mirror of
https://git.openafs.org/openafs.git
synced 2025-01-18 15:00:12 +00:00
120871f03f
The prefpane for macOS runs as the logged-in user, but needs root access for some operations: starting/stopping the client, editing various configuration files like CellServDB, etc. We currently use functions like AuthorizationExecuteWithPrivileges() to run commands with root privileges directly, but this approach no longer works as of macOS 10.8 (Mountain Lion); the relevant functions have been removed. Instead, a new approach exists as of macOS 10.6 (Snow Leopard). The prefpane application itself cannot gain root privileges, but we can provide another daemon process that runs as root, and the PrefPane sends requests to that process to perform the privileged operations we need. In this commit, create a separate helper program called PrivilegedHelper (privhelper for short) that serves this purpose. Define the executePrivTask() method in TaskUtil to handle communicating with privhelper over XPC. This commit does not define any of the tasks that privhelper will actually perform; this just implements privhelper itself. Later commits will add and use various privileged tasks in privhelper. In order for privhelper to be able to run as root, both privhelper and the prefpane itself must be code signed and the relevant apple team id must be specified in their Info.plist when they are built, as well as inside privhelper.c. Currently, we have no way of specifying code signatures info during the build, since all code signing is done when generating packages (via pkgbuild.sh) after binaries are built. For now, just put a commented-out section in src/platform/DARWIN/AFSPreference/Info.plist and src/platform/DARWIN/PrivilegedHelper/privhelper-info.plist and a placeholder in src/platform/DARWIN/PrivilegedHelper/privhelper.c to show how to add this information. The package builder must add their own team id to these before privhelper can work properly. The privhelper tool checks that the calling user has authorization to run commands as root (via AuthorizationCopyRights()), and that the calling process is either our AFSBackgrounder menu bar or the prefpane. We use xpc_connection_set_peer_code_signing_requirement() for this where available, but fallback to using SecCodeCheckValidity() with SecCodeCreateWithXPCMessage() or xpc_dictionary_get_audit_token()/SecCodeCopyGuestWithAttributes() if needed. Change-Id: I724b6d486ee5397c89c79e589ddcb2a5987a895b Reviewed-on: https://gerrit.openafs.org/15956 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Cheyenne Wills <cwills@sinenomine.net> Reviewed-by: Mark Vitale <mvitale@sinenomine.net> Reviewed-by: Andrew Deason <adeason@sinenomine.net> |
||
|---|---|---|
| build-tools | ||
| doc | ||
| src | ||
| tests | ||
| .gitignore | ||
| .gitreview | ||
| .mailmap | ||
| .splintrc | ||
| acinclude.m4 | ||
| CODING | ||
| configure-libafs.ac | ||
| configure.ac | ||
| CONTRIBUTING | ||
| INSTALL | ||
| libafsdep | ||
| LICENSE | ||
| Makefile-libafs.in | ||
| Makefile.in | ||
| NEWS | ||
| NTMakefile | ||
| README | ||
| README-WINDOWS | ||
| regen.sh | ||
AFS is a distributed file system that enables users to share and access all of the files stored in a network of computers as easily as they access the files stored on their local machines. The file system is called distributed for this exact reason: files can reside on many different machines, but are available to users on every machine. OpenAFS 1.0 was originally released by IBM under the terms of the IBM Public License 1.0 (IPL10). For details on IPL10 see the LICENSE file in this directory. The current OpenAFS distribution is licensed under a combination of the IPL10 and many other licenses as granted by the relevant copyright holders. The LICENSE file in this directory contains more details, thought it is not a comprehensive statement. See INSTALL for information about building and installing OpenAFS on various platforms. See CODING for developer information and guidelines. See NEWS for recent changes to OpenAFS.