From: VMware, Inc <> Date: Wed, 18 Sep 2013 03:33:20 +0000 (-0700) Subject: VIX: add opcode for RemoveAliasByCert X-Git-Tag: 2013.09.16-1328054~39 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=119645bbb27989ddae45926a8918bc31d9ae34d2;p=thirdparty%2Fopen-vm-tools.git VIX: add opcode for RemoveAliasByCert Trying to be tricky and sharing an opcode doesn't work when it comes to tools-side disabling. So add an opcode for it and plumb it through. Signed-off-by: Dmitry Torokhov --- diff --git a/open-vm-tools/lib/foundryMsg/foundryMsg.c b/open-vm-tools/lib/foundryMsg/foundryMsg.c index 16e962026..77214e202 100644 --- a/open-vm-tools/lib/foundryMsg/foundryMsg.c +++ b/open-vm-tools/lib/foundryMsg/foundryMsg.c @@ -469,6 +469,8 @@ static const VixCommandInfo vixCommandInfoTable[] = { VIX_DEFINE_COMMAND_INFO(VIX_COMMAND_DELETE_REGISTRY_VALUE, VIX_COMMAND_CATEGORY_ALWAYS_ALLOWED), + VIX_DEFINE_COMMAND_INFO(VIX_COMMAND_REMOVE_AUTH_ALIAS_BY_CERT, + VIX_COMMAND_CATEGORY_ALWAYS_ALLOWED), }; diff --git a/open-vm-tools/lib/include/vixCommands.h b/open-vm-tools/lib/include/vixCommands.h index 38d911023..3192a945c 100644 --- a/open-vm-tools/lib/include/vixCommands.h +++ b/open-vm-tools/lib/include/vixCommands.h @@ -2424,6 +2424,8 @@ enum { VIX_COMMAND_LIST_REGISTRY_VALUES = 205, VIX_COMMAND_DELETE_REGISTRY_VALUE = 206, + VIX_COMMAND_REMOVE_AUTH_ALIAS_BY_CERT = 207, + /* * HOWTO: Adding a new Vix Command. Step 2a. * @@ -2434,7 +2436,7 @@ enum { * Once a new command is added here, a command info field needs to be added * in bora/lib/foundryMsg/foundryMsg.c as well. */ - VIX_COMMAND_LAST_NORMAL_COMMAND = 207, + VIX_COMMAND_LAST_NORMAL_COMMAND = 208, VIX_TEST_UNSUPPORTED_TOOLS_OPCODE_COMMAND = 998, VIX_TEST_UNSUPPORTED_VMX_OPCODE_COMMAND = 999, diff --git a/open-vm-tools/lib/include/vixOpenSource.h b/open-vm-tools/lib/include/vixOpenSource.h index c94e86f22..c2995d874 100644 --- a/open-vm-tools/lib/include/vixOpenSource.h +++ b/open-vm-tools/lib/include/vixOpenSource.h @@ -287,6 +287,7 @@ enum { VIX_PROPERTY_GUEST_SET_REGISTRY_VALUE_ENABLED = 4565, VIX_PROPERTY_GUEST_LIST_REGISTRY_VALUES_ENABLED = 4566, VIX_PROPERTY_GUEST_DELETE_REGISTRY_VALUE_ENABLED = 4567, + VIX_PROPERTY_GUEST_REMOVE_AUTH_ALIAS_BY_CERT_ENABLED = 4568, }; diff --git a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c index 654a43958..46ec910ac 100644 --- a/open-vm-tools/services/plugins/vix/vixTools.c +++ b/open-vm-tools/services/plugins/vix/vixTools.c @@ -227,8 +227,8 @@ static VGAuthUserHandle *currentUserHandle = NULL; #define VIX_TOOLS_CONFIG_API_RELEASE_CREDENTIALS_NAME "ReleaseCredentialsInGuest" #define VIX_TOOLS_CONFIG_API_ADD_GUEST_ALIAS_NAME "AddGuestAlias" -// controls both RemoveGuestAlias and RemoveGuestAliasByCert #define VIX_TOOLS_CONFIG_API_REMOVE_GUEST_ALIAS_NAME "RemoveGuestAlias" +#define VIX_TOOLS_CONFIG_API_REMOVE_GUEST_ALIAS_BY_CERT_NAME "RemoveGuestAliasByCert" #define VIX_TOOLS_CONFIG_API_LIST_GUEST_ALIASES_NAME "ListGuestAliases" #define VIX_TOOLS_CONFIG_API_LIST_GUEST_MAPPED_ALIASES_NAME "ListGuestMappedAliases" @@ -2699,6 +2699,7 @@ VixToolsGetAPIDisabledFromConf(GKeyFile *confDictRef, // IN if (NULL != varName) { if ((strcmp(varName, VIX_TOOLS_CONFIG_API_ADD_GUEST_ALIAS_NAME) == 0) || (strcmp(varName, VIX_TOOLS_CONFIG_API_REMOVE_GUEST_ALIAS_NAME) == 0) || + (strcmp(varName, VIX_TOOLS_CONFIG_API_REMOVE_GUEST_ALIAS_BY_CERT_NAME) == 0) || (strcmp(varName, VIX_TOOLS_CONFIG_API_LIST_GUEST_ALIASES_NAME) == 0) || (strcmp(varName, VIX_TOOLS_CONFIG_API_LIST_GUEST_MAPPED_ALIASES_NAME) == 0)) { disabled = TRUE; @@ -2986,6 +2987,13 @@ VixToolsSetAPIEnabledProperties(VixPropertyListImpl *propList, // IN goto exit; } + err = VixPropertyList_SetBool(propList, + VIX_PROPERTY_GUEST_REMOVE_AUTH_ALIAS_BY_CERT_ENABLED, + VixToolsComputeEnabledProperty(confDictRef, + VIX_TOOLS_CONFIG_API_REMOVE_GUEST_ALIAS_BY_CERT_NAME)); + if (VIX_OK != err) { + goto exit; + } exit: Debug("finished %s, err %"FMT64"d\n", __FUNCTION__, err); return err; @@ -9012,8 +9020,16 @@ VixToolsRemoveAuthAlias(VixCommandRequestHeader *requestMsg) // IN } if (VIX_GUEST_AUTH_SUBJECT_TYPE_NONE == req->subjectType) { +#ifdef notyet + /* + * XXX turn on this assert() 'soon' -- if done now it could be hit + * with these tools and an old hostd/VMX that still shares the opcode. + */ + ASSERT(requestMsg->opCode == VIX_COMMAND_REMOVE_AUTH_ALIAS_BY_CERT); +#endif vgErr = VGAuth_RemoveAliasByCert(ctx, userName, pemCert, 0, NULL); } else { + ASSERT(requestMsg->opCode == VIX_COMMAND_REMOVE_AUTH_ALIAS); subj.type = (req->subjectType == VIX_GUEST_AUTH_SUBJECT_TYPE_NAMED) ? VGAUTH_SUBJECT_NAMED : VGAUTH_SUBJECT_ANY; subj.val.name = (char *) subjectName; @@ -9972,6 +9988,11 @@ VixToolsCheckIfVixCommandEnabled(int opcode, // IN VIX_TOOLS_CONFIG_API_REMOVE_GUEST_ALIAS_NAME); break; + case VIX_COMMAND_REMOVE_AUTH_ALIAS_BY_CERT: + enabled = !VixToolsGetAPIDisabledFromConf(confDictRef, + VIX_TOOLS_CONFIG_API_REMOVE_GUEST_ALIAS_BY_CERT_NAME); + break; + case VIX_COMMAND_LIST_AUTH_PROVIDER_ALIASES: enabled = !VixToolsGetAPIDisabledFromConf(confDictRef, VIX_TOOLS_CONFIG_API_LIST_GUEST_ALIASES_NAME); @@ -10406,6 +10427,7 @@ VixTools_ProcessVixCommand(VixCommandRequestHeader *requestMsg, // IN err = VixToolsAddAuthAlias(requestMsg); break; case VIX_COMMAND_REMOVE_AUTH_ALIAS: + case VIX_COMMAND_REMOVE_AUTH_ALIAS_BY_CERT: err = VixToolsRemoveAuthAlias(requestMsg); break; case VIX_COMMAND_LIST_AUTH_PROVIDER_ALIASES: