/*********************************************************
- * Copyright (C) 2011-2016 VMware, Inc. All rights reserved.
+ * Copyright (C) 2011-2017 VMware, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published
char *pipeName;
} VGAuthComm;
+struct VGAuthUserHandle;
+
struct VGAuthContext {
/*
* Needed for pam(3) initialization.
*/
gboolean isImpersonating;
+ /*
+ * Impersonated user.
+ */
+ VGAuthUserHandle *impersonatedUser;
+
/*
* XXX optimization -- keep a comm channel alive for superuser?
*
AuthDetails details;
#ifdef _WIN32
HANDLE token;
+ HANDLE hProfile;
#else
uid_t uid;
#endif
+ int refCount;
};
VGAuthAliasInfo *si);
VGAuthError VGAuthImpersonateImpl(VGAuthContext *ctx,
- VGAuthUserHandle *handle);
+ VGAuthUserHandle *handle,
+ gboolean loadUserProfile);
VGAuthError VGAuthEndImpersonationImpl(VGAuthContext *ctx);
int numExtraParams,
const VGAuthExtraParams *params);
+#define VGAuthGetBoolExtraParam(numEP, ep, name, defValue, value) \
+ VGAuthGetBoolExtraParamImpl(__FUNCTION__, (numEP), ep, \
+ name, defValue, (value))
+
+VGAuthError VGAuthGetBoolExtraParamImpl(const char *funcName,
+ int numExtraParams,
+ const VGAuthExtraParams *params,
+ const char *paramName,
+ gboolean defValue,
+ gboolean *paramValue);
+
void VGAuth_FreeAliasInfoContents(VGAuthAliasInfo *si);
void VGAuth_CopyAliasInfo(const VGAuthAliasInfo *src,
VGAuthAliasInfo *dst);
/*********************************************************
- * Copyright (C) 2011-2016 VMware, Inc. All rights reserved.
+ * Copyright (C) 2011-2017 VMware, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published
{
VGAuthError err;
VGAuthUserHandle *newHandle = NULL;
- int validateOnly = -1;
- int i;
+ gboolean validateOnly;
/*
* arg check
return err;
}
- /*
- * XXX
- *
- * Should be generalized once we have more use cases.
- */
- for (i = 0; i < numExtraParams; i++) {
- if (g_strcmp0(extraParams[i].name,
- VGAUTH_PARAM_VALIDATE_INFO_ONLY) == 0) {
- // only allow it to be set once
- if (validateOnly != -1) {
- Warning("%s: extraParam '%s' passed multiple times\n",
- __FUNCTION__, extraParams[i].name);
- return VGAUTH_E_INVALID_ARGUMENT;
- }
- if (extraParams[i].value) {
- if (g_ascii_strcasecmp(VGAUTH_PARAM_VALUE_TRUE,
- extraParams[i].value) == 0) {
- validateOnly = 1;
- } else if (g_ascii_strcasecmp(VGAUTH_PARAM_VALUE_FALSE,
- extraParams[i].value) == 0) {
- validateOnly = 0;
- } else {
- Warning("%s: Unrecognized value '%s' for boolean param %s\n",
- __FUNCTION__, extraParams[i].value, extraParams[i].name);
- return VGAUTH_E_INVALID_ARGUMENT;
- }
- } else {
- return VGAUTH_E_INVALID_ARGUMENT;
- }
- }
+ err = VGAuthGetBoolExtraParam(numExtraParams, extraParams,
+ VGAUTH_PARAM_VALIDATE_INFO_ONLY,
+ FALSE,
+ &validateOnly);
+ if (VGAUTH_E_OK != err) {
+ return err;
}
err = VGAuth_SendValidateSamlBearerTokenRequest(ctx,
- (validateOnly == 1) ?
- TRUE : FALSE,
+ validateOnly,
samlToken,
userName,
&newHandle);
- if (err != VGAUTH_E_OK) {
+ if (VGAUTH_E_OK != err) {
goto done;
}
}
+/*
+ ******************************************************************************
+ * VGAuthGetBoolExtraParamImpl -- */ /**
+ *
+ * Get the boolean value of the specified extra param in the params array.
+ *
+ * @param[in] funcName The name of the calling function.
+ * @param[in] numParams The number of elements in the params array.
+ * @param[in] params The params array to get param value from.
+ * @param[in] paramName The param name to get its value.
+ * @param[in] defValue The param default value if not set in the array.
+ * @param[out] paramValue Returned param value, TRUE or FALSE.
+ *
+ * @retval VGAUTH_E_INVALID_ARGUMENT If incomplete arguments are passed in,
+ * the specified extra parameter is passed
+ * in the array multiple times or the
+ * parameter value is invalid.
+ * @reval VGAUTH_E_OK If no error is encountered.
+ *
+ ******************************************************************************
+ */
+
+VGAuthError
+VGAuthGetBoolExtraParamImpl(const char *funcName,
+ int numParams,
+ const VGAuthExtraParams *params,
+ const char *paramName,
+ gboolean defValue,
+ gboolean *paramValue)
+{
+ gboolean paramSet = FALSE;
+ int i;
+
+ if ((numParams < 0) || (numParams > 0 && NULL == params)) {
+ Warning("%s: invalid number of parameters: %d.\n", funcName, numParams);
+ return VGAUTH_E_INVALID_ARGUMENT;
+ }
+
+ if (NULL == paramName || NULL == paramValue) {
+ return VGAUTH_E_INVALID_ARGUMENT;
+ }
+
+ *paramValue = defValue;
+
+ for (i = 0; i < numParams; i++) {
+ if (g_strcmp0(params[i].name, paramName) == 0) {
+ // only allow it to be set once
+ if (paramSet) {
+ Warning("%s: extraParam '%s' passed multiple times.\n",
+ funcName, params[i].name);
+ return VGAUTH_E_INVALID_ARGUMENT;
+ }
+ if (params[i].value) {
+ if (g_ascii_strcasecmp(VGAUTH_PARAM_VALUE_TRUE,
+ params[i].value) == 0) {
+ *paramValue = TRUE;
+ paramSet = TRUE;
+ } else if (g_ascii_strcasecmp(VGAUTH_PARAM_VALUE_FALSE,
+ params[i].value) == 0) {
+ *paramValue = FALSE;
+ paramSet = TRUE;
+ } else {
+ Warning("%s: Unrecognized value '%s' for boolean param %s\n",
+ funcName, params[i].value, params[i].name);
+ return VGAUTH_E_INVALID_ARGUMENT;
+ }
+ } else {
+ return VGAUTH_E_INVALID_ARGUMENT;
+ }
+ }
+ }
+
+ return VGAUTH_E_OK;
+}
+
+
/*
******************************************************************************
* VGAuth_Init -- */ /**
newCtx->applicationName = g_strdup(applicationName);
newCtx->isImpersonating = FALSE;
+ newCtx->impersonatedUser = NULL;
/*
* Only init prefs, i18n and auditing once.
/*********************************************************
- * Copyright (C) 2011-2016 VMware, Inc. All rights reserved.
+ * Copyright (C) 2011-2017 VMware, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published
#ifdef _WIN32
newHandle->token = token;
+ newHandle->hProfile = NULL;
#endif
+ newHandle->refCount = 1;
*handle = newHandle;
+ Debug("%s: Created handle %p\n", __FUNCTION__, newHandle);
+
return err;
}
return;
}
+ ASSERT(handle->refCount > 0);
+ if (handle->refCount <= 0) {
+ Warning("%s: invalid user handle reference count %d\n",
+ __FUNCTION__, handle->refCount);
+ return;
+ }
+
+ handle->refCount--;
+
+ if (handle->refCount > 0) {
+ return;
+ }
+
WIN32_ONLY(CloseHandle(handle->token));
g_free(handle->userName);
}
g_free(handle);
+
+ Debug("%s: Freed handle %p\n", __FUNCTION__, handle);
}
* before another call to VGAuth_Impersonate() is made.
*
* @remark Must be called by superuser.
+ * One @a extraParams is supported for Windows:
+ * VGAUTH_PARAM_LOAD_USER_PROFILE, which must have the value
+ * VGAUTH_PARAM_VALUE_TRUE or VGAUTH_PARAM_VALUE_FALSE.
+ * If set true, load user profile before impersonation.
*
* @param[in] ctx The VGAuthContext.
* @param[in] handle The handle representing the user to be
const VGAuthExtraParams *extraParams)
{
VGAuthError err;
+ gboolean loadUserProfile;
if ((NULL == ctx) || (NULL == handle)) {
return VGAUTH_E_INVALID_ARGUMENT;
return err;
}
+ err = VGAuthGetBoolExtraParam(numExtraParams, extraParams,
+ VGAUTH_PARAM_LOAD_USER_PROFILE,
+ FALSE,
+ &loadUserProfile);
+ if (VGAUTH_E_OK != err) {
+ return err;
+ }
+
if (ctx->isImpersonating) {
return VGAUTH_E_ALREADY_IMPERSONATING;
}
- err = VGAuthImpersonateImpl(ctx, handle);
+ err = VGAuthImpersonateImpl(ctx,
+ handle,
+ loadUserProfile);
if (VGAUTH_E_OK == err) {
ctx->isImpersonating = TRUE;
+ handle->refCount++;
+ ctx->impersonatedUser = handle;
}
return err;
err = VGAuthEndImpersonationImpl(ctx);
if (VGAUTH_E_OK == err) {
ctx->isImpersonating = FALSE;
+ VGAuth_UserHandleFree(ctx->impersonatedUser);
+ ctx->impersonatedUser = NULL;
}
return err;
/*********************************************************
- * Copyright (C) 2011-2016 VMware, Inc. All rights reserved.
+ * Copyright (C) 2011-2017 VMware, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published
* however, no $SHELL startup files are run, so you cannot assume that
* other environment variables have been changed.
*
- * @param[in] ctx The VGAuthContext.
- * @param[in] handle The handle representing the user to be impersonated.
+ * @param[in] ctx The VGAuthContext.
+ * @param[in] handle The handle representing the user to be
+ * impersonated.
+ * @param[in] loadUserProfile Unused parameter.
*
* @return VGAUTH_E_OK on success, VGAuthError on failure
*
VGAuthError
VGAuthImpersonateImpl(VGAuthContext *ctx,
- VGAuthUserHandle *handle)
+ VGAuthUserHandle *handle,
+ UNUSED_PARAM(gboolean loadUserProfile))
{
char buffer[BUFSIZ];
struct passwd pw;
/*********************************************************
- * Copyright (C) 2011-2016 VMware, Inc. All rights reserved.
+ * Copyright (C) 2011-2017 VMware, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published
/* Impersonation APIs */
+#define VGAUTH_PARAM_LOAD_USER_PROFILE "loadUserProfile"
+
/*
* Start impersonating the user described by VGAuthUserHandle.
*/
projects / thirdparty / open-vm-tools.git / commitdiff
