open-vm-tools/ovt-Remove-some-dead-code.patch
Jon Maloy bc03b3fd16 * Wed Jun 28 2023 Jon Maloy <jmaloy@redhat.com> - 12.2.0-3
- ovt-Remove-some-dead-code.patch [bz#2215563]
- Resolves: bz#2215563
  ([CISA Major Incident] CVE-2023-20867 open-vm-tools: authentication bypass vulnerability in the vgauth module [rhel-8])
2023-06-28 18:23:03 +00:00

170 lines
5.9 KiB
Diff

From 37842edd9695fa5073ef313f85d54c570cb16fe5 Mon Sep 17 00:00:00 2001
From: John Wolfe <jwolfe@vmware.com>
Date: Mon, 8 May 2023 19:04:57 -0700
Subject: [PATCH] Remove some dead code.
RH-Author: Ani Sinha <None>
RH-MergeRequest: 15: Remove some dead code.
RH-Bugzilla: 2215563
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Cathy Avery <cavery@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [1/1] d0172d67defde68ce7751302d7df5432e0053a9a
Address CVE-2023-20867.
Remove some authentication types which were deprecated long
ago and are no longer in use. These are dead code.
Cherry-picked from
https://github.com/vmware/open-vm-tools/blob/CVE-2023-20867.patch/2023-20867-Remove-some-dead-code.patch
Signed-off-by: Ani Sinha <anisinha@redhat.com>
---
open-vm-tools/services/plugins/vix/vixTools.c | 102 ------------------
1 file changed, 102 deletions(-)
diff --git a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c
index 9f376a72..85c5ba74 100644
--- a/open-vm-tools/services/plugins/vix/vixTools.c
+++ b/open-vm-tools/services/plugins/vix/vixTools.c
@@ -254,8 +254,6 @@ char *gImpersonatedUsername = NULL;
#define VIX_TOOLS_CONFIG_API_AUTHENTICATION "Authentication"
#define VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS "InfrastructureAgents"
-#define VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT TRUE
-
/*
* The switch that controls all APIs
*/
@@ -730,9 +728,6 @@ VixError GuestAuthSAMLAuthenticateAndImpersonate(
void GuestAuthUnimpersonate();
-static Bool VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef,
- const char *typeName);
-
#if SUPPORT_VGAUTH
VGAuthError TheVGAuthContext(VGAuthContext **ctx);
@@ -8013,29 +8008,6 @@ VixToolsImpersonateUser(VixCommandRequestHeader *requestMsg, // IN
userToken);
break;
}
- case VIX_USER_CREDENTIAL_ROOT:
- {
- if ((requestMsg->requestFlags & VIX_REQUESTMSG_HAS_HASHED_SHARED_SECRET) &&
- !VixToolsCheckIfAuthenticationTypeEnabled(gConfDictRef,
- VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS)) {
- /*
- * Don't accept hashed shared secret if disabled.
- */
- g_message("%s: Requested authentication type has been disabled.\n",
- __FUNCTION__);
- err = VIX_E_GUEST_AUTHTYPE_DISABLED;
- goto done;
- }
- }
- // fall through
-
- case VIX_USER_CREDENTIAL_CONSOLE_USER:
- err = VixToolsImpersonateUserImplEx(NULL,
- credentialType,
- NULL,
- loadUserProfile,
- userToken);
- break;
case VIX_USER_CREDENTIAL_NAME_PASSWORD:
case VIX_USER_CREDENTIAL_NAME_PASSWORD_OBFUSCATED:
case VIX_USER_CREDENTIAL_NAMED_INTERACTIVE_USER:
@@ -8204,36 +8176,6 @@ VixToolsImpersonateUserImplEx(char const *credentialTypeStr, // IN
}
}
- /*
- * If the VMX asks to be root, then we allow them.
- * The VMX will make sure that only it will pass this value in,
- * and only when the VM and host are configured to allow this.
- */
- if ((VIX_USER_CREDENTIAL_ROOT == credentialType)
- && (thisProcessRunsAsRoot)) {
- *userToken = PROCESS_CREATOR_USER_TOKEN;
-
- gImpersonatedUsername = Util_SafeStrdup("_ROOT_");
- err = VIX_OK;
- goto quit;
- }
-
- /*
- * If the VMX asks to be root, then we allow them.
- * The VMX will make sure that only it will pass this value in,
- * and only when the VM and host are configured to allow this.
- *
- * XXX This has been deprecated XXX
- */
- if ((VIX_USER_CREDENTIAL_CONSOLE_USER == credentialType)
- && ((allowConsoleUserOps) || !(thisProcessRunsAsRoot))) {
- *userToken = PROCESS_CREATOR_USER_TOKEN;
-
- gImpersonatedUsername = Util_SafeStrdup("_CONSOLE_USER_NAME_");
- err = VIX_OK;
- goto quit;
- }
-
/*
* If the VMX asks us to run commands in the context of the current
* user, make sure that the user who requested the command is the
@@ -10914,50 +10856,6 @@ VixToolsCheckIfVixCommandEnabled(int opcode, // IN
}
-/*
- *-----------------------------------------------------------------------------
- *
- * VixToolsCheckIfAuthenticationTypeEnabled --
- *
- * Checks to see if a given authentication type has been
- * disabled via the tools configuration.
- *
- * Return value:
- * TRUE if enabled, FALSE otherwise.
- *
- * Side effects:
- * None
- *
- *-----------------------------------------------------------------------------
- */
-
-static Bool
-VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef, // IN
- const char *typeName) // IN
-{
- char authnDisabledName[64]; // Authentication.<AuthenticationType>.disabled
- gboolean disabled;
-
- Str_Snprintf(authnDisabledName, sizeof(authnDisabledName),
- VIX_TOOLS_CONFIG_API_AUTHENTICATION ".%s.disabled",
- typeName);
-
- ASSERT(confDictRef != NULL);
-
- /*
- * XXX Skip doing the strcmp() to verify the auth type since we only
- * have the one typeName (VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS), and default
- * it to VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT.
- */
- disabled = VMTools_ConfigGetBoolean(confDictRef,
- VIX_TOOLS_CONFIG_API_GROUPNAME,
- authnDisabledName,
- VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT);
-
- return !disabled;
-}
-
-
/*
*-----------------------------------------------------------------------------
*
--
2.37.3