auth/simple/VBoxAuthSimple.cpp

	VBoxAuthSimple.cpp revision b8908d384db2324f04a2f68a13e67ea32ebf609a
52f16f53a955f5b24bc2132c418a5fffb700f089vboxsync/** @file
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync *
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync * VBox Remote Desktop Protocol:
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync * External Authentication Library:
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync * Simple Authentication.
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync */
e64031e20c39650a7bc902a3e1aba613b9415deevboxsync
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync/*
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync * Copyright (C) 2006-2010 Oracle Corporation
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync *
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync * This file is part of VirtualBox Open Source Edition (OSE), as
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync * available from http://www.virtualbox.org. This file is free software;
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync * you can redistribute it and/or modify it under the terms of the GNU
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync * General Public License (GPL) as published by the Free Software
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync * Foundation, in version 2 as it comes in the "COPYING" file of the
1c94c0a63ba68be1a7b2c640e70d7a06464e4fcavboxsync * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
aba0e602e244ae7c4f11b50fc6d2440f5a762038vboxsync * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
aba0e602e244ae7c4f11b50fc6d2440f5a762038vboxsync */
aba0e602e244ae7c4f11b50fc6d2440f5a762038vboxsync
aba0e602e244ae7c4f11b50fc6d2440f5a762038vboxsync#include <stdlib.h>
aba0e602e244ae7c4f11b50fc6d2440f5a762038vboxsync#include <stdio.h>
aba0e602e244ae7c4f11b50fc6d2440f5a762038vboxsync#include <string.h>
aba0e602e244ae7c4f11b50fc6d2440f5a762038vboxsync
aba0e602e244ae7c4f11b50fc6d2440f5a762038vboxsync#include <iprt/cdefs.h>
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync#include <iprt/uuid.h>
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync#include <iprt/sha.h>
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync#include <VBox/VBoxAuth.h>
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync#include <VBox/com/com.h>
64e0c74b525c440a571ce06f3eb6234d75913d76vboxsync#include <VBox/com/string.h>
64241796dca8fa36d3fca205e01b4320193a36b7vboxsync#include <VBox/com/Guid.h>
64241796dca8fa36d3fca205e01b4320193a36b7vboxsync#include <VBox/com/VirtualBox.h>
64241796dca8fa36d3fca205e01b4320193a36b7vboxsync
d6aa6429f99fb7648883eb612f8a52b9aaf3bff4vboxsyncusing namespace com;
1e2bc03fd1fc133bd3a066b1557471e157df78f6vboxsync
3c3a5ab35783f4d31cb5d3a15db9daadeb804daavboxsync/* If defined, debug messages will be written to the specified file. */
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync//#define AUTH_DEBUG_FILE_NAME "/tmp/VBoxAuth.log"
c312e1b81dffe42e0fb766020fb8defaeade05d6vboxsync
c312e1b81dffe42e0fb766020fb8defaeade05d6vboxsync
a34996f4849a881e4112ba993984dcd2388b8bf2vboxsyncstatic void dprintf(const char *fmt, ...)
a34996f4849a881e4112ba993984dcd2388b8bf2vboxsync{
a34996f4849a881e4112ba993984dcd2388b8bf2vboxsync#ifdef AUTH_DEBUG_FILE_NAME
a34996f4849a881e4112ba993984dcd2388b8bf2vboxsync    va_list va;
a34996f4849a881e4112ba993984dcd2388b8bf2vboxsync
a34996f4849a881e4112ba993984dcd2388b8bf2vboxsync    va_start(va, fmt);
64241796dca8fa36d3fca205e01b4320193a36b7vboxsync
64241796dca8fa36d3fca205e01b4320193a36b7vboxsync    char buffer[1024];
64241796dca8fa36d3fca205e01b4320193a36b7vboxsync
a34996f4849a881e4112ba993984dcd2388b8bf2vboxsync    vsnprintf(buffer, sizeof(buffer), fmt, va);
a34996f4849a881e4112ba993984dcd2388b8bf2vboxsync
3c3a5ab35783f4d31cb5d3a15db9daadeb804daavboxsync    FILE *f = fopen(AUTH_DEBUG_FILE_NAME, "ab");
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    if (f)
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    {
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync        fprintf(f, "%s", buffer);
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync        fclose(f);
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    }
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    va_end (va);
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync#endif
50f0e2e83362e100d306a411980d555d46aa00a8vboxsync}
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync
b0dfb334954c0552bb583967a3077ec88fd00471vboxsyncRT_C_DECLS_BEGIN
b0dfb334954c0552bb583967a3077ec88fd00471vboxsyncDECLEXPORT(AuthResult) AUTHCALL AuthEntry(const char *szCaller,
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync                                          PAUTHUUID pUuid,
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync                                          AuthGuestJudgement guestJudgement,
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync                                          const char *szUser,
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync                                          const char *szPassword,
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync                                          const char *szDomain,
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync                                          int fLogon,
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync                                          unsigned clientId)
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync{
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    /* default is failed */
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    AuthResult result = AuthResultAccessDenied;
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    /* only interested in logon */
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    if (!fLogon)
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync        /* return value ignored */
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync        return result;
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    char uuid[RTUUID_STR_LENGTH] = {0};
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    if (pUuid)
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync        RTUuidToStr((PCRTUUID)pUuid, (char*)uuid, RTUUID_STR_LENGTH);
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    /* the user might contain a domain name, split it */
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    char *user = strchr((char*)szUser, '\\');
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    if (user)
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync        user++;
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    else
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync        user = (char*)szUser;
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    dprintf("VBoxAuth: uuid: %s, user: %s, szPassword: %s\n", uuid, user, szPassword);
50f0e2e83362e100d306a411980d555d46aa00a8vboxsync
50f0e2e83362e100d306a411980d555d46aa00a8vboxsync    ComPtr<IVirtualBox> virtualBox;
50f0e2e83362e100d306a411980d555d46aa00a8vboxsync    HRESULT rc;
54828795a553ed0731f308ebda81675ad2c39d58vboxsync
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    rc = virtualBox.createLocalObject(CLSID_VirtualBox);
54828795a553ed0731f308ebda81675ad2c39d58vboxsync    if (SUCCEEDED(rc))
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync    {
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync        Bstr key = BstrFmt("VBoxAuthSimple/users/%s", user);
2f0ff8eed7f73f05b9af49aff1b6c213cf4c80a8vboxsync        Bstr password;
2f0ff8eed7f73f05b9af49aff1b6c213cf4c80a8vboxsync
2f0ff8eed7f73f05b9af49aff1b6c213cf4c80a8vboxsync        /* lookup in VM's extra data? */
2f0ff8eed7f73f05b9af49aff1b6c213cf4c80a8vboxsync        if (pUuid)
2f0ff8eed7f73f05b9af49aff1b6c213cf4c80a8vboxsync        {
2f0ff8eed7f73f05b9af49aff1b6c213cf4c80a8vboxsync            ComPtr<IMachine> machine;
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync            virtualBox->FindMachine(Bstr(uuid).raw(), machine.asOutParam());
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync            if (machine)
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync                machine->GetExtraData(key.raw(), password.asOutParam());
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync        } else
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync            /* lookup global extra data */
50f0e2e83362e100d306a411980d555d46aa00a8vboxsync            virtualBox->GetExtraData(key.raw(), password.asOutParam());
50f0e2e83362e100d306a411980d555d46aa00a8vboxsync
50f0e2e83362e100d306a411980d555d46aa00a8vboxsync        if (!password.isEmpty())
54828795a553ed0731f308ebda81675ad2c39d58vboxsync        {
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync            /* calculate hash */
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync            uint8_t abDigest[RTSHA256_HASH_SIZE];
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync            RTSha256(szPassword, strlen(szPassword), abDigest);
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync            char pszDigest[RTSHA256_DIGEST_LEN + 1];
2f0ff8eed7f73f05b9af49aff1b6c213cf4c80a8vboxsync            RTSha256ToString(abDigest, pszDigest, sizeof(pszDigest));
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync            if (password == pszDigest)
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync                result = AuthResultAccessGranted;
b0dfb334954c0552bb583967a3077ec88fd00471vboxsync        }
8d29e9dc0d280b7b26834132b9ce14a3a845a7fdvboxsync    }
80523be8dba75b5eb32569fd72ddf54f3b009025vboxsync
80523be8dba75b5eb32569fd72ddf54f3b009025vboxsync    return result;
80523be8dba75b5eb32569fd72ddf54f3b009025vboxsync}
80523be8dba75b5eb32569fd72ddf54f3b009025vboxsyncRT_C_DECLS_END
80523be8dba75b5eb32569fd72ddf54f3b009025vboxsync
80523be8dba75b5eb32569fd72ddf54f3b009025vboxsync/* Verify the function prototype. */
80523be8dba75b5eb32569fd72ddf54f3b009025vboxsyncstatic PAUTHENTRY3 gpfnAuthEntry = AuthEntry;
80523be8dba75b5eb32569fd72ddf54f3b009025vboxsync