352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * VBoxCredProvProvider - The actual credential provider class.
82439a7f18027a77f179cbff437c1c9012d20ba8vboxsync * Copyright (C) 2012-2014 Oracle Corporation
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * This file is part of VirtualBox Open Source Edition (OSE), as
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * available from http://www.virtualbox.org. This file is free software;
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * you can redistribute it and/or modify it under the terms of the GNU
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * General Public License (GPL) as published by the Free Software
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * Foundation, in version 2 as it comes in the "COPYING" file of the
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync/*******************************************************************************
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync* Header Files *
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync*******************************************************************************/
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvReportStatus(VBoxGuestFacilityStatus_Init);
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv: Destroying\n");
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvReportStatus(VBoxGuestFacilityStatus_Terminated);
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync/* IUnknown overrides. */
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv: AddRef: Returning refcount=%ld\n",
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv: Release: Returning refcount=%ld\n",
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv: Calling destructor\n");
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync delete this;
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsyncVBoxCredProvProvider::QueryInterface(REFIID interfaceID, void **ppvInterface)
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync reinterpret_cast<IUnknown*>(*ppvInterface)->AddRef();
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * Loads the global configuration from registry.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @return DWORD Windows error code.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync /** @todo Add some registry wrapper function(s) as soon as we got more values to retrieve. */
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync DWORD dwRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE, L"SOFTWARE\\Oracle\\VirtualBox Guest Additions\\AutoLogon",
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync dwRet = RegQueryValueEx(hKey, L"HandleRemoteSessions", NULL, &dwType, (LPBYTE)&dwValue, &dwSize);
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync dwRet = RegQueryValueEx(hKey, L"LoggingEnabled", NULL, &dwType, (LPBYTE)&dwValue, &dwSize);
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync if (g_dwVerbosity) /* Do we want logging at all? */
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync dwRet = RegQueryValueEx(hKey, L"LoggingLevel", NULL, &dwType, (LPBYTE)&dwValue, &dwSize);
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync /* Do not report back an error here yet. */
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * Determines whether we should handle the current session or not.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @return bool true if we should handle this session, false if not.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync /* Load global configuration from registry. */
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv: Error loading global configuration, rc=%Rrc\n",
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync if (m_fHandleRemoteSessions) /* Force remote session handling. */
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync else /* No remote session. */
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(3, "VBoxCredProv: Handling current session=%RTbool\n", fHandle);
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * Tells this provider the current usage scenario.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @return HRESULT
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @param enmUsageScenario Current usage scenario this provider will be
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @param dwFlags Optional flags for the usage scenario.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsyncVBoxCredProvProvider::SetUsageScenario(CREDENTIAL_PROVIDER_USAGE_SCENARIO enmUsageScenario, DWORD dwFlags)
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv::SetUsageScenario: enmUsageScenario=%d, dwFlags=%ld\n",
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvReportStatus(VBoxGuestFacilityStatus_Active);
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv: Error while loading configuration, error=%ld\n", dwErr);
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync /* Do not stop running on a misconfigured system. */
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * If we're told to not handle the current session just bail out and let the
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * user know.
9dfe45f98c4eace98447efa6bead6f5d23454e27vboxsync VBoxCredProvVerbose(0, "VBoxCredProv::SetUsageScenario: Error initializing poller thread, rc=%Rrc\n", rc);
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync /* All set up already! Nothing to do here right now. */
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync /* If we failed, do some cleanup. */
82439a7f18027a77f179cbff437c1c9012d20ba8vboxsync case CPUS_CHANGE_PASSWORD: /* Asks us to provide a way to change the password. */
82439a7f18027a77f179cbff437c1c9012d20ba8vboxsync case CPUS_CREDUI: /* Displays an own UI. We don't need that. */
82439a7f18027a77f179cbff437c1c9012d20ba8vboxsync case CPUS_PLAP: /* See Pre-Logon-Access Provider. Not needed (yet). */
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv::SetUsageScenario returned hr=0x%08x\n", hr);
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * Tells this provider how the serialization will be handled. Currently not used.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @return STDMETHODIMP
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @param pcpCredentialSerialization Credentials serialization.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsyncVBoxCredProvProvider::SetSerialization(const CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION *pcpCredentialSerialization)
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * Initializes the communication with LogonUI through callbacks events which we can later
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * use to start re-enumeration of credentials.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @return HRESULT
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @param pcpEvents Pointer to event interface.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @param upAdviseContext The current advise context.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsyncVBoxCredProvProvider::Advise(ICredentialProviderEvents *pcpEvents, UINT_PTR upAdviseContext)
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv::Advise, pcpEvents=0x%p, upAdviseContext=%u\n",
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * Save advice context for later use when binding to
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * certain ICredentialProviderEvents events.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * Uninitializes the callback events so that they're no longer valid.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @return HRESULT
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv::UnAdvise: pEvents=0x%p\n",
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * Retrieves the total count of fields we're handling (needed for field enumeration
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * through LogonUI).
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @return HRESULT
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @param pdwCount Receives total count of fields.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsyncVBoxCredProvProvider::GetFieldDescriptorCount(DWORD *pdwCount)
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv::GetFieldDescriptorCount: %ld\n", *pdwCount);
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * Retrieves a descriptor of a specified field.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @return HRESULT
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @param dwIndex ID of field to retrieve descriptor for.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @param ppFieldDescriptor Pointer which receives the allocated field
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * descriptor.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsyncVBoxCredProvProvider::GetFieldDescriptorAt(DWORD dwIndex, CREDENTIAL_PROVIDER_FIELD_DESCRIPTOR **ppFieldDescriptor)
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync PCREDENTIAL_PROVIDER_FIELD_DESCRIPTOR pcpFieldDesc =
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync (PCREDENTIAL_PROVIDER_FIELD_DESCRIPTOR)CoTaskMemAlloc(sizeof(CREDENTIAL_PROVIDER_FIELD_DESCRIPTOR));
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync const VBOXCREDPROV_FIELD &field = s_VBoxCredProvFields[dwIndex];
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync RT_BZERO(pcpFieldDesc, sizeof(CREDENTIAL_PROVIDER_FIELD_DESCRIPTOR));
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync hr = SHStrDupW(field.desc.pszLabel, &pcpFieldDesc->pszLabel);
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv::GetFieldDescriptorAt: dwIndex=%ld, ppDesc=0x%p, hr=0x%08x\n",
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * Retrieves the total number of credentials this provider can offer at the current time and
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * if a logon attempt should be made.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @return HRESULT
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @param pdwCount Receives number of credentials to serve.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @param pdwDefault Receives the credentials index to try
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * logging on if there is more than one
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * credential provided. 0 is default.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @param pfAutoLogonWithDefault Receives a flag indicating whether a
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * logon attempt using the default
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * credential should be made or not.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsyncVBoxCredProvProvider::GetCredentialCount(DWORD *pdwCount, DWORD *pdwDefault, BOOL *pfAutoLogonWithDefault)
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync /* Do we have credentials? */
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync *pdwCount = 1; /* This provider always has the same number of credentials (1). */
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync *pdwDefault = 0; /* The credential we provide is *always* at index 0! */
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync *pfAutoLogonWithDefault = TRUE; /* We always at least try to auto-login (if password is correct). */
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv::GetCredentialCount: *pdwCount=%ld, *pdwDefault=%ld, *pfAutoLogonWithDefault=%s\n",
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync *pdwCount, *pdwDefault, *pfAutoLogonWithDefault ? "true" : "false");
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * Called by Winlogon to retrieve the interface of our current ICredentialProviderCredential interface.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @return HRESULT
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @param dwIndex Index of credential (in case there is more than one credential at a time) to
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * retrieve the interface for.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * @param ppCredProvCredential Pointer that receives the credential interface.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsyncVBoxCredProvProvider::GetCredentialAt(DWORD dwIndex, ICredentialProviderCredential **ppCredProvCredential)
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv::GetCredentialAt: Index=%ld, ppCredProvCredential=0x%p\n",
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv::GetCredentialAt: No credentials available\n");
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync hr = m_pCred->QueryInterface(IID_ICredentialProviderCredential,
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync reinterpret_cast<void**>(ppCredProvCredential));
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv::GetCredentialAt: More than one credential not supported!\n");
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * Triggers a credential re-enumeration -- will be called by our poller thread. This then invokes
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * GetCredentialCount() and GetCredentialAt() called by Winlogon.
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync VBoxCredProvVerbose(0, "VBoxCredProv::OnCredentialsProvided\n");
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsync * Creates our provider. This happens *before* CTRL-ALT-DEL was pressed!
352bb6b9d2fa1f7df7797f50c58e297ac37059a2vboxsyncVBoxCredProvProviderCreate(REFIID interfaceID, void **ppvInterface)
9dfe45f98c4eace98447efa6bead6f5d23454e27vboxsync VBoxCredProvProvider *pProvider = new VBoxCredProvProvider();