[63197] | 1 | /* $Id: VBoxAuthSimple.cpp 98103 2023-01-17 14:15:46Z vboxsync $ */
|
---|
[33185] | 2 | /** @file
|
---|
[63197] | 3 | * VirtualBox External Authentication Library - Simple Authentication.
|
---|
[33185] | 4 | */
|
---|
| 5 |
|
---|
| 6 | /*
|
---|
[98103] | 7 | * Copyright (C) 2006-2023 Oracle and/or its affiliates.
|
---|
[33185] | 8 | *
|
---|
[96407] | 9 | * This file is part of VirtualBox base platform packages, as
|
---|
| 10 | * available from https://www.virtualbox.org.
|
---|
| 11 | *
|
---|
| 12 | * This program is free software; you can redistribute it and/or
|
---|
| 13 | * modify it under the terms of the GNU General Public License
|
---|
| 14 | * as published by the Free Software Foundation, in version 3 of the
|
---|
| 15 | * License.
|
---|
| 16 | *
|
---|
| 17 | * This program is distributed in the hope that it will be useful, but
|
---|
| 18 | * WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
| 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
---|
| 20 | * General Public License for more details.
|
---|
| 21 | *
|
---|
| 22 | * You should have received a copy of the GNU General Public License
|
---|
| 23 | * along with this program; if not, see <https://www.gnu.org/licenses>.
|
---|
| 24 | *
|
---|
| 25 | * SPDX-License-Identifier: GPL-3.0-only
|
---|
[33185] | 26 | */
|
---|
| 27 |
|
---|
| 28 | #include <stdlib.h>
|
---|
| 29 | #include <stdio.h>
|
---|
| 30 | #include <string.h>
|
---|
| 31 |
|
---|
| 32 | #include <iprt/cdefs.h>
|
---|
| 33 | #include <iprt/uuid.h>
|
---|
[33228] | 34 | #include <iprt/sha.h>
|
---|
[33185] | 35 |
|
---|
[34563] | 36 | #include <VBox/VBoxAuth.h>
|
---|
[33185] | 37 |
|
---|
| 38 | #include <VBox/com/com.h>
|
---|
| 39 | #include <VBox/com/string.h>
|
---|
| 40 | #include <VBox/com/Guid.h>
|
---|
| 41 | #include <VBox/com/VirtualBox.h>
|
---|
| 42 |
|
---|
| 43 | using namespace com;
|
---|
| 44 |
|
---|
| 45 | /* If defined, debug messages will be written to the specified file. */
|
---|
[34563] | 46 | //#define AUTH_DEBUG_FILE_NAME "/tmp/VBoxAuth.log"
|
---|
[33185] | 47 |
|
---|
| 48 |
|
---|
[63197] | 49 | static void dprintf(const char *pszFormat, ...)
|
---|
[33185] | 50 | {
|
---|
[34563] | 51 | #ifdef AUTH_DEBUG_FILE_NAME
|
---|
| 52 | FILE *f = fopen(AUTH_DEBUG_FILE_NAME, "ab");
|
---|
[34558] | 53 | if (f)
|
---|
| 54 | {
|
---|
[63197] | 55 | va_list va;
|
---|
| 56 | va_start(va, pszFormat);
|
---|
| 57 | vfprintf(f, pszFormat, va);
|
---|
| 58 | va_end(va);
|
---|
[34558] | 59 | fclose(f);
|
---|
| 60 | }
|
---|
[63197] | 61 | #else
|
---|
| 62 | RT_NOREF(pszFormat);
|
---|
[33185] | 63 | #endif
|
---|
| 64 | }
|
---|
| 65 |
|
---|
| 66 | RT_C_DECLS_BEGIN
|
---|
[63197] | 67 | DECLEXPORT(FNAUTHENTRY3) AuthEntry;
|
---|
| 68 | RT_C_DECLS_END
|
---|
| 69 |
|
---|
| 70 | DECLEXPORT(AuthResult) AUTHCALL AuthEntry(const char *pszCaller,
|
---|
[34558] | 71 | PAUTHUUID pUuid,
|
---|
| 72 | AuthGuestJudgement guestJudgement,
|
---|
[63197] | 73 | const char *pszUser,
|
---|
| 74 | const char *pszPassword,
|
---|
| 75 | const char *pszDomain,
|
---|
[34558] | 76 | int fLogon,
|
---|
| 77 | unsigned clientId)
|
---|
[33185] | 78 | {
|
---|
[63197] | 79 | RT_NOREF(pszCaller, guestJudgement, pszDomain, clientId);
|
---|
| 80 |
|
---|
[33185] | 81 | /* default is failed */
|
---|
[34558] | 82 | AuthResult result = AuthResultAccessDenied;
|
---|
[33185] | 83 |
|
---|
| 84 | /* only interested in logon */
|
---|
| 85 | if (!fLogon)
|
---|
| 86 | /* return value ignored */
|
---|
| 87 | return result;
|
---|
| 88 |
|
---|
| 89 | char uuid[RTUUID_STR_LENGTH] = {0};
|
---|
| 90 | if (pUuid)
|
---|
| 91 | RTUuidToStr((PCRTUUID)pUuid, (char*)uuid, RTUUID_STR_LENGTH);
|
---|
| 92 |
|
---|
| 93 | /* the user might contain a domain name, split it */
|
---|
[63197] | 94 | const char *user = strchr(pszUser, '\\');
|
---|
[33185] | 95 | if (user)
|
---|
| 96 | user++;
|
---|
| 97 | else
|
---|
[63197] | 98 | user = (char*)pszUser;
|
---|
[33185] | 99 |
|
---|
[63197] | 100 | dprintf("VBoxAuth: uuid: %s, user: %s, pszPassword: %s\n", uuid, user, pszPassword);
|
---|
[33185] | 101 |
|
---|
[60063] | 102 | ComPtr<IVirtualBoxClient> virtualBoxClient;
|
---|
[33185] | 103 | ComPtr<IVirtualBox> virtualBox;
|
---|
| 104 | HRESULT rc;
|
---|
| 105 |
|
---|
[60063] | 106 | rc = virtualBoxClient.createInprocObject(CLSID_VirtualBoxClient);
|
---|
[33185] | 107 | if (SUCCEEDED(rc))
|
---|
[63197] | 108 | {
|
---|
[60063] | 109 | rc = virtualBoxClient->COMGETTER(VirtualBox)(virtualBox.asOutParam());
|
---|
[63197] | 110 | if (SUCCEEDED(rc))
|
---|
[33185] | 111 | {
|
---|
[63197] | 112 | Bstr key = BstrFmt("VBoxAuthSimple/users/%s", user);
|
---|
| 113 | Bstr password;
|
---|
[33185] | 114 |
|
---|
[63197] | 115 | /* lookup in VM's extra data? */
|
---|
| 116 | if (pUuid)
|
---|
| 117 | {
|
---|
| 118 | ComPtr<IMachine> machine;
|
---|
| 119 | virtualBox->FindMachine(Bstr(uuid).raw(), machine.asOutParam());
|
---|
| 120 | if (machine)
|
---|
| 121 | machine->GetExtraData(key.raw(), password.asOutParam());
|
---|
| 122 | }
|
---|
| 123 | else
|
---|
| 124 | /* lookup global extra data */
|
---|
| 125 | virtualBox->GetExtraData(key.raw(), password.asOutParam());
|
---|
[33294] | 126 |
|
---|
[63197] | 127 | if (!password.isEmpty())
|
---|
| 128 | {
|
---|
| 129 | /* calculate hash */
|
---|
| 130 | uint8_t abDigest[RTSHA256_HASH_SIZE];
|
---|
| 131 | RTSha256(pszPassword, strlen(pszPassword), abDigest);
|
---|
| 132 | char pszDigest[RTSHA256_DIGEST_LEN + 1];
|
---|
| 133 | RTSha256ToString(abDigest, pszDigest, sizeof(pszDigest));
|
---|
| 134 |
|
---|
| 135 | if (password == pszDigest)
|
---|
| 136 | result = AuthResultAccessGranted;
|
---|
| 137 | }
|
---|
[33185] | 138 | }
|
---|
[63197] | 139 | else
|
---|
| 140 | dprintf("VBoxAuth: failed to get VirtualBox object reference: %#x\n", rc);
|
---|
[33185] | 141 | }
|
---|
[60063] | 142 | else
|
---|
[63197] | 143 | dprintf("VBoxAuth: failed to get VirtualBoxClient object reference: %#x\n", rc);
|
---|
[33185] | 144 |
|
---|
| 145 | return result;
|
---|
| 146 | }
|
---|
| 147 |
|
---|