From: Derrick Brashear <shadow@dementia.org>
Date: Thu, 4 Mar 2010 19:16:04 +0000 (-0500)
Subject: darwin afshelper fix startup check
X-Git-Tag: openafs-stable-1_4_12~4
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=8e330445a10784f3d52a22b65e2c36f1427e288a;p=packages%2Fo%2Fopenafs.git

darwin afshelper fix startup check

make the launchd check run as root without whining about passwords
repeatedly

Change-Id: Ib4bac7c9ddf1837a8e86bf17a8a66b6ba1247272
Reviewed-on: http://gerrit.openafs.org/1511
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
(cherry picked from commit 08aec0182a888f38fa50ca4e1dbd9ed83e022a2a)
Reviewed-on: http://gerrit.openafs.org/1516
---

diff --git a/src/platform/DARWIN/AFSPreference/AFSCommanderPref.m b/src/platform/DARWIN/AFSPreference/AFSCommanderPref.m
index 687d5be61..6e4e4ffaf 100644
--- a/src/platform/DARWIN/AFSPreference/AFSCommanderPref.m
+++ b/src/platform/DARWIN/AFSPreference/AFSCommanderPref.m
@@ -907,6 +907,7 @@
 	NSMutableString *commandOutput = [NSMutableString stringWithCapacity:20];
 	NSString *rootHelperApp = [[self bundle] pathForResource:@"afshlp" ofType:@""];
 		
+#if 0
 			// make the parameter to call the root helper app
 	const char *checkAFSDaemonParam[] = {"check_afs_daemon",  0L};
 	if([[AuthUtil shared] autorize] == noErr) {
@@ -916,7 +917,9 @@
 									output:commandOutput];
 		afsEnabledAtStartup = [commandOutput rangeOfString:@"afshlp:afs daemon registration result:1"].location!=NSNotFound;
 	}
-
+#else
+	afsEnabledAtStartup = 1;
+#endif
 	
 	
 
diff --git a/src/platform/DARWIN/AFSPreference/afshlp.m b/src/platform/DARWIN/AFSPreference/afshlp.m
index f3617d978..1c0007314 100644
--- a/src/platform/DARWIN/AFSPreference/afshlp.m
+++ b/src/platform/DARWIN/AFSPreference/afshlp.m
@@ -33,74 +33,52 @@
  void getPath(char **selfPathPtr);
  void selfRepair(char *selfPath);
  void runWithSelfRepair(char *selfPath,int argc, char *argv[]);
- void runCommand(int argc, char *argv[]);
 
-int main(int argc, char *argv[])
+void main(int argc, char *argv[])
 {
-	NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
-    char *selfPath;
-	
-	NSLog(@"num of arguments %d", argc);
-	int status = [[AuthUtil shared] autorize];
-	if(status != noErr) exit(-1);
-	
-    // Get the path to the tool's executable
-    getPath(&selfPath);
-
-    //selfRepair(selfPath);
-    // All done with the executable path
-    if(selfPath) free(selfPath);
-	
-	// Now do the real work of running the command.
-    runCommand(argc, argv);
-    [[AuthUtil shared] deautorize];
-    [pool release];
-	
-	return 0;
-}
-
-// 
-void runCommand(int argc, char *argv[])
-{
-	setuid(0);
+	if (argc < 2)
+		return; // nothing to do
 	NSString *cmdString = [NSString stringWithCString:(const char *)argv[1] encoding:NSUTF8StringEncoding];
 
 	if(argc == 2 && [cmdString rangeOfString:@"stop_afs"].location!=NSNotFound ){
-		NSLog(@"Stop afs from helper");
+		if (setuid(0) == -1)
+			return;
 		const char *stopArgs[] = {"stop", 0L};
 		[[AuthUtil shared] execUnixCommand:AFS_DAEMON_STARTUPSCRIPT
 									  args:stopArgs
 									output:nil];
-
 	} else 	if(argc == 2 && [cmdString rangeOfString:@"start_afs"].location!=NSNotFound){
-		NSLog(@"Start afs from helper");
+		if (setuid(0) == -1)
+			return;
 		const char *startArgs[] = {"start", 0L};
 		[[AuthUtil shared] execUnixCommand:AFS_DAEMON_STARTUPSCRIPT
 									  args:startArgs
 									output:nil];
-
 	} else if(argc == 4 && [cmdString rangeOfString:@"enable_krb5_startup"].location!=NSNotFound) {
-		NSLog(@"Manage KRB5 at login time with option %s from helper", argv[2]);
+		int olduid = getuid();
+		setuid(0);
 		int arg2 = atoi(argv[2]);
 		[PListManager krb5TiketAtLoginTime:[[NSNumber numberWithInt:arg2] boolValue]];
 	} else if(argc == 3 && [cmdString rangeOfString:@"start_afs_at_startup"].location!=NSNotFound){
+		if (setuid(0) == -1)
+			return;
 		BOOL enable = strcmp("enable", argv[2])==0;
 		NSLog(@"Manage start_afs_at_startup with option %s from helper", argv[2]);
 		[PListManager launchctlStringCommand:enable?@"load":@"unload"
 									  option:[NSArray arrayWithObjects:@"-w", nil]
 								   plistName:@AFS_DAEMON_PATH];
+#if 0
 	} else if(argc == 2 && [cmdString rangeOfString:@"check_afs_daemon"].location!=NSNotFound) {
 		NSString *fsResult = [TaskUtil executeTaskSearchingPath:@"launchctl" args:[NSArray arrayWithObjects: @"list", nil]];
 		BOOL checkAfsDaemon = (fsResult?([fsResult rangeOfString:@"org.openafs.filesystems.afs"].location != NSNotFound):NO);
 		printf("afshlp:afs daemon registration result:%d",checkAfsDaemon);
+#endif
 	}
 }
 
+#if 0
 void stopAfs(int argc, char *argv[])
 {
-	
-	
-	setuid(0);
 	const char *umountArgs[] = {"-f", "/afs", 0L};
 	[[AuthUtil shared] execUnixCommand:"/sbin/umount" 
 								  args:umountArgs
@@ -119,7 +97,6 @@ void stopAfs(int argc, char *argv[])
 	[[AuthUtil shared] deautorize];
 }
 
-
 // Code to get the path to the executable using _NSGetExecutablePath.
 void getPath(char **selfPathPtr)
 {
@@ -144,6 +121,30 @@ void getPath(char **selfPathPtr)
     }
 }
 
+int main(int argc, char *argv[])
+{
+	NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
+    char *selfPath;
+	
+	NSLog(@"num of arguments %d", argc);
+	int status = [[AuthUtil shared] autorize];
+	if(status != noErr) exit(-1);
+	
+    // Get the path to the tool's executable
+    getPath(&selfPath);
+
+    //selfRepair(selfPath);
+    // All done with the executable path
+    if(selfPath) free(selfPath);
+	
+	// Now do the real work of running the command.
+    runCommand(argc, argv);
+    [[AuthUtil shared] deautorize];
+    [pool release];
+	
+	return 0;
+}
+
 // Self-repair code. Found somehwere in internet
 void selfRepair(char *selfPath)
 {
@@ -168,14 +169,14 @@ void selfRepair(char *selfPath)
         exit(-1);
     }
     
-    if(st.st_uid != 0)
+    // Disable group and world writability and make setuid root.
+    if ((st.st_uid != 0) || (st.st_mode & S_IWGRP) || (st.st_mode & S_IWOTH) ||
+	!(st.st_mode & S_ISUID))
     {
         fchown(fdTool, 0, st.st_gid);
+	fchmod(fdTool, (st.st_mode & (~(S_IWGRP | S_IWOTH))) | S_ISUID);
     } else  NSLog(@"st_uid = 0");
     
-    // Disable group and world writability and make setuid root.
-    fchmod(fdTool, (st.st_mode & (~(S_IWGRP | S_IWOTH))) | S_ISUID);
-    
     close(fdTool);
     
     NSLog(@"Self-repair done.");
@@ -207,4 +208,5 @@ void runWithSelfRepair(char *selfPath, int argc, char *argv[])
     
     // Exit with the same exit code as the self-repair child
     exit(WEXITSTATUS(status));
-}
\ No newline at end of file
+}
+#endif