Fix up processing for on-demand and on-demand-privileged tasks

bartreardon · bartreardon · commit f9edb02e0be8 · 2025-04-17T22:56:01.000+10:00
diff --git a/Outset/Globals.swift b/Outset/Globals.swift
@@ -38,6 +38,7 @@ let scriptPayloads = getScriptPayloads()
 
 enum Trigger: String {
     case onDemand = "/private/tmp/.io.macadmins.outset.ondemand.launchd"
+    case onDemandPrivileged = "/private/tmp/.io.macadmins.outset.ondemand-privileged.launchd"
     case loginPrivileged = "/private/tmp/.io.macadmins.outset.login-privileged.launchd"
     case cleanup = "/private/tmp/.io.macadmins.outset.cleanup.launchd"
 
diff --git a/Outset/Outset.swift b/Outset/Outset.swift
@@ -186,7 +186,7 @@ struct Outset: ParsableCommand {
         if loginPrivileged {
             writeLog("Processing scheduled runs for privileged login", logLevel: .info)
             if checkFileExists(path: Trigger.loginPrivileged.path) {
-                pathCleanup(pathname: Trigger.loginPrivileged.path)
+                pathCleanup(Trigger.loginPrivileged.path)
             }
             if !prefs.ignoredUsers.contains(consoleUser) {
                 if !scriptPayloads.processPayloadScripts(ofType: .loginPrivilegedOnce, runOnceData: prefs.overrideLoginOnce) &&
@@ -208,10 +208,8 @@ struct Outset: ParsableCommand {
                 if !["root", "loginwindow"].contains(consoleUser) {
                     let currentUser = NSUserName()
                     if consoleUser == currentUser {
-                        if !scriptPayloads.processPayloadScripts(ofType: .onDemand) {
-                            processItems(.onDemand)
-                        }
-                        createTrigger(Trigger.onDemand.path)
+                        processItems(.onDemand)
+                        createTrigger(Trigger.cleanup.path)
                     } else {
                         writeLog("User \(currentUser) is not the current console user. Skipping on-demand run.")
                     }
@@ -222,26 +220,16 @@ struct Outset: ParsableCommand {
         }
 
         if onDemandPrivileged {
+            ensureRoot("execute on-demand-privileged")
             writeLog("Processing on-demand-privileged", logLevel: .debug)
-            if !folderContents(path: PayloadType.onDemandPrivileged.directoryPath).isEmpty {
-                if !["root", "loginwindow"].contains(consoleUser) {
-                    let currentUser = NSUserName()
-                    if consoleUser == currentUser {
-                        if !scriptPayloads.processPayloadScripts(ofType: .onDemandPrivileged) {
-                            processItems(.onDemandPrivileged)
-                        }
-                    } else {
-                        writeLog("User \(currentUser) is not the current console user. Skipping on-demand-privileged run.")
-                    }
-                } else {
-                    writeLog("No current user session. Skipping on-demand run.")
-                }
-                FileManager.default.createFile(atPath: Trigger.onDemand.path, contents: nil)
-                DispatchQueue.main.asyncAfter(deadline: .now() + 0.5) {
-                    if checkFileExists(path: Trigger.onDemand.path) {
-                        pathCleanup(pathname: Trigger.onDemand.path)
-                    }
+            if !["loginwindow"].contains(consoleUser) {
+                if !folderContents(path: PayloadType.onDemandPrivileged.directoryPath).isEmpty {
+                    processItems(.onDemandPrivileged)
+                    pathCleanup(Trigger.onDemandPrivileged.path)
+                    pathCleanup(PayloadType.onDemandPrivileged.directoryPath)
                 }
+            } else {
+                writeLog("No current user session. Skipping on-demand-privileged run.")
             }
         }
 
@@ -268,10 +256,12 @@ struct Outset: ParsableCommand {
         }
 
         if cleanup {
-            writeLog("Cleaning up on-demand directory.", logLevel: .info)
-            if checkFileExists(path: Trigger.onDemand.path) { pathCleanup(pathname: Trigger.onDemand.path) }
-            if checkFileExists(path: Trigger.cleanup.path) { pathCleanup(pathname: Trigger.cleanup.path) }
-            if !folderContents(path: PayloadType.onDemand.directoryPath).isEmpty { pathCleanup(pathname: PayloadType.onDemand.directoryPath) }
+            writeLog("Cleaning up on-demand directories.", logLevel: .info)
+            pathCleanup(Trigger.onDemand.path)
+            pathCleanup(Trigger.onDemandPrivileged.path)
+            pathCleanup(PayloadType.onDemand.directoryPath)
+            pathCleanup(PayloadType.onDemandPrivileged.directoryPath)
+            pathCleanup(Trigger.cleanup.path)
         }
 
         if !addIgnoredUser.isEmpty {
diff --git a/Outset/UserDefaults/Payloads.swift b/Outset/UserDefaults/Payloads.swift
@@ -163,7 +163,7 @@ class ScriptPayloadManager {
 
     // Loads and decodes ScriptPayloads from UserDefaults
     func loadScriptPayloads() -> ScriptPayloads? {
-        let forced = CFPreferencesAppValueIsForced("script_payloads" as CFString, appBundle)
+        // let forced = CFPreferencesAppValueIsForced("script_payloads" as CFString, appBundle)
         var payloads: [ScriptPayloads] = []
         var currentPayload: ScriptPayloads = ScriptPayloads()
         // we will want to limit returning payloads to managed profiles only
diff --git a/Outset/Utils/FileUtils/CoreFileUtils.swift b/Outset/Utils/FileUtils/CoreFileUtils.swift
@@ -18,6 +18,7 @@ func ensureWorkingFolders() {
         PayloadType.loginPrivilegedEvery.directoryPath,
         PayloadType.loginPrivilegedOnce.directoryPath,
         PayloadType.onDemand.directoryPath,
+        PayloadType.onDemandPrivileged.directoryPath,
         logDirectory
     ]
 
@@ -105,7 +106,7 @@ func getFileProperties(pathname: String) -> (ownerID: Int, permissions: NSNumber
     return (ownerID, mode)
 }
 
-func pathCleanup(pathname: String) {
+func pathCleanup(_ pathname: String) {
     // check if folder and clean all files in that folder
     // Deletes given script or cleans folder
     writeLog("Cleaning up \(pathname)", logLevel: .debug)
diff --git a/Outset/Utils/ItemProcessing.swift b/Outset/Utils/ItemProcessing.swift
@@ -85,7 +85,7 @@ func processPackages(packages: [String], once: Bool=false, override: RunOnce = [
             _ = installPackage(pkg: package)
         }
         if deleteItems {
-            pathCleanup(pathname: package)
+            pathCleanup(package)
         }
     }
 
@@ -153,7 +153,7 @@ func processScripts(scripts: [String], altName: String = "", once: Bool=false, o
             }
         }
         if deleteItems {
-            pathCleanup(pathname: script)
+            pathCleanup(script)
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@ func ensureWorkingFolders() {`
`18`	`18`	`PayloadType.loginPrivilegedEvery.directoryPath,`
`19`	`19`	`PayloadType.loginPrivilegedOnce.directoryPath,`
`20`	`20`	`PayloadType.onDemand.directoryPath,`
	`21`	`+ PayloadType.onDemandPrivileged.directoryPath,`
`21`	`22`	`logDirectory`
`22`	`23`	`]`
`23`	`24`
`@@ -105,7 +106,7 @@ func getFileProperties(pathname: String) -> (ownerID: Int, permissions: NSNumber`
`105`	`106`	`return (ownerID, mode)`
`106`	`107`	`}`
`107`	`108`
`108`		`-func pathCleanup(pathname: String) {`
	`109`	`+func pathCleanup(_ pathname: String) {`
`109`	`110`	`// check if folder and clean all files in that folder`
`110`	`111`	`// Deletes given script or cleans folder`
`111`	`112`	`writeLog("Cleaning up \(pathname)", logLevel: .debug)`
Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ func processPackages(packages: [String], once: Bool=false, override: RunOnce = [`
`85`	`85`	`_ = installPackage(pkg: package)`
`86`	`86`	`}`
`87`	`87`	`if deleteItems {`
`88`		`- pathCleanup(pathname: package)`
	`88`	`+ pathCleanup(package)`
`89`	`89`	`}`
`90`	`90`	`}`
`91`	`91`
`@@ -153,7 +153,7 @@ func processScripts(scripts: [String], altName: String = "", once: Bool=false, o`
`153`	`153`	`}`
`154`	`154`	`}`
`155`	`155`	`if deleteItems {`
`156`		`- pathCleanup(pathname: script)`
	`156`	`+ pathCleanup(script)`
`157`	`157`	`}`
`158`	`158`	`}`
`159`	`159`