darwin afshelper fix startup check

make the launchd check run as root without whining about passwords
repeatedly

Change-Id: Ib4bac7c9ddf1837a8e86bf17a8a66b6ba1247272
Reviewed-on: http://gerrit.openafs.org/1511
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
(cherry picked from commit 08aec0182a888f38fa50ca4e1dbd9ed83e022a2a)
Reviewed-on: http://gerrit.openafs.org/1516

diff --git a/src/platform/DARWIN/AFSPreference/AFSCommanderPref.m b/src/platform/DARWIN/AFSPreference/AFSCommanderPref.m
index 687d5be..6e4e4ff 100644 (file)
--- a/src/platform/DARWIN/AFSPreference/AFSCommanderPref.m
+++ b/src/platform/DARWIN/AFSPreference/AFSCommanderPref.m
@@ -907,6 +907,7 @@
        NSMutableString *commandOutput = [NSMutableString stringWithCapacity:20];
        NSString *rootHelperApp = [[self bundle] pathForResource:@"afshlp" ofType:@""];
                
+#if 0
                        // make the parameter to call the root helper app
        const char *checkAFSDaemonParam[] = {"check_afs_daemon",  0L};
        if([[AuthUtil shared] autorize] == noErr) {
@@ -916,7 +917,9 @@
                                                                        output:commandOutput];
                afsEnabledAtStartup = [commandOutput rangeOfString:@"afshlp:afs daemon registration result:1"].location!=NSNotFound;
        }
-
+#else
+       afsEnabledAtStartup = 1;
+#endif
        
        
 

diff --git a/src/platform/DARWIN/AFSPreference/afshlp.m b/src/platform/DARWIN/AFSPreference/afshlp.m
index f3617d9..1c00073 100644 (file)
--- a/src/platform/DARWIN/AFSPreference/afshlp.m
+++ b/src/platform/DARWIN/AFSPreference/afshlp.m
@@ -33,74 +33,52 @@
  void getPath(char **selfPathPtr);
  void selfRepair(char *selfPath);
  void runWithSelfRepair(char *selfPath,int argc, char *argv[]);
- void runCommand(int argc, char *argv[]);
 
-int main(int argc, char *argv[])
+void main(int argc, char *argv[])
 {
-       NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
-    char *selfPath;
-       
-       NSLog(@"num of arguments %d", argc);
-       int status = [[AuthUtil shared] autorize];
-       if(status != noErr) exit(-1);
-       
-    // Get the path to the tool's executable
-    getPath(&selfPath);
-
-    //selfRepair(selfPath);
-    // All done with the executable path
-    if(selfPath) free(selfPath);
-       
-       // Now do the real work of running the command.
-    runCommand(argc, argv);
-    [[AuthUtil shared] deautorize];
-    [pool release];
-       
-       return 0;
-}
-
-// 
-void runCommand(int argc, char *argv[])
-{
-       setuid(0);
+       if (argc < 2)
+               return; // nothing to do
        NSString *cmdString = [NSString stringWithCString:(const char *)argv[1] encoding:NSUTF8StringEncoding];
 
        if(argc == 2 && [cmdString rangeOfString:@"stop_afs"].location!=NSNotFound ){
-               NSLog(@"Stop afs from helper");
+               if (setuid(0) == -1)
+                       return;
                const char *stopArgs[] = {"stop", 0L};
                [[AuthUtil shared] execUnixCommand:AFS_DAEMON_STARTUPSCRIPT
                                                                          args:stopArgs
                                                                        output:nil];
-
        } else  if(argc == 2 && [cmdString rangeOfString:@"start_afs"].location!=NSNotFound){
-               NSLog(@"Start afs from helper");
+               if (setuid(0) == -1)
+                       return;
                const char *startArgs[] = {"start", 0L};
                [[AuthUtil shared] execUnixCommand:AFS_DAEMON_STARTUPSCRIPT
                                                                          args:startArgs
                                                                        output:nil];
-
        } else if(argc == 4 && [cmdString rangeOfString:@"enable_krb5_startup"].location!=NSNotFound) {
-               NSLog(@"Manage KRB5 at login time with option %s from helper", argv[2]);
+               int olduid = getuid();
+               setuid(0);
                int arg2 = atoi(argv[2]);
                [PListManager krb5TiketAtLoginTime:[[NSNumber numberWithInt:arg2] boolValue]];
        } else if(argc == 3 && [cmdString rangeOfString:@"start_afs_at_startup"].location!=NSNotFound){
+               if (setuid(0) == -1)
+                       return;
                BOOL enable = strcmp("enable", argv[2])==0;
                NSLog(@"Manage start_afs_at_startup with option %s from helper", argv[2]);
                [PListManager launchctlStringCommand:enable?@"load":@"unload"
                                                                          option:[NSArray arrayWithObjects:@"-w", nil]
                                                                   plistName:@AFS_DAEMON_PATH];
+#if 0
        } else if(argc == 2 && [cmdString rangeOfString:@"check_afs_daemon"].location!=NSNotFound) {
                NSString *fsResult = [TaskUtil executeTaskSearchingPath:@"launchctl" args:[NSArray arrayWithObjects: @"list", nil]];
                BOOL checkAfsDaemon = (fsResult?([fsResult rangeOfString:@"org.openafs.filesystems.afs"].location != NSNotFound):NO);
                printf("afshlp:afs daemon registration result:%d",checkAfsDaemon);
+#endif
        }
 }
 
+#if 0
 void stopAfs(int argc, char *argv[])
 {
-       
-       
-       setuid(0);
        const char *umountArgs[] = {"-f", "/afs", 0L};
        [[AuthUtil shared] execUnixCommand:"/sbin/umount" 
                                                                  args:umountArgs
@@ -119,7 +97,6 @@ void stopAfs(int argc, char *argv[])
        [[AuthUtil shared] deautorize];
 }
 
-
 // Code to get the path to the executable using _NSGetExecutablePath.
 void getPath(char **selfPathPtr)
 {
@@ -144,6 +121,30 @@ void getPath(char **selfPathPtr)
     }
 }
 
+int main(int argc, char *argv[])
+{
+       NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
+    char *selfPath;
+       
+       NSLog(@"num of arguments %d", argc);
+       int status = [[AuthUtil shared] autorize];
+       if(status != noErr) exit(-1);
+       
+    // Get the path to the tool's executable
+    getPath(&selfPath);
+
+    //selfRepair(selfPath);
+    // All done with the executable path
+    if(selfPath) free(selfPath);
+       
+       // Now do the real work of running the command.
+    runCommand(argc, argv);
+    [[AuthUtil shared] deautorize];
+    [pool release];
+       
+       return 0;
+}
+
 // Self-repair code. Found somehwere in internet
 void selfRepair(char *selfPath)
 {
@@ -168,14 +169,14 @@ void selfRepair(char *selfPath)
         exit(-1);
     }
     
-    if(st.st_uid != 0)
+    // Disable group and world writability and make setuid root.
+    if ((st.st_uid != 0) || (st.st_mode & S_IWGRP) || (st.st_mode & S_IWOTH) ||
+       !(st.st_mode & S_ISUID))
     {
         fchown(fdTool, 0, st.st_gid);
+       fchmod(fdTool, (st.st_mode & (~(S_IWGRP | S_IWOTH))) | S_ISUID);
     } else  NSLog(@"st_uid = 0");
     
-    // Disable group and world writability and make setuid root.
-    fchmod(fdTool, (st.st_mode & (~(S_IWGRP | S_IWOTH))) | S_ISUID);
-    
     close(fdTool);
     
     NSLog(@"Self-repair done.");
@@ -207,4 +208,5 @@ void runWithSelfRepair(char *selfPath, int argc, char *argv[])
     
     // Exit with the same exit code as the self-repair child
     exit(WEXITSTATUS(status));
-}
\ No newline at end of file
+}
+#endif