bc03b3fd16
- ovt-Remove-some-dead-code.patch [bz#2215563] - Resolves: bz#2215563 ([CISA Major Incident] CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module [rhel-8])
170 lines
5.9 KiB
Diff
170 lines
5.9 KiB
Diff
From 37842edd9695fa5073ef313f85d54c570cb16fe5 Mon Sep 17 00:00:00 2001
|
|
From: John Wolfe <jwolfe@vmware.com>
|
|
Date: Mon, 8 May 2023 19:04:57 -0700
|
|
Subject: [PATCH] Remove some dead code.
|
|
|
|
RH-Author: Ani Sinha <None>
|
|
RH-MergeRequest: 15: Remove some dead code.
|
|
RH-Bugzilla: 2215563
|
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
|
RH-Acked-by: Cathy Avery <cavery@redhat.com>
|
|
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
RH-Commit: [1/1] d0172d67defde68ce7751302d7df5432e0053a9a
|
|
|
|
Address CVE-2023-20867.
|
|
Remove some authentication types which were deprecated long
|
|
ago and are no longer in use. These are dead code.
|
|
|
|
Cherry-picked from
|
|
https://github.com/vmware/open-vm-tools/blob/CVE-2023-20867.patch/2023-20867-Remove-some-dead-code.patch
|
|
|
|
Signed-off-by: Ani Sinha <anisinha@redhat.com>
|
|
---
|
|
open-vm-tools/services/plugins/vix/vixTools.c | 102 ------------------
|
|
1 file changed, 102 deletions(-)
|
|
|
|
diff --git a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c
|
|
index 9f376a72..85c5ba74 100644
|
|
--- a/open-vm-tools/services/plugins/vix/vixTools.c
|
|
+++ b/open-vm-tools/services/plugins/vix/vixTools.c
|
|
@@ -254,8 +254,6 @@ char *gImpersonatedUsername = NULL;
|
|
#define VIX_TOOLS_CONFIG_API_AUTHENTICATION "Authentication"
|
|
#define VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS "InfrastructureAgents"
|
|
|
|
-#define VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT TRUE
|
|
-
|
|
/*
|
|
* The switch that controls all APIs
|
|
*/
|
|
@@ -730,9 +728,6 @@ VixError GuestAuthSAMLAuthenticateAndImpersonate(
|
|
|
|
void GuestAuthUnimpersonate();
|
|
|
|
-static Bool VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef,
|
|
- const char *typeName);
|
|
-
|
|
#if SUPPORT_VGAUTH
|
|
|
|
VGAuthError TheVGAuthContext(VGAuthContext **ctx);
|
|
@@ -8013,29 +8008,6 @@ VixToolsImpersonateUser(VixCommandRequestHeader *requestMsg, // IN
|
|
userToken);
|
|
break;
|
|
}
|
|
- case VIX_USER_CREDENTIAL_ROOT:
|
|
- {
|
|
- if ((requestMsg->requestFlags & VIX_REQUESTMSG_HAS_HASHED_SHARED_SECRET) &&
|
|
- !VixToolsCheckIfAuthenticationTypeEnabled(gConfDictRef,
|
|
- VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS)) {
|
|
- /*
|
|
- * Don't accept hashed shared secret if disabled.
|
|
- */
|
|
- g_message("%s: Requested authentication type has been disabled.\n",
|
|
- __FUNCTION__);
|
|
- err = VIX_E_GUEST_AUTHTYPE_DISABLED;
|
|
- goto done;
|
|
- }
|
|
- }
|
|
- // fall through
|
|
-
|
|
- case VIX_USER_CREDENTIAL_CONSOLE_USER:
|
|
- err = VixToolsImpersonateUserImplEx(NULL,
|
|
- credentialType,
|
|
- NULL,
|
|
- loadUserProfile,
|
|
- userToken);
|
|
- break;
|
|
case VIX_USER_CREDENTIAL_NAME_PASSWORD:
|
|
case VIX_USER_CREDENTIAL_NAME_PASSWORD_OBFUSCATED:
|
|
case VIX_USER_CREDENTIAL_NAMED_INTERACTIVE_USER:
|
|
@@ -8204,36 +8176,6 @@ VixToolsImpersonateUserImplEx(char const *credentialTypeStr, // IN
|
|
}
|
|
}
|
|
|
|
- /*
|
|
- * If the VMX asks to be root, then we allow them.
|
|
- * The VMX will make sure that only it will pass this value in,
|
|
- * and only when the VM and host are configured to allow this.
|
|
- */
|
|
- if ((VIX_USER_CREDENTIAL_ROOT == credentialType)
|
|
- && (thisProcessRunsAsRoot)) {
|
|
- *userToken = PROCESS_CREATOR_USER_TOKEN;
|
|
-
|
|
- gImpersonatedUsername = Util_SafeStrdup("_ROOT_");
|
|
- err = VIX_OK;
|
|
- goto quit;
|
|
- }
|
|
-
|
|
- /*
|
|
- * If the VMX asks to be root, then we allow them.
|
|
- * The VMX will make sure that only it will pass this value in,
|
|
- * and only when the VM and host are configured to allow this.
|
|
- *
|
|
- * XXX This has been deprecated XXX
|
|
- */
|
|
- if ((VIX_USER_CREDENTIAL_CONSOLE_USER == credentialType)
|
|
- && ((allowConsoleUserOps) || !(thisProcessRunsAsRoot))) {
|
|
- *userToken = PROCESS_CREATOR_USER_TOKEN;
|
|
-
|
|
- gImpersonatedUsername = Util_SafeStrdup("_CONSOLE_USER_NAME_");
|
|
- err = VIX_OK;
|
|
- goto quit;
|
|
- }
|
|
-
|
|
/*
|
|
* If the VMX asks us to run commands in the context of the current
|
|
* user, make sure that the user who requested the command is the
|
|
@@ -10914,50 +10856,6 @@ VixToolsCheckIfVixCommandEnabled(int opcode, // IN
|
|
}
|
|
|
|
|
|
-/*
|
|
- *-----------------------------------------------------------------------------
|
|
- *
|
|
- * VixToolsCheckIfAuthenticationTypeEnabled --
|
|
- *
|
|
- * Checks to see if a given authentication type has been
|
|
- * disabled via the tools configuration.
|
|
- *
|
|
- * Return value:
|
|
- * TRUE if enabled, FALSE otherwise.
|
|
- *
|
|
- * Side effects:
|
|
- * None
|
|
- *
|
|
- *-----------------------------------------------------------------------------
|
|
- */
|
|
-
|
|
-static Bool
|
|
-VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef, // IN
|
|
- const char *typeName) // IN
|
|
-{
|
|
- char authnDisabledName[64]; // Authentication.<AuthenticationType>.disabled
|
|
- gboolean disabled;
|
|
-
|
|
- Str_Snprintf(authnDisabledName, sizeof(authnDisabledName),
|
|
- VIX_TOOLS_CONFIG_API_AUTHENTICATION ".%s.disabled",
|
|
- typeName);
|
|
-
|
|
- ASSERT(confDictRef != NULL);
|
|
-
|
|
- /*
|
|
- * XXX Skip doing the strcmp() to verify the auth type since we only
|
|
- * have the one typeName (VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS), and default
|
|
- * it to VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT.
|
|
- */
|
|
- disabled = VMTools_ConfigGetBoolean(confDictRef,
|
|
- VIX_TOOLS_CONFIG_API_GROUPNAME,
|
|
- authnDisabledName,
|
|
- VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT);
|
|
-
|
|
- return !disabled;
|
|
-}
|
|
-
|
|
-
|
|
/*
|
|
*-----------------------------------------------------------------------------
|
|
*
|
|
--
|
|
2.37.3
|
|
|