| 1 | /* $Id: VBoxAuthSimple.cpp 98103 2023-01-17 14:15:46Z vboxsync $ */
|
|---|
| 2 | /** @file
|
|---|
| 3 | * VirtualBox External Authentication Library - Simple Authentication.
|
|---|
| 4 | */
|
|---|
| 5 |
|
|---|
| 6 | /*
|
|---|
| 7 | * Copyright (C) 2006-2023 Oracle and/or its affiliates.
|
|---|
| 8 | *
|
|---|
| 9 | * This file is part of VirtualBox base platform packages, as
|
|---|
| 10 | * available from https://www.virtualbox.org.
|
|---|
| 11 | *
|
|---|
| 12 | * This program is free software; you can redistribute it and/or
|
|---|
| 13 | * modify it under the terms of the GNU General Public License
|
|---|
| 14 | * as published by the Free Software Foundation, in version 3 of the
|
|---|
| 15 | * License.
|
|---|
| 16 | *
|
|---|
| 17 | * This program is distributed in the hope that it will be useful, but
|
|---|
| 18 | * WITHOUT ANY WARRANTY; without even the implied warranty of
|
|---|
| 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|---|
| 20 | * General Public License for more details.
|
|---|
| 21 | *
|
|---|
| 22 | * You should have received a copy of the GNU General Public License
|
|---|
| 23 | * along with this program; if not, see <https://www.gnu.org/licenses>.
|
|---|
| 24 | *
|
|---|
| 25 | * SPDX-License-Identifier: GPL-3.0-only
|
|---|
| 26 | */
|
|---|
| 27 |
|
|---|
| 28 | #include <stdlib.h>
|
|---|
| 29 | #include <stdio.h>
|
|---|
| 30 | #include <string.h>
|
|---|
| 31 |
|
|---|
| 32 | #include <iprt/cdefs.h>
|
|---|
| 33 | #include <iprt/uuid.h>
|
|---|
| 34 | #include <iprt/sha.h>
|
|---|
| 35 |
|
|---|
| 36 | #include <VBox/VBoxAuth.h>
|
|---|
| 37 |
|
|---|
| 38 | #include <VBox/com/com.h>
|
|---|
| 39 | #include <VBox/com/string.h>
|
|---|
| 40 | #include <VBox/com/Guid.h>
|
|---|
| 41 | #include <VBox/com/VirtualBox.h>
|
|---|
| 42 |
|
|---|
| 43 | using namespace com;
|
|---|
| 44 |
|
|---|
| 45 | /* If defined, debug messages will be written to the specified file. */
|
|---|
| 46 | //#define AUTH_DEBUG_FILE_NAME "/tmp/VBoxAuth.log"
|
|---|
| 47 |
|
|---|
| 48 |
|
|---|
| 49 | static void dprintf(const char *pszFormat, ...)
|
|---|
| 50 | {
|
|---|
| 51 | #ifdef AUTH_DEBUG_FILE_NAME
|
|---|
| 52 | FILE *f = fopen(AUTH_DEBUG_FILE_NAME, "ab");
|
|---|
| 53 | if (f)
|
|---|
| 54 | {
|
|---|
| 55 | va_list va;
|
|---|
| 56 | va_start(va, pszFormat);
|
|---|
| 57 | vfprintf(f, pszFormat, va);
|
|---|
| 58 | va_end(va);
|
|---|
| 59 | fclose(f);
|
|---|
| 60 | }
|
|---|
| 61 | #else
|
|---|
| 62 | RT_NOREF(pszFormat);
|
|---|
| 63 | #endif
|
|---|
| 64 | }
|
|---|
| 65 |
|
|---|
| 66 | RT_C_DECLS_BEGIN
|
|---|
| 67 | DECLEXPORT(FNAUTHENTRY3) AuthEntry;
|
|---|
| 68 | RT_C_DECLS_END
|
|---|
| 69 |
|
|---|
| 70 | DECLEXPORT(AuthResult) AUTHCALL AuthEntry(const char *pszCaller,
|
|---|
| 71 | PAUTHUUID pUuid,
|
|---|
| 72 | AuthGuestJudgement guestJudgement,
|
|---|
| 73 | const char *pszUser,
|
|---|
| 74 | const char *pszPassword,
|
|---|
| 75 | const char *pszDomain,
|
|---|
| 76 | int fLogon,
|
|---|
| 77 | unsigned clientId)
|
|---|
| 78 | {
|
|---|
| 79 | RT_NOREF(pszCaller, guestJudgement, pszDomain, clientId);
|
|---|
| 80 |
|
|---|
| 81 | /* default is failed */
|
|---|
| 82 | AuthResult result = AuthResultAccessDenied;
|
|---|
| 83 |
|
|---|
| 84 | /* only interested in logon */
|
|---|
| 85 | if (!fLogon)
|
|---|
| 86 | /* return value ignored */
|
|---|
| 87 | return result;
|
|---|
| 88 |
|
|---|
| 89 | char uuid[RTUUID_STR_LENGTH] = {0};
|
|---|
| 90 | if (pUuid)
|
|---|
| 91 | RTUuidToStr((PCRTUUID)pUuid, (char*)uuid, RTUUID_STR_LENGTH);
|
|---|
| 92 |
|
|---|
| 93 | /* the user might contain a domain name, split it */
|
|---|
| 94 | const char *user = strchr(pszUser, '\\');
|
|---|
| 95 | if (user)
|
|---|
| 96 | user++;
|
|---|
| 97 | else
|
|---|
| 98 | user = (char*)pszUser;
|
|---|
| 99 |
|
|---|
| 100 | dprintf("VBoxAuth: uuid: %s, user: %s, pszPassword: %s\n", uuid, user, pszPassword);
|
|---|
| 101 |
|
|---|
| 102 | ComPtr<IVirtualBoxClient> virtualBoxClient;
|
|---|
| 103 | ComPtr<IVirtualBox> virtualBox;
|
|---|
| 104 | HRESULT rc;
|
|---|
| 105 |
|
|---|
| 106 | rc = virtualBoxClient.createInprocObject(CLSID_VirtualBoxClient);
|
|---|
| 107 | if (SUCCEEDED(rc))
|
|---|
| 108 | {
|
|---|
| 109 | rc = virtualBoxClient->COMGETTER(VirtualBox)(virtualBox.asOutParam());
|
|---|
| 110 | if (SUCCEEDED(rc))
|
|---|
| 111 | {
|
|---|
| 112 | Bstr key = BstrFmt("VBoxAuthSimple/users/%s", user);
|
|---|
| 113 | Bstr password;
|
|---|
| 114 |
|
|---|
| 115 | /* lookup in VM's extra data? */
|
|---|
| 116 | if (pUuid)
|
|---|
| 117 | {
|
|---|
| 118 | ComPtr<IMachine> machine;
|
|---|
| 119 | virtualBox->FindMachine(Bstr(uuid).raw(), machine.asOutParam());
|
|---|
| 120 | if (machine)
|
|---|
| 121 | machine->GetExtraData(key.raw(), password.asOutParam());
|
|---|
| 122 | }
|
|---|
| 123 | else
|
|---|
| 124 | /* lookup global extra data */
|
|---|
| 125 | virtualBox->GetExtraData(key.raw(), password.asOutParam());
|
|---|
| 126 |
|
|---|
| 127 | if (!password.isEmpty())
|
|---|
| 128 | {
|
|---|
| 129 | /* calculate hash */
|
|---|
| 130 | uint8_t abDigest[RTSHA256_HASH_SIZE];
|
|---|
| 131 | RTSha256(pszPassword, strlen(pszPassword), abDigest);
|
|---|
| 132 | char pszDigest[RTSHA256_DIGEST_LEN + 1];
|
|---|
| 133 | RTSha256ToString(abDigest, pszDigest, sizeof(pszDigest));
|
|---|
| 134 |
|
|---|
| 135 | if (password == pszDigest)
|
|---|
| 136 | result = AuthResultAccessGranted;
|
|---|
| 137 | }
|
|---|
| 138 | }
|
|---|
| 139 | else
|
|---|
| 140 | dprintf("VBoxAuth: failed to get VirtualBox object reference: %#x\n", rc);
|
|---|
| 141 | }
|
|---|
| 142 | else
|
|---|
| 143 | dprintf("VBoxAuth: failed to get VirtualBoxClient object reference: %#x\n", rc);
|
|---|
| 144 |
|
|---|
| 145 | return result;
|
|---|
| 146 | }
|
|---|
| 147 |
|
|---|
