auth/simple/VBoxAuthSimple.cpp

	VBoxAuthSimple.cpp revision 6754e49069315bd28137abb0f9241e3aeb99a97e
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync/** @file
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync *
5b281ba489ca18f0380d7efc7a5108b606cce449vboxsync * VBox Remote Desktop Protocol:
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync * External Authentication Library:
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync * Simple Authentication.
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync */
6cf438776892898b86c5c34c92e32fc446b057d2vboxsync
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync/*
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync * Copyright (C) 2006-2010 Oracle Corporation
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync *
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync * This file is part of VirtualBox Open Source Edition (OSE), as
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync * available from http://www.virtualbox.org. This file is free software;
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync * you can redistribute it and/or modify it under the terms of the GNU
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync * General Public License (GPL) as published by the Free Software
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync * Foundation, in version 2 as it comes in the "COPYING" file of the
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync */
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync#include <stdlib.h>
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync#include <stdio.h>
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync#include <string.h>
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync
a16eb14ad7a4b5ef91ddc22d3e8e92d930f736fcvboxsync#include <iprt/cdefs.h>
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync#include <iprt/uuid.h>
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync#include <iprt/sha.h>
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync#include <VBox/VRDPAuth.h>
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync#include <VBox/com/com.h>
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync#include <VBox/com/string.h>
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync#include <VBox/com/Guid.h>
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync#include <VBox/com/VirtualBox.h>
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsyncusing namespace com;
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync/* If defined, debug messages will be written to the specified file. */
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync//#define VRDPAUTH_DEBUG_FILE_NAME "/tmp/VRDPAuth.log"
282f5fe327c5d622addc8b943407a35d8b192a19vboxsync
282f5fe327c5d622addc8b943407a35d8b192a19vboxsync
282f5fe327c5d622addc8b943407a35d8b192a19vboxsyncstatic void dprintf(const char *fmt, ...)
6162a4a3d82747a7d0a3a2b2633a67a945cb5002vboxsync{
6162a4a3d82747a7d0a3a2b2633a67a945cb5002vboxsync#ifdef VRDPAUTH_DEBUG_FILE_NAME
6162a4a3d82747a7d0a3a2b2633a67a945cb5002vboxsync    va_list va;
6162a4a3d82747a7d0a3a2b2633a67a945cb5002vboxsync
6162a4a3d82747a7d0a3a2b2633a67a945cb5002vboxsync    va_start(va, fmt);
6162a4a3d82747a7d0a3a2b2633a67a945cb5002vboxsync
6162a4a3d82747a7d0a3a2b2633a67a945cb5002vboxsync    char buffer[1024];
6162a4a3d82747a7d0a3a2b2633a67a945cb5002vboxsync
282f5fe327c5d622addc8b943407a35d8b192a19vboxsync    vsnprintf(buffer, sizeof(buffer), fmt, va);
6162a4a3d82747a7d0a3a2b2633a67a945cb5002vboxsync
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync    FILE *f = fopen(VRDPAUTH_DEBUG_FILE_NAME, "ab");
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync    fprintf(f, "%s", buffer);
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync    fclose(f);
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync    va_end (va);
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync#endif
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync}
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsyncRT_C_DECLS_BEGIN
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsyncDECLEXPORT(VRDPAuthResult) VRDPAUTHCALL VRDPAuth2(PVRDPAUTHUUID pUuid,
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync                                                  VRDPAuthGuestJudgement guestJudgement,
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync                                                  const char *szUser,
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync                                                  const char *szPassword,
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync                                                  const char *szDomain,
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync                                                  int fLogon,
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync                                                  unsigned clientId)
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync{
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync    /* default is failed */
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync    VRDPAuthResult result = VRDPAuthAccessDenied;
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync    /* only interested in logon */
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync    if (!fLogon)
282f5fe327c5d622addc8b943407a35d8b192a19vboxsync        /* return value ignored */
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync        return result;
282f5fe327c5d622addc8b943407a35d8b192a19vboxsync
6162a4a3d82747a7d0a3a2b2633a67a945cb5002vboxsync    char uuid[RTUUID_STR_LENGTH] = {0};
282f5fe327c5d622addc8b943407a35d8b192a19vboxsync    if (pUuid)
282f5fe327c5d622addc8b943407a35d8b192a19vboxsync        RTUuidToStr((PCRTUUID)pUuid, (char*)uuid, RTUUID_STR_LENGTH);
282f5fe327c5d622addc8b943407a35d8b192a19vboxsync
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync    /* the user might contain a domain name, split it */
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync    char *user = strchr((char*)szUser, '\\');
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync    if (user)
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync        user++;
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync    else
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync        user = (char*)szUser;
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync    dprintf("VBoxAuth: uuid: %s, user: %s, szPassword: %s\n", uuid, user, szPassword);
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync    ComPtr<IVirtualBox> virtualBox;
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync    HRESULT rc;
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync
6cf438776892898b86c5c34c92e32fc446b057d2vboxsync    rc = virtualBox.createLocalObject(CLSID_VirtualBox);
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync    if (SUCCEEDED(rc))
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync    {
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync        Bstr key = BstrFmt("VBoxAuthSimple/users/%s", user);
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync        Bstr password;
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync        /* lookup in VM's extra data? */
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync        if (pUuid)
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync        {
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync            ComPtr<IMachine> machine;
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync            virtualBox->GetMachine(Bstr(uuid).raw(), machine.asOutParam());
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync            if (machine)
6cf438776892898b86c5c34c92e32fc446b057d2vboxsync                machine->GetExtraData(key.raw(), password.asOutParam());
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync        } else
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync            /* lookup global extra data */
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync            virtualBox->GetExtraData(key.raw(), password.asOutParam());
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync        if (!password.isEmpty())
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync        {
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync            /* calculate hash */
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync            uint8_t abDigest[RTSHA256_HASH_SIZE];
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync            RTSha256(szPassword, strlen(szPassword), abDigest);
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync            char pszDigest[RTSHA256_STRING_LEN + 1];
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync            RTSha256ToString(abDigest, pszDigest, sizeof(pszDigest));
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync            if (password == pszDigest)
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync                result = VRDPAuthAccessGranted;
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync        }
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync    }
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync    return result;
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync}
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsyncRT_C_DECLS_END
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync
5a8ae0443b7be3b1a5501bd101b1533daa844c23vboxsync/* Verify the function prototype. */
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsyncstatic PVRDPAUTHENTRY2 gpfnAuthEntry = VRDPAuth2;
1319c68f8bf1c1195c93ecf9acccf19354d91ba8vboxsync