~ubuntu-branches/ubuntu/quantal/open-vm-tools/quantal-201210021442
» Revision
29
: services/plugins/vix/vixTools.c
« back to all changes in this revision
Viewing changes to services/plugins/vix/vixTools.c
- browse files at revision 29
- compare with another revision
- download diff
- download tarball
- view history from revision 29
- Committer: Package Import Robot
- Author(s): Nate Muench
- Date: 2012-06-20 15:59:51 UTC
- mfrom: (1.4.8)
- Revision ID: package-import@ubuntu.com-20120620155951-6rupmpb0f70b52zr
Tags: 2012.05.21-724730-0ubuntu1
* Merging upstream version 2012.05.21-724730.
- Fixes building against the current Quantal kernel. (LP: #1000344)
- Fixes Quantal installation issues. (LP: #1019031)
* Sync with Debian
- Updating to debhelper version 9.
- Updating to standards version 3.9.3.
- Updating copyright file machine-readable format version 1.0.
- Building without multiarch paths for now
- Fixes building against the current Quantal kernel. (LP: #1000344)
- Fixes Quantal installation issues. (LP: #1019031)
* Sync with Debian
- Updating to debhelper version 9.
- Updating to standards version 3.9.3.
- Updating copyright file machine-readable format version 1.0.
- Building without multiarch paths for now
- files added:
- .pc/.quilt_patches
- files modified:
- .pc/02-procps.patch/configure
added
removed
services/plugins/vix/vixTools.c
106
106
#include "impersonate.h"
107
107
#include "vixOpenSource.h"
108
108
#include "vixToolsInt.h"
109
#include "vmware/tools/plugin.h"
109
110
110
111
#ifdef _WIN32
111
112
#include "registryWin32.h"
118
119
#include <sys/vfs.h>
119
120
#endif
120
121
122
/*
123
* Only support Linux and Windows right now.
124
* No support for open-vm-tools.
125
*/
126
#if (defined(_WIN32) || defined(linux)) && !defined(OPEN_VM_TOOLS)
127
#define SUPPORT_VGAUTH 1
128
#else
129
#define SUPPORT_VGAUTH 0
130
#endif
131
132
133
#if SUPPORT_VGAUTH
134
#include "VGAuthCommon.h"
135
#include "VGAuthError.h"
136
#include "VGAuthAuthentication.h"
137
#include "VGAuthIdProvider.h"
138
139
#define VMTOOLSD_APP_NAME "vmtoolsd"
140
141
#define VIXTOOLS_CONFIG_USE_VGAUTH_NAME "useVGAuth"
142
/*
143
* XXX Leave this off by default until the VGAuth service is being
144
* officially installed.
145
*/
146
#define USE_VGAUTH_DEFAULT FALSE
147
148
static gboolean gSupportVGAuth = USE_VGAUTH_DEFAULT;
149
static gboolean QueryVGAuthConfig(GKeyFile *confDictRef);
150
151
#endif
152
153
121
154
#define SECONDS_BETWEEN_POLL_TEST_FINISHED 1
122
155
123
156
/*
162
195
#define VIX_TOOLS_CONFIG_API_ACQUIRE_CREDENTIALS_NAME "AcquireCredentialsInGuest"
163
196
#define VIX_TOOLS_CONFIG_API_RELEASE_CREDENTIALS_NAME "ReleaseCredentialsInGuest"
164
197
198
#define VIX_TOOLS_CONFIG_API_ADD_AUTH_PRINCIPAL_NAME "AddAuthPrincipal"
199
#define VIX_TOOLS_CONFIG_API_REMOVE_AUTH_PRINCIPAL_NAME "RemoveAuthPrincipal"
200
#define VIX_TOOLS_CONFIG_API_LIST_AUTH_PRINCIPALS_NAME "ListAuthPrincipals"
201
#define VIX_TOOLS_CONFIG_API_LIST_MAPPED_PRINCIPALS_NAME "ListMappedPrincipals"
202
203
#define VIX_TOOLS_CONFIG_API_CREATE_REGISTRY_KEY_NAME "CreateRegistryKey"
204
#define VIX_TOOLS_CONFIG_API_LIST_REGISTRY_KEYS_NAME "ListRegistryKeys"
205
#define VIX_TOOLS_CONFIG_API_DELETE_REGISTRY_KEY_NAME "DeleteRegistryKey"
206
#define VIX_TOOLS_CONFIG_API_SET_REGISTRY_VALUE_NAME "SetRegistryValue"
207
#define VIX_TOOLS_CONFIG_API_LIST_REGISTRY_VALUES_NAME "ListRegistryValues"
208
#define VIX_TOOLS_CONFIG_API_DELETE_REGISTRY_VALUE_NAME "DeleteRegistryValue"
165
209
166
210
/*
167
211
* State of a single asynch runProgram.
207
251
* (VIX_TOOLS_EXITED_PROGRAM_REAP_TIME) in the VMODL.
208
252
*/
209
253
typedef struct VixToolsExitedProgramState {
210
char *fullCommandLine;
211
char *user;
212
uint64 pid;
213
time_t startTime;
214
int exitCode;
215
time_t endTime;
216
Bool isRunning;
217
ProcMgr_AsyncProc *procState;
218
struct VixToolsExitedProgramState *next;
254
char *cmdName;
255
char *fullCommandLine;
256
char *user;
257
uint64 pid;
258
time_t startTime;
259
int exitCode;
260
time_t endTime;
261
Bool isRunning;
262
ProcMgr_AsyncProc *procState;
263
struct VixToolsExitedProgramState *next;
219
264
} VixToolsExitedProgramState;
220
265
221
266
static VixToolsExitedProgramState *exitedProcessList = NULL;
377
422
void *eventQueue,
378
423
int64 *pid);
379
424
380
static VixError VixToolsImpersonateUser(VixCommandRequestHeader *requestMsg,
381
void **userToken);
382
383
425
static char *VixToolsGetImpersonatedUsername(void *userToken);
384
426
385
427
static const char *scriptFileBaseName = "vixScript";
413
455
char **result);
414
456
415
457
static VixError VixToolsPrintProcInfoEx(DynBuf *dstBuffer,
458
const char *cmd,
416
459
const char *name,
417
460
uint64 pid,
418
461
const char *user,
471
514
472
515
static VixError VixToolsReleaseCredentials(VixCommandRequestHeader *requestMsg);
473
516
517
static VixError VixToolsCreateRegKey(VixCommandRequestHeader *requestMsg);
518
519
static VixError VixToolsListRegKeys(VixCommandRequestHeader *requestMsg,
520
size_t maxBufferSize,
521
void *eventQueue,
522
char **result);
523
524
static VixError VixToolsDeleteRegKey(VixCommandRequestHeader *requestMsg);
525
526
static VixError VixToolsSetRegValue(VixCommandRequestHeader *requestMsg);
527
528
static VixError VixToolsListRegValues(VixCommandRequestHeader *requestMsg,
529
size_t maxBufferSize,
530
void *eventQueue,
531
char **result);
532
533
static VixError VixToolsDeleteRegValue(VixCommandRequestHeader *requestMsg);
534
474
535
#if defined(__linux__) || defined(_WIN32)
475
536
static VixError VixToolsGetGuestNetworkingConfig(VixCommandRequestHeader *requestMsg,
476
537
char **resultBuffer,
521
582
522
583
static size_t VixToolsXMLStringEscapedLen(const char *str, Bool escapeStr);
523
584
585
static Bool GuestAuthEnabled(void);
586
587
VixError GuestAuthPasswordAuthenticateImpersonate(
588
char const *obfuscatedNamePassword,
589
void **userToken);
590
591
VixError GuestAuthSAMLAuthenticateAndImpersonate(
592
char const *obfuscatedNamePassword,
593
void **userToken);
594
595
void GuestAuthUnimpersonate();
596
597
#if SUPPORT_VGAUTH
598
599
VGAuthError TheVGAuthContext(VGAuthContext **ctx);
600
601
#endif
602
524
603
525
604
/*
526
605
*-----------------------------------------------------------------------------
544
623
void *clientData) // IN
545
624
{
546
625
VixError err = VIX_OK;
626
#if SUPPORT_VGAUTH
627
ToolsAppCtx *ctx = (ToolsAppCtx *) clientData;
628
#endif
547
629
548
630
/*
549
631
* Run unit tests on DEVEL builds.
556
638
557
639
#ifndef _WIN32
558
640
VixToolsBuildUserEnvironmentTable(originalEnvp);
559
#else
560
/*
561
* Ensure that we never allow more SSPI sessions than ticketed sessions
562
* because there must be a ticketed session available for each SSPI session.
563
*/
564
ASSERT_ON_COMPILE(VIX_TOOLS_MAX_TICKETED_SESSIONS >= VIX_TOOLS_MAX_SSPI_SESSIONS);
641
#endif
565
642
566
VixToolsInitSspiSessionList(VIX_TOOLS_MAX_SSPI_SESSIONS);
567
VixToolsInitTicketedSessionList(VIX_TOOLS_MAX_TICKETED_SESSIONS);
568
#endif
569
643
/* Register a straight through connection with the Hgfs server. */
570
644
HgfsServerManager_DataInit(&gVixHgfsBkdrConn,
571
645
VIX_BACKDOORCOMMAND_COMMAND,
577
651
NULL,
578
652
VixToolsFreeCachedResult);
579
653
654
#if SUPPORT_VGAUTH
655
/*
656
* We don't set up the VGAuth log handler, since the default
657
* does what we want, and trying to redirect VGAuth messages
658
* to Log() causes recursion and a crash.
659
*/
660
#endif
661
662
#if SUPPORT_VGAUTH
663
gSupportVGAuth = QueryVGAuthConfig(ctx->config);
664
#endif
665
666
#ifdef _WIN32
667
err = VixToolsInitializeWin32();
668
if (VIX_FAILED(err)) {
669
return err;
670
}
671
#endif
580
672
581
673
return(err);
582
674
} // VixTools_Initialize
981
1073
const char *workingDir = NULL;
982
1074
const char **envVars = NULL;
983
1075
const char *bp = NULL;
1076
const char *cmdNameBegin = NULL;
984
1077
Bool impersonatingVMWareUser = FALSE;
985
1078
int64 pid = -1;
986
1079
int i;
1096
1189
* Linux.
1097
1190
*/
1098
1191
if (NULL != arguments) {
1099
exitState->fullCommandLine = Str_Asprintf(NULL,
1192
exitState->fullCommandLine = Str_SafeAsprintf(NULL,
1100
1193
"\"%s\" %s",
1101
1194
programPath,
1102
1195
arguments);
1103
1196
} else {
1104
exitState->fullCommandLine = Str_Asprintf(NULL,
1197
exitState->fullCommandLine = Str_SafeAsprintf(NULL,
1105
1198
"\"%s\"",
1106
1199
programPath);
1107
1200
}
1108
1201
#if defined(_WIN32)
1202
/*
1203
* For windows, we let the VIX client parse the
1204
* command line to get the real command name.
1205
*/
1206
exitState->cmdName = NULL;
1207
#else
1208
/*
1209
* Find the last path separator, to get the cmd name.
1210
* If no separator is found, then use the whole name.
1211
*/
1212
cmdNameBegin = strrchr(programPath, '/');
1213
if (NULL == cmdNameBegin) {
1214
cmdNameBegin = programPath;
1215
} else {
1216
/*
1217
* Skip over the last separator.
1218
*/
1219
cmdNameBegin++;
1220
}
1221
exitState->cmdName = Str_SafeAsprintf(NULL,
1222
"%s",
1223
cmdNameBegin);
1224
#endif
1109
1225
exitState->user = VixToolsGetImpersonatedUsername(&userToken);
1110
1226
exitState->pid = (uint64) pid;
1111
1227
exitState->startTime = time(NULL);
1233
1349
* Linux.
1234
1350
*/
1235
1351
if (NULL != commandLineArgs) {
1236
fullCommandLine = Str_Asprintf(NULL,
1352
fullCommandLine = Str_SafeAsprintf(NULL,
1237
1353
"\"%s\" %s",
1238
1354
commandLine,
1239
1355
commandLineArgs);
1240
1356
} else {
1241
fullCommandLine = Str_Asprintf(NULL,
1357
fullCommandLine = Str_SafeAsprintf(NULL,
1242
1358
"\"%s\"",
1243
1359
commandLine);
1244
1360
}
1478
1594
* Linux.
1479
1595
*/
1480
1596
if (NULL != arguments) {
1481
fullCommandLine = Str_Asprintf(NULL,
1597
fullCommandLine = Str_SafeAsprintf(NULL,
1482
1598
"\"%s\" %s",
1483
1599
programPath,
1484
1600
arguments);
1485
1601
} else {
1486
fullCommandLine = Str_Asprintf(NULL,
1602
fullCommandLine = Str_SafeAsprintf(NULL,
1487
1603
"\"%s\"",
1488
1604
programPath);
1489
1605
}
1832
1948
* and endTime.
1833
1949
*/
1834
1950
exitState = Util_SafeMalloc(sizeof(VixToolsExitedProgramState));
1951
exitState->cmdName = NULL;
1835
1952
exitState->fullCommandLine = NULL;
1836
1953
exitState->user = NULL;
1837
1954
exitState->pid = pid;
1976
2093
return;
1977
2094
}
1978
2095
2096
free(exitState->cmdName);
1979
2097
free(exitState->fullCommandLine);
1980
2098
free(exitState->user);
1981
2099
2049
2167
}
2050
2168
2051
2169
2170
#if SUPPORT_VGAUTH
2171
/*
2172
*-----------------------------------------------------------------------------
2173
*
2174
* FoundryToolsDaemon_TranslateSystemErr --
2175
*
2176
* Looks at errno/GetLastError() and returns the foundry errcode
2177
* that it best maps to.
2178
*
2179
* Return value:
2180
* None
2181
*
2182
* Side effects:
2183
* None
2184
*
2185
*-----------------------------------------------------------------------------
2186
*/
2187
2188
static VixError
2189
VixToolsTranslateVGAuthError(VGAuthError vgErr)
2190
{
2191
VixError err;
2192
2193
switch (VGAUTH_ERROR_CODE(vgErr)) {
2194
case VGAUTH_E_OK:
2195
err = VIX_OK;
2196
break;
2197
case VGAUTH_E_INVALID_ARGUMENT:
2198
err = VIX_E_INVALID_ARG;
2199
break;
2200
case VGAUTH_E_INVALID_CERTIFICATE:
2201
err = VIX_E_INVALID_ARG; // XXX -- needs a Vix equiv
2202
break;
2203
case VGAUTH_E_PERMISSION_DENIED:
2204
err = VIX_E_GUEST_USER_PERMISSIONS;
2205
break;
2206
case VGAUTH_E_OUT_OF_MEMORY:
2207
err = VIX_E_OUT_OF_MEMORY;
2208
break;
2209
case VGAUTH_E_COMM:
2210
err = VIX_E_FAIL;
2211
case VGAUTH_E_NOTIMPLEMENTED:
2212
err = VIX_E_NOT_SUPPORTED;
2213
break;
2214
case VGAUTH_E_NOT_CONNECTED:
2215
err = VIX_E_FAIL;
2216
break;
2217
case VGAUTH_E_VERSION_MISMATCH:
2218
err = VIX_E_FAIL;
2219
break;
2220
case VGAUTH_E_SECURITY_VIOLATION:
2221
err = VIX_E_FAIL;
2222
break;
2223
case VGAUTH_E_CERT_ALREADY_EXISTS:
2224
err = VIX_E_INVALID_ARG;
2225
break;
2226
case VGAUTH_E_AUTHENTICATION_DENIED:
2227
err = VIX_E_GUEST_USER_PERMISSIONS;
2228
break;
2229
case VGAUTH_E_INVALID_TICKET:
2230
err = VIX_E_INVALID_ARG;
2231
break;
2232
case VGAUTH_E_MULTIPLE_MAPPINGS:
2233
err = VIX_E_GUEST_AUTH_MULIPLE_MAPPINGS;
2234
break;
2235
case VGAUTH_E_ALREADY_IMPERSONATING:
2236
err = VIX_E_FAIL;
2237
break;
2238
case VGAUTH_E_NO_SUCH_USER:
2239
err = VIX_E_INVALID_ARG;
2240
break;
2241
case VGAUTH_E_SERVICE_NOT_RUNNING:
2242
case VGAUTH_E_SYSTEM_ERRNO:
2243
case VGAUTH_E_SYSTEM_WINDOWS:
2244
case VGAUTH_E_TOO_MANY_CONNECTIONS:
2245
err = VIX_E_FAIL;
2246
break;
2247
case VGAUTH_E_UNSUPPORTED:
2248
err = VIX_E_NOT_SUPPORTED;
2249
break;
2250
default:
2251
err = VIX_E_FAIL;
2252
Warning("%s: error code "VGAUTHERR_FMT64X" has no translation\n",
2253
__FUNCTION__, vgErr);
2254
break;
2255
}
2256
Debug("%s: translated VGAuth err "VGAUTHERR_FMT64X" to Vix err %"FMT64"d\n",
2257
__FUNCTION__, vgErr, err);
2258
2259
2260
return err;
2261
}
2262
#endif
2263
2264
2052
2265
/*
2053
2266
*-----------------------------------------------------------------------------
2054
2267
*
2439
2652
}
2440
2653
}
2441
2654
2655
#if !SUPPORT_VGAUTH
2656
/*
2657
* Make sure vgauth related stuff does not show as enabled.
2658
*/
2659
if (NULL != varName) {
2660
if ((strcmp(varName, VIX_TOOLS_CONFIG_API_ADD_AUTH_PRINCIPAL_NAME) == 0) ||
2661
(strcmp(varName, VIX_TOOLS_CONFIG_API_REMOVE_AUTH_PRINCIPAL_NAME) == 0) ||
2662
(strcmp(varName, VIX_TOOLS_CONFIG_API_LIST_AUTH_PRINCIPALS_NAME) == 0) ||
2663
(strcmp(varName, VIX_TOOLS_CONFIG_API_LIST_MAPPED_PRINCIPALS_NAME) == 0)) {
2664
disabled = TRUE;
2665
}
2666
}
2667
#endif
2668
2442
2669
return disabled;
2443
2670
}
2444
2671
2642
2869
goto exit;
2643
2870
}
2644
2871
2872
err = VixPropertyList_SetBool(propList,
2873
VIX_PROPERTY_GUEST_ADD_AUTH_PRINICPAL_ENABLED,
2874
VixToolsComputeEnabledProperty(confDictRef,
2875
VIX_TOOLS_CONFIG_API_ADD_AUTH_PRINCIPAL_NAME));
2876
if (VIX_OK != err) {
2877
goto exit;
2878
}
2879
err = VixPropertyList_SetBool(propList,
2880
VIX_PROPERTY_GUEST_REMOVE_AUTH_PRINICPAL_ENABLED,
2881
VixToolsComputeEnabledProperty(confDictRef,
2882
VIX_TOOLS_CONFIG_API_REMOVE_AUTH_PRINCIPAL_NAME));
2883
if (VIX_OK != err) {
2884
goto exit;
2885
}
2886
err = VixPropertyList_SetBool(propList,
2887
VIX_PROPERTY_GUEST_LIST_AUTH_PRINICPALS_ENABLED,
2888
VixToolsComputeEnabledProperty(confDictRef,
2889
VIX_TOOLS_CONFIG_API_LIST_AUTH_PRINCIPALS_NAME));
2890
if (VIX_OK != err) {
2891
goto exit;
2892
}
2893
err = VixPropertyList_SetBool(propList,
2894
VIX_PROPERTY_GUEST_LIST_MAPPED_PRINICPALS_ENABLED,
2895
VixToolsComputeEnabledProperty(confDictRef,
2896
VIX_TOOLS_CONFIG_API_LIST_MAPPED_PRINCIPALS_NAME));
2897
if (VIX_OK != err) {
2898
goto exit;
2899
}
2900
2901
err = VixPropertyList_SetBool(propList,
2902
VIX_PROPERTY_GUEST_CREATE_REGISTRY_KEY_ENABLED,
2903
VixToolsComputeEnabledProperty(confDictRef,
2904
VIX_TOOLS_CONFIG_API_CREATE_REGISTRY_KEY_NAME));
2905
if (VIX_OK != err) {
2906
goto exit;
2907
}
2908
2909
err = VixPropertyList_SetBool(propList,
2910
VIX_PROPERTY_GUEST_LIST_REGISTRY_KEYS_ENABLED,
2911
VixToolsComputeEnabledProperty(confDictRef,
2912
VIX_TOOLS_CONFIG_API_LIST_REGISTRY_KEYS_NAME));
2913
if (VIX_OK != err) {
2914
goto exit;
2915
}
2916
2917
err = VixPropertyList_SetBool(propList,
2918
VIX_PROPERTY_GUEST_DELETE_REGISTRY_KEY_ENABLED,
2919
VixToolsComputeEnabledProperty(confDictRef,
2920
VIX_TOOLS_CONFIG_API_DELETE_REGISTRY_KEY_NAME));
2921
if (VIX_OK != err) {
2922
goto exit;
2923
}
2924
2925
err = VixPropertyList_SetBool(propList,
2926
VIX_PROPERTY_GUEST_SET_REGISTRY_VALUE_ENABLED,
2927
VixToolsComputeEnabledProperty(confDictRef,
2928
VIX_TOOLS_CONFIG_API_SET_REGISTRY_VALUE_NAME));
2929
if (VIX_OK != err) {
2930
goto exit;
2931
}
2932
2933
err = VixPropertyList_SetBool(propList,
2934
VIX_PROPERTY_GUEST_LIST_REGISTRY_VALUES_ENABLED,
2935
VixToolsComputeEnabledProperty(confDictRef,
2936
VIX_TOOLS_CONFIG_API_LIST_REGISTRY_VALUES_NAME));
2937
if (VIX_OK != err) {
2938
goto exit;
2939
}
2940
2941
err = VixPropertyList_SetBool(propList,
2942
VIX_PROPERTY_GUEST_DELETE_REGISTRY_VALUE_ENABLED,
2943
VixToolsComputeEnabledProperty(confDictRef,
2944
VIX_TOOLS_CONFIG_API_DELETE_REGISTRY_VALUE_NAME));
2945
if (VIX_OK != err) {
2946
goto exit;
2947
}
2948
2645
2949
exit:
2646
2950
Debug("finished %s, err %"FMT64"d\n", __FUNCTION__, err);
2647
2951
return err;
2722
3026
goto abort;
2723
3027
}
2724
3028
2725
valueStr = Str_Asprintf(NULL, "%d", valueInt);
3029
valueStr = Str_SafeAsprintf(NULL, "%d", valueInt);
2726
3030
if (NULL == valueStr) {
2727
3031
err = VIX_E_OUT_OF_MEMORY;
2728
3032
goto abort;
3623
3927
free(value);
3624
3928
value = tmpVal;
3625
3929
3626
resultLocal = Str_Asprintf(NULL, "%s<ev>%s=%s</ev>",
3930
resultLocal = Str_SafeAsprintf(NULL, "%s<ev>%s=%s</ev>",
3627
3931
tmp, escapedName, value);
3628
3932
free(tmp);
3629
3933
if (NULL == resultLocal) {
3752
4056
}
3753
4057
envVar = tmpVal;
3754
4058
3755
resultLocal = Str_Asprintf(NULL, "%s<ev>%s</ev>", tmp, envVar);
4059
resultLocal = Str_SafeAsprintf(NULL, "%s<ev>%s</ev>", tmp, envVar);
3756
4060
free(tmp);
3757
4061
free(envVar);
3758
4062
if (NULL == resultLocal) {
4429
4733
ProcMgrProcInfo *procInfo;
4430
4734
char *destPtr;
4431
4735
char *endDestPtr;
4736
char *cmdNamePtr = NULL;
4432
4737
char *procBufPtr = NULL;
4433
4738
size_t procBufSize;
4434
4739
Bool impersonatingVMWareUser = FALSE;
4436
4741
Bool escapeStrs;
4437
4742
char *escapedName = NULL;
4438
4743
char *escapedUser = NULL;
4744
char *escapedCmd = NULL;
4439
4745
size_t procCount;
4440
4746
4441
4747
ASSERT(maxBufferSize <= GUESTMSG_MAX_IN_SIZE);
4472
4778
4473
4779
procInfo = ProcMgrProcInfoArray_AddressOf(procList, i);
4474
4780
4781
if (NULL != procInfo->procCmdName) {
4782
if (escapeStrs) {
4783
escapedCmd =
4784
VixToolsEscapeXMLString(procInfo->procCmdName);
4785
if (NULL == escapedCmd) {
4786
err = VIX_E_OUT_OF_MEMORY;
4787
goto abort;
4788
}
4789
cmdNamePtr = Str_SafeAsprintf(NULL,
4790
"<cmd>%s</cmd>",
4791
escapedCmd);
4792
} else {
4793
cmdNamePtr = Str_SafeAsprintf(NULL,
4794
"<cmd>%s</cmd>",
4795
procInfo->procCmdName);
4796
}
4797
} else {
4798
cmdNamePtr = Util_SafeStrdup("");
4799
}
4800
4475
4801
if (escapeStrs) {
4476
4802
name = escapedName =
4477
VixToolsEscapeXMLString(procInfo->procCmd);
4803
VixToolsEscapeXMLString(procInfo->procCmdLine);
4478
4804
if (NULL == escapedName) {
4479
4805
err = VIX_E_OUT_OF_MEMORY;
4480
4806
goto abort;
4481
4807
}
4482
4808
} else {
4483
name = procInfo->procCmd;
4809
name = procInfo->procCmdLine;
4484
4810
}
4485
4811
4486
4812
if (NULL != procInfo->procOwner) {
4498
4824
user = "";
4499
4825
}
4500
4826
4501
procBufPtr = Str_Asprintf(&procBufSize,
4502
"<proc><name>%s</name><pid>%d</pid>"
4503
#if defined(_WIN32)
4504
"<debugged>%d</debugged>"
4505
#endif
4506
"<user>%s</user><start>%d</start></proc>",
4507
name,
4508
(int) procInfo->procId,
4509
#if defined(_WIN32)
4510
(int) procInfo->procDebugged,
4511
#endif
4512
user,
4513
(int) procInfo->procStartTime);
4827
procBufPtr = Str_SafeAsprintf(&procBufSize,
4828
"<proc>"
4829
"%s" // has <cmd>...</cmd> tags if there is cmd, else "";
4830
"<name>%s</name>"
4831
"<pid>%d</pid>"
4832
#if defined(_WIN32)
4833
"<debugged>%d</debugged>"
4834
#endif
4835
"<user>%s</user>"
4836
"<start>%d</start>"
4837
"</proc>",
4838
cmdNamePtr, name, (int) procInfo->procId,
4839
#if defined(_WIN32)
4840
(int) procInfo->procDebugged,
4841
#endif
4842
user, (int) procInfo->procStartTime);
4514
4843
if (NULL == procBufPtr) {
4515
4844
err = VIX_E_OUT_OF_MEMORY;
4516
4845
goto abort;
4519
4848
destPtr += Str_Sprintf(destPtr, endDestPtr - destPtr,
4520
4849
"%s", procBufPtr);
4521
4850
} else { // out of space
4522
free(procBufPtr);
4523
4851
Log("%s: proc list results too large, truncating", __FUNCTION__);
4524
4852
goto abort;
4525
4853
}
4854
free(cmdNamePtr);
4855
cmdNamePtr = NULL;
4526
4856
free(procBufPtr);
4857
procBufPtr = NULL;
4527
4858
free(escapedName);
4528
4859
escapedName = NULL;
4529
4860
free(escapedUser);
4530
4861
escapedUser = NULL;
4862
free(escapedCmd);
4863
escapedCmd = NULL;
4531
4864
}
4532
4865
4533
4866
abort:
4536
4869
}
4537
4870
VixToolsLogoutUser(userToken);
4538
4871
ProcMgr_FreeProcList(procList);
4872
free(cmdNamePtr);
4873
free(procBufPtr);
4539
4874
free(escapedName);
4540
4875
free(escapedUser);
4876
free(escapedCmd);
4541
4877
4542
4878
*result = resultBuffer;
4543
4879
4662
4998
while (epList) {
4663
4999
if (pids[i] == epList->pid) {
4664
5000
err = VixToolsPrintProcInfoEx(&dynBuffer,
5001
epList->cmdName,
4665
5002
epList->fullCommandLine,
4666
5003
epList->pid,
4667
5004
epList->user,
4680
5017
epList = exitedProcessList;
4681
5018
while (epList) {
4682
5019
err = VixToolsPrintProcInfoEx(&dynBuffer,
5020
epList->cmdName,
4683
5021
epList->fullCommandLine,
4684
5022
epList->pid,
4685
5023
epList->user,
4711
5049
procInfo = ProcMgrProcInfoArray_AddressOf(procList, j);
4712
5050
if (pids[i] == procInfo->procId) {
4713
5051
err = VixToolsPrintProcInfoEx(&dynBuffer,
4714
procInfo->procCmd,
5052
procInfo->procCmdName,
5053
procInfo->procCmdLine,
4715
5054
procInfo->procId,
4716
5055
(NULL == procInfo->procOwner)
4717
5056
? "" : procInfo->procOwner,
4731
5070
continue;
4732
5071
}
4733
5072
err = VixToolsPrintProcInfoEx(&dynBuffer,
4734
procInfo->procCmd,
5073
procInfo->procCmdName,
5074
procInfo->procCmdLine,
4735
5075
procInfo->procId,
4736
5076
(NULL == procInfo->procOwner)
4737
5077
? "" : procInfo->procOwner,
4761
5101
}
4762
5102
4763
5103
4764
#ifdef _WIN32
4765
/*
4766
*-----------------------------------------------------------------------------
4767
*
4768
* VixToolsGetUserName --
4769
*
4770
* Returns as unique a name as possible. For our case, that's just
4771
* a domain name, since the only way to get the truly unique values
4772
* requires the process to be running inside a domain, which we
4773
* can't expect.
4774
*
4775
* Return value:
4776
* FALSE on error
4777
*
4778
* Side effects:
4779
* Return value is allocated and must be freed.
4780
*
4781
*-----------------------------------------------------------------------------
4782
*/
4783
4784
static Bool
4785
VixToolsGetUserName(wchar_t **userName) // OUT
4786
{
4787
WCHAR userTmp[UNLEN + 1];
4788
Bool bRet;
4789
ULONG uLen = ARRAYSIZE(userTmp);
4790
4791
*userName = '\0';
4792
4793
bRet = GetUserNameExW(NameSamCompatible, userTmp, &uLen);
4794
if (!bRet) {
4795
Warning("%s: GetUserNameExW() failed %d\n", __FUNCTION__, GetLastError());
4796
return bRet;
4797
}
4798
*userName = Util_SafeMalloc((uLen + 1) * sizeof(wchar_t));
4799
4800
wcscpy(*userName, userTmp);
4801
4802
return TRUE;
4803
}
4804
#endif
4805
4806
4807
5104
/*
4808
5105
*-----------------------------------------------------------------------------
4809
5106
*
5088
5385
5089
5386
static VixError
5090
5387
VixToolsPrintProcInfoEx(DynBuf *dstBuffer, // IN/OUT
5388
const char *cmd, // IN
5091
5389
const char *name, // IN
5092
5390
uint64 pid, // IN
5093
5391
const char *user, // IN
5096
5394
int exitTime) // IN
5097
5395
{
5098
5396
VixError err;
5099
char *escapedName;
5397
char *escapedName = NULL;
5398
char *escapedCmd = NULL;
5100
5399
char *escapedUser = NULL;
5400
char *cmdNamePtr = NULL;
5101
5401
size_t bytesPrinted;
5102
5402
char *procInfoEntry;
5103
5403
Bool success;
5104
5404
5405
if (NULL != cmd) {
5406
escapedCmd = VixToolsEscapeXMLString(cmd);
5407
if (NULL == escapedCmd) {
5408
err = VIX_E_OUT_OF_MEMORY;
5409
goto abort;
5410
}
5411
cmdNamePtr = Str_SafeAsprintf(NULL, "<cmd>%s</cmd>", escapedCmd);
5412
} else {
5413
cmdNamePtr = Util_SafeStrdup("");
5414
}
5415
5105
5416
escapedName = VixToolsEscapeXMLString(name);
5106
5417
if (NULL == escapedName) {
5107
5418
err = VIX_E_OUT_OF_MEMORY;
5114
5425
goto abort;
5115
5426
}
5116
5427
5117
procInfoEntry = Str_Asprintf(&bytesPrinted,
5118
"<proc><name>%s</name><pid>%"FMT64"d</pid>"
5119
"<user>%s</user><start>%d</start>"
5120
"<eCode>%d</eCode><eTime>%d</eTime>"
5121
"</proc>",
5122
escapedName, pid, escapedUser, start, exitCode,
5123
exitTime);
5428
procInfoEntry = Str_SafeAsprintf(&bytesPrinted,
5429
"<proc>"
5430
"%s" // has <cmd>...</cmd> tags if there is cmd, else "";
5431
"<name>%s</name>"
5432
"<pid>%"FMT64"d</pid>"
5433
"<user>%s</user>"
5434
"<start>%d</start>"
5435
"<eCode>%d</eCode>"
5436
"<eTime>%d</eTime>"
5437
"</proc>",
5438
cmdNamePtr, escapedName, pid, escapedUser,
5439
start, exitCode, exitTime);
5124
5440
if (NULL == procInfoEntry) {
5125
5441
err = VIX_E_OUT_OF_MEMORY;
5126
5442
goto abort;
5136
5452
err = VIX_OK;
5137
5453
5138
5454
abort:
5455
free(cmdNamePtr);
5139
5456
free(escapedName);
5140
5457
free(escapedUser);
5458
free(escapedCmd);
5141
5459
5142
5460
return err;
5143
5461
}
5352
5670
}
5353
5671
5354
5672
if (createParentDirectories) {
5355
if (!(File_CreateDirectoryHierarchy(dirPathName))) {
5673
if (!(File_CreateDirectoryHierarchy(dirPathName, NULL))) {
5356
5674
err = FoundryToolsDaemon_TranslateSystemErr();
5357
5675
goto abort;
5358
5676
}
6662
6980
}
6663
6981
for (var = 0; var <= 0xFFFFFFFF; var++) {
6664
6982
free(tempScriptFilePath);
6665
tempScriptFilePath = Str_Asprintf(NULL,
6666
"%s"DIRSEPS"%s%d%s",
6667
tempDirPath,
6668
scriptFileBaseName,
6669
var,
6670
fileSuffix);
6983
tempScriptFilePath = Str_SafeAsprintf(NULL,
6984
"%s"DIRSEPS"%s%d%s",
6985
tempDirPath,
6986
scriptFileBaseName,
6987
var,
6988
fileSuffix);
6671
6989
if (NULL == tempScriptFilePath) {
6672
6990
err = VIX_E_OUT_OF_MEMORY;
6673
6991
goto abort;
6755
7073
}
6756
7074
6757
7075
if ((NULL != interpreterName) && (*interpreterName)) {
6758
fullCommandLine = Str_Asprintf(NULL, // resulting string length
7076
fullCommandLine = Str_SafeAsprintf(NULL, // resulting string length
6759
7077
"\"%s\" %s \"%s\"",
6760
7078
interpreterName,
6761
7079
interpreterFlags,
6762
7080
tempScriptFilePath);
6763
7081
} else {
6764
fullCommandLine = Str_Asprintf(NULL, // resulting string length
7082
fullCommandLine = Str_SafeAsprintf(NULL, // resulting string length
6765
7083
"\"%s\"",
6766
7084
tempScriptFilePath);
6767
7085
}
6948
7266
}
6949
7267
break;
6950
7268
}
7269
case VIX_USER_CREDENTIAL_SAML_BEARER_TOKEN:
7270
{
7271
VixCommandSAMLToken *samlStruct =
7272
(VixCommandSAMLToken *) credentialField;
7273
credentialField += sizeof(*samlStruct);
7274
7275
err = VixToolsImpersonateUserImplEx(NULL,
7276
credentialType,
7277
credentialField,
7278
userToken);
7279
break;
7280
}
6951
7281
case VIX_USER_CREDENTIAL_SSPI:
6952
7282
/*
6953
7283
* SSPI currently only supported in ticketed sessions
7132
7462
*/
7133
7463
if ((VIX_USER_CREDENTIAL_NAME_PASSWORD != credentialType)
7134
7464
&& (VIX_USER_CREDENTIAL_NAME_PASSWORD_OBFUSCATED != credentialType)
7135
&& (VIX_USER_CREDENTIAL_TICKETED_SESSION != credentialType)) {
7465
&& (VIX_USER_CREDENTIAL_TICKETED_SESSION != credentialType)
7466
#if SUPPORT_VGAUTH
7467
&& (VIX_USER_CREDENTIAL_SAML_BEARER_TOKEN != credentialType)
7468
#endif
7469
) {
7136
7470
err = VIX_E_NOT_SUPPORTED;
7137
7471
goto abort;
7138
7472
}
7139
7473
7474
7475
/*
7476
* Use the GuestAuth library to do name-password authentication
7477
* and impersonation.
7478
*/
7479
7480
if (GuestAuthEnabled() &&
7481
((VIX_USER_CREDENTIAL_NAME_PASSWORD == credentialType) ||
7482
(VIX_USER_CREDENTIAL_NAME_PASSWORD_OBFUSCATED == credentialType))) {
7483
err =
7484
GuestAuthPasswordAuthenticateImpersonate(obfuscatedNamePassword,
7485
userToken);
7486
7487
goto abort;
7488
}
7489
7490
if (VIX_USER_CREDENTIAL_SAML_BEARER_TOKEN == credentialType) {
7491
if (GuestAuthEnabled()) {
7492
err = GuestAuthSAMLAuthenticateAndImpersonate(obfuscatedNamePassword,
7493
userToken);
7494
} else {
7495
err = VIX_E_NOT_SUPPORTED;
7496
}
7497
goto abort;
7498
}
7499
7500
/* Get the authToken and impersonate */
7140
7501
if (VIX_USER_CREDENTIAL_TICKETED_SESSION == credentialType) {
7141
7502
#ifdef _WIN32
7142
7503
char *username;
7213
7574
void
7214
7575
VixToolsUnimpersonateUser(void *userToken)
7215
7576
{
7216
if (PROCESS_CREATOR_USER_TOKEN != userToken) {
7577
if (VGAUTH_GENERIC_USER_TOKEN == userToken) {
7578
GuestAuthUnimpersonate();
7579
} else if (PROCESS_CREATOR_USER_TOKEN != userToken) {
7217
7580
#if defined(_WIN32)
7218
7581
Impersonate_Undo();
7219
7582
#else
7240
7603
void
7241
7604
VixToolsLogoutUser(void *userToken) // IN
7242
7605
{
7243
if (PROCESS_CREATOR_USER_TOKEN == userToken) {
7606
if (PROCESS_CREATOR_USER_TOKEN == userToken ||
7607
VGAUTH_GENERIC_USER_TOKEN == userToken) {
7244
7608
return;
7245
7609
}
7246
7610
8332
8696
#endif
8333
8697
8334
8698
8699
#if SUPPORT_VGAUTH
8700
8701
/*
8702
*-----------------------------------------------------------------------------
8703
*
8704
* VixToolsAddAuthPrincipal --
8705
*
8706
* Calls to VGAuth to add a new principal.
8707
*
8708
* Return value:
8709
* VixError
8710
*
8711
* Side effects:
8712
* VGAuth IdProvider store is updated.
8713
*
8714
*-----------------------------------------------------------------------------
8715
*/
8716
8717
VixError
8718
VixToolsAddAuthPrincipal(VixCommandRequestHeader *requestMsg) // IN
8719
{
8720
VixError err = VIX_OK;
8721
VGAuthError vgErr;
8722
void *userToken = NULL;
8723
VGAuthContext *ctx = NULL;
8724
VixMsgAddAuthPrincipalRequest *req;
8725
const char *userName;
8726
const char *pemCert;
8727
const char *principalName;
8728
const char *principalComment;
8729
VGAuthSubjectInfo si;
8730
VMAutomationRequestParser parser;
8731
Bool impersonatingVMWareUser = FALSE;
8732
8733
Debug(">%s\n", __FUNCTION__);
8734
8735
err = VMAutomationRequestParserInit(&parser, requestMsg, sizeof *req);
8736
if (VIX_OK != err) {
8737
goto abort;
8738
}
8739
8740
req = (VixMsgAddAuthPrincipalRequest *) requestMsg;
8741
err = VMAutomationRequestParserGetOptionalString(&parser, req->userNameLen,
8742
&userName);
8743
if (VIX_OK != err) {
8744
goto abort;
8745
}
8746
8747
if (NULL == userName || 0 == *userName) {
8748
err = VIX_E_INVALID_ARG;
8749
goto abort;
8750
}
8751
8752
err = VMAutomationRequestParserGetOptionalString(&parser, req->pemCertLen,
8753
&pemCert);
8754
if (VIX_OK != err) {
8755
goto abort;
8756
}
8757
8758
if (NULL == pemCert || 0 == *pemCert) {
8759
err = VIX_E_INVALID_ARG;
8760
goto abort;
8761
}
8762
8763
if ((req->principalType != VIX_GUEST_AUTH_PRINCIPAL_TYPE_NAMED) &&
8764
(req->principalType != VIX_GUEST_AUTH_PRINCIPAL_TYPE_ANY)) {
8765
err = VIX_E_INVALID_ARG;
8766
goto abort;
8767
}
8768
8769
err = VMAutomationRequestParserGetOptionalString(&parser, req->principalNameLen,
8770
&principalName);
8771
if (VIX_OK != err) {
8772
goto abort;
8773
}
8774
8775
if ((req->principalType == VIX_GUEST_AUTH_PRINCIPAL_TYPE_NAMED) &&
8776
(NULL == principalName || 0 == *principalName)) {
8777
err = VIX_E_INVALID_ARG;
8778
goto abort;
8779
}
8780
8781
err = VMAutomationRequestParserGetOptionalString(&parser, req->principalCommentLen,
8782
&principalComment);
8783
if (VIX_OK != err) {
8784
goto abort;
8785
}
8786
8787
err = VixToolsImpersonateUser((VixCommandRequestHeader *) requestMsg,
8788
&userToken);
8789
if (VIX_OK != err) {
8790
goto abort;
8791
}
8792
impersonatingVMWareUser = TRUE;
8793
8794
vgErr = TheVGAuthContext(&ctx);
8795
if (VGAUTH_FAILED(vgErr)) {
8796
err = VixToolsTranslateVGAuthError(vgErr);
8797
goto abort;
8798
}
8799
8800
si.subject.type = (req->principalType == VIX_GUEST_AUTH_PRINCIPAL_TYPE_NAMED) ?
8801
VGAUTH_SUBJECT_NAMED : VGAUTH_SUBJECT_ANY;
8802
si.subject.val.name = (char *) principalName;
8803
si.comment = (char *) principalComment;
8804
8805
vgErr = VGAuth_AddSubject(ctx, userName, req->addMapping, pemCert, &si,
8806
0, NULL);
8807
if (VGAUTH_FAILED(vgErr)) {
8808
err = VixToolsTranslateVGAuthError(vgErr);
8809
}
8810
8811
abort:
8812
if (impersonatingVMWareUser) {
8813
VixToolsUnimpersonateUser(userToken);
8814
}
8815
VixToolsLogoutUser(userToken);
8816
8817
Debug("<%s\n", __FUNCTION__);
8818
8819
return err;
8820
}
8821
8822
8823
/*
8824
*-----------------------------------------------------------------------------
8825
*
8826
* VixToolsRemoveAuthPrincipal --
8827
*
8828
* Calls to VGAuth to remove a principal.
8829
*
8830
* Return value:
8831
* VixError
8832
*
8833
* Side effects:
8834
* VGAuth IdProvider store is updated.
8835
*
8836
*-----------------------------------------------------------------------------
8837
*/
8838
8839
VixError
8840
VixToolsRemoveAuthPrincipal(VixCommandRequestHeader *requestMsg) // IN
8841
{
8842
VixError err = VIX_OK;
8843
VGAuthError vgErr;
8844
void *userToken = NULL;
8845
VGAuthContext *ctx = NULL;
8846
VixMsgRemoveAuthPrincipalRequest *req;
8847
const char *userName;
8848
const char *pemCert;
8849
const char *principalName;
8850
VGAuthSubject subj;
8851
VMAutomationRequestParser parser;
8852
Bool impersonatingVMWareUser = FALSE;
8853
8854
Debug(">%s\n", __FUNCTION__);
8855
8856
err = VMAutomationRequestParserInit(&parser, requestMsg, sizeof *req);
8857
if (VIX_OK != err) {
8858
goto abort;
8859
}
8860
8861
req = (VixMsgRemoveAuthPrincipalRequest *) requestMsg;
8862
err = VMAutomationRequestParserGetOptionalString(&parser, req->userNameLen,
8863
&userName);
8864
if (VIX_OK != err) {
8865
goto abort;
8866
}
8867
8868
if (NULL == userName || 0 == *userName) {
8869
err = VIX_E_INVALID_ARG;
8870
goto abort;
8871
}
8872
8873
err = VMAutomationRequestParserGetOptionalString(&parser, req->pemCertLen,
8874
&pemCert);
8875
if (VIX_OK != err) {
8876
goto abort;
8877
}
8878
8879
if (NULL == pemCert || 0 == *pemCert) {
8880
err = VIX_E_INVALID_ARG;
8881
goto abort;
8882
}
8883
8884
if ((req->principalType != VIX_GUEST_AUTH_PRINCIPAL_TYPE_NONE) &&
8885
(req->principalType != VIX_GUEST_AUTH_PRINCIPAL_TYPE_NAMED) &&
8886
(req->principalType != VIX_GUEST_AUTH_PRINCIPAL_TYPE_ANY)) {
8887
err = VIX_E_INVALID_ARG;
8888
goto abort;
8889
}
8890
8891
err = VMAutomationRequestParserGetOptionalString(&parser, req->principalNameLen,
8892
&principalName);
8893
if (VIX_OK != err) {
8894
goto abort;
8895
}
8896
8897
if ((req->principalType == VIX_GUEST_AUTH_PRINCIPAL_TYPE_NAMED) &&
8898
(NULL == principalName || 0 == *principalName)) {
8899
err = VIX_E_INVALID_ARG;
8900
goto abort;
8901
}
8902
8903
err = VixToolsImpersonateUser((VixCommandRequestHeader *) requestMsg,
8904
&userToken);
8905
if (VIX_OK != err) {
8906
goto abort;
8907
}
8908
impersonatingVMWareUser = TRUE;
8909
8910
vgErr = TheVGAuthContext(&ctx);
8911
if (VGAUTH_FAILED(vgErr)) {
8912
err = VixToolsTranslateVGAuthError(vgErr);
8913
goto abort;
8914
}
8915
8916
if (VIX_GUEST_AUTH_PRINCIPAL_TYPE_NONE == req->principalType) {
8917
vgErr = VGAuth_RemoveCert(ctx, userName, pemCert, 0, NULL);
8918
} else {
8919
subj.type = (req->principalType == VIX_GUEST_AUTH_PRINCIPAL_TYPE_NAMED) ?
8920
VGAUTH_SUBJECT_NAMED : VGAUTH_SUBJECT_ANY;
8921
subj.val.name = (char *) principalName;
8922
8923
vgErr = VGAuth_RemoveSubject(ctx, userName, pemCert, &subj, 0, NULL);
8924
}
8925
if (VGAUTH_FAILED(vgErr)) {
8926
err = VixToolsTranslateVGAuthError(vgErr);
8927
}
8928
8929
abort:
8930
if (impersonatingVMWareUser) {
8931
VixToolsUnimpersonateUser(userToken);
8932
}
8933
VixToolsLogoutUser(userToken);
8934
8935
Debug("<%s\n", __FUNCTION__);
8936
8937
return err;
8938
}
8939
8940
8941
/*
8942
*-----------------------------------------------------------------------------
8943
*
8944
* VixToolsListAuthPrincipals --
8945
*
8946
* Calls to VGAuth to list principals.
8947
*
8948
* Return value:
8949
* VixError
8950
*
8951
* Side effects:
8952
* VGAuth IdProvider store is updated.
8953
*
8954
*-----------------------------------------------------------------------------
8955
*/
8956
8957
VixError
8958
VixToolsListAuthPrincipals(VixCommandRequestHeader *requestMsg, // IN
8959
size_t maxBufferSize, // IN
8960
char **result) // OUT
8961
{
8962
VixError err = VIX_OK;
8963
VGAuthError vgErr;
8964
void *userToken = NULL;
8965
VGAuthContext *ctx = NULL;
8966
VixMsgListAuthPrincipalsRequest *req;
8967
const char *userName;
8968
VMAutomationRequestParser parser;
8969
Bool impersonatingVMWareUser = FALSE;
8970
int num = 0;
8971
int i;
8972
int j;
8973
VGAuthIdProvider *idList = NULL;
8974
static char resultBuffer[GUESTMSG_MAX_IN_SIZE];
8975
char *destPtr;
8976
char *endDestPtr;
8977
char *tmpBuf = NULL;
8978
char *tmpBuf2 = NULL;
8979
char *recordBuf;
8980
size_t recordSize;
8981
char *escapedStr = NULL;
8982
char *escapedStr2 = NULL;
8983
8984
Debug(">%s\n", __FUNCTION__);
8985
8986
ASSERT(maxBufferSize <= GUESTMSG_MAX_IN_SIZE);
8987
8988
*result = NULL;
8989
8990
destPtr = resultBuffer;
8991
*destPtr = 0;
8992
8993
err = VMAutomationRequestParserInit(&parser, requestMsg, sizeof *req);
8994
if (VIX_OK != err) {
8995
goto abort;
8996
}
8997
8998
req = (VixMsgListAuthPrincipalsRequest *) requestMsg;
8999
err = VMAutomationRequestParserGetOptionalString(&parser, req->userNameLen,
9000
&userName);
9001
if (VIX_OK != err) {
9002
goto abort;
9003
}
9004
9005
if (NULL == userName || 0 == *userName) {
9006
err = VIX_E_INVALID_ARG;
9007
goto abort;
9008
}
9009
9010
err = VixToolsImpersonateUser((VixCommandRequestHeader *) requestMsg,
9011
&userToken);
9012
if (VIX_OK != err) {
9013
goto abort;
9014
}
9015
impersonatingVMWareUser = TRUE;
9016
9017
vgErr = TheVGAuthContext(&ctx);
9018
if (VGAUTH_FAILED(vgErr)) {
9019
err = VixToolsTranslateVGAuthError(vgErr);
9020
goto abort;
9021
}
9022
9023
vgErr = VGAuth_QueryIdProviders(ctx, userName, 0, NULL, &num, &idList);
9024
if (VGAUTH_FAILED(vgErr)) {
9025
err = VixToolsTranslateVGAuthError(vgErr);
9026
goto abort;
9027
}
9028
9029
endDestPtr = resultBuffer + maxBufferSize;
9030
destPtr += Str_Sprintf(destPtr, endDestPtr - destPtr, "%s",
9031
VIX_XML_ESCAPED_TAG);
9032
for (i = 0; i < num; i++) {
9033
escapedStr = VixToolsEscapeXMLString(idList[i].pemCert);
9034
if (escapedStr == NULL) {
9035
err = VIX_E_OUT_OF_MEMORY;
9036
goto abort;
9037
}
9038
tmpBuf2 = Str_Asprintf(NULL, "<record><pemCert>%s</pemCert>",
9039
escapedStr);
9040
free(escapedStr);
9041
escapedStr = NULL;
9042
if (tmpBuf2 == NULL) {
9043
err = VIX_E_OUT_OF_MEMORY;
9044
goto abort;
9045
}
9046
for (j = 0; j < idList->numInfos; j++) {
9047
if (idList[i].infos[j].comment) {
9048
escapedStr = VixToolsEscapeXMLString(idList[i].infos[j].comment);
9049
if (escapedStr == NULL) {
9050
err = VIX_E_OUT_OF_MEMORY;
9051
goto abort;
9052
}
9053
}
9054
if (idList[i].infos[j].subject.type == VGAUTH_SUBJECT_NAMED) {
9055
escapedStr2 = VixToolsEscapeXMLString(idList[i].infos[j].subject.val.name);
9056
if (escapedStr2 == NULL) {
9057
err = VIX_E_OUT_OF_MEMORY;
9058
goto abort;
9059
}
9060
}
9061
tmpBuf = Str_Asprintf(NULL,
9062
"%s"
9063
"<principal>"
9064
"<type>%d</type>"
9065
"<name>%s</name>"
9066
"<comment>%s</comment>"
9067
"</principal>",
9068
tmpBuf2,
9069
(idList[i].infos[j].subject.type == VGAUTH_SUBJECT_NAMED)
9070
? VIX_GUEST_AUTH_PRINCIPAL_TYPE_NAMED :
9071
VIX_GUEST_AUTH_PRINCIPAL_TYPE_ANY,
9072
escapedStr2 ? escapedStr2 : "",
9073
escapedStr ? escapedStr : "");
9074
if (tmpBuf == NULL) {
9075
err = VIX_E_OUT_OF_MEMORY;
9076
goto abort;
9077
}
9078
free(tmpBuf2);
9079
tmpBuf2 = tmpBuf;
9080
free(escapedStr);
9081
escapedStr = NULL;
9082
free(escapedStr2);
9083
escapedStr2 = NULL;
9084
}
9085
recordBuf = Str_Asprintf(&recordSize,
9086
"%s</record>",
9087
tmpBuf);
9088
free(tmpBuf);
9089
tmpBuf = tmpBuf2 = NULL;
9090
if (recordBuf == NULL) {
9091
err = VIX_E_OUT_OF_MEMORY;
9092
goto abort;
9093
}
9094
if ((destPtr + recordSize) < endDestPtr) {
9095
destPtr += Str_Sprintf(destPtr, endDestPtr - destPtr,
9096
"%s", recordBuf);
9097
} else {
9098
free(recordBuf);
9099
recordBuf = NULL;
9100
Log("%s: ListAuth list results too large, truncating", __FUNCTION__);
9101
goto abort;
9102
}
9103
}
9104
9105
*result = resultBuffer;
9106
9107
abort:
9108
free(tmpBuf);
9109
free(tmpBuf2);
9110
free(escapedStr);
9111
free(escapedStr2);
9112
VGAuth_FreeIdProviderList(num, idList);
9113
if (impersonatingVMWareUser) {
9114
VixToolsUnimpersonateUser(userToken);
9115
}
9116
VixToolsLogoutUser(userToken);
9117
9118
9119
Debug("<%s\n", __FUNCTION__);
9120
9121
return err;
9122
}
9123
9124
9125
/*
9126
*-----------------------------------------------------------------------------
9127
*
9128
* VixToolsListMappedPrincipals --
9129
*
9130
* Calls to VGAuth to list mapped principals.
9131
*
9132
* Return value:
9133
* VixError
9134
*
9135
* Side effects:
9136
* VGAuth IdProvider store is updated.
9137
*
9138
*-----------------------------------------------------------------------------
9139
*/
9140
9141
VixError
9142
VixToolsListMappedPrincipals(VixCommandRequestHeader *requestMsg, // IN
9143
size_t maxBufferSize, // IN
9144
char **result) // OUT
9145
{
9146
VixError err = VIX_OK;
9147
VGAuthError vgErr;
9148
void *userToken = NULL;
9149
VGAuthContext *ctx = NULL;
9150
VixMsgListMappedPrincipalsRequest *req;
9151
VMAutomationRequestParser parser;
9152
Bool impersonatingVMWareUser = FALSE;
9153
int num = 0;
9154
int i;
9155
int j;
9156
VGAuthMappedIdentity *miList = NULL;
9157
static char resultBuffer[GUESTMSG_MAX_IN_SIZE];
9158
char *destPtr;
9159
char *endDestPtr;
9160
char *tmpBuf = NULL;
9161
char *tmpBuf2 = NULL;
9162
char *recordBuf;
9163
char *escapedStr = NULL;
9164
char *escapedStr2 = NULL;
9165
size_t recordSize;
9166
9167
Debug(">%s\n", __FUNCTION__);
9168
9169
ASSERT(maxBufferSize <= GUESTMSG_MAX_IN_SIZE);
9170
9171
*result = NULL;
9172
destPtr = resultBuffer;
9173
*destPtr = 0;
9174
9175
err = VMAutomationRequestParserInit(&parser, requestMsg, sizeof *req);
9176
if (VIX_OK != err) {
9177
goto abort;
9178
}
9179
9180
req = (VixMsgListMappedPrincipalsRequest *) requestMsg;
9181
err = VixToolsImpersonateUser((VixCommandRequestHeader *) requestMsg,
9182
&userToken);
9183
if (VIX_OK != err) {
9184
goto abort;
9185
}
9186
impersonatingVMWareUser = TRUE;
9187
9188
vgErr = TheVGAuthContext(&ctx);
9189
if (vgErr != VGAUTH_E_OK) {
9190
err = VixToolsTranslateVGAuthError(vgErr);
9191
goto abort;
9192
}
9193
9194
vgErr = VGAuth_QueryMappedIdentities(ctx, 0, NULL, &num, &miList);
9195
if (VGAUTH_FAILED(vgErr)) {
9196
err = VixToolsTranslateVGAuthError(vgErr);
9197
goto abort;
9198
}
9199
9200
endDestPtr = resultBuffer + maxBufferSize;
9201
destPtr += Str_Sprintf(destPtr, endDestPtr - destPtr, "%s",
9202
VIX_XML_ESCAPED_TAG);
9203
for (i = 0; i < num; i++) {
9204
escapedStr = VixToolsEscapeXMLString(miList[i].pemCert);
9205
if (escapedStr == NULL) {
9206
err = VIX_E_OUT_OF_MEMORY;
9207
goto abort;
9208
}
9209
escapedStr2 = VixToolsEscapeXMLString(miList[i].userName);
9210
if (escapedStr2 == NULL) {
9211
err = VIX_E_OUT_OF_MEMORY;
9212
goto abort;
9213
}
9214
tmpBuf2 = Str_Asprintf(NULL, "<record><pemCert>%s</pemCert>"
9215
"<userName>%s</userName>",
9216
escapedStr,
9217
escapedStr2);
9218
if (tmpBuf2 == NULL) {
9219
err = VIX_E_OUT_OF_MEMORY;
9220
goto abort;
9221
}
9222
for (j = 0; j < miList->numSubjects; j++) {
9223
if (miList[i].subjects[j].type == VGAUTH_SUBJECT_NAMED) {
9224
escapedStr = VixToolsEscapeXMLString(miList[i].subjects[j].val.name);
9225
if (escapedStr == NULL) {
9226
err = VIX_E_OUT_OF_MEMORY;
9227
goto abort;
9228
}
9229
}
9230
tmpBuf = Str_Asprintf(NULL,
9231
"%s"
9232
"<principal>"
9233
"<type>%d</type>"
9234
"<name>%s</name>"
9235
"</principal>",
9236
tmpBuf2,
9237
(miList[i].subjects[j].type == VGAUTH_SUBJECT_NAMED)
9238
? VIX_GUEST_AUTH_PRINCIPAL_TYPE_NAMED :
9239
VIX_GUEST_AUTH_PRINCIPAL_TYPE_ANY,
9240
escapedStr ? escapedStr : "");
9241
if (tmpBuf == NULL) {
9242
err = VIX_E_OUT_OF_MEMORY;
9243
goto abort;
9244
}
9245
free(tmpBuf2);
9246
tmpBuf2 = tmpBuf;
9247
free(escapedStr);
9248
escapedStr = NULL;
9249
}
9250
recordBuf = Str_Asprintf(&recordSize,
9251
"%s</record>",
9252
tmpBuf);
9253
free(tmpBuf);
9254
if (recordBuf == NULL) {
9255
err = VIX_E_OUT_OF_MEMORY;
9256
goto abort;
9257
}
9258
tmpBuf = tmpBuf2 = NULL;
9259
if ((destPtr + recordSize) < endDestPtr) {
9260
destPtr += Str_Sprintf(destPtr, endDestPtr - destPtr,
9261
"%s", recordBuf);
9262
} else {
9263
free(recordBuf);
9264
recordBuf = NULL;
9265
Log("%s: ListMapped results too large, truncating", __FUNCTION__);
9266
goto abort;
9267
}
9268
}
9269
9270
*result = resultBuffer;
9271
9272
abort:
9273
free(tmpBuf);
9274
free(tmpBuf2);
9275
free(escapedStr);
9276
free(escapedStr2);
9277
VGAuth_FreeMappedIdentityList(num, miList);
9278
if (impersonatingVMWareUser) {
9279
VixToolsUnimpersonateUser(userToken);
9280
}
9281
VixToolsLogoutUser(userToken);
9282
9283
Debug("<%s\n", __FUNCTION__);
9284
9285
return err;
9286
}
9287
#endif // SUPPORT_VGAUTH
9288
9289
9290
/*
9291
*-----------------------------------------------------------------------------
9292
*
9293
* VixToolsCreateRegKey --
9294
*
9295
* Calls the function to create a new Windows Registry Key.
9296
*
9297
* Return value:
9298
* VixError
9299
*
9300
* Side effects:
9301
* May affect applications reading the key.
9302
*
9303
*-----------------------------------------------------------------------------
9304
*/
9305
9306
VixError
9307
VixToolsCreateRegKey(VixCommandRequestHeader *requestMsg) // IN
9308
{
9309
#ifdef _WIN32
9310
return VixToolsCreateRegKeyImpl(requestMsg);
9311
#else
9312
return VIX_E_OP_NOT_SUPPORTED_ON_GUEST;
9313
#endif
9314
}
9315
9316
9317
/*
9318
*-----------------------------------------------------------------------------
9319
*
9320
* VixToolsListRegKeys --
9321
*
9322
* Calls the function to list all subkeys for a given Windows Registry Key.
9323
*
9324
* Return value:
9325
* VixError
9326
*
9327
* Side effects:
9328
* None
9329
*
9330
*-----------------------------------------------------------------------------
9331
*/
9332
9333
VixError
9334
VixToolsListRegKeys(VixCommandRequestHeader *requestMsg, // IN
9335
size_t maxBufferSize, // IN
9336
void *eventQueue, // IN
9337
char **result) // OUT
9338
{
9339
#ifdef _WIN32
9340
return VixToolsListRegKeysImpl(requestMsg, maxBufferSize, eventQueue, result);
9341
#else
9342
return VIX_E_OP_NOT_SUPPORTED_ON_GUEST;
9343
#endif
9344
}
9345
9346
9347
/*
9348
*-----------------------------------------------------------------------------
9349
*
9350
* VixToolsDeleteRegKey --
9351
*
9352
* Calls the function to delete a Windows Registry Key.
9353
*
9354
* Return value:
9355
* VixError
9356
*
9357
* Side effects:
9358
* May affect applications reading the key.
9359
*
9360
*-----------------------------------------------------------------------------
9361
*/
9362
9363
VixError
9364
VixToolsDeleteRegKey(VixCommandRequestHeader *requestMsg) // IN
9365
{
9366
#ifdef _WIN32
9367
return VixToolsDeleteRegKeyImpl(requestMsg);
9368
#else
9369
return VIX_E_OP_NOT_SUPPORTED_ON_GUEST;
9370
#endif
9371
}
9372
9373
9374
/*
9375
*-----------------------------------------------------------------------------
9376
*
9377
* VixToolsSetRegValue --
9378
*
9379
* Calls the function to set/create a Windows Registry Value for a given Key.
9380
*
9381
* Return value:
9382
* VixError
9383
*
9384
* Side effects:
9385
* May affect applications reading the key.
9386
*
9387
*-----------------------------------------------------------------------------
9388
*/
9389
9390
VixError
9391
VixToolsSetRegValue(VixCommandRequestHeader *requestMsg) // IN
9392
{
9393
#ifdef _WIN32
9394
return VixToolsSetRegValueImpl(requestMsg);
9395
#else
9396
return VIX_E_OP_NOT_SUPPORTED_ON_GUEST;
9397
#endif
9398
}
9399
9400
9401
/*
9402
*-----------------------------------------------------------------------------
9403
*
9404
* VixToolsListRegValues --
9405
*
9406
* Calls the function to list all values for a given Windows Registry Key.
9407
*
9408
* Return value:
9409
* VixError
9410
*
9411
* Side effects:
9412
* None
9413
*
9414
*-----------------------------------------------------------------------------
9415
*/
9416
9417
VixError
9418
VixToolsListRegValues(VixCommandRequestHeader *requestMsg, // IN
9419
size_t maxBufferSize, // IN
9420
void *eventQueue, // IN
9421
char **result) // OUT
9422
{
9423
#ifdef _WIN32
9424
return VixToolsListRegValuesImpl(requestMsg, maxBufferSize, eventQueue, result);
9425
#else
9426
return VIX_E_OP_NOT_SUPPORTED_ON_GUEST;
9427
#endif
9428
}
9429
9430
9431
/*
9432
*-----------------------------------------------------------------------------
9433
*
9434
* VixToolsDeleteRegValue --
9435
*
9436
* Calls the function to delete a Windows Registry Value for a given Key.
9437
*
9438
* Return value:
9439
* VixError
9440
*
9441
* Side effects:
9442
* May affect applications reading the key.
9443
*
9444
*-----------------------------------------------------------------------------
9445
*/
9446
9447
VixError
9448
VixToolsDeleteRegValue(VixCommandRequestHeader *requestMsg) // IN
9449
{
9450
#ifdef _WIN32
9451
return VixToolsDeleteRegValueImpl(requestMsg);
9452
#else
9453
return VIX_E_OP_NOT_SUPPORTED_ON_GUEST;
9454
#endif
9455
}
9456
9457
8335
9458
/*
8336
9459
*-----------------------------------------------------------------------------
8337
9460
*
8700
9823
VIX_TOOLS_CONFIG_API_RELEASE_CREDENTIALS_NAME);
8701
9824
break;
8702
9825
9826
case VIX_COMMAND_ADD_AUTH_PRINCIPAL:
9827
enabled = !VixToolsGetAPIDisabledFromConf(confDictRef,
9828
VIX_TOOLS_CONFIG_API_ADD_AUTH_PRINCIPAL_NAME);
9829
break;
9830
9831
case VIX_COMMAND_REMOVE_AUTH_PRINCIPAL:
9832
enabled = !VixToolsGetAPIDisabledFromConf(confDictRef,
9833
VIX_TOOLS_CONFIG_API_REMOVE_AUTH_PRINCIPAL_NAME);
9834
break;
9835
9836
case VIX_COMMAND_LIST_AUTH_PROVIDER_PRINCIPALS:
9837
enabled = !VixToolsGetAPIDisabledFromConf(confDictRef,
9838
VIX_TOOLS_CONFIG_API_LIST_AUTH_PRINCIPALS_NAME);
9839
break;
9840
9841
case VIX_COMMAND_LIST_AUTH_MAPPED_PRINCIPALS:
9842
enabled = !VixToolsGetAPIDisabledFromConf(confDictRef,
9843
VIX_TOOLS_CONFIG_API_LIST_MAPPED_PRINCIPALS_NAME);
9844
break;
9845
9846
case VIX_COMMAND_CREATE_REGISTRY_KEY:
9847
enabled = !VixToolsGetAPIDisabledFromConf(confDictRef,
9848
VIX_TOOLS_CONFIG_API_CREATE_REGISTRY_KEY_NAME);
9849
break;
9850
9851
case VIX_COMMAND_LIST_REGISTRY_KEYS:
9852
enabled = !VixToolsGetAPIDisabledFromConf(confDictRef,
9853
VIX_TOOLS_CONFIG_API_LIST_REGISTRY_KEYS_NAME);
9854
break;
9855
9856
case VIX_COMMAND_DELETE_REGISTRY_KEY:
9857
enabled = !VixToolsGetAPIDisabledFromConf(confDictRef,
9858
VIX_TOOLS_CONFIG_API_DELETE_REGISTRY_KEY_NAME);
9859
break;
9860
9861
case VIX_COMMAND_SET_REGISTRY_VALUE:
9862
enabled = !VixToolsGetAPIDisabledFromConf(confDictRef,
9863
VIX_TOOLS_CONFIG_API_SET_REGISTRY_VALUE_NAME);
9864
break;
9865
9866
case VIX_COMMAND_LIST_REGISTRY_VALUES:
9867
enabled = !VixToolsGetAPIDisabledFromConf(confDictRef,
9868
VIX_TOOLS_CONFIG_API_LIST_REGISTRY_VALUES_NAME);
9869
break;
9870
9871
case VIX_COMMAND_DELETE_REGISTRY_VALUE:
9872
enabled = !VixToolsGetAPIDisabledFromConf(confDictRef,
9873
VIX_TOOLS_CONFIG_API_DELETE_REGISTRY_VALUE_NAME);
9874
break;
9875
8703
9876
/*
8704
9877
* None of these opcode have a matching config entry (yet),
8705
9878
* so they can all share.
9046
10219
*/
9047
10220
break;
9048
10221
10222
#if SUPPORT_VGAUTH
10223
case VIX_COMMAND_ADD_AUTH_PRINCIPAL:
10224
err = VixToolsAddAuthPrincipal(requestMsg);
10225
break;
10226
case VIX_COMMAND_REMOVE_AUTH_PRINCIPAL:
10227
err = VixToolsRemoveAuthPrincipal(requestMsg);
10228
break;
10229
case VIX_COMMAND_LIST_AUTH_PROVIDER_PRINCIPALS:
10230
err = VixToolsListAuthPrincipals(requestMsg, maxResultBufferSize,
10231
&resultValue);
10232
// resultValue is static. Do not free it.
10233
break;
10234
case VIX_COMMAND_LIST_AUTH_MAPPED_PRINCIPALS:
10235
err = VixToolsListMappedPrincipals(requestMsg, maxResultBufferSize,
10236
&resultValue);
10237
// resultValue is static. Do not free it.
10238
break;
10239
#endif
10240
10241
////////////////////////////////////
10242
case VIX_COMMAND_CREATE_REGISTRY_KEY:
10243
err = VixToolsCreateRegKey(requestMsg);
10244
break;
10245
10246
////////////////////////////////////
10247
case VIX_COMMAND_LIST_REGISTRY_KEYS:
10248
err = VixToolsListRegKeys(requestMsg,
10249
maxResultBufferSize,
10250
eventQueue,
10251
&resultValue);
10252
deleteResultValue = TRUE;
10253
break;
10254
10255
////////////////////////////////////
10256
case VIX_COMMAND_DELETE_REGISTRY_KEY:
10257
err = VixToolsDeleteRegKey(requestMsg);
10258
break;
10259
10260
////////////////////////////////////
10261
case VIX_COMMAND_SET_REGISTRY_VALUE:
10262
err = VixToolsSetRegValue(requestMsg);
10263
break;
10264
10265
////////////////////////////////////
10266
case VIX_COMMAND_LIST_REGISTRY_VALUES:
10267
err = VixToolsListRegValues(requestMsg,
10268
maxResultBufferSize,
10269
eventQueue,
10270
&resultValue);
10271
deleteResultValue = TRUE;
10272
break;
10273
10274
////////////////////////////////////
10275
case VIX_COMMAND_DELETE_REGISTRY_VALUE:
10276
err = VixToolsDeleteRegValue(requestMsg);
10277
break;
10278
9049
10279
////////////////////////////////////
9050
10280
default:
9051
10281
/*
9124
10354
{
9125
10355
VixError newError = origError;
9126
10356
9127
ASSERT(VIX_ERROR_CODE(origError) == origError);
9128
9129
10357
switch (opCode) {
9130
10358
/*
9131
10359
* This should include all non-VI guest operations.
9158
10386
case VIX_COMMAND_LIST_FILESYSTEMS:
9159
10387
case VIX_COMMAND_WAIT_FOR_TOOLS:
9160
10388
case VIX_COMMAND_CAPTURE_SCREEN:
10389
ASSERT(VIX_ERROR_CODE(origError) == origError);
9161
10390
switch (origError) {
9162
10391
case VIX_E_INVALID_LOGIN_CREDENTIALS:
9163
10392
newError = VIX_E_GUEST_USER_PERMISSIONS;
9173
10402
/*
9174
10403
*-----------------------------------------------------------------------------
9175
10404
*
10405
* VixTools_GetAdditionalError --
10406
*
10407
* Gets the vix extra/additional error if any.
10408
*
10409
* Some errors returned by tools may have extra error in
10410
* the higher order 32 bits. We need to pass that back.
10411
*
10412
* Results:
10413
* uint32
10414
*
10415
* Side effects:
10416
* None
10417
*
10418
*-----------------------------------------------------------------------------
10419
*/
10420
10421
uint32
10422
VixTools_GetAdditionalError(uint32 opCode, // IN
10423
VixError error) // IN
10424
{
10425
uint32 err;
10426
10427
switch (opCode) {
10428
case VIX_COMMAND_CREATE_REGISTRY_KEY:
10429
case VIX_COMMAND_LIST_REGISTRY_KEYS:
10430
case VIX_COMMAND_DELETE_REGISTRY_KEY:
10431
case VIX_COMMAND_SET_REGISTRY_VALUE:
10432
case VIX_COMMAND_LIST_REGISTRY_VALUES:
10433
case VIX_COMMAND_DELETE_REGISTRY_VALUE:
10434
err = VIX_ERROR_EXTRA_ERROR(error);
10435
break;
10436
default:
10437
err = Err_Errno();
10438
}
10439
10440
return err;
10441
}
10442
10443
10444
/*
10445
*-----------------------------------------------------------------------------
10446
*
9176
10447
* VixTools_Base64EncodeBuffer --
9177
10448
*
9178
10449
* Return value:
9433
10704
return strlen(str);
9434
10705
}
9435
10706
}
10707
10708
10709
/*
10710
*-----------------------------------------------------------------------------
10711
*
10712
* GuestAuthEnabled --
10713
*
10714
* Returns whether we use the guest auth library.
10715
*
10716
* Results:
10717
* TRUE if we do. FALSE otherwise.
10718
*
10719
* Side effects:
10720
* None
10721
*
10722
*-----------------------------------------------------------------------------
10723
*/
10724
10725
static Bool
10726
GuestAuthEnabled(void)
10727
{
10728
#if SUPPORT_VGAUTH
10729
return gSupportVGAuth;
10730
#else
10731
return FALSE;
10732
#endif
10733
}
10734
10735
10736
/*
10737
*-----------------------------------------------------------------------------
10738
*
10739
* GuestAuthPasswordAuthenticateImpersonate
10740
*
10741
* Do name-password authentication and impersonation using
10742
* the GuestAuth library.
10743
*
10744
* Results:
10745
* VIX_OK if successful.Other VixError code otherwise.
10746
*
10747
* Side effects:
10748
* Current process impersonates.
10749
*
10750
*-----------------------------------------------------------------------------
10751
*/
10752
10753
VixError
10754
GuestAuthPasswordAuthenticateImpersonate(
10755
char const *obfuscatedNamePassword, // IN
10756
void **userToken) // OUT
10757
{
10758
#if SUPPORT_VGAUTH
10759
VixError err;
10760
char *username;
10761
char *password;
10762
VGAuthContext *ctx = NULL;
10763
VGAuthError vgErr;
10764
VGAuthUserHandle *newHandle = NULL;
10765
10766
err = VixMsg_DeObfuscateNamePassword(obfuscatedNamePassword,
10767
&username,
10768
&password);
10769
if (err != VIX_OK) {
10770
goto done;
10771
}
10772
10773
err = VIX_E_INVALID_LOGIN_CREDENTIALS;
10774
10775
vgErr = TheVGAuthContext(&ctx);
10776
if (VGAUTH_FAILED(vgErr)) {
10777
err = VixToolsTranslateVGAuthError(vgErr);
10778
goto done;
10779
}
10780
10781
vgErr = VGAuth_ValidateUsernamePassword(ctx, username, password,
10782
0, NULL,
10783
&newHandle);
10784
if (VGAUTH_FAILED(vgErr)) {
10785
err = VixToolsTranslateVGAuthError(vgErr);
10786
goto done;
10787
}
10788
10789
vgErr = VGAuth_Impersonate(ctx, newHandle, 0, NULL);
10790
if (VGAUTH_FAILED(vgErr)) {
10791
err = VixToolsTranslateVGAuthError(vgErr);
10792
goto done;
10793
}
10794
10795
*userToken = VGAUTH_GENERIC_USER_TOKEN;
10796
10797
err = VIX_OK;
10798
10799
done:
10800
10801
if (newHandle) {
10802
VGAuth_UserHandleFree(newHandle);
10803
}
10804
10805
return err;
10806
#else
10807
return VIX_E_NOT_SUPPORTED;
10808
#endif
10809
}
10810
10811
10812
/*
10813
*-----------------------------------------------------------------------------
10814
*
10815
* GuestAuthSAMLAuthenticateAndImpersonate
10816
*
10817
* Do SAML bearer token authentication and impersonation using
10818
* the GuestAuth library.
10819
*
10820
* Results:
10821
* VIX_OK if successful. Other VixError code otherwise.
10822
*
10823
* Side effects:
10824
* Current process impersonates.
10825
*
10826
*-----------------------------------------------------------------------------
10827
*/
10828
10829
VixError
10830
GuestAuthSAMLAuthenticateAndImpersonate(
10831
char const *obfuscatedNamePassword, // IN
10832
void **userToken) // OUT
10833
{
10834
#if SUPPORT_VGAUTH
10835
VixError err;
10836
char *token;
10837
char *username;
10838
VGAuthContext *ctx = NULL;
10839
VGAuthError vgErr;
10840
VGAuthUserHandle *newHandle = NULL;
10841
10842
Debug(">%s\n", __FUNCTION__);
10843
err = VixMsg_DeObfuscateNamePassword(obfuscatedNamePassword,
10844
&token,
10845
&username);
10846
if (err != VIX_OK) {
10847
goto done;
10848
}
10849
10850
err = VIX_E_INVALID_LOGIN_CREDENTIALS;
10851
10852
vgErr = TheVGAuthContext(&ctx);
10853
if (VGAUTH_FAILED(vgErr)) {
10854
err = VixToolsTranslateVGAuthError(vgErr);
10855
goto done;
10856
}
10857
10858
vgErr = VGAuth_ValidateSamlBearerToken(ctx,
10859
token,
10860
username,
10861
0,
10862
NULL,
10863
&newHandle);
10864
if (VGAUTH_FAILED(vgErr)) {
10865
err = VixToolsTranslateVGAuthError(vgErr);
10866
goto done;
10867
}
10868
10869
vgErr = VGAuth_Impersonate(ctx, newHandle, 0, NULL);
10870
if (VGAUTH_FAILED(vgErr)) {
10871
err = VixToolsTranslateVGAuthError(vgErr);
10872
goto done;
10873
}
10874
10875
*userToken = VGAUTH_GENERIC_USER_TOKEN;
10876
10877
err = VIX_OK;
10878
10879
done:
10880
10881
if (newHandle) {
10882
VGAuth_UserHandleFree(newHandle);
10883
}
10884
10885
Debug("<%s\n", __FUNCTION__);
10886
10887
return err;
10888
#else
10889
return VIX_E_NOT_SUPPORTED;
10890
#endif
10891
}
10892
10893
10894
/*
10895
*-----------------------------------------------------------------------------
10896
*
10897
* GuestAuthUnimpersonate
10898
*
10899
* End the current impersonation using the VGAuth library.
10900
*
10901
* Results:
10902
* None
10903
*
10904
* Side effects:
10905
* Current process un-impersonates.
10906
*
10907
*-----------------------------------------------------------------------------
10908
*/
10909
10910
void
10911
GuestAuthUnimpersonate(void)
10912
{
10913
#if SUPPORT_VGAUTH
10914
VGAuthContext *ctx;
10915
VGAuthError vgErr = TheVGAuthContext(&ctx);
10916
ASSERT(vgErr == VGAUTH_E_OK);
10917
10918
vgErr = VGAuth_EndImpersonation(ctx);
10919
ASSERT(vgErr == VGAUTH_E_OK);
10920
#else
10921
ASSERT(0);
10922
#endif
10923
}
10924
10925
10926
#if SUPPORT_VGAUTH
10927
/*
10928
*-----------------------------------------------------------------------------
10929
*
10930
* QueryVGAuthConfig
10931
*
10932
* Check the tools configuration to see if VGAuth should be used.
10933
*
10934
* Results:
10935
* TRUE if vgauth should be used, FALSE if not.
10936
*
10937
* Side effects:
10938
* None
10939
*
10940
*-----------------------------------------------------------------------------
10941
*/
10942
10943
static gboolean
10944
QueryVGAuthConfig(GKeyFile *confDictRef) // IN
10945
{
10946
gboolean useVGAuth;
10947
gboolean retVal = USE_VGAUTH_DEFAULT;
10948
GError *gErr = NULL;
10949
10950
if (confDictRef != NULL) {
10951
useVGAuth = g_key_file_get_boolean(confDictRef,
10952
VIX_TOOLS_CONFIG_API_GROUPNAME,
10953
VIXTOOLS_CONFIG_USE_VGAUTH_NAME,
10954
&gErr);
10955
10956
/*
10957
* g_key_file_get_boolean() will return FALSE and set an error
10958
* if the value isn't in config, so use the default in that
10959
* case.
10960
*/
10961
if (!useVGAuth && (NULL != gErr)) {
10962
g_error_free(gErr);
10963
retVal = USE_VGAUTH_DEFAULT;
10964
} else {
10965
retVal = useVGAuth;
10966
}
10967
}
10968
10969
Debug("%s: vgauth usage is: %d\n", __FUNCTION__, retVal);
10970
10971
return retVal;
10972
}
10973
10974
10975
/*
10976
*-----------------------------------------------------------------------------
10977
*
10978
* TheVGAuthContext
10979
*
10980
* Get the global VGAuthContext object.
10981
* Lazily create the global VGAuthContext when needed.
10982
* Creating the global context may also cause the VGAuth Service to
10983
* be started.
10984
*
10985
* Results:
10986
* VGAUTH_E_OK if successful, the global context object is returned in
10987
* the OUT parameter ctx.
10988
*
10989
* Side effects:
10990
* None
10991
*
10992
*-----------------------------------------------------------------------------
10993
*/
10994
10995
VGAuthError
10996
TheVGAuthContext(VGAuthContext **ctx) // OUT
10997
{
10998
static VGAuthContext *vgaCtx = NULL;
10999
VGAuthError vgaCode = VGAUTH_E_OK;
11000
11001
/*
11002
* XXX This needs to handle errors better -- if the service gets
11003
* reset, the context will point to junk and anything using it will
11004
* fail.
11005
*
11006
* Maybe add a no-op API here to poke it? Or make the underlying
11007
* VGAuth code smarter.
11008
*/
11009
if (vgaCtx == NULL) {
11010
vgaCode = VGAuth_Init(VMTOOLSD_APP_NAME, 0, NULL, &vgaCtx);
11011
}
11012
11013
*ctx = vgaCtx;
11014
return vgaCode;
11015
}
11016
#endif
Loggerhead is a web-based interface for Breezy
Version: 2.0.1