From: Katy Feng Date: Thu, 6 Apr 2023 18:27:41 +0000 (-0700) Subject: Changes to common source files not applicable to open-vm-tools. X-Git-Tag: stable-12.3.0~83 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0365b80e3a5c67ecedd3dcc312e425ef4b2ec9dc;p=thirdparty%2Fopen-vm-tools.git Changes to common source files not applicable to open-vm-tools. --- diff --git a/open-vm-tools/configure.ac b/open-vm-tools/configure.ac index 8016001f0..e4cea962a 100644 --- a/open-vm-tools/configure.ac +++ b/open-vm-tools/configure.ac @@ -1954,6 +1954,9 @@ AC_CONFIG_FILES([ \ + + + ### ### Output ### diff --git a/open-vm-tools/vgauth/Makefile.am b/open-vm-tools/vgauth/Makefile.am index 3f94cdfc3..a984425bc 100644 --- a/open-vm-tools/vgauth/Makefile.am +++ b/open-vm-tools/vgauth/Makefile.am @@ -1,5 +1,5 @@ ################################################################################ -### Copyright (C) 2014-2017 VMware, Inc. All rights reserved. +### Copyright (c) 2014-2017,2023 VMware, Inc. All rights reserved. ### ### This program is free software; you can redistribute it and/or modify ### it under the terms of version 2 of the GNU General Public License as diff --git a/open-vm-tools/vgauth/common/VGAuthProto.h b/open-vm-tools/vgauth/common/VGAuthProto.h index 0d7e125f1..fda18e51d 100644 --- a/open-vm-tools/vgauth/common/VGAuthProto.h +++ b/open-vm-tools/vgauth/common/VGAuthProto.h @@ -1,5 +1,5 @@ /********************************************************* - * Copyright (C) 2011-2016 VMware, Inc. All rights reserved. + * Copyright (C) 2011-2016,2023 VMware, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -21,6 +21,8 @@ #include "VGAuthError.h" +/* clang-format off */ + /* * @file VGAuthProto.h * @@ -615,6 +617,7 @@ #define VGAUTH_REQUESTVALIDATESAMLBEARERTOKEN_ELEMENT_NAME "ValidateSamlBToken" + #define VGAUTH_VALIDATESAMLBEARERTOKEN_REQUEST_FORMAT \ VGAUTH_REQUEST_FORMAT_START \ "<"VGAUTH_REQUESTNAME_ELEMENT_NAME">"VGAUTH_REQUESTVALIDATESAMLBEARERTOKEN_ELEMENT_NAME"" \ @@ -623,6 +626,7 @@ "<"VGAUTH_VALIDATE_ONLY_ELEMENT_NAME">%s" \ VGAUTH_REQUEST_FORMAT_END + #define VGAUTH_VALIDATESAMLBEARERTOKEN_REPLY_FORMAT_START \ VGAUTH_REPLY_FORMAT_START \ "<"VGAUTH_USERNAME_ELEMENT_NAME">%s" \ @@ -637,4 +641,5 @@ VGAUTH_USERHANDLESAMLINFO_FORMAT_END \ VGAUTH_REPLY_FORMAT_END +/* clang-format on */ #endif // _VGAUTHPROTO_H_ diff --git a/open-vm-tools/vgauth/lib/VGAuthInt.h b/open-vm-tools/vgauth/lib/VGAuthInt.h index 564233a29..a9570bae4 100644 --- a/open-vm-tools/vgauth/lib/VGAuthInt.h +++ b/open-vm-tools/vgauth/lib/VGAuthInt.h @@ -1,5 +1,5 @@ /********************************************************* - * Copyright (C) 2011-2017 VMware, Inc. All rights reserved. + * Copyright (C) 2011-2017,2023 VMware, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -243,12 +243,16 @@ VGAuthError VGAuth_SendQueryMappedAliasesRequest(VGAuthContext *ctx, int *num, // OUT VGAuthMappedAlias **maList); // OUT +/* clang-format off */ VGAuthError VGAuth_SendValidateSamlBearerTokenRequest(VGAuthContext *ctx, gboolean validateOnly, const char *samlToken, const char *userName, VGAuthUserHandle **userHandle); + +/* clang-format on */ + VGAuthError VGAuth_CreateHandleForUsername(VGAuthContext *ctx, const char *userName, VGAuthUserHandleType type, diff --git a/open-vm-tools/vgauth/lib/auth.c b/open-vm-tools/vgauth/lib/auth.c index e9b048572..8d9d61c9a 100644 --- a/open-vm-tools/vgauth/lib/auth.c +++ b/open-vm-tools/vgauth/lib/auth.c @@ -1,5 +1,5 @@ /********************************************************* - * Copyright (C) 2011-2017 VMware, Inc. All rights reserved. + * Copyright (C) 2011-2017,2023 VMware, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -409,7 +409,7 @@ VGAuth_ValidateSSPIResponse(VGAuthContext *ctx, * authenticated. * * - * @remark One @a extraParams is supported: + * @remark Supported @a extraParams: * VGAUTH_PARAM_VALIDATE_INFO_ONLY, which must have the value * VGAUTH_PARAM_VALUE_TRUE or VGAUTH_PARAM_VALUE_FALSE. * If set, SAML token validation is done, but the returned diff --git a/open-vm-tools/vgauth/public/VGAuthAuthentication.h b/open-vm-tools/vgauth/public/VGAuthAuthentication.h index 8925c1fbb..deeae4ecd 100644 --- a/open-vm-tools/vgauth/public/VGAuthAuthentication.h +++ b/open-vm-tools/vgauth/public/VGAuthAuthentication.h @@ -1,5 +1,5 @@ /********************************************************* - * Copyright (C) 2011-2019 VMware, Inc. All rights reserved. + * Copyright (C) 2011-2019,2023 VMware, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -198,6 +198,7 @@ VGAuthError VGAuth_ValidateSSPIResponse(VGAuthContext *ctx, #define VGAUTH_PARAM_VALIDATE_INFO_ONLY "validateInfoOnly" + VGAuthError VGAuth_ValidateSamlBearerToken(VGAuthContext *ctx, const char *samlToken, const char *userName, diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xml-security-c.cpp b/open-vm-tools/vgauth/serviceImpl/saml-xml-security-c.cpp index a70f60297..ad54dd6d1 100644 --- a/open-vm-tools/vgauth/serviceImpl/saml-xml-security-c.cpp +++ b/open-vm-tools/vgauth/serviceImpl/saml-xml-security-c.cpp @@ -1,5 +1,5 @@ /********************************************************* - * Copyright (C) 2011-2017 VMware, Inc. All rights reserved. + * Copyright (C) 2011-2017,2023 VMware, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -463,7 +463,8 @@ SAML_VerifyBearerToken(const char *xmlText, VGAuthError err; SAMLTokenData token; - err = SAMLVerifyAssertion(xmlText, token, certs); + err = SAMLVerifyAssertion(xmlText, + token, certs); if (VGAUTH_E_OK != err) { return err; } @@ -497,13 +498,13 @@ SAML_VerifyBearerToken(const char *xmlText, * The token must first be verified, then the certificate chain used * verify it must be checked against the appropriate certificate store. * - * @param[in] xmlText The text of the SAML assertion. - * @param[in] userName Optional username to authenticate as. - * @param[out] userNameOut The user that the token has authenticated as. - * @param[out] subjNameOut The subject in the token. - * @param[out] verifySi The subjectInfo associated with the entry - * in the ID provider store used to verify the - * SAML cert. + * @param[in] xmlText The text of the SAML assertion. + * @param[in] userName Optional username to authenticate as. + * @param[out] userNameOut The user that the token has authenticated as. + * @param[out] subjNameOut The subject in the token. + * @param[out] verifySi The subjectInfo associated with the entry + * in the ID provider store used to verify the + * SAML cert. * * @return VGAUTH_E_OK on success, VGAuthError on failure * @@ -529,7 +530,8 @@ SAML_VerifyBearerTokenAndChain(const char *xmlText, ServiceSubject subj; int i; - err = SAMLVerifyAssertion(xmlText, token, certs); + err = SAMLVerifyAssertion(xmlText, + token, certs); if (VGAUTH_E_OK != err) { return err; } @@ -656,7 +658,8 @@ SAMLVerifyAssertion(const char *xmlText, return VGAUTH_E_AUTHENTICATION_DENIED; } - if (!SAMLCheckSignature(doc, certs)) { + if (!SAMLCheckSignature(doc, + certs)) { return VGAUTH_E_AUTHENTICATION_DENIED; } diff --git a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c index 6e9d0fd24..09fd33463 100644 --- a/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c +++ b/open-vm-tools/vgauth/serviceImpl/saml-xmlsec1.c @@ -1230,10 +1230,10 @@ done: * * Verifies the signature on an XML document. * - * @param[in] doc Parsed XML document. - * @param[out] numCerts Number of certs in the token. - * @param[out] certChain Certs in the token. Caller should g_free() array and - * contents. + * @param[in] doc Parsed XML document. + * @param[out] numCerts Number of certs in the token. + * @param[out] certChain Certs in the token. Caller should g_free() array and + * contents. * * @return TRUE on success. * @@ -1314,6 +1314,7 @@ VerifySignature(xmlDocPtr doc, goto done; } + /* * Create a signature context with the key manager */ @@ -1401,11 +1402,11 @@ done: * Verifies a XML text as a SAML token. * Parses the XML, then verifies Subject, Conditions and Signature. * - * @param[in] token Text of SAML token. - * @param[out] subject Subject of SAML token, Caller must g_free(). - * @param[out] numCerts Number of certs in the token. - * @param[out] certChain Certs in the token. Caller should g_free() array and - * contents. + * @param[in] token Text of SAML token. + * @param[out] subject Subject of SAML token, Caller must g_free(). + * @param[out] numCerts Number of certs in the token. + * @param[out] certChain Certs in the token. Caller should g_free() + * array and contents. * * @return matching TRUE on success. * @@ -1470,7 +1471,8 @@ VerifySAMLToken(const gchar *token, } #endif - bRet = VerifySignature(doc, numCerts, certChain); + bRet = VerifySignature(doc, + numCerts, certChain); if (FALSE == bRet) { g_warning("Failed to verify Signature\n"); // XXX Can we log the token at this point without risking security? @@ -1496,6 +1498,8 @@ done: } + + /* ****************************************************************************** * SAML_VerifyBearerToken -- */ /** @@ -1550,13 +1554,13 @@ SAML_VerifyBearerToken(const char *xmlText, * The token must first be verified, then the certificate chain used * verify it must be checked against the appropriate certificate store. * - * @param[in] xmlText The text of the SAML assertion. - * @param[in] userName Optional username to authenticate as. - * @param[out] userNameOut The user that the token has authenticated as. - * @param[out] subjNameOut The subject in the token. Caller must g_free(). - * @param[out] verifyAi The alias info associated with the entry - * in the alias store used to verify the - * SAML cert. + * @param[in] xmlText The text of the SAML assertion. + * @param[in] userName Optional username to authenticate as. + * @param[out] userNameOut The user that the token has authenticated as. + * @param[out] subjNameOut The subject in the token. Caller must g_free(). + * @param[out] verifyAi The alias info associated with the entry + * in the alias store used to verify the + * SAML cert. * * @return VGAUTH_E_OK on success, VGAuthError on failure * diff --git a/open-vm-tools/vgauth/serviceImpl/samlInt.hpp b/open-vm-tools/vgauth/serviceImpl/samlInt.hpp index e59a34d4f..846d23309 100644 --- a/open-vm-tools/vgauth/serviceImpl/samlInt.hpp +++ b/open-vm-tools/vgauth/serviceImpl/samlInt.hpp @@ -1,5 +1,5 @@ /********************************************************* - * Copyright (C) 2011-2016 VMware, Inc. All rights reserved. + * Copyright (C) 2011-2016,2023 VMware, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published diff --git a/open-vm-tools/vgauth/serviceImpl/serviceInt.h b/open-vm-tools/vgauth/serviceImpl/serviceInt.h index ef49f42c2..42e5a2b23 100644 --- a/open-vm-tools/vgauth/serviceImpl/serviceInt.h +++ b/open-vm-tools/vgauth/serviceImpl/serviceInt.h @@ -1,5 +1,5 @@ /********************************************************* - * Copyright (C) 2011-2017 VMware, Inc. All rights reserved. + * Copyright (C) 2011-2017,2023 VMware, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -479,6 +479,8 @@ gchar *ServiceEncodeUserName(const char *userName); gchar *ServiceDecodeUserName(const char *userName); VGAuthError SAML_Init(void); + +/* clang-format off */ VGAuthError SAML_VerifyBearerToken(const char *xmlText, const char *userName, char **userNameOut, @@ -489,6 +491,8 @@ VGAuthError SAML_VerifyBearerTokenAndChain(const char *xmlText, char **userNameOut, char **subjectNameOut, ServiceAliasInfo **verifyAi); +/* clang-format on */ + void SAML_Shutdown(void); void SAML_Reload(void);