FileIO: Add customizable privileged file opener for Apple. The change is

not applicable to open-vm-tools.

diff --git a/open-vm-tools/lib/file/fileIOPosix.c b/open-vm-tools/lib/file/fileIOPosix.c
index 1d16075a7c3e5d2ac07873e3f40c799073924db5..4d42d94f7938e4d0238fa07bb3dce897db4ab64e 100644 (file)
--- a/open-vm-tools/lib/file/fileIOPosix.c
+++ b/open-vm-tools/lib/file/fileIOPosix.c
@@ -135,6 +135,10 @@ static const int FileIO_OpenActions[] = {
    O_CREAT | O_TRUNC,
 };
 
+#ifdef __APPLE__
+static FileIOPrivilegedOpener *privilegedOpenerFunc = NULL;
+#endif
+
 /*
  * Options for FileCoalescing performance optimization
  */
@@ -772,6 +776,36 @@ PosixFileOpener(const char *pathName,  // IN:
    return useProxy ? ProxyOpen(pathName, flags, mode) :
                      Posix_Open(pathName, flags, mode);
 }
+
+
+/*
+ *----------------------------------------------------------------------
+ *
+ * FileIO_SetPrivilegedOpener --
+ *
+ *      Set the function to be used when opening files with privilege,
+ *      overriding the default behavior. See FileIO_PrivilegedPosixOpen.
+ *
+ *      Setting the privileged opener to NULL will restore default
+ *      behavior.
+ *
+ *      This function is not thread safe.
+ *
+ * Results:
+ *      None
+ *
+ * Side effects:
+ *      None
+ *
+ *----------------------------------------------------------------------
+ */
+
+void
+FileIO_SetPrivilegedOpener(FileIOPrivilegedOpener *opener) // IN
+{
+   ASSERT(privilegedOpenerFunc == NULL || opener == NULL);
+   privilegedOpenerFunc = opener;
+}
 #endif
 
 
@@ -803,7 +837,6 @@ FileIOCreateRetry(FileIODescriptor *file,   // OUT:
                   int mode,                 // IN: mode_t for creation
                   uint32 maxWaitTimeMsec)   // IN: Ignored
 {
-   uid_t uid = -1;
    int fd = -1;
    int flags = 0;
    int error;
@@ -924,19 +957,37 @@ FileIOCreateRetry(FileIODescriptor *file,   // OUT:
 
    file->flags = access;
 
+#if defined(__APPLE__)
    if (access & FILEIO_OPEN_PRIVILEGED) {
-      uid = Id_BeginSuperUser();
+      // We only support privileged opens, not creates or truncations.
+      if ((flags & (O_CREAT | O_TRUNC)) != 0) {
+         fd = -1;
+         errno = EACCES;
+      } else {
+         fd = FileIO_PrivilegedPosixOpen(pathName, flags);
+      }
+   } else {
+      fd = PosixFileOpener(pathName, flags, mode);
    }
+#else
+   {
+      uid_t uid = -1;
 
-   fd = PosixFileOpener(pathName, flags, mode);
+      if (access & FILEIO_OPEN_PRIVILEGED) {
+         uid = Id_BeginSuperUser();
+      }
 
-   error = errno;
+      fd = PosixFileOpener(pathName, flags, mode);
 
-   if (access & FILEIO_OPEN_PRIVILEGED) {
-      Id_EndSuperUser(uid);
-   }
+      error = errno;
 
-   errno = error;
+      if (access & FILEIO_OPEN_PRIVILEGED) {
+         Id_EndSuperUser(uid);
+      }
+
+      errno = error;
+   }
+#endif
 
    if (fd == -1) {
       ret = FileIOErrno2Result(errno);
@@ -2648,8 +2699,6 @@ FileIO_PrivilegedPosixOpen(const char *pathName,  // IN:
                            int flags)             // IN:
 {
    int fd;
-   Bool suDone;
-   uid_t uid = -1;
 
    if (pathName == NULL) {
       errno = EFAULT;
@@ -2665,23 +2714,32 @@ FileIO_PrivilegedPosixOpen(const char *pathName,  // IN:
 
    ASSERT((flags & (O_CREAT | O_TRUNC)) == 0);
 
-   if (Id_IsSuperUser()) {
-      suDone = FALSE;
-   } else {
-      uid = Id_BeginSuperUser();
-      suDone = TRUE;
-   }
+#if defined(__APPLE__)
+   if (privilegedOpenerFunc != NULL) {
+      fd = privilegedOpenerFunc(pathName, flags);
+   } else
+#endif
+   {
+      Bool suDone;
+      uid_t uid = -1;
+
+      if (Id_IsSuperUser()) {
+         suDone = FALSE;
+      } else {
+         uid = Id_BeginSuperUser();
+         suDone = TRUE;
+      }
 
-   fd = Posix_Open(pathName, flags, 0);
+      fd = Posix_Open(pathName, flags, 0);
 
-   if (suDone) {
-      int error = errno;
+      if (suDone) {
+         int error = errno;
 
-      Id_EndSuperUser(uid);
-      errno = error;
+         Id_EndSuperUser(uid);
+         errno = error;
+      }
    }
 
-
    return fd;
 }
 

diff --git a/open-vm-tools/lib/include/fileIO.h b/open-vm-tools/lib/include/fileIO.h
index 3da90143f9319a64fc48c4e96b9b18fa3826ef8c..607b0ba03b6ef53c757d3066d33cee0a309dc015 100644 (file)
--- a/open-vm-tools/lib/include/fileIO.h
+++ b/open-vm-tools/lib/include/fileIO.h
@@ -317,6 +317,12 @@ typedef enum {
 
 } FileIOResult;
 
+#if defined(__APPLE__)
+typedef int (FileIOPrivilegedOpener)(const char *path,
+                                     int flags);
+#endif
+
+
 const char *FileIO_MsgError(FileIOResult status);
 
 void FileIO_Invalidate(FileIODescriptor *file);
@@ -522,6 +528,10 @@ Bool FileIO_IsSuccess(FileIOResult res);
 Bool FileIO_SupportsPrealloc(const char *pathName,
                              Bool fsCheck);
 
+#if defined(__APPLE__)
+void FileIO_SetPrivilegedOpener(FileIOPrivilegedOpener *opener);
+#endif
+
 #if defined(__cplusplus)
 }  // extern "C"
 #endif