Opened 10 years ago

Closed 8 years ago

#12609 closed defect (worksforme)

Authentication by VBoxAuth always fails when process (e.g. vboxwebsrv) is running under non-root user.

Reported by: Youhei Sakurai Owned by:
Component: webservices Version: VirtualBox 4.3.6
Keywords: Cc:
Guest type: all Host type: Linux


I faced the authentication issue with vboxwebsrv only when I use non-root user to run it although sudoing to root doesn't reproduce the problem.

The root cause seems to be that vboxwebsrv by non-root user failed to read "/etc/pam.d/common-session" when trying to authenticate incoming session thru PAM. It's recorded in /var/log/auth.log on my Debian machine.

The workaround is something like running "usermod -G root vbox" by root user and I think this is not obvious defect onto VirtualBox but documentation should have some description at least - I hope I wouldn't miss it. :) In addition, returning 4xx status code with valid body would be better than 500 causing puzzled error in SDK.

My refferences:


vbox@WIX:~$ uname -a
Linux WIX 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
vbox@WIX:~$ dpkg -l|grep virtualbox-4
ii  virtualbox-4.3                     4.3.6-91406~Debian~wheezy     amd64        Oracle VM VirtualBox

How to run vboxwebsrv:

vbox@WIX:~$ vboxwebsrv -H -v -A VBoxAuth

How to authenticate via SOAP by python:

from vboxapi import VirtualBoxManager
wrapper=VirtualBoxManager("WEBSERVICE", {"user": "vbox", "password": "PASSWORD_OF_VBOX", "url": "http://IP_OF_SERVER:18083/"})

Error message on client:

init exception:  Element "faultstring" missing from complexType
[Element trace: /SOAP-ENV:Envelope/SOAP-ENV:Body/SOAP-ENV:Fault]
Traceback (most recent call last):
  File "vboxapi\", line 981, in __init__
    self.vbox = self.platform.getVirtualBox()
  File "vboxapi\", line 856, in getVirtualBox
    return self.connect(self.url, self.user, self.password)
  File "vboxapi\", line 910, in connect
    self.vbox = self.wsmgr.logon(self.user, self.password)
  File "vboxapi\", line 11795, in logon
  File "vboxapi\", line 9641, in IWebsessionManager_logon
    response = self.binding.Receive(IWebsessionManager_logonResultMsg.typecode)
  File "build\bdist.win32\egg\ZSI\", line 502, in Receive
    return _Binding.Receive(self, replytype, **kw)
  File "build\bdist.win32\egg\ZSI\", line 429, in Receive
    msg = FaultFromFaultMessage(
  File "build\bdist.win32\egg\ZSI\", line 253, in FaultFromFaultMessage
    pyobj = ps.Parse(FaultType.typecode)
  File "build\bdist.win32\egg\ZSI\", line 323, in Parse
    return how.parse(self.body_root, self)
  File "build\bdist.win32\egg\ZSI\", line 234, in parse
    '" missing from complexType', ps.Backtrace(elt))
EvaluateException: Element "faultstring" missing from complexType
[Element trace: /SOAP-ENV:Envelope/SOAP-ENV:Body/SOAP-ENV:Fault]

Wireshark's output:

67	20:02:23.934969000	IP_OF_CLIENT	IP_OF_SERVER	HTTP/XML	577	POST / HTTP/1.1
78	20:02:23.940770000	IP_OF_SERVER	IP_OF_CLIENT	HTTP/XML	662	HTTP/1.1 500 Internal Server Error 

Console output on server:

00:00:02.738663 SQW01    external authentication library is 'VBoxAuth'
00:00:02.741213 SQW01    authenticate(): result of AuthEntry(): 0
00:00:02.741455 SQW01    -- leaving __vbox__IWebsessionManager_USCORElogon, rc: 0x80004005

/var/log/auth.log on server:

Jan 14 20:27:50 WIX vboxwebsrv: PAM _pam_load_conf_file: unable to open /etc/pam.d/common-session
Jan 14 20:27:50 WIX vboxwebsrv: PAM error loading (null)
Jan 14 20:27:50 WIX vboxwebsrv: PAM _pam_init_handlers: error reading /etc/pam.d/login
Jan 14 20:27:50 WIX vboxwebsrv: PAM _pam_init_handlers: [Critical error - immediate abort]
Jan 14 20:27:50 WIX vboxwebsrv: PAM error reading PAM configuration file
Jan 14 20:27:50 WIX vboxwebsrv: PAM pam_start: failed to initialize handlers

Permission of /etc/pam.d/common-session:

vbox@WIX:~$ ls -l /etc/pam.d/common-session
-rw-r----- 1 root root 1187 Oct 17 20:44 /etc/pam.d/common-session

Change History (1)

comment:1 by Frank Mehnert, 8 years ago

Resolution: worksforme
Status: newclosed

On Debian 8:

$ ls -l /etc/pam.d/common-session
-rw-r--r-- 1 root root 1295 Feb 12 08:25 /etc/pam.d/common-session

Seems to be a problem with your Linux distribution.

Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use