From: Oliver Kurth <okurth@vmware.com>
Date: Tue, 4 Sep 2018 22:40:58 +0000 (-0700)
Subject: End VGAuth impersonation in the case of error.
X-Git-Tag: stable-11.0.0~409
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1535eb36e8293d753c29f1eaf6cd6d2165efb1ca;p=thirdparty%2Fopen-vm-tools.git

End VGAuth impersonation in the case of error.

* In GuestAuthPasswordAuthenticateImpersonate():
When VGAuth_UserHandleAccessToken fails, unimpersonation is not
being done. This can cause issues. Fixed it.

* In GuestAuthSAMLAuthenticateAndImpersonate(), fixed the following issues:
The 'newHandle' is not being freed which causes a memory leak.
When VGAuth_UserHandleAccessToken fails, unimpersonation is not
being done.
---

diff --git a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c
index 7df3f91cb..562233680 100644
--- a/open-vm-tools/services/plugins/vix/vixTools.c
+++ b/open-vm-tools/services/plugins/vix/vixTools.c
@@ -11458,6 +11458,7 @@ GuestAuthPasswordAuthenticateImpersonate(
    VGAuthError vgErr;
    VGAuthUserHandle *newHandle = NULL;
    VGAuthExtraParams extraParams[1];
+   Bool impersonated = FALSE;
 
    extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE;
    extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE;
@@ -11493,6 +11494,8 @@ GuestAuthPasswordAuthenticateImpersonate(
       goto done;
    }
 
+   impersonated = TRUE;
+
 #ifdef _WIN32
    // this is making a copy of the token, be sure to close it
    vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
@@ -11512,6 +11515,10 @@ done:
    Util_ZeroFreeString(password);
 
    if (VIX_OK != err) {
+      if (impersonated) {
+         vgErr = VGAuth_EndImpersonation(ctx);
+         ASSERT(vgErr == VGAUTH_E_OK);
+      }
       VGAuth_UserHandleFree(newHandle);
       newHandle = NULL;
    }
@@ -11546,12 +11553,13 @@ GuestAuthSAMLAuthenticateAndImpersonate(
 {
 #if SUPPORT_VGAUTH
    VixError err;
-   char *token;
-   char *username;
+   char *token = NULL;
+   char *username = NULL;
    VGAuthContext *ctx = NULL;
    VGAuthError vgErr;
    VGAuthUserHandle *newHandle = NULL;
    VGAuthExtraParams extraParams[1];
+   Bool impersonated = FALSE;
 
    extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE;
    extraParams[0].value = VGAUTH_PARAM_VALUE_TRUE;
@@ -11643,6 +11651,8 @@ impersonate:
       goto done;
    }
 
+   impersonated = TRUE;
+
 #ifdef _WIN32
    // this is making a copy of the token, be sure to close it
    vgErr = VGAuth_UserHandleAccessToken(ctx, newHandle, userToken);
@@ -11658,6 +11668,17 @@ impersonate:
    err = VIX_OK;
 
 done:
+   Util_ZeroFreeString(token);
+   Util_ZeroFreeString(username);
+
+   if (VIX_OK != err) {
+      if (impersonated) {
+         vgErr = VGAuth_EndImpersonation(ctx);
+         ASSERT(vgErr == VGAUTH_E_OK);
+      }
+      VGAuth_UserHandleFree(newHandle);
+      newHandle = NULL;
+   }
 
    return err;
 #else