From: VMware, Inc <>
Date: Mon, 21 May 2012 22:29:00 +0000 (-0700)
Subject: Remove objectionable code from authPosix.c
X-Git-Tag: 2012.05.21-724730~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4c35cf46be050d15d2cb94f10eabdd7d2938b86c;p=thirdparty%2Fopen-vm-tools.git

Remove objectionable code from authPosix.c

Auth_AuthenticateUser in authPosix.c, for both the PAM and non-PAM
paths, has a short-circuit enabled by defining ACCEPT_XXX_PASS.  When
defined, anyone can login simply by specifying "XXX" as the password.
There is no evidence this has ever been enabled in production code, but
it's apparently X-rated enough that we want it gone immediately.

Signed-off-by: Dmitry Torokhov <dtor@vmware.com>
---

diff --git a/open-vm-tools/lib/auth/authPosix.c b/open-vm-tools/lib/auth/authPosix.c
index b1fdc2c8c..744b72ced 100644
--- a/open-vm-tools/lib/auth/authPosix.c
+++ b/open-vm-tools/lib/auth/authPosix.c
@@ -276,17 +276,14 @@ Auth_AuthenticateUser(const char *user,  // IN:
    }
 
 #ifdef USE_PAM
-#ifdef ACCEPT_XXX_PASS
-   if (strcmp("XXX", pass) != 0) {
-#endif
-      if (!AuthLoadPAM()) {
-         return NULL;
-      }
+   if (!AuthLoadPAM()) {
+      return NULL;
+   }
 
-      /*
-       * XXX PAM can blow away our syslog level settings so we need
-       * to call Log_InitEx() again before doing any more Log()s
-       */
+   /*
+    * XXX PAM can blow away our syslog level settings so we need
+    * to call Log_InitEx() again before doing any more Log()s
+    */
 
 #define PAM_BAIL if (pam_error != PAM_SUCCESS) { \
                   Log_Error("%s:%d: PAM failure - %s (%d)\n", \
@@ -295,32 +292,29 @@ Auth_AuthenticateUser(const char *user,  // IN:
                   dlpam_end(pamh, pam_error); \
                   return NULL; \
                  }
-      PAM_username = user;
-      PAM_password = pass;
+   PAM_username = user;
+   PAM_password = pass;
 
 #if defined(VMX86_TOOLS)
-      pam_error = dlpam_start("vmtoolsd", PAM_username, &PAM_conversation,
-                              &pamh);
+   pam_error = dlpam_start("vmtoolsd", PAM_username, &PAM_conversation,
+                           &pamh);
 #else
-      pam_error = dlpam_start("vmware-authd", PAM_username, &PAM_conversation,
-                              &pamh);
+   pam_error = dlpam_start("vmware-authd", PAM_username, &PAM_conversation,
+                           &pamh);
 #endif
-      if (pam_error != PAM_SUCCESS) {
-         Log("Failed to start PAM (error = %d).\n", pam_error);
-         return NULL;
-      }
+   if (pam_error != PAM_SUCCESS) {
+      Log("Failed to start PAM (error = %d).\n", pam_error);
+      return NULL;
+   }
 
-      pam_error = dlpam_authenticate(pamh, 0);
-      PAM_BAIL;
-      pam_error = dlpam_acct_mgmt(pamh, 0);
-      PAM_BAIL;
-      pam_error = dlpam_setcred(pamh, PAM_ESTABLISH_CRED);
-      PAM_BAIL;
-      dlpam_end(pamh, PAM_SUCCESS);
+   pam_error = dlpam_authenticate(pamh, 0);
+   PAM_BAIL;
+   pam_error = dlpam_acct_mgmt(pamh, 0);
+   PAM_BAIL;
+   pam_error = dlpam_setcred(pamh, PAM_ESTABLISH_CRED);
+   PAM_BAIL;
+   dlpam_end(pamh, PAM_SUCCESS);
 
-#if ACCEPT_XXX_PASS
-   }
-#endif
    /* If this point is reached, the user has been authenticated. */
    setpwent();
    pwd = Posix_Getpwnam(user);
@@ -344,11 +338,7 @@ Auth_AuthenticateUser(const char *user,  // IN:
    if (*pwd->pw_passwd != '\0') {
       char *namep = (char *) crypt(pass, pwd->pw_passwd);
 
-      if (strcmp(namep, pwd->pw_passwd)
-#ifdef ACCEPT_XXX_PASS
-          && strcmp("XXX", pass) != 0
-#endif
-          ) {
+      if (strcmp(namep, pwd->pw_passwd) != 0) {
          // Incorrect password
          return NULL;
       }