
perror("chdir");
fflush(NULL);
_exit(status);
}
status = execl(boincPath, boincPath, "-redirectio", "-saver", (char *) 0);
fflush(NULL);
_exit(127); // execl error (execl should never return)
} else {
m_CoreClientPID = myPid; // make this available globally
saverState = SaverState_LaunchingCoreClient;
}
return noErr;
}
int main(int argc, char *argv[])
{
Boolean Success;
ProcessSerialNumber ourProcess, installerPSN;
short itemHit;
long brandID = 0;
int i;
pid_t installerPID = 0, coreClientPID = 0, waitPermissionsPID = 0;
FSRef fileRef;
OSStatus err, err_fsref;
FILE *f;
char s[256];
char *q;
#ifdef SANDBOX
uid_t saved_euid, saved_uid, b_m_uid;
passwd *pw;
int finalInstallAction;
DialogRef theWin;
#else // SANDBOX
group *grp;
#endif // SANDBOX
appName[0] = "/Applications/BOINCManager.app";
appNameEscaped[0] = "/Applications/BOINCManager.app";
brandName[0] = "BOINC";
saverName[0] = "BOINCSaver";
saverNameEscaped[0] = "BOINCSaver";
receiptNameEscaped[0] = "/Library/Receipts/BOINC.pkg";
appName[1] = "/Applications/GridRepublic Desktop.app";
appNameEscaped[1] = "/Applications/GridRepublic\\ Desktop.app";
brandName[1] = "GridRepublic";
saverName[1] = "GridRepublic";
saverNameEscaped[1] = "GridRepublic";
receiptNameEscaped[1] = "/Library/Receipts/GridRepublic.pkg";
appName[2] = "/Applications/Progress Thru Processors Desktop.app";
appNameEscaped[2] = "/Applications/Progress\\ Thru\\ Processors\\ Desktop.app";
brandName[2] = "Progress Thru Processors";
saverName[2] = "Progress Thru Processors";
saverNameEscaped[2] = "Progress\\ Thru\\ Processors";
receiptNameEscaped[2] = "/Library/Receipts/Progress\\ Thru\\ Processors.pkg";
::GetCurrentProcess (&ourProcess);
// getlogin() gives unreliable results under OS 10.6.2, so use environment
strncpy(loginName, getenv("USER"), sizeof(loginName)-1);
err = Gestalt(gestaltSystemVersion, &OSVersion);
if (err != noErr)
return err;
for (i=0; i<argc; i++) {
if (strcmp(argv[i], "-part2") == 0)
return DeleteReceipt();
}
Initialize();
QuitBOINCManager('BNC!'); // Quit any old instance of BOINC manager
sleep(2);
// Core Client may still be running if it was started without Manager
coreClientPID = FindProcessPID("boinc", 0);
if (coreClientPID)
kill(coreClientPID, SIGTERM); // boinc catches SIGTERM & exits gracefully
err = FindProcess ('APPL', 'xins', &installerPSN);
if (err == noErr)
err = GetProcessPID(&installerPSN , &installerPID);
brandID = GetBrandID();
if ((brandID < 0) || (brandID >= NUMBRANDS)) { // Safety check
brandID = 0;
}
if (OSVersion < 0x1040) {
::SetFrontProcess(&ourProcess);
// Remove everything we've installed
// "\pSorry, this version of GridRepublic requires system 10.4.0 or higher."
s[0] = sprintf(s+1, "Sorry, this version of %s requires system 10.4.0 or higher.", brandName[brandID]);
StandardAlert (kAlertStopAlert, (StringPtr)s, NULL, NULL, &itemHit);
// "rm -rf /Applications/GridRepublic\\ Desktop.app"
sprintf(s, "rm -rf %s", appNameEscaped[brandID]);
system (s);
// "rm -rf /Library/Screen\\ Savers/GridRepublic.saver"
sprintf(s, "rm -rf /Library/Screen\\ Savers/%s.saver", saverNameEscaped[brandID]);
system (s);
// "rm -rf /Library/Receipts/GridRepublic.pkg"
sprintf(s, "rm -rf %s", receiptNameEscaped[brandID]);
system (s);
// We don't customize BOINC Data directory name for branding
system ("rm -rf /Library/Application\\ Support/BOINC\\ Data");
err = kill(installerPID, SIGKILL);
ExitToShell();
}
sleep (2);
// Install all_projects_list.xml file, but only if one doesn't
// already exist, since a pre-existing one is probably newer.
f = fopen("/Library/Application Support/BOINC Data/all_projects_list.xml", "r");
if (f) {
fclose(f); // Already exists
} else {
system ("cp -fp Contents/Resources/all_projects_list.xml /Library/Application\\ Support/BOINC\\ Data/");
system ("chmod a-x /Library/Application\\ Support/BOINC\\ Data/all_projects_list.xml");
}
Success = false;
#ifdef SANDBOX
CheckUserAndGroupConflicts();
for (i=0; i<5; ++i) {
err = CreateBOINCUsersAndGroups();
if (err != noErr) {
// print_to_log_file("CreateBOINCUsersAndGroups returned %d (repetition=%d)", err, i);
continue;
}
// err = SetBOINCAppOwnersGroupsAndPermissions("/Applications/GridRepublic Desktop.app");
err = SetBOINCAppOwnersGroupsAndPermissions(appName[brandID]);
if (err != noErr) {
// print_to_log_file("SetBOINCAppOwnersGroupsAndPermissions returned %d (repetition=%d)", err, i);
continue;
}
err = SetBOINCDataOwnersGroupsAndPermissions();
if (err != noErr) {
// print_to_log_file("SetBOINCDataOwnersGroupsAndPermissions returned %d (repetition=%d)", err, i);
continue;
}
err = check_security(appName[brandID], "/Library/Application Support/BOINC Data", true, false);
if (err == noErr)
break;
// print_to_log_file("check_security returned %d (repetition=%d)", err, i);
}
#else // ! defined(SANDBOX)
// The BOINC Manager and Core Client have the set-user-ID-on-execution
// flag set, so their ownership is important and must match the
// ownership of the BOINC Data directory.
// Find an appropriate admin user to set as owner of installed files
// First, try the user currently logged in
grp = getgrnam("admin");
i = 0;
while ((p = grp->gr_mem[i]) != NULL) { // Step through all users in group admin
if (strcmp(p, loginName) == 0) {
Success = true; // Logged in user is a member of group admin
break;
}
++i;
}
// If currently logged in user is not admin, use first non-root admin user
if (!Success) {
i = 0;
while ((p = grp->gr_mem[i]) != NULL) { // Step through all users in group admin
if (strcmp(p, "root") != 0)
break;
++i;
}
}
// Set owner of branded BOINCManager and contents, including core client
// "chown -Rf username /Applications/GridRepublic\\ Desktop.app"
sprintf(s, "chown -Rf %s %s", p, appNameEscaped[brandID]);
system (s);
// Set owner of BOINC Screen Saver
// "chown -Rf username /Library/Screen\\ Savers/GridRepublic.saver"
sprintf(s, "chown -Rf %s /Library/Screen\\ Savers/%s.saver", p, saverNameEscaped[brandID]);
system (s);
// We don't customize BOINC Data directory name for branding
// "chown -Rf username /Library/Application\\ Support/BOINC\\ Data"
sprintf(s, "chown -Rf %s /Library/Application\\ Support/BOINC\\ Data", p);
system (s);
// "chmod -R a+s /Applications/GridRepublic\\ Desktop.app"
sprintf(s, "chmod -R a+s %s", appNameEscaped[brandID]);
system (s);
#endif // ! defined(SANDBOX)
// Remove any branded versions of BOINC other than ours (i.e., old versions)
for (i=0; i< NUMBRANDS; i++) {
if (i == brandID) continue;
// "rm -rf /Applications/GridRepublic\\ Desktop.app"
sprintf(s, "rm -rf %s", appNameEscaped[i]);
system (s);
// "rm -rf /Library/Screen\\ Savers/GridRepublic.saver"
sprintf(s, "rm -rf /Library/Screen\\ Savers/%s.saver", saverNameEscaped[i]);
system (s);
}
if (brandID == 0) { // Installing generic BOINC
system ("rm -f /Library/Application\\ Support/BOINC\\ Data/Branding");
}
// err_fsref = FSPathMakeRef((StringPtr)"/Applications/GridRepublic Desktop.app", &fileRef, NULL);
err_fsref = FSPathMakeRef((StringPtr)appName[brandID], &fileRef, NULL);
if (err_fsref == noErr)
err = LSRegisterFSRef(&fileRef, true);
err = UpdateAllVisibleUsers(brandID);
if (err != noErr)
return err;
#ifdef SANDBOX
err = CheckLogoutRequirement(&finalInstallAction);
if (finalInstallAction == launchWhenDone) {
// Wait for BOINC's RPC socket address to become available to user boinc_master, in
// case we are upgrading from a version which did not run as user boinc_master.
saved_uid = getuid();
saved_euid = geteuid();
pw = getpwnam("boinc_master");
b_m_uid = pw->pw_uid;
seteuid(b_m_uid);
for (i=0; i<120; i++) {
err = TestRPCBind();
if (err == noErr)
break;
sleep(1);
}
seteuid(saved_euid);
ProcessSerialNumber ourPSN;
ProcessInfoRec pInfo;
FSRef ourFSRef, theFSRef;
char thePath[MAXPATHLEN];
// Get the full path to this PostInstall application's bundle
err = GetCurrentProcess (&ourPSN);
if (err)
return -1000; // Should never happen
memset(&pInfo, 0, sizeof(pInfo));
pInfo.processInfoLength = sizeof( ProcessInfoRec );
err = GetProcessInformation(&ourPSN, &pInfo);
if (err)
return -1001; // Should never happen
err = GetProcessBundleLocation(&ourPSN, &ourFSRef);
if (err)
return -1002; // Should never happen
err = FSRefMakePath (&ourFSRef, (UInt8*)thePath, sizeof(thePath));
if (err)
return -1003; // Should never happen
q = strrchr(thePath, '/');
if (q == NULL)
return -1004; // Should never happen
*++q = '\0';
strlcat(thePath, "WaitPermissions.app", sizeof(thePath));
err = FSPathMakeRef((StringPtr)thePath, &theFSRef, NULL);
// When we first create the boinc_master group and add the current user to the
// new group, there is a delay before the new group membership is recognized.
// If we launch the BOINC Manager too soon, it will fail with a -1037 permissions
// error, so we wait until the current user can access the switcher application.
// Apparently, in order to get the changed permissions / group membership, we must
// launch a new process belonging to the user. It may also need to be in a new
// process group or new session. Neither system() nor popen() works, even after
// setting the uid and euid back to the logged in user, but LSOpenFSRef() does.
// The WaitPermissions application loops until it can access the switcher
// application.
err = LSOpenFSRef(&theFSRef, NULL);
waitPermissionsStartTime = time(NULL);
for (i=0; i<15; i++) { // Show "Please wait..." alert after 15 seconds
waitPermissionsPID = FindProcessPID("WaitPermissions", 0);
if (waitPermissionsPID == 0) {
return 0;
}
sleep(1);
}
CreateStandardAlert(kAlertNoteAlert, CFSTR("Finishing install. Please wait ..."), CFSTR("This may take a few more minutes."), NULL, &theWin);
HideDialogItem(theWin, kStdOkItemIndex);
RemoveDialogItems(theWin, kStdOkItemIndex, 1, false);
RunStandardAlert(theWin, &myFilterProc, &itemHit);
}
#endif // SANDBOX
return 0;
}
int main(int argc, char *argv[])
{
long brandID = 0;
Boolean AddUsers = false;
Boolean SetSavers = false;
Boolean isBMGroupMember, isBPGroupMember;
Boolean saverIsSet = false;
passwd *pw;
uid_t saved_uid;
group grpBOINC_master, *grpBOINC_masterPtr;
group grpBOINC_project, *grpBOINC_projectPtr;
char bmBuf[32768];
char bpBuf[32768];
char loginName[256];
short index, i;
FILE *f;
int flag;
char *p;
char s[1024], buf[1024];
OSStatus err;
brandID = GetBrandID();
#ifndef _DEBUG
if (getuid() != 0) {
printf("This program must be run as root\n");
printUsage(brandID);
return 0;
}
#endif
saved_uid = geteuid();
if (argc < 3) {
printUsage(brandID);
return 0;
}
if (strcmp(argv[1], "-a") == 0) {
AddUsers = true;
} else if (strcmp(argv[1], "-s") == 0) {
AddUsers = true;
SetSavers = true;
} else if (strcmp(argv[1], "-r") != 0) {
printUsage(brandID);
return 0;
}
printf("\n");
if (!check_branding_arrays(s, sizeof(s))) {
printf("Branding array has too few entries: %s\n", s);
return -1;
}
loginName[0] = '\0';
strncpy(loginName, getenv("USER"), sizeof(loginName)-1);
err = getgrnam_r("boinc_master", &grpBOINC_master, bmBuf, sizeof(bmBuf), &grpBOINC_masterPtr);
if (err) { // Should never happen unless buffer too small
puts("getgrnam(\"boinc_master\") failed\n");
return -1;
}
err = getgrnam_r("boinc_project", &grpBOINC_project, bpBuf, sizeof(bpBuf), &grpBOINC_projectPtr);
if (err) { // Should never happen unless buffer too small
puts("getgrnam(\"boinc_project\") failed\n");
return -1;
}
for (index=2; index<argc; index++) {
// getpwnam works with either the full / login name (pw->pw_gecos)
// or the short / Posix name (pw->pw_name)
pw = getpwnam(argv[index]);
if ((pw == NULL) || (pw->pw_uid < 501)) {
printf("User %s not found.\n\n", argv[index]);
continue;
}
flag = 0;
sprintf(s, "dscl . -read \"/Users/%s\" NFSHomeDirectory", pw->pw_name);
f = popen(s, "r");
if (!f) {
flag = 1;
} else {
while (PersistentFGets(buf, sizeof(buf), f)) {
p = strrchr(buf, ' ');
if (p) {
if (strstr(p, "/var/empty") != NULL) {
flag = 1;
break;
}
}
}
pclose(f);
}
if (flag) {
sprintf(s, "dscl . -read \"/Users/%s\" UserShell", pw->pw_name);
f = popen(s, "r");
if (!f) {
flag |= 2;
} else {
while (PersistentFGets(buf, sizeof(buf), f)) {
p = strrchr(buf, ' ');
if (p) {
if (strstr(p, "/usr/bin/false") != NULL) {
flag |= 2;
break;
}
}
}
pclose(f);
}
}
if (flag == 3) { // if (Home Directory == "/var/empty") && (UserShell == "/usr/bin/false")
printf("%s is not a valid user name.\n\n", argv[index]);
continue;
}
printf("%s user %s (/Users/%s)\n", AddUsers? "Adding" : "Removing", pw->pw_gecos, pw->pw_name);
isBMGroupMember = false;
i = 0;
while ((p = grpBOINC_master.gr_mem[i]) != NULL) { // Step through all users in group boinc_master
if (strcmp(p, pw->pw_name) == 0) { // Only the short / Posix names are in the list
// User is a member of group boinc_master
isBMGroupMember = true;
break;
}
++i;
}
isBPGroupMember = false;
i = 0;
while ((p = grpBOINC_project.gr_mem[i]) != NULL) { // Step through all users in group boinc_project
if (strcmp(p, pw->pw_name) == 0) { // Only the short / Posix names are in the list
// User is a member of group boinc_master
isBPGroupMember = true;
break;
}
++i;
}
if ((!isBMGroupMember) && AddUsers) {
sprintf(s, "dscl . -merge /groups/boinc_master GroupMembership %s", pw->pw_name);
callPosixSpawn(s);
}
if ((!isBPGroupMember) && AddUsers) {
sprintf(s, "dscl . -merge /groups/boinc_project GroupMembership %s", pw->pw_name);
callPosixSpawn(s);
}
if (isBMGroupMember && (!AddUsers)) {
sprintf(s, "dscl . -delete /Groups/boinc_master GroupMembership %s", pw->pw_name);
callPosixSpawn(s);
}
if (isBPGroupMember && (!AddUsers)) {
sprintf(s, "dscl . -delete /Groups/boinc_project GroupMembership %s", pw->pw_name);
callPosixSpawn(s);
}
if (!AddUsers) {
// Delete per-user BOINC Manager and screensaver files
sprintf(s, "rm -fR \"/Users/%s/Library/Application Support/BOINC\"", pw->pw_name);
callPosixSpawn (s);
}
// Set or remove login item for this user
bool useOSASript = false;
if ((compareOSVersionTo(10, 13) < 0)
|| (strcmp(loginName, pw->pw_name) == 0)
|| (strcmp(loginName, pw->pw_gecos) == 0)) {
useOSASript = true;
}
#if USE_OSASCRIPT_FOR_ALL_LOGGED_IN_USERS
if (! useOSASript) {
useOSASript = IsUserLoggedIn(pw->pw_name);
}
#endif
if (useOSASript) {
snprintf(s, sizeof(s), "/Users/%s/Library/LaunchAgents/edu.berkeley.boinc.plist", pw->pw_name);
boinc_delete_file(s);
SetLoginItemOSAScript(brandID, !AddUsers, pw->pw_name);
} else {
SetLoginItemLaunchAgent(brandID, !AddUsers, pw);
}
saverIsSet = false;
err = GetCurrentScreenSaverSelection(pw, s, sizeof(s) -1);
#if VERBOSE
fprintf(stderr, "Current Screensaver Selection for user %s is: \"%s\"\n", pw->pw_name, s);
#endif
if (err == noErr) {
if (!strcmp(s, saverName[brandID])) {
saverIsSet = true;
}
}
if (SetSavers) {
if (saverIsSet) {
printf("Screensaver already set to %s for user %s (/Users/%s)\n", saverName[brandID], pw->pw_gecos, pw->pw_name);
} else {
printf("Setting screensaver to %s for user %s (/Users/%s)\n", saverName[brandID], pw->pw_gecos, pw->pw_name);
}
}
if ((!saverIsSet) && SetSavers) {
seteuid(pw->pw_uid); // Temporarily set effective uid to this user
sprintf(s, "/Library/Screen Savers/%s.saver", saverName[brandID]);
err = SetScreenSaverSelection(pw, saverName[brandID], s, 0);
#if VERBOSE
fprintf(stderr, "SetScreenSaverSelection for user %s (uid %d) to \"%s\" returned error %d\n", pw->pw_name, geteuid(), saverName[brandID], err);
#endif
seteuid(saved_uid); // Set effective uid back to privileged user
// This seems to work also:
// sprintf(buf, "su -l \"%s\" -c 'defaults -currentHost write com.apple.screensaver moduleDict -dict moduleName \"%s\" path \"%s\ type 0'", pw->pw_name, saverName[brandID], s);
// callPosixSpawn(s);
}
if (saverIsSet && (!AddUsers)) {
printf("Setting screensaver to Flurry for user %s (/Users/%s)\n", pw->pw_gecos, pw->pw_name);
seteuid(pw->pw_uid); // Temporarily set effective uid to this user
err = SetScreenSaverSelection(pw, "Flurry", "/System/Library/Screen Savers/Flurry.saver", 0);
#if VERBOSE
fprintf(stderr, "SetScreenSaverSelection for user %s (%d) to Flurry returned error %d\n", pw->pw_name, geteuid(), err);
#endif
seteuid(saved_uid); // Set effective uid back to privileged user
}
seteuid(saved_uid); // Set effective uid back to privileged user
printf("\n");
}
printf("WARNING: Changes may require a system restart to take effect.\n");
return 0;
}
