OpenAFS Master Repository branch, openafs-stable-1_8_x, updated. openafs-stable-1_8_13_2-69-gcb12f10

Gerrit Code Review gerrit@openafs.org
Thu, 3 Jul 2025 12:53:13 -0400 

The following commit has been merged in the openafs-stable-1_8_x branch:
commit cb12f107f92e681d25f53c716fcb148c50762aff
Author: Marcio Barbosa <mbarbosa@sinenomine.net>
Date:   Sat Nov 23 06:46:52 2024 -0800

    DARWIN: Add 'privhelper' tool for PrefPane
    
    The prefpane for macOS runs as the logged-in user, but needs root access
    for some operations: starting/stopping the client, editing various
    configuration files like CellServDB, etc. We currently use functions
    like AuthorizationExecuteWithPrivileges() to run commands with root
    privileges directly, but this approach no longer works as of macOS 10.8
    (Mountain Lion); the relevant functions have been removed.
    
    Instead, a new approach exists as of macOS 10.6 (Snow Leopard). The
    prefpane application itself cannot gain root privileges, but we can
    provide another daemon process that runs as root, and the PrefPane sends
    requests to that process to perform the privileged operations we need.
    
    In this commit, create a separate helper program called PrivilegedHelper
    (privhelper for short) that serves this purpose. Define the
    executePrivTask() method in TaskUtil to handle communicating with
    privhelper over XPC.
    
    This commit does not define any of the tasks that privhelper will
    actually perform; this just implements privhelper itself. Later commits
    will add and use various privileged tasks in privhelper.
    
    In order for privhelper to be able to run as root, both privhelper and
    the prefpane itself must be code signed and the relevant apple team id
    must be specified in their Info.plist when they are built, as well as
    inside privhelper.c. Currently, we have
    no way of specifying code signatures info during the build, since all code
    signing is done when generating packages (via pkgbuild.sh) after
    binaries are built. For now, just put a commented-out section in
    src/platform/DARWIN/AFSPreference/Info.plist and
    src/platform/DARWIN/PrivilegedHelper/privhelper-info.plist and a
    placeholder in src/platform/DARWIN/PrivilegedHelper/privhelper.c to show
    how to add this information. The package builder must add their own team
    id to these before privhelper can work properly.
    
    The privhelper tool checks that the calling user has authorization to
    run commands as root (via AuthorizationCopyRights()), and that the
    calling process is either our AFSBackgrounder menu bar or the prefpane.
    We use xpc_connection_set_peer_code_signing_requirement() for this where
    available, but fallback to using SecCodeCheckValidity() with
    SecCodeCreateWithXPCMessage() or
    xpc_dictionary_get_audit_token()/SecCodeCopyGuestWithAttributes() if
    needed.
    
    Reviewed-on: https://gerrit.openafs.org/15956
    Tested-by: BuildBot <buildbot@rampaginggeek.com>
    Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
    Reviewed-by: Cheyenne Wills <cwills@sinenomine.net>
    Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
    Reviewed-by: Andrew Deason <adeason@sinenomine.net>
    (cherry picked from commit 120871f03f38538cbaf3b25d6b2bca08d0f4652d)
    
    Change-Id: I9e107cf22c1ad10af1386ec8c706bde2b4eeb08e
    Reviewed-on: https://gerrit.openafs.org/16069
    Reviewed-by: Andrew Deason <adeason@sinenomine.net>
    Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
    Reviewed-by: Marcio Brito Barbosa <mbarbosa@sinenomine.net>
    Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
    Tested-by: BuildBot <buildbot@rampaginggeek.com>

 Makefile.in                                        |   1 +
 configure.ac                                       |   1 +
 src/packaging/MacOS/OpenAFS.post_install           |  37 ++
 src/packaging/MacOS/OpenAFS.pre_upgrade            |   5 +
 src/packaging/MacOS/Uninstall.14.15                |  14 +-
 .../DARWIN/AFSPreference/AFSCommanderPref.m        |  11 +
 src/platform/DARWIN/AFSPreference/AuthUtil.h       |   2 +
 src/platform/DARWIN/AFSPreference/AuthUtil.m       |  10 +
 src/platform/DARWIN/AFSPreference/Info.plist       |   8 +
 src/platform/DARWIN/AFSPreference/TaskUtil.h       |   3 +
 src/platform/DARWIN/AFSPreference/TaskUtil.m       |  88 +++++
 src/platform/DARWIN/Makefile.in                    |   8 +-
 src/platform/DARWIN/PrivilegedHelper/Makefile.in   |  29 ++
 .../DARWIN/PrivilegedHelper/privhelper-info.plist  |  21 ++
 .../PrivilegedHelper/privhelper-launchd.plist      |  13 +
 src/platform/DARWIN/PrivilegedHelper/privhelper.c  | 392 +++++++++++++++++++++
 16 files changed, 637 insertions(+), 6 deletions(-)

-- 
OpenAFS Master Repository