rpms / open-vm-tools

Clone
Source Code
GIT

Blame SOURCES/ovt-End-VGAuth-impersonation-in-the-case-of-error2.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   a5acdeb464abf65f70e83baff8713e407d090ef0
  2.   SOURCES
  3.   ovt-End-VGAuth-impersonation-in-the-case-of-error2.patch
Blob History Raw
a5acde 
From 44f00e9dc569e7ec89251b415e156df0cb59ea07 Mon Sep 17 00:00:00 2001
a5acde 
From: Cathy Avery <cavery@redhat.com>
a5acde 
Date: Tue, 19 Nov 2019 14:16:05 +0100
a5acde 
Subject: [PATCH 2/3] End VGAuth impersonation in the case of error.
a5acde
a5acde 
RH-Author: Cathy Avery <cavery@redhat.com>
a5acde 
Message-id: <20191119141606.5322-3-cavery@redhat.com>
a5acde 
Patchwork-id: 92512
a5acde 
O-Subject: [RHEL8.1.z open-vm-tools PATCH 2/3] End VGAuth impersonation in the case of error.
a5acde 
Bugzilla: 1773903
a5acde 
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
a5acde 
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
a5acde
a5acde 
commit 7b874f37f970aab2adddb063a8363594f47abf70
a5acde 
Author: Oliver Kurth <okurth@vmware.com>
a5acde 
Date:   Tue Sep 4 15:40:58 2018 -0700
a5acde
a5acde 
    End VGAuth impersonation in the case of error.
a5acde
a5acde 
    * In GuestAuthPasswordAuthenticateImpersonate():
a5acde 
    When VGAuth_UserHandleAccessToken fails, unimpersonation is not
a5acde 
    being done. This can cause issues. Fixed it.
a5acde
a5acde 
    * In GuestAuthSAMLAuthenticateAndImpersonate(), fixed the following issues:
a5acde 
    The 'newHandle' is not being freed which causes a memory leak.
a5acde 
    When VGAuth_UserHandleAccessToken fails, unimpersonation is not
a5acde 
    being done.
a5acde
a5acde 
Signed-off-by: Cathy Avery <cavery@redhat.com>
a5acde
a5acde 
Conflicts: There was previously a parital port of this patch
a5acde 
commit 65f14ca791ac6636ad7d8a3d59941e52a5e3188c of coverity fixes only.
a5acde
a5acde 
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
a5acde 
---
a5acde 
 services/plugins/vix/vixTools.c | 19 +++++++++++++++++++
a5acde 
 1 file changed, 19 insertions(+)
a5acde
a5acde 
diff --git a/services/plugins/vix/vixTools.c b/services/plugins/vix/vixTools.c
a5acde 
index 2d60b86..7df91de 100644
a5acde 
--- a/services/plugins/vix/vixTools.c
a5acde 
+++ b/services/plugins/vix/vixTools.c
a5acde 
@@ -11552,6 +11552,7 @@ GuestAuthPasswordAuthenticateImpersonate(
a5acde 
    VGAuthError vgErr;
a5acde 
    VGAuthUserHandle *newHandle = NULL;
a5acde 
    VGAuthExtraParams extraParams[1];
a5acde 
+   Bool impersonated = FALSE;
a5acde
a5acde 
    extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE;
a5acde 
    extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE;
a5acde 
@@ -11587,6 +11588,8 @@ GuestAuthPasswordAuthenticateImpersonate(
a5acde 
       goto done;
a5acde 
    }
a5acde
a5acde 
+   impersonated = TRUE;
a5acde 
+
a5acde 
 #ifdef _WIN32
a5acde 
    // this is making a copy of the token, be sure to close it
a5acde 
    vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
a5acde 
@@ -11606,6 +11609,10 @@ done:
a5acde 
    Util_ZeroFreeString(password);
a5acde
a5acde 
    if (VIX_OK != err) {
a5acde 
+      if (impersonated) {
a5acde 
+         vgErr = VGAuth_EndImpersonation(ctx);
a5acde 
+         ASSERT(vgErr == VGAUTH_E_OK);
a5acde 
+      }
a5acde 
       VGAuth_UserHandleFree(newHandle);
a5acde 
       newHandle = NULL;
a5acde 
    }
a5acde 
@@ -11646,6 +11653,7 @@ GuestAuthSAMLAuthenticateAndImpersonate(
a5acde 
    VGAuthError vgErr;
a5acde 
    VGAuthUserHandle *newHandle = NULL;
a5acde 
    VGAuthExtraParams extraParams[1];
a5acde 
+   Bool impersonated = FALSE;
a5acde
a5acde 
    extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE;
a5acde 
    extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE;
a5acde 
@@ -11737,6 +11745,8 @@ impersonate:
a5acde 
       goto done;
a5acde 
    }
a5acde
a5acde 
+   impersonated = TRUE;
a5acde 
+
a5acde 
 #ifdef _WIN32
a5acde 
    // this is making a copy of the token, be sure to close it
a5acde 
    vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
a5acde 
@@ -11755,6 +11765,15 @@ done:
a5acde 
    Util_ZeroFreeString(token);
a5acde 
    Util_ZeroFreeString(username);
a5acde
a5acde 
+   if (VIX_OK != err) {
a5acde 
+      if (impersonated) {
a5acde 
+         vgErr = VGAuth_EndImpersonation(ctx);
a5acde 
+         ASSERT(vgErr == VGAUTH_E_OK);
a5acde 
+      }
a5acde 
+      VGAuth_UserHandleFree(newHandle);
a5acde 
+      newHandle = NULL;
a5acde 
+   }
a5acde 
+
a5acde 
    return err;
a5acde 
 #else
a5acde 
    return VIX_E_NOT_SUPPORTED;
a5acde 
--
a5acde 
1.8.3.1
a5acde

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation