From: Kruti Pendharkar Date: Tue, 30 Sep 2025 06:03:43 +0000 (-0700) Subject: Change to common source files not applicable to open-vm-tools. X-Git-Tag: stable-13.0.5~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f0e624d1ae33cee7e66aaed17d82242272383c9a;p=thirdparty%2Fopen-vm-tools.git Change to common source files not applicable to open-vm-tools. --- diff --git a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c index 8b9465605..654512c5e 100644 --- a/open-vm-tools/services/plugins/vix/vixTools.c +++ b/open-vm-tools/services/plugins/vix/vixTools.c @@ -1,5 +1,5 @@ /********************************************************* - * Copyright (c) 2007-2024 Broadcom. All Rights Reserved. + * Copyright (c) 2007-2025 Broadcom. All Rights Reserved. * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. * * This program is free software; you can redistribute it and/or modify it @@ -2645,6 +2645,65 @@ VixToolsTranslateVGAuthError(VGAuthError vgErr) #endif +#if defined(_WIN32) +/* + *----------------------------------------------------------------------------- + * + * VixTools_ConfigGetString -- + * + * Wrapper for VMTools_ConfigGetString to retrieve values + * from VIX_TOOLS_CONFIG_API_GROUPNAME group. + * + * Return value: + * Value of the key if the value was read successfully, or else + * a copy of defValue unless defValue is NULL, in which case it's NULL. + * The returned string should be freed with g_free when no longer + * needed. + * + * Side effects: + * None + * + *----------------------------------------------------------------------------- + */ +gchar * +VixTools_ConfigGetString(const gchar *key, // IN + const gchar *defValue) // In +{ + + return VMTools_ConfigGetString(gConfDictRef, + VIX_TOOLS_CONFIG_API_GROUPNAME, + key, defValue); +} + + +/* + *----------------------------------------------------------------------------- + * + * VixTools_ConfigLogInvalidString -- + * + * Log a warning when a config string from the + * VIX_TOOLS_CONFIG_API_GROUPNAME group has an invalid value. + * + * Return value: + * None + * + * Side effects: + * None + * + *----------------------------------------------------------------------------- + */ +void +VixTools_ConfigLogInvalidString(const gchar *function, // IN + const gchar *key, // IN + const gchar *confValue, // IN + const gchar *usedValue) // IN +{ + g_warning("%s: invalid value '%s' from tools.conf [%s] %s, using %s.\n", + function, confValue, VIX_TOOLS_CONFIG_API_GROUPNAME, key, usedValue); +} +#endif + + /* *----------------------------------------------------------------------------- * @@ -11750,7 +11809,7 @@ GuestAuthEnabled(void) * the GuestAuth library. * * Results: - * VIX_OK if successful.Other VixError code otherwise. + * VIX_OK if successful, otherwise some other VixError code. * * Side effects: * Current process impersonates. @@ -11774,10 +11833,6 @@ GuestAuthPasswordAuthenticateImpersonate( VGAuthExtraParams extraParams[1]; Bool impersonated = FALSE; - extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE; - extraParams[0].value = loadUserProfile ? VGAUTH_PARAM_VALUE_TRUE : - VGAUTH_PARAM_VALUE_FALSE; - err = VixMsg_DeObfuscateNamePassword(obfuscatedNamePassword, &username, &password); @@ -11793,14 +11848,22 @@ GuestAuthPasswordAuthenticateImpersonate( goto done; } +#ifdef _WIN32 + vgErr = VGAuth_ValidateUsernamePassword_Helper(ctx, username, password, + &newHandle); +#else vgErr = VGAuth_ValidateUsernamePassword(ctx, username, password, - 0, NULL, - &newHandle); + 0, NULL, &newHandle); +#endif if (VGAUTH_FAILED(vgErr)) { err = VixToolsTranslateVGAuthError(vgErr); goto done; } + extraParams[0].name = VGAUTH_PARAM_LOAD_USER_PROFILE; + extraParams[0].value = loadUserProfile ? VGAUTH_PARAM_VALUE_TRUE : + VGAUTH_PARAM_VALUE_FALSE; + vgErr = VGAuth_Impersonate(ctx, newHandle, (int)ARRAYSIZE(extraParams), extraParams); @@ -11859,7 +11922,7 @@ done: * the GuestAuth library. * * Results: - * VIX_OK if successful. Other VixError code otherwise. + * VIX_OK if successful, otherwise some other VixError code. * * Side effects: * Current process impersonates. diff --git a/open-vm-tools/services/plugins/vix/vixToolsInt.h b/open-vm-tools/services/plugins/vix/vixToolsInt.h index 007db5115..b91a9e90b 100644 --- a/open-vm-tools/services/plugins/vix/vixToolsInt.h +++ b/open-vm-tools/services/plugins/vix/vixToolsInt.h @@ -1,5 +1,6 @@ /********************************************************* - * Copyright (c) 2010-2020,2023 VMware, Inc. All rights reserved. + * Copyright (c) 2010-2025 Broadcom. All Rights Reserved. + * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -38,6 +39,7 @@ #include "VGAuthCommon.h" #include "VGAuthError.h" #include "VGAuthAuthentication.h" +#include "VGAuthAuthenticationWin32.h" #include "VGAuthAlias.h" #endif @@ -72,6 +74,15 @@ void VixTools_Uninitialize(void); #ifdef _WIN32 VixError VixToolsTranslateVGAuthError(VGAuthError vgErr); + +gchar *VixTools_ConfigGetString(const gchar *key, + const gchar *defValue); + +void VixTools_ConfigLogInvalidString(const gchar *function, + const gchar *key, + const gchar *confValue, + const gchar *usedValue); + #endif VixError VixToolsImpersonateUser(VixCommandRequestHeader *requestMsg, @@ -207,6 +218,13 @@ VixError VixToolsCheckSAMLForSystem(VGAuthContext *ctx, Bool hostVerified, void **userToken, VGAuthUserHandle **curUserHandle); + +VGAuthError +VGAuth_ValidateUsernamePassword_Helper(VGAuthContext *ctx, + const char *userName, + const char *password, + VGAuthUserHandle **handle); + #endif // _WIN32 #ifdef VMX86_DEVEL diff --git a/open-vm-tools/vgauth/lib/VGAuthInt.h b/open-vm-tools/vgauth/lib/VGAuthInt.h index 49efa85f0..ef2472296 100644 --- a/open-vm-tools/vgauth/lib/VGAuthInt.h +++ b/open-vm-tools/vgauth/lib/VGAuthInt.h @@ -1,5 +1,6 @@ /********************************************************* - * Copyright (c) 2011-2017,2023 VMware, Inc. All rights reserved. + * Copyright (c) 2011-2025 Broadcom. All Rights Reserved. + * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -28,6 +29,9 @@ #include "VGAuthBasicDefs.h" #include "VGAuthCommon.h" #include "VGAuthAuthentication.h" +#ifdef _WIN32 +#include "VGAuthAuthenticationWin32.h" +#endif #include "VGAuthAlias.h" #include "audit.h" #include "prefs.h" @@ -287,6 +291,9 @@ VGAuthError VGAuth_NetworkReadBytes(VGAuthContext *ctx, VGAuthError VGAuthValidateUsernamePasswordImpl(VGAuthContext *ctx, const char *userName, const char *password, + const int numExtraParams, + const VGAuthExtraParams + *extraParams, VGAuthUserHandle **handle); #ifdef UNITTEST @@ -342,6 +349,17 @@ VGAuthError VGAuthGetBoolExtraParamImpl(const char *funcName, gboolean defValue, gboolean *paramValue); +#define VGAuthGetStringExtraParam(numEP, ep, name, defValue, value) \ + VGAuthGetStringExtraParamImpl(__FUNCTION__, (numEP), ep, \ + name, defValue, (value)) + +VGAuthError VGAuthGetStringExtraParamImpl(const char *funcName, + int numExtraParams, + const VGAuthExtraParams *params, + const char *paramName, + const char *defValue, + const char **paramValue); + void VGAuth_FreeAliasInfoContents(VGAuthAliasInfo *si); void VGAuth_CopyAliasInfo(const VGAuthAliasInfo *src, VGAuthAliasInfo *dst); diff --git a/open-vm-tools/vgauth/lib/auth.c b/open-vm-tools/vgauth/lib/auth.c index fd4a78539..9895ae1c1 100644 --- a/open-vm-tools/vgauth/lib/auth.c +++ b/open-vm-tools/vgauth/lib/auth.c @@ -1,5 +1,6 @@ /********************************************************* - * Copyright (c) 2011-2017,2023 VMware, Inc. All rights reserved. + * Copyright (c) 2011-2025 Broadcom. All Rights Reserved. + * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -543,8 +544,7 @@ done: * @param[in] password The password to be validated. * @param[in] numExtraParams The number of elements in extraParams. * @param[in] extraParams Any optional, additional paramaters to the - * function. Currently none are supported, so this - * must be NULL. + * function. * @param[out] handle The resulting handle representing the user * associated with @a userName. * Must be freed with VGAuth_UserHandleFree(). @@ -560,7 +560,7 @@ VGAuthError VGAuth_ValidateUsernamePassword(VGAuthContext *ctx, const char *userName, const char *password, - int numExtraParams, + const int numExtraParams, const VGAuthExtraParams *extraParams, VGAuthUserHandle **handle) { @@ -587,14 +587,15 @@ VGAuth_ValidateUsernamePassword(VGAuthContext *ctx, return VGAUTH_E_INVALID_ARGUMENT; } - err = VGAuthValidateExtraParams(numExtraParams, extraParams); - if (VGAUTH_E_OK != err) { - return err; - } - + /* + * numExtraParams and extraParams need to be validated before use. No need + * to validate them here since they're just passed through. + */ err = VGAuthValidateUsernamePasswordImpl(ctx, userName, password, + numExtraParams, + extraParams, handle); if (VGAUTH_E_OK == err) { @@ -607,8 +608,9 @@ VGAuth_ValidateUsernamePassword(VGAuthContext *ctx, VGAuth_AuditEvent(ctx, FALSE, SU_(auth.password.invalid, - "Username and password mismatch for '%s'"), - userName); + "Username and password validation failed for '%s': " + "%s"), + userName, VGAuth_GetErrorText(err, NULL)); } return err; diff --git a/open-vm-tools/vgauth/lib/authPosix.c b/open-vm-tools/vgauth/lib/authPosix.c index c19491c19..1f22a2102 100644 --- a/open-vm-tools/vgauth/lib/authPosix.c +++ b/open-vm-tools/vgauth/lib/authPosix.c @@ -1,5 +1,6 @@ /********************************************************* - * Copyright (C) 2011-2017, 2019, 2021 VMware, Inc. All rights reserved. + * Copyright (c) 2011-2025 Broadcom. All Rights Reserved. + * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -240,11 +241,15 @@ static struct pam_conv PAM_conversation = { * * Validates a username/password. * - * @param[in] ctx The VGAuthContext. - * @param[in] userName The username to be validated. - * @param[in] password The password to be validated. - * @param[out] handle The resulting handle representing the user - * associated with the username. + * @param[in] ctx The VGAuthContext. + * @param[in] userName The username to be validated. + * @param[in] password The password to be validated. + * @param[in] numExtraParams The number of elements in extraParams. + * @param[in] extraParams Any optional, additional paramaters to the + * function. Currently none are supported, so this + * must be NULL. + * @param[out] handle The resulting handle representing the user + * associated with the username. * * @return VGAUTH_E_OK on success, VGAuthError on failure * @@ -255,6 +260,8 @@ VGAuthError VGAuthValidateUsernamePasswordImpl(VGAuthContext *ctx, const char *userName, const char *password, + const int numExtraParams, + const VGAuthExtraParams *extraParams, VGAuthUserHandle **handle) { #ifdef USE_PAM @@ -266,6 +273,11 @@ VGAuthValidateUsernamePasswordImpl(VGAuthContext *ctx, struct passwd *pwd; #endif + err = VGAuthValidateExtraParams(numExtraParams, extraParams); + if (VGAUTH_E_OK != err) { + return err; + } + #ifdef USE_PAM if (!AuthLoadPAM()) { return VGAUTH_E_FAIL; diff --git a/open-vm-tools/vgauth/lib/common.c b/open-vm-tools/vgauth/lib/common.c index 9b53a2aca..366976a6e 100644 --- a/open-vm-tools/vgauth/lib/common.c +++ b/open-vm-tools/vgauth/lib/common.c @@ -1,5 +1,6 @@ /********************************************************* - * Copyright (c) 2011-2017, 2023 VMware, Inc. All rights reserved. + * Copyright (c) 2011-2025 Broadcom. All Rights Reserved. + * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -164,6 +165,74 @@ VGAuthGetBoolExtraParamImpl(const char *funcName, } +/* + ****************************************************************************** + * VGAuthGetStringExtraParamImpl -- */ /** + * + * Get the string value of the specified extra param in the params array. + * + * @param[in] funcName The name of the calling function. + * @param[in] numParams The number of elements in the params array. + * @param[in] params The params array to get param value from. + * @param[in] paramName The param name to get its value. + * @param[in] defValue The param default value if not set in the array. + * @param[out] paramValue Returned param value + * + * @retval VGAUTH_E_INVALID_ARGUMENT If incomplete arguments are passed in, + * the specified extra parameter is passed + * in the array multiple times or the + * parameter value is invalid. + * @reval VGAUTH_E_OK If no error is encountered. + * + ****************************************************************************** + */ + +VGAuthError +VGAuthGetStringExtraParamImpl(const char *funcName, + int numParams, + const VGAuthExtraParams *params, + const char *paramName, + const char *defValue, + const char **paramValue) +{ + gboolean paramSet = FALSE; + int i; + + if ((numParams < 0) || (numParams > 0 && NULL == params)) { + Warning("%s: invalid number of parameters: %d.\n", funcName, numParams); + return VGAUTH_E_INVALID_ARGUMENT; + } + + if (NULL == paramName || NULL == paramValue) { + return VGAUTH_E_INVALID_ARGUMENT; + } + + for (i = 0; i < numParams; i++) { + if (g_strcmp0(params[i].name, paramName) == 0) { + // only allow it to be set once + if (paramSet) { + Warning("%s: extraParam '%s' passed multiple times.\n", + funcName, params[i].name); + return VGAUTH_E_INVALID_ARGUMENT; + } + if (params[i].value) { + *paramValue = params[i].value; + paramSet = TRUE; + } else { + Warning("%s: extraParam '%s' has NULL value.\n", + funcName, params[i].name); + return VGAUTH_E_INVALID_ARGUMENT; + } + } + } + + if (!paramSet) { + *paramValue = defValue; + } + return VGAUTH_E_OK; +} + + /* ****************************************************************************** * VGAuth_Init -- */ /** diff --git a/open-vm-tools/vgauth/lib/l10n/en.vmsg b/open-vm-tools/vgauth/lib/l10n/en.vmsg index 551ed3769..b4a12ce42 100644 --- a/open-vm-tools/vgauth/lib/l10n/en.vmsg +++ b/open-vm-tools/vgauth/lib/l10n/en.vmsg @@ -16,6 +16,6 @@ # ########################################################## -auth.password.invalid = "Username and password mismatch for '%1$s'" +auth.password.invalid = "Username and password validation failed for '%1$s': %2$s" auth.password.valid = "Username and password successfully validated for '%1$s'" auth.sspi.badid = "Attempt to authenticate using an invalid or expired SSPI challenge ID: %1$u" diff --git a/open-vm-tools/vgauth/lib/l10n/es.vmsg b/open-vm-tools/vgauth/lib/l10n/es.vmsg index 590b2d1e4..e814b87e3 100644 --- a/open-vm-tools/vgauth/lib/l10n/es.vmsg +++ b/open-vm-tools/vgauth/lib/l10n/es.vmsg @@ -16,6 +16,6 @@ # ########################################################## -auth.password.invalid = "El nombre de usuario y la contraseña de '%1$s' no coinciden" +auth.password.invalid = "Username and password validation failed for '%1$s': %2$s" auth.password.valid = "El nombre de usuario y la contraseña de '%1$s' se han validado correctamente" auth.sspi.badid = "Intento de autenticación utilizando un SSPI challenge ID no válido o caducado: %1$u" diff --git a/open-vm-tools/vgauth/lib/l10n/fr.vmsg b/open-vm-tools/vgauth/lib/l10n/fr.vmsg index 252617004..af4dacccd 100644 --- a/open-vm-tools/vgauth/lib/l10n/fr.vmsg +++ b/open-vm-tools/vgauth/lib/l10n/fr.vmsg @@ -16,6 +16,6 @@ # ########################################################## -auth.password.invalid = "Non-concordance du nom d'utilisateur et du mot de passe pour '%1$s'" +auth.password.invalid = "Username and password validation failed for '%1$s': %2$s" auth.password.valid = "Validation réussie du nom d'utilisateur et du mot de passe pour '%1$s'" auth.sspi.badid = "Tentative d'authentification à l'aide d'un ID de demande SSPI non valide ou expiré : %1$u" diff --git a/open-vm-tools/vgauth/lib/l10n/ja.vmsg b/open-vm-tools/vgauth/lib/l10n/ja.vmsg index 8e9d991f3..6caeea7ba 100644 --- a/open-vm-tools/vgauth/lib/l10n/ja.vmsg +++ b/open-vm-tools/vgauth/lib/l10n/ja.vmsg @@ -16,6 +16,6 @@ # ########################################################## -auth.password.invalid = "'%1$s' のユーザー名とパスワードが一致しません" +auth.password.invalid = "Username and password validation failed for '%1$s': %2$s" auth.password.valid = "'%1$s' のユーザー名とパスワードが正しく検証されました" auth.sspi.badid = "無効または期限切れの SSPI チャレンジ ID を使用して認証を試みます: %1$u"