forked from rpms/open-vm-tools
107 lines
3.4 KiB
Diff
107 lines
3.4 KiB
Diff
From 44f00e9dc569e7ec89251b415e156df0cb59ea07 Mon Sep 17 00:00:00 2001
|
|
From: Cathy Avery <cavery@redhat.com>
|
|
Date: Tue, 19 Nov 2019 14:16:05 +0100
|
|
Subject: [PATCH 2/3] End VGAuth impersonation in the case of error.
|
|
|
|
RH-Author: Cathy Avery <cavery@redhat.com>
|
|
Message-id: <20191119141606.5322-3-cavery@redhat.com>
|
|
Patchwork-id: 92512
|
|
O-Subject: [RHEL8.1.z open-vm-tools PATCH 2/3] End VGAuth impersonation in the case of error.
|
|
Bugzilla: 1773903
|
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
|
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
|
commit 7b874f37f970aab2adddb063a8363594f47abf70
|
|
Author: Oliver Kurth <okurth@vmware.com>
|
|
Date: Tue Sep 4 15:40:58 2018 -0700
|
|
|
|
End VGAuth impersonation in the case of error.
|
|
|
|
* In GuestAuthPasswordAuthenticateImpersonate():
|
|
When VGAuth_UserHandleAccessToken fails, unimpersonation is not
|
|
being done. This can cause issues. Fixed it.
|
|
|
|
* In GuestAuthSAMLAuthenticateAndImpersonate(), fixed the following issues:
|
|
The 'newHandle' is not being freed which causes a memory leak.
|
|
When VGAuth_UserHandleAccessToken fails, unimpersonation is not
|
|
being done.
|
|
|
|
Signed-off-by: Cathy Avery <cavery@redhat.com>
|
|
|
|
Conflicts: There was previously a parital port of this patch
|
|
commit 65f14ca791ac6636ad7d8a3d59941e52a5e3188c of coverity fixes only.
|
|
|
|
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
---
|
|
services/plugins/vix/vixTools.c | 19 +++++++++++++++++++
|
|
1 file changed, 19 insertions(+)
|
|
|
|
diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c
|
|
index 2d60b86..7df91de 100644
|
|
--- a/services/plugins/vix/vixTools.c
|
|
+++ b/services/plugins/vix/vixTools.c
|
|
@@ -11552,6 +11552,7 @@ GuestAuthPasswordAuthenticateImpersonate(
|
|
VGAuthError vgErr;
|
|
VGAuthUserHandle *newHandle = NULL;
|
|
VGAuthExtraParams extraParams[1];
|
|
+ Bool impersonated = FALSE;
|
|
|
|
extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE;
|
|
extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE;
|
|
@@ -11587,6 +11588,8 @@ GuestAuthPasswordAuthenticateImpersonate(
|
|
goto done;
|
|
}
|
|
|
|
+ impersonated = TRUE;
|
|
+
|
|
#ifdef _WIN32
|
|
// this is making a copy of the token, be sure to close it
|
|
vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
|
|
@@ -11606,6 +11609,10 @@ done:
|
|
Util_ZeroFreeString(password);
|
|
|
|
if (VIX_OK != err) {
|
|
+ if (impersonated) {
|
|
+ vgErr = VGAuth_EndImpersonation(ctx);
|
|
+ ASSERT(vgErr == VGAUTH_E_OK);
|
|
+ }
|
|
VGAuth_UserHandleFree(newHandle);
|
|
newHandle = NULL;
|
|
}
|
|
@@ -11646,6 +11653,7 @@ GuestAuthSAMLAuthenticateAndImpersonate(
|
|
VGAuthError vgErr;
|
|
VGAuthUserHandle *newHandle = NULL;
|
|
VGAuthExtraParams extraParams[1];
|
|
+ Bool impersonated = FALSE;
|
|
|
|
extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE;
|
|
extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE;
|
|
@@ -11737,6 +11745,8 @@ impersonate:
|
|
goto done;
|
|
}
|
|
|
|
+ impersonated = TRUE;
|
|
+
|
|
#ifdef _WIN32
|
|
// this is making a copy of the token, be sure to close it
|
|
vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
|
|
@@ -11755,6 +11765,15 @@ done:
|
|
Util_ZeroFreeString(token);
|
|
Util_ZeroFreeString(username);
|
|
|
|
+ if (VIX_OK != err) {
|
|
+ if (impersonated) {
|
|
+ vgErr = VGAuth_EndImpersonation(ctx);
|
|
+ ASSERT(vgErr == VGAUTH_E_OK);
|
|
+ }
|
|
+ VGAuth_UserHandleFree(newHandle);
|
|
+ newHandle = NULL;
|
|
+ }
|
|
+
|
|
return err;
|
|
#else
|
|
return VIX_E_NOT_SUPPORTED;
|
|
--
|
|
1.8.3.1
|
|
|