fix plist files and enhance privilege escalation method

2025-10-29 17:00:05 +00:00 · 2022-01-14 03:17:36 +08:00
parent 29bb10a40a
commit b4f61c735e
14 changed files with 116 additions and 71 deletions
--- a/src/lang/cn.rs
+++ b/src/lang/cn.rs
@@ -195,6 +195,5 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> =
        ("Socks5 Proxy", "Socks5 代理"),
        ("Hostname", "主机名"),
        ("Discovered", "已发现"),
-        ("install_daemon", "为了支持在登录系统时可以访问你的桌面，RustDesk需要\"安装系统服务\"")
    ].iter().cloned().collect();
    }
--- a/src/platform/macos.rs
+++ b/src/platform/macos.rs
@@ -17,9 +17,12 @@ use core_graphics::{
    window::{kCGWindowName, kCGWindowOwnerPID},
 };
 use hbb_common::{allow_err, bail, log};
+use include_dir::{include_dir, Dir};
 use objc::{class, msg_send, sel, sel_impl};
 use scrap::{libc::c_void, quartz::ffi::*};

+static PRIVILEGES_SCRIPTS_DIR: Dir =
+    include_dir!("$CARGO_MANIFEST_DIR/src/platform/privileges_scripts");
 static mut LATEST_SEED: i32 = 0;

 extern "C" {
@@ -100,31 +103,75 @@ pub fn is_can_screen_recording(prompt: bool) -> bool {

 pub fn is_installed_daemon(prompt: bool) -> bool {
    if !prompt {
-
-        if !std::path::Path::new("/Library/LaunchDaemons/com.carriez.rustdesk.daemon.plist").exists(){
+        if !std::path::Path::new("/Library/LaunchDaemons/com.carriez.rustdesk.daemon.plist")
+            .exists()
+        {
            return false;
        }

-        if !std::path::Path::new("/Library/LaunchAgents/com.carriez.rustdesk.agent.root.plist").exists(){
+        if !std::path::Path::new("/Library/LaunchAgents/com.carriez.rustdesk.agent.root.plist")
+            .exists()
+        {
            return false;
        }

-        if !std::path::Path::new("/Library/LaunchAgents/com.carriez.rustdesk.agent.user.plist").exists(){
+        if !std::path::Path::new("/Library/LaunchAgents/com.carriez.rustdesk.agent.user.plist")
+            .exists()
+        {
            return false;
        }

        return true;
    }

-    if !std::process::Command::new("osascript")
-        .arg("./privileges_scripts/install.scpt")
-        .status()
-        .unwrap()
-        .success() {
-        return false;
+    let install_script = PRIVILEGES_SCRIPTS_DIR.get_file("install.scpt").unwrap();
+    let install_script_body = install_script.contents_utf8().unwrap();
+
+    let daemon_plist = PRIVILEGES_SCRIPTS_DIR
+        .get_file("com.carriez.rustdesk.daemon.plist")
+        .unwrap();
+    let daemon_plist_body = daemon_plist.contents_utf8().unwrap();
+
+    let root_agent_plist = PRIVILEGES_SCRIPTS_DIR
+        .get_file("com.carriez.rustdesk.agent.root.plist")
+        .unwrap();
+    let root_agent_plist_body = root_agent_plist.contents_utf8().unwrap();
+
+    let user_agent_plist = PRIVILEGES_SCRIPTS_DIR
+        .get_file("com.carriez.rustdesk.agent.user.plist")
+        .unwrap();
+    let user_agent_plist_body = user_agent_plist.contents_utf8().unwrap();
+
+    match std::process::Command::new("osascript")
+        .arg("-e")
+        .arg(install_script_body)
+        .arg(daemon_plist_body)
+        .arg(root_agent_plist_body)
+        .arg(user_agent_plist_body)
+        .spawn()
+    {
+        Ok(mut proc) => proc.wait().is_ok(),
+        Err(e) => {
+            log::error!("run osascript failed: {}", e);
+            false
+        },
+    }
+}
+
+pub fn launch_or_stop_daemon(launch: bool) {
+    let mut script_filename = "launch_service.scpt";
+    if !launch {
+        script_filename = "stop_service.scpt";
    }

-    return true;
+    let script_file = PRIVILEGES_SCRIPTS_DIR.get_file(script_filename).unwrap();
+    let script_body = script_file.contents_utf8().unwrap();
+
+    std::process::Command::new("osascript")
+        .arg("-e")
+        .arg(script_body)
+        .spawn()
+        .ok();
 }

 pub fn get_cursor_pos() -> Option<(i32, i32)> {
--- a/src/platform/privileges_scripts/com.carriez.rustdesk.agent.root.plist
+++ b/src/platform/privileges_scripts/com.carriez.rustdesk.agent.root.plist
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+    <dict>
+        <key>Label</key>
+        <string>com.carriez.rustdesk.agent.root</string>
+        <key>LimitLoadToSessionType</key>
+        <array>
+            <string>LoginWindow</string>
+        </array>
+        <key>KeepAlive</key>
+        <dict>
+            <key>SuccessfulExit</key>
+            <false />
+            <key>AfterInitialDemand</key>
+            <false />
+        </dict>
+        <key>RunAtLoad</key>
+        <true />
+        <key>ProgramArguments</key>
+        <array>
+            <string>/Applications/RustDesk.app/Contents/MacOS/rustdesk</string>
+            <string>--server</string>
+        </array>
+        <key>WorkingDirectory</key>
+        <string>/Applications/RustDesk.app/Contents/MacOS/</string>
+    </dict>
+</plist>
--- a/src/platform/privileges_scripts/com.carriez.rustdesk.agent.user.plist
+++ b/src/platform/privileges_scripts/com.carriez.rustdesk.agent.user.plist
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+    <dict>
+        <key>Label</key>
+        <string>com.carriez.rustdesk.agent.user</string>
+        <key>LimitLoadToSessionType</key>
+        <array>
+            <string>Aqua</string>
+        </array>
+        <key>KeepAlive</key>
+        <dict>
+            <key>SuccessfulExit</key>
+            <false />
+            <key>AfterInitialDemand</key>
+            <false />
+        </dict>
+        <key>RunAtLoad</key>
+        <true />
+        <key>ProgramArguments</key>
+        <array>
+            <string>/Applications/RustDesk.app/Contents/MacOS/rustdesk</string>
+            <string>--server</string>
+        </array>
+        <key>WorkingDirectory</key>
+        <string>/Applications/RustDesk.app/Contents/MacOS/</string>
+    </dict>
+</plist>
--- a/src/platform/privileges_scripts/com.carriez.rustdesk.daemon.plist
+++ b/src/platform/privileges_scripts/com.carriez.rustdesk.daemon.plist
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+    <dict>
+        <key>Label</key>
+        <string>com.carriez.rustdesk.daemon</string>
+        <key>KeepAlive</key>
+        <true/>
+        <key>ProgramArguments</key>
+        <array>
+        	<string>/Applications/RustDesk.app/Contents/MacOS/rustdesk</string>
+        	<string>--daemon</string>
+        </array>
+        <key>RunAtLoad</key>
+        <true/>
+        <key>WorkingDirectory</key>
+        <string>/Applications/RustDesk.app/Contents/MacOS/</string>
+    </dict>
+</plist>
--- a/src/platform/privileges_scripts/install.scpt
+++ b/src/platform/privileges_scripts/install.scpt
@@ -0,0 +1,19 @@
+on run {daemon_file, root_agent_file, user_agent_file}
+
+	set sh1 to "echo " & quoted form of daemon_file & " > /Library/LaunchDaemons/com.carriez.rustdesk.daemon.plist && chown root:wheel /Library/LaunchDaemons/com.carriez.rustdesk.daemon.plist;"
+
+	set sh2 to "echo " & quoted form of root_agent_file & " > /Library/LaunchAgents/com.carriez.rustdesk.agent.root.plist && chown root:wheel /Library/LaunchAgents/com.carriez.rustdesk.agent.root.plist;"
+
+	set sh3 to "echo " & quoted form of user_agent_file & " > /Library/LaunchAgents/com.carriez.rustdesk.agent.user.plist && chown root:wheel /Library/LaunchAgents/com.carriez.rustdesk.agent.user.plist;"
+
+    set sh4 to "launchctl load -w /Library/LaunchDaemons/com.carriez.rustdesk.daemon.plist;"
+
+    set sh5 to "launchctl load -w /Library/LaunchAgents/com.carriez.rustdesk.agent.root.plist;"
+
+    set sh6 to "launchctl load -w /Library/LaunchAgents/com.carriez.rustdesk.agent.user.plist;"
+
+	set sh to sh1 & sh2 & sh3 & sh4 & sh5 &sh6
+
+	log (sh)
+	do shell script sh with prompt "RustDesk 需要安装服务" with administrator privileges
+end run
--- a/src/platform/privileges_scripts/launch_service.scpt
+++ b/src/platform/privileges_scripts/launch_service.scpt
@@ -0,0 +1,7 @@
+set sh1 to "launchctl load -w /Library/LaunchAgents/com.carriez.rustdesk.agent.root.plist;"
+
+set sh2 to "launchctl load -w /Library/LaunchAgents/com.carriez.rustdesk.agent.user.plist;"
+
+set sh to sh1 & sh2
+
+do shell script sh with prompt "RustDesk 需要停止服务" with administrator privileges
--- a/src/platform/privileges_scripts/stop_service.scpt
+++ b/src/platform/privileges_scripts/stop_service.scpt
@@ -0,0 +1,7 @@
+set sh1 to "launchctl unload -w /Library/LaunchAgents/com.carriez.rustdesk.agent.root.plist;"
+
+set sh2 to "launchctl unload -w /Library/LaunchAgents/com.carriez.rustdesk.agent.user.plist;"
+
+set sh to sh1 & sh2
+
+do shell script sh with prompt "RustDesk 需要停止服务" with administrator privileges
--- a/src/ui.rs
+++ b/src/ui.rs
@@ -360,22 +360,12 @@ impl UI {
        if value.is_empty() {
            options.remove(&key);
        } else {
-            options.insert(key, value);
+            options.insert(key.clone(), value.clone());
        }
        ipc::set_options(options.clone()).ok();

-        #[cfg(macos)]
-        if key == "stop-service" {
-            let mut service_script = "./privileges_scripts/stop_service.scpt";
-            if value == "Y" {
-                command = "./privileges_scripts/launch_service.scpt";
-            }
-
-            std::process::Command::new("osascript")
-                .arg(service_script)
-                .status()
-                .unwrap()
-                .success();
+        if cfg!(target_os = "macos") && &key == "stop-service" {
+            crate::platform::macos::launch_or_stop_daemon(value != "Y");
        }
    }