/*********************************************************
- * Copyright (C) 2007-2022 VMware, Inc. All rights reserved.
+ * Copyright (C) 2007-2023 VMware, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published
#define VIX_TOOLS_CONFIG_API_AUTHENTICATION "Authentication"
#define VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS "InfrastructureAgents"
-#define VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT TRUE
-
/*
* The switch that controls all APIs
*/
void GuestAuthUnimpersonate();
-static Bool VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef,
- const char *typeName);
-
#if SUPPORT_VGAUTH
VGAuthError TheVGAuthContext(VGAuthContext **ctx);
userToken);
break;
}
- case VIX_USER_CREDENTIAL_ROOT:
- {
- if ((requestMsg->requestFlags & VIX_REQUESTMSG_HAS_HASHED_SHARED_SECRET) &&
- !VixToolsCheckIfAuthenticationTypeEnabled(gConfDictRef,
- VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS)) {
- /*
- * Don't accept hashed shared secret if disabled.
- */
- g_message("%s: Requested authentication type has been disabled.\n",
- __FUNCTION__);
- err = VIX_E_GUEST_AUTHTYPE_DISABLED;
- goto done;
- }
- }
- // fall through
-
- case VIX_USER_CREDENTIAL_CONSOLE_USER:
- err = VixToolsImpersonateUserImplEx(NULL,
- credentialType,
- NULL,
- loadUserProfile,
- userToken);
- break;
case VIX_USER_CREDENTIAL_NAME_PASSWORD:
case VIX_USER_CREDENTIAL_NAME_PASSWORD_OBFUSCATED:
case VIX_USER_CREDENTIAL_NAMED_INTERACTIVE_USER:
}
}
- /*
- * If the VMX asks to be root, then we allow them.
- * The VMX will make sure that only it will pass this value in,
- * and only when the VM and host are configured to allow this.
- */
- if ((VIX_USER_CREDENTIAL_ROOT == credentialType)
- && (thisProcessRunsAsRoot)) {
- *userToken = PROCESS_CREATOR_USER_TOKEN;
-
- gImpersonatedUsername = Util_SafeStrdup("_ROOT_");
- err = VIX_OK;
- goto quit;
- }
-
- /*
- * If the VMX asks to be root, then we allow them.
- * The VMX will make sure that only it will pass this value in,
- * and only when the VM and host are configured to allow this.
- *
- * XXX This has been deprecated XXX
- */
- if ((VIX_USER_CREDENTIAL_CONSOLE_USER == credentialType)
- && ((allowConsoleUserOps) || !(thisProcessRunsAsRoot))) {
- *userToken = PROCESS_CREATOR_USER_TOKEN;
-
- gImpersonatedUsername = Util_SafeStrdup("_CONSOLE_USER_NAME_");
- err = VIX_OK;
- goto quit;
- }
-
/*
* If the VMX asks us to run commands in the context of the current
* user, make sure that the user who requested the command is the
}
-/*
- *-----------------------------------------------------------------------------
- *
- * VixToolsCheckIfAuthenticationTypeEnabled --
- *
- * Checks to see if a given authentication type has been
- * disabled via the tools configuration.
- *
- * Return value:
- * TRUE if enabled, FALSE otherwise.
- *
- * Side effects:
- * None
- *
- *-----------------------------------------------------------------------------
- */
-
-static Bool
-VixToolsCheckIfAuthenticationTypeEnabled(GKeyFile *confDictRef, // IN
- const char *typeName) // IN
-{
- char authnDisabledName[64]; // Authentication.<AuthenticationType>.disabled
- gboolean disabled;
-
- Str_Snprintf(authnDisabledName, sizeof(authnDisabledName),
- VIX_TOOLS_CONFIG_API_AUTHENTICATION ".%s.disabled",
- typeName);
-
- ASSERT(confDictRef != NULL);
-
- /*
- * XXX Skip doing the strcmp() to verify the auth type since we only
- * have the one typeName (VIX_TOOLS_CONFIG_AUTHTYPE_AGENTS), and default
- * it to VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT.
- */
- disabled = VMTools_ConfigGetBoolean(confDictRef,
- VIX_TOOLS_CONFIG_API_GROUPNAME,
- authnDisabledName,
- VIX_TOOLS_CONFIG_INFRA_AGENT_DISABLED_DEFAULT);
-
- return !disabled;
-}
-
-
/*
*-----------------------------------------------------------------------------
*
projects / thirdparty / open-vm-tools.git / commitdiff
