1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
From 32fe1b6ac239255a91020020510453685459b28a Mon Sep 17 00:00:00 2001
From: John Wolfe <jwolfe@vmware.com>
Date: Mon, 8 May 2023 19:04:57 -0700
Subject: [PATCH] open-vm-tools: Remove some dead code.
Address CVE-2023-20867.
Remove some authentication types which were deprecated long
ago and are no longer in use. These are dead code.
Upstream-Status: Backport [https://github.com/vmware/open-vm-tools/blob/CVE-2023-20867.patch/2023-20867-Remove-some-dead-code.patch]
CVE: CVE-2023-20867
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
---
open-vm-tools/services/plugins/vix/vixTools.c | 100 ------------------
1 file changed, 100 deletions(-)
diff --git a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c
index bde74021..6e51d1f4 100644
--- a/open-vm-tools/services/plugins/vix/vixTools.c
+++ b/open-vm-tools/services/plugins/vix/vixTools.c
@@ -254,7 +254,6 @@ char *gImpersonatedUsername = NULL;
#define VIX_TOOLS_CONFIG_API_AUTHENTICATION "Authentication"
#define VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS "InfrastructureAgents"
-#define VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT TRUE
/*
* The switch that controls all APIs
@@ -730,8 +729,6 @@ VixError GuestAuthSAMLAuthenticateAndImpersonate(
void GuestAuthUnimpersonate();
-static Bool VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef,
- const char *typeName);
#if SUPPORT_VGAUTH
@@ -7913,29 +7910,6 @@ VixToolsImpersonateUser(VixCommandRequestHeader *requestMsg, // IN
userToken);
break;
}
- case VIX_USER_CREDENTIAL_ROOT:
- {
- if ((requestMsg->requestFlags & VIX_REQUESTMSG_HAS_HASHED_SHARED_SECRET) &&
- !VixToolsCheckIfAuthenticationTypeEnabled(gConfDictRef,
- VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS)) {
- /*
- * Don't accept hashed shared secret if disabled.
- */
- g_message("%s: Requested authentication type has been disabled.\n",
- __FUNCTION__);
- err = VIX_E_GUEST_AUTHTYPE_DISABLED;
- goto done;
- }
- }
- // fall through
-
- case VIX_USER_CREDENTIAL_CONSOLE_USER:
- err = VixToolsImpersonateUserImplEx(NULL,
- credentialType,
- NULL,
- loadUserProfile,
- userToken);
- break;
case VIX_USER_CREDENTIAL_NAME_PASSWORD:
case VIX_USER_CREDENTIAL_NAME_PASSWORD_OBFUSCATED:
case VIX_USER_CREDENTIAL_NAMED_INTERACTIVE_USER:
@@ -8104,36 +8078,6 @@ VixToolsImpersonateUserImplEx(char const *credentialTypeStr, // IN
}
}
- /*
- * If the VMX asks to be root, then we allow them.
- * The VMX will make sure that only it will pass this value in,
- * and only when the VM and host are configured to allow this.
- */
- if ((VIX_USER_CREDENTIAL_ROOT == credentialType)
- && (thisProcessRunsAsRoot)) {
- *userToken = PROCESS_CREATOR_USER_TOKEN;
-
- gImpersonatedUsername = Util_SafeStrdup("_ROOT_");
- err = VIX_OK;
- goto quit;
- }
-
- /*
- * If the VMX asks to be root, then we allow them.
- * The VMX will make sure that only it will pass this value in,
- * and only when the VM and host are configured to allow this.
- *
- * XXX This has been deprecated XXX
- */
- if ((VIX_USER_CREDENTIAL_CONSOLE_USER == credentialType)
- && ((allowConsoleUserOps) || !(thisProcessRunsAsRoot))) {
- *userToken = PROCESS_CREATOR_USER_TOKEN;
-
- gImpersonatedUsername = Util_SafeStrdup("_CONSOLE_USER_NAME_");
- err = VIX_OK;
- goto quit;
- }
-
/*
* If the VMX asks us to run commands in the context of the current
* user, make sure that the user who requested the command is the
@@ -10814,50 +10758,6 @@ VixToolsCheckIfVixCommandEnabled(int opcode, // IN
}
-/*
- *-----------------------------------------------------------------------------
- *
- * VixToolsCheckIfAuthenticationTypeEnabled --
- *
- * Checks to see if a given authentication type has been
- * disabled via the tools configuration.
- *
- * Return value:
- * TRUE if enabled, FALSE otherwise.
- *
- * Side effects:
- * None
- *
- *-----------------------------------------------------------------------------
- */
-
-static Bool
-VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef, // IN
- const char *typeName) // IN
-{
- char authnDisabledName[64]; // Authentication.<AuthenticationType>.disabled
- gboolean disabled;
-
- Str_Snprintf(authnDisabledName, sizeof(authnDisabledName),
- VIX_TOOLS_CONFIG_API_AUTHENTICATION ".%s.disabled",
- typeName);
-
- ASSERT(confDictRef != NULL);
-
- /*
- * XXX Skip doing the strcmp() to verify the auth type since we only
- * have the one typeName (VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS), and default
- * it to VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT.
- */
- disabled = VMTools_ConfigGetBoolean(confDictRef,
- VIX_TOOLS_CONFIG_API_GROUPNAME,
- authnDisabledName,
- VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT);
-
- return !disabled;
-}
-
-
/*
*-----------------------------------------------------------------------------
*
--
2.40.0
|
