From 1676a3128160759bc14371a3dd470e2968c26ce3 Mon Sep 17 00:00:00 2001
From: Charlie Fenton <charlief@example.com>
Date: Tue, 20 Jun 2006 00:55:32 +0000
Subject: [PATCH] *** empty log message ***

svn path=/trunk/boinc/; revision=10403
---
 checkin_notes                             | 18 +++++
 client/check_security.C                   | 89 +++++++++++++----------
 clientgui/mac/SetupSecurity.cpp           |  4 +
 clientgui/mac/SetupSecurity.h             |  4 +-
 mac_build/boinc.xcodeproj/project.pbxproj | 14 ++++
 5 files changed, 88 insertions(+), 41 deletions(-)

diff --git a/checkin_notes b/checkin_notes
index 28027b945a..320fef2ebd 100755
--- a/checkin_notes
+++ b/checkin_notes
@@ -6330,3 +6330,21 @@ David  19 June 2006
 
     client/
         client_state.h
+
+Charlie 19 June 2006
+    - Mac sandbox:
+        - Better support for development
+        - XCode sets BOINC Manager bundle to current user & group, sets 
+          S_ISUID | S_ISGID bits for Client, S_ISGID bit for Manager.
+        - ACTIVE_TASK::start launches project app via new switcher app
+        - Client runs projects under different user and group boinc_project.
+          
+    client/
+        check_security.C
+    clientgui/
+        mac/
+            SetupSecurity.cpp,h
+    mac_build/
+        boinc.xcodeproj/
+            project.pbxproj
+
diff --git a/client/check_security.C b/client/check_security.C
index 94a19b00ea..ab90487e88 100644
--- a/client/check_security.C
+++ b/client/check_security.C
@@ -52,29 +52,71 @@ int check_security() {
     struct stat         sbuf;
     int                 retval;
 #ifdef __WXMAC__                            // If Mac BOINC Manager
-    ProcessSerialNumber ourPSN, parentPSN;
+    ProcessSerialNumber ourPSN;
     ProcessInfoRec      pInfo;
     FSRef               ourFSRef;
     char                *p;
 #endif
 
-#ifdef _DEBUG
 // GDB can't attach to applications which are running as a diferent user or group so 
 //  it ignores the S_ISUID and S_ISGID permisison bits when launching an application.
-// To work around this, the _DEBUG version uses the current user and group.
+// To work around this, and to allow testing the uninstalled Deployment version, we 
+//  assume that the BOINC Client has the correct user and group.  
+// We must get the BOINC Client's user and group differently depending on whether we 
+//  were called from the Manager or from the Client
+        
+#ifdef __WXMAC__                            // If Mac BOINC Manager
+    // Get the full path to BOINC Manager application's bundle
+    retval = GetCurrentProcess (&ourPSN);
+    if (retval)
+        return retval;          // Should never happen
+
+    memset(&pInfo, 0, sizeof(pInfo));
+    pInfo.processInfoLength = sizeof( ProcessInfoRec );
+    retval = GetProcessInformation(&ourPSN, &pInfo);
+    if (retval)
+        return retval;          // Should never happen
+    
+    retval = GetProcessBundleLocation(&ourPSN, &ourFSRef);
+    if (retval)
+        return retval;          // Should never happen
+    
+    retval = FSRefMakePath (&ourFSRef, (UInt8*)dir_path, sizeof(dir_path));
+    if (retval)
+        return retval;          // Should never happen
+
+    // Get the full path to BOINC Clients inside this application's bundle
+    strlcpy(full_path, dir_path, sizeof(full_path));
+    strlcat(full_path, "/Contents/Resources/boinc", sizeof(full_path));
+
+    retval = stat(full_path, &sbuf);
+    if (retval)
+        return retval;          // Should never happen
+
+    if ((sbuf.st_mode & (S_ISUID | S_ISGID)) != (S_ISUID | S_ISGID))
+        return ERR_USER_PERMISSION;
+
+    boinc_master_uid = sbuf.st_gid;
+    boinc_master_gid = sbuf.st_uid;
+#else
     boinc_master_uid = geteuid();
+    boinc_master_gid = getegid();
+
+#endif
+
+#if 1   // (was: #if _DEBUG)  See comment above
+
     pw = getpwuid(boinc_master_uid);
     if (pw == NULL)
         return ERR_USER_REJECTED;      // Should never happen
     strlcpy(boinc_master_user_name, pw->pw_name, sizeof(boinc_master_user_name));
 
-    boinc_master_gid = getegid();
     grp = getgrgid(boinc_master_gid);
     if (grp == NULL)
         return ERR_GETGRNAM;
     strlcpy(boinc_master_group_name, grp->gr_name, sizeof(boinc_master_group_name));
     
-#else   // if (! _DEBUG)
+#else   // Require absolute owner and group by boinc_master:boinc_master
     strlcpy(boinc_master_user_name, REAL_BOINC_MASTER_NAME, sizeof(boinc_master_user_name));
     pw = getpwnam(boinc_master_user_name);
     if (pw == NULL)
@@ -86,7 +128,7 @@ int check_security() {
     if (grp == NULL)
         return ERR_GETGRNAM;                // Group boinc_master does not exist
     boinc_master_gid = grp->gr_gid;
-#endif  // ! _DEBUG
+#endif
 
 #if (defined(_DEBUG) && defined(DEBUG_WITH_FAKE_PROJECT_USER_AND_GROUP))
     // For easier debugging of project applications
@@ -117,35 +159,6 @@ int check_security() {
 #endif
 
 #ifdef __WXMAC__                            // If Mac BOINC Manager
-    // Get the full path to BOINC Manager application's bundle
-    retval = GetCurrentProcess (&ourPSN);
-    if (retval)
-        return retval;          // Should never happen
-
-    memset(&pInfo, 0, sizeof(pInfo));
-    pInfo.processInfoLength = sizeof( ProcessInfoRec );
-    retval = GetProcessInformation(&ourPSN, &pInfo);
-    if (retval)
-        return retval;          // Should never happen
-    
-    retval = GetProcessBundleLocation(&ourPSN, &ourFSRef);
-    if (retval)
-        return retval;          // Should never happen
-    
-    retval = FSRefMakePath (&ourFSRef, (UInt8*)dir_path, sizeof(dir_path));
-    if (retval)
-        return retval;          // Should never happen
-
-    parentPSN = pInfo.processLauncher;
-    memset(&pInfo, 0, sizeof(pInfo));
-    pInfo.processInfoLength = sizeof( ProcessInfoRec );
-    retval = GetProcessInformation(&parentPSN, &pInfo);
-    if (retval)
-        return retval;          // Should never happen
-
-    // If we are running under the GDB debugger, ignore owner, 
-    //  group and permissions of BOINC Manager and BOINC Client
-    if (pInfo.processSignature != 'xcde') {  // Login Window app
         // Get the full path to BOINC Manager executable inside this application's bundle
         strlcpy(full_path, dir_path, sizeof(full_path));
         strlcat(full_path, "/Contents/MacOS/", sizeof(full_path));
@@ -168,6 +181,7 @@ int check_security() {
         if ((sbuf.st_mode & S_ISGID) != S_ISGID)
             return ERR_USER_PERMISSION;
 
+#if 0
         // Get the full path to BOINC Clients inside this application's bundle
         strlcpy(full_path, dir_path, sizeof(full_path));
         strlcat(full_path, "/Contents/Resources/boinc", sizeof(full_path));
@@ -181,10 +195,7 @@ int check_security() {
 
         if (sbuf.st_uid != boinc_master_uid)
             return ERR_USER_PERMISSION;
-
-        if ((sbuf.st_mode & (S_ISUID | S_ISGID)) != (S_ISUID | S_ISGID))
-            return ERR_USER_PERMISSION;
-    }                               // If not running under GDB debugger
+#endif
 #endif                                      // Mac BOINC Manager
 
 //    rgid = getgid();
diff --git a/clientgui/mac/SetupSecurity.cpp b/clientgui/mac/SetupSecurity.cpp
index dbbd76e155..e02a021025 100644
--- a/clientgui/mac/SetupSecurity.cpp
+++ b/clientgui/mac/SetupSecurity.cpp
@@ -54,6 +54,10 @@ static AuthorizationRef        gOurAuthRef = NULL;
 // GDB can't attach to applications which are running as a diferent user or group so 
 //  it ignores the S_ISUID and S_ISGID permisison bits when launching an application.
 // To work around this, the _DEBUG version uses the current user and group.
+//
+// NOTE: The Manager and Client call these routines only "#ifdef _DEBUG" (i.e., 
+// only from the DEVELOPMENT BUILD), never from the Deployment build.
+//
 static char boinc_master_user_name[64];
 static char boinc_master_group_name[64];
 static char boinc_project_user_name[64];
diff --git a/clientgui/mac/SetupSecurity.h b/clientgui/mac/SetupSecurity.h
index b00303bb99..d23be0a747 100644
--- a/clientgui/mac/SetupSecurity.h
+++ b/clientgui/mac/SetupSecurity.h
@@ -21,8 +21,8 @@
 
 #ifdef _DEBUG
 // Comment out this #define for easier debugging of project applications.
-// Leave it active for better debugging of SANDBOX permissions logic.
-#define DEBUG_WITH_FAKE_PROJECT_USER_AND_GROUP
+// Make it active for better debugging of SANDBOX permissions logic.
+// #define DEBUG_WITH_FAKE_PROJECT_USER_AND_GROUP
 #endif
 
 
diff --git a/mac_build/boinc.xcodeproj/project.pbxproj b/mac_build/boinc.xcodeproj/project.pbxproj
index 09350fb973..ac784ce553 100755
--- a/mac_build/boinc.xcodeproj/project.pbxproj
+++ b/mac_build/boinc.xcodeproj/project.pbxproj
@@ -1539,6 +1539,7 @@
 				DDD7F08807F0692D00BA3B90 /* CopyFiles */,
 				DD8F75CB088D159D001AFCCA /* ShellScript */,
 				DD5FD5B20A02351A0093C19F /* ShellScript */,
+				DDF10D960A476D37001F76D6 /* ShellScript */,
 			);
 			buildRules = (
 				DD6826EE08641BE00070CDB8 /* PBXBuildRule */,
@@ -2405,6 +2406,19 @@
 			shellPath = /bin/sh;
 			shellScript = "if [ ! \"$BUILD_DIR/../../clientgui/mac/BOINCSaver.nib\" -nt \"$BUILD_DIR/../../clientgui/mac/BOINCSaver.nib.sit\" ]; then\nrm -dfR \"$BUILD_DIR/../../clientgui/mac/BOINCSaver.nib\"\nopen \"$BUILD_DIR/../../clientgui/mac/BOINCSaver.nib.sit\"\nsleep 6\ntouch \"$BUILD_DIR/../../clientgui/mac/BOINCSaver.nib\"\nfi\n";
 		};
+		DDF10D960A476D37001F76D6 /* ShellScript */ = {
+			isa = PBXShellScriptBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			inputPaths = (
+			);
+			outputPaths = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+			shellPath = /bin/sh;
+			shellScript = "chown -R ${USER}:${GROUP} \"${BUILT_PRODUCTS_DIR}/BOINCManager.app\"\nchmod g+s \"${BUILT_PRODUCTS_DIR}/BOINCManager.app/Contents/MacOS/BOINCManager\"\nchmod u+s,g+s \"${BUILT_PRODUCTS_DIR}/BOINCManager.app/Contents/Resources/boinc\"\n";
+		};
 /* End PBXShellScriptBuildPhase section */
 
 /* Begin PBXSourcesBuildPhase section */