# Mac OS X: Creating a login hook, 
# http://support.apple.com/kb/HT2420

# LoginHook
echo $'#!/bin/sh\n/usr/bin/logger -i "LoginHook"\nexit 0\n' > ~/Desktop/login.sh
/bin/chmod 0750 ~/Desktop/login.sh
#/bin/chmod 0500 ~/Desktop/login.sh
/bin/ls -l ~/Desktop/login.sh
/usr/bin/sudo /usr/bin/defaults write com.apple.loginwindow LoginHook "/Users/$(/usr/bin/logname)/Desktop/login.sh"
/usr/bin/sudo /bin/ls -l /private/var/root/Library/Preferences/com.apple.loginwindow.plist
/usr/bin/sudo /usr/bin/defaults read /private/var/root/Library/Preferences/com.apple.loginwindow LoginHook

# LogoutHook
echo $'#!/bin/sh\n/usr/bin/logger -i "LogoutHook"\nexit 0\n' > ~/Desktop/logout.sh
/bin/chmod 0750 ~/Desktop/logout.sh
#/bin/chmod 0500 ~/Desktop/logout.sh
/bin/ls -l ~/Desktop/logout.sh
/usr/bin/sudo /usr/bin/defaults write com.apple.loginwindow LogoutHook "/Users/$(/usr/bin/logname)/Desktop/logout.sh"
/usr/bin/sudo /bin/ls -l /private/var/root/Library/Preferences/com.apple.loginwindow.plist
/usr/bin/sudo /usr/bin/defaults read /private/var/root/Library/Preferences/com.apple.loginwindow LogoutHook


# now logout & login again
# cf. also  http://codesnippets.joyent.com/posts/show/1591

open -a Console    # see system.log


# disable login & logout hook again
/usr/bin/sudo /usr/bin/defaults delete com.apple.loginwindow LoginHook
/usr/bin/sudo /usr/bin/defaults delete com.apple.loginwindow LogoutHook

# cf. http://www.mactipper.com/2008/07/securely-lock-your-mac-system.html,
# http://www.macosxhints.com/article.php?story=20040724203315798 and
# http://www.apple.com/downloads/macosx/automator/lockdesktop.html

/System/Library/CoreServices/"Menu Extras"/User.menu/Contents/Resources/CGSession -suspend

/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/Resources/CGSession -switchToUserID username


alias lo='/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/Resources/CGSession -suspend'

# <ctrl> + l
help bind
bind -P | grep -i c-l
bind -x '"\C-l"':'/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/Resources/CGSession -suspend'

# <esc> + l
#bind -x '"\M-l"':'/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/Resources/CGSession -suspend'
bind -x '"\el"':'/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/Resources/CGSession -suspend'


#---------------------------------------------


open -a 'Keychain Access'

# go to  Keychain Access > Preferences ... > General > activate "Show Status in Menu Bar" 
# now you can use "Lock Screen" via the Keychain Access menu bar item

export PATH="/usr/bin:/bin:/usr/sbin:/sbin"
export IFS=$' \t\n'

mkdir -p ~/Applications

ls -ld ~/Applications
stat -x ~/Applications

cd ~/Applications
curl -L -O http://www.bluem.net/files/Pashua.dmg
hdiutil mount Pashua.dmg
cp -R /Volumes/Pashua ~/Applications/Pashua
hdiutil unmount /Volumes/Pashua

cd ~/Applications/Pashua/Examples
cp -p example.sh example.sh.orig   # backup


# some in-place text editing commands to modify ~/Applications/Pashua/Examples/example.sh
# cf. http://bash-hackers.org/wiki/doku.php?id=howto:edit-ed

export FILE="${HOME}/Applications/Pashua/Examples/example.sh"

# replace #!/bin/sh with #!/bin/bash
/bin/ed -s "${FILE}" <<< $'1,1s|bin/sh|bin/bash|\nw'

# to set the encoding to UTF-8 we add: set -- test utf8
/bin/ed -s "${FILE}" <<< $',s|\(.*Manage encoding.*\)|set -- test utf8 # set $2 to "utf8"\\\n\\\n\\1|\nw'

# delete all lines after first regex match /conf="/
/bin/ed -s "${FILE}" <<< $'/conf="/;$d\nw'


# add the following configuration

/bin/cat >> "${FILE}" <<-'EOF'

conf="

# Set transparency: 0 is transparent, 1 is opaque
*.transparency=0.95

# Set window title
*.title = Login Window

*.x = 550
*.y = 300
*.autoclosetime = 300

name.type = textfield
name.label = Please enter your name:
name.width = 280
name.x = 0
name.y = 110

password.type = password
password.label = Please enter your password:
password.width = 280
password.x = 0          
password.y = 45        

# Add a cancel button with default label
cb.type = cancelbutton

";   # end conf


pashua_run "$conf"
#pashua_run "$conf" "utf8"   # alternative to "set -- test utf8" above


if [[ ${cb} -ne 0 ]]; then echo 'Login cancelled!'; exit 1; fi

printf "%s\n" "name = ${name}"

printf "%s\n" "${name}" | ruby -n -e 'p $_.to_s'

# the following command requires #!/bin/bash
# cf. http://www.lugbz.org/pipermail/lugbz-list/2006-December/016360.html
/bin/ed -s <((printf "%s\n" "${name}")) <<< $',l'   

printf "%s\n" "password = ${password}"
printf "%s\n" "cb = ${cb}"

#printf "%s\n" "${password}" | /usr/bin/sudo -S /bin/ls | /usr/bin/head -n 5

/sbin/md5 -qs "${password}"

EOF


# run the script
~/Applications/Pashua/Examples/example.sh

--- includes/bootstrap.inc
+++ includes/bootstrap.inc
@@ -381,6 +381,15 @@
 
 /**
  * Set HTTP headers in preparation for a page response.
+ * 
+ * The general approach here is that anonymous users can keep a local cache of
+ * the page, but must revalidate it on every request. Then, they are given a
+ * '304 Not Modified' response as long as they stay logged out and the page
+ * has not been modified.
+ * This prevents authenticated users seeing locally cached pages that show them
+ * as logged out.
+ * Authenticated users are always given a 'no-cache' header set, and will fetch
+ * a fresh page on every request.
  *
  * @see page_set_cache
  */
@@ -412,7 +421,10 @@
     // Send appropriate response:
     header("Last-Modified: $date");
     header("ETag: $etag");
-
+    // The following headers force validation of cache
+    header("Expires: Sun, 19 Nov 1978 05:00:00 GMT");
+    header("Cache-Control: must-revalidate");
+      
     // Determine if the browser accepts gzipped data.
     if (@strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') === FALSE && function_exists('gzencode')) {
       // Strip the gzip header and run uncompress.