| From 3028cdd4c0b2461b904cbe5a5868c8e591aa0941 Mon Sep 17 00:00:00 2001 |
| From: John Wolfe <jwolfe@vmware.com> |
| Date: Mon, 8 May 2023 19:04:57 -0700 |
| Subject: [PATCH] Remove some dead code. |
| |
| Address CVE-2023-20867. |
| Remove some authentication types which were deprecated long |
| ago and are no longer in use. These are dead code. |
| |
| CVE: CVE-2023-20867 |
| |
| Upstream-Status: Backport |
| [https://github.com/vmware/open-vm-tools/blob/CVE-2023-20867.patch/2023-20867-Remove-some-dead-code.patch] |
| |
| Signed-off-by: Yi Zhao <yi.zhao@windriver.com> |
| --- |
| open-vm-tools/services/plugins/vix/vixTools.c | 102 -------------------------- |
| 1 file changed, 102 deletions(-) |
| |
| diff --git a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c |
| index 9f376a7..85c5ba7 100644 |
| --- a/open-vm-tools/services/plugins/vix/vixTools.c |
| +++ b/open-vm-tools/services/plugins/vix/vixTools.c |
| @@ -254,8 +254,6 @@ char *gImpersonatedUsername = NULL; |
| #define VIX_TOOLS_CONFIG_API_AUTHENTICATION "Authentication" |
| #define VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS "InfrastructureAgents" |
| |
| -#define VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT TRUE |
| - |
| /* |
| * The switch that controls all APIs |
| */ |
| @@ -730,9 +728,6 @@ VixError GuestAuthSAMLAuthenticateAndImpersonate( |
| |
| void GuestAuthUnimpersonate(); |
| |
| -static Bool VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef, |
| - const char *typeName); |
| - |
| #if SUPPORT_VGAUTH |
| |
| VGAuthError TheVGAuthContext(VGAuthContext **ctx); |
| @@ -8013,29 +8008,6 @@ VixToolsImpersonateUser(VixCommandRequestHeader *requestMsg, // IN |
| userToken); |
| break; |
| } |
| - case VIX_USER_CREDENTIAL_ROOT: |
| - { |
| - if ((requestMsg->requestFlags & VIX_REQUESTMSG_HAS_HASHED_SHARED_SECRET) && |
| - !VixToolsCheckIfAuthenticationTypeEnabled(gConfDictRef, |
| - VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS)) { |
| - /* |
| - * Don't accept hashed shared secret if disabled. |
| - */ |
| - g_message("%s: Requested authentication type has been disabled.\n", |
| - __FUNCTION__); |
| - err = VIX_E_GUEST_AUTHTYPE_DISABLED; |
| - goto done; |
| - } |
| - } |
| - // fall through |
| - |
| - case VIX_USER_CREDENTIAL_CONSOLE_USER: |
| - err = VixToolsImpersonateUserImplEx(NULL, |
| - credentialType, |
| - NULL, |
| - loadUserProfile, |
| - userToken); |
| - break; |
| case VIX_USER_CREDENTIAL_NAME_PASSWORD: |
| case VIX_USER_CREDENTIAL_NAME_PASSWORD_OBFUSCATED: |
| case VIX_USER_CREDENTIAL_NAMED_INTERACTIVE_USER: |
| @@ -8205,36 +8177,6 @@ VixToolsImpersonateUserImplEx(char const *credentialTypeStr, // IN |
| } |
| |
| /* |
| - * If the VMX asks to be root, then we allow them. |
| - * The VMX will make sure that only it will pass this value in, |
| - * and only when the VM and host are configured to allow this. |
| - */ |
| - if ((VIX_USER_CREDENTIAL_ROOT == credentialType) |
| - && (thisProcessRunsAsRoot)) { |
| - *userToken = PROCESS_CREATOR_USER_TOKEN; |
| - |
| - gImpersonatedUsername = Util_SafeStrdup("_ROOT_"); |
| - err = VIX_OK; |
| - goto quit; |
| - } |
| - |
| - /* |
| - * If the VMX asks to be root, then we allow them. |
| - * The VMX will make sure that only it will pass this value in, |
| - * and only when the VM and host are configured to allow this. |
| - * |
| - * XXX This has been deprecated XXX |
| - */ |
| - if ((VIX_USER_CREDENTIAL_CONSOLE_USER == credentialType) |
| - && ((allowConsoleUserOps) || !(thisProcessRunsAsRoot))) { |
| - *userToken = PROCESS_CREATOR_USER_TOKEN; |
| - |
| - gImpersonatedUsername = Util_SafeStrdup("_CONSOLE_USER_NAME_"); |
| - err = VIX_OK; |
| - goto quit; |
| - } |
| - |
| - /* |
| * If the VMX asks us to run commands in the context of the current |
| * user, make sure that the user who requested the command is the |
| * same as the current user. |
| @@ -10917,50 +10859,6 @@ VixToolsCheckIfVixCommandEnabled(int opcode, // IN |
| /* |
| *----------------------------------------------------------------------------- |
| * |
| - * VixToolsCheckIfAuthenticationTypeEnabled -- |
| - * |
| - * Checks to see if a given authentication type has been |
| - * disabled via the tools configuration. |
| - * |
| - * Return value: |
| - * TRUE if enabled, FALSE otherwise. |
| - * |
| - * Side effects: |
| - * None |
| - * |
| - *----------------------------------------------------------------------------- |
| - */ |
| - |
| -static Bool |
| -VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef, // IN |
| - const char *typeName) // IN |
| -{ |
| - char authnDisabledName[64]; // Authentication.<AuthenticationType>.disabled |
| - gboolean disabled; |
| - |
| - Str_Snprintf(authnDisabledName, sizeof(authnDisabledName), |
| - VIX_TOOLS_CONFIG_API_AUTHENTICATION ".%s.disabled", |
| - typeName); |
| - |
| - ASSERT(confDictRef != NULL); |
| - |
| - /* |
| - * XXX Skip doing the strcmp() to verify the auth type since we only |
| - * have the one typeName (VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS), and default |
| - * it to VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT. |
| - */ |
| - disabled = VMTools_ConfigGetBoolean(confDictRef, |
| - VIX_TOOLS_CONFIG_API_GROUPNAME, |
| - authnDisabledName, |
| - VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT); |
| - |
| - return !disabled; |
| -} |
| - |
| - |
| -/* |
| - *----------------------------------------------------------------------------- |
| - * |
| * VixTools_ProcessVixCommand -- |
| * |
| * |
| -- |
| 2.6.2 |
| |