VirtualBox

source: vbox/trunk/src/VBox/Main/include/ApplianceImplPrivate.h@ 106469

Last change on this file since 106469 was 106061, checked in by vboxsync, 4 months ago

Copyright year updates by scm.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 18.9 KB
Line 
1/* $Id: ApplianceImplPrivate.h 106061 2024-09-16 14:03:52Z vboxsync $ */
2/** @file
3 * VirtualBox Appliance private data definitions
4 */
5
6/*
7 * Copyright (C) 2006-2024 Oracle and/or its affiliates.
8 *
9 * This file is part of VirtualBox base platform packages, as
10 * available from https://www.virtualbox.org.
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation, in version 3 of the
15 * License.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <https://www.gnu.org/licenses>.
24 *
25 * SPDX-License-Identifier: GPL-3.0-only
26 */
27
28#ifndef MAIN_INCLUDED_ApplianceImplPrivate_h
29#define MAIN_INCLUDED_ApplianceImplPrivate_h
30#ifndef RT_WITHOUT_PRAGMA_ONCE
31# pragma once
32#endif
33
34
35class VirtualSystemDescription;
36
37#include "ovfreader.h"
38#include "SecretKeyStore.h"
39#include "ThreadTask.h"
40#include "CertificateImpl.h"
41#include <map>
42#include <vector>
43#include <iprt/manifest.h>
44#include <iprt/vfs.h>
45#include <iprt/crypto/x509.h>
46#include <iprt/crypto/pkcs7.h>
47
48////////////////////////////////////////////////////////////////////////////////
49//
50// Appliance data definition
51//
52////////////////////////////////////////////////////////////////////////////////
53
54namespace settings
55{
56 struct AttachedDevice;
57}
58
59typedef std::pair<Utf8Str, Utf8Str> STRPAIR;
60
61typedef std::vector<com::Guid> GUIDVEC;
62
63/* Describe a location for the import/export. The location could be a file on a
64 * local hard disk or a remote target based on the supported inet protocols. */
65struct LocationInfo
66{
67 LocationInfo()
68 : storageType(VFSType_File) {}
69 VFSType_T storageType; /* Which type of storage should be handled */
70 Utf8Str strProvider; /* cloud provider name in case of export/import to Cloud */
71 Utf8Str strPath; /* File path for the import/export */
72 Utf8Str strHostname; /* Hostname on remote storage locations (could be empty) */
73 Utf8Str strUsername; /* Username on remote storage locations (could be empty) */
74 Utf8Str strPassword; /* Password on remote storage locations (could be empty) */
75};
76
77/**
78 * opaque private instance data of Appliance class
79 */
80struct Appliance::Data
81{
82 enum digest_T {SHA1, SHA256};
83
84 Data()
85 : state(Appliance::ApplianceIdle)
86 , fDigestTypes(0)
87 , hOurManifest(NIL_RTMANIFEST)
88 , fManifest(true)
89 , fDeterminedDigestTypes(false)
90 , hTheirManifest(NIL_RTMANIFEST)
91 , hMemFileTheirManifest(NIL_RTVFSFILE)
92 , fSignerCertLoaded(false)
93 , fCertificateIsSelfSigned(false)
94 , fSignatureValid(false)
95 , fCertificateValid(false)
96 , fCertificateMissingPath(true)
97 , fCertificateValidTime(false)
98 , pbSignedDigest(NULL)
99 , cbSignedDigest(0)
100 , enmSignedDigestType(RTDIGESTTYPE_INVALID)
101 , fContentInfoLoaded(false)
102 , fContentInfoOkay(false)
103 , fContentInfoSameCert(false)
104 , fContentInfoValidSignature(false)
105 , fExportISOImages(false)
106 , pReader(NULL)
107 , ulWeightForXmlOperation(0)
108 , ulWeightForManifestOperation(0)
109 , ulTotalDisksMB(0)
110 , cDisks(0)
111 , m_cPwProvided(0)
112 {
113 RT_ZERO(SignerCert);
114 RT_ZERO(ContentInfo);
115 }
116
117 ~Data()
118 {
119 if (pReader)
120 {
121 delete pReader;
122 pReader = NULL;
123 }
124 resetReadData();
125 }
126
127 /**
128 * Resets data used by read.
129 */
130 void resetReadData(void)
131 {
132 strOvfManifestEntry.setNull();
133 if (hOurManifest != NIL_RTMANIFEST)
134 {
135 RTManifestRelease(hOurManifest);
136 hOurManifest = NIL_RTMANIFEST;
137 }
138 if (hTheirManifest != NIL_RTMANIFEST)
139 {
140 RTManifestRelease(hTheirManifest);
141 hTheirManifest = NIL_RTMANIFEST;
142 }
143 if (hMemFileTheirManifest)
144 {
145 RTVfsFileRelease(hMemFileTheirManifest);
146 hMemFileTheirManifest = NIL_RTVFSFILE;
147 }
148 if (pbSignedDigest)
149 {
150 RTMemFree(pbSignedDigest);
151 pbSignedDigest = NULL;
152 cbSignedDigest = 0;
153 }
154 if (fSignerCertLoaded)
155 {
156 RTCrX509Certificate_Delete(&SignerCert);
157 fSignerCertLoaded = false;
158 }
159 RT_ZERO(SignerCert);
160 enmSignedDigestType = RTDIGESTTYPE_INVALID;
161 fCertificateIsSelfSigned = false;
162 fSignatureValid = false;
163 fCertificateValid = false;
164 fCertificateMissingPath = true;
165 fCertificateValidTime = false;
166 fDeterminedDigestTypes = false;
167 fDigestTypes = RTMANIFEST_ATTR_SHA1 | RTMANIFEST_ATTR_SHA256 | RTMANIFEST_ATTR_SHA512;
168 ptrCertificateInfo.setNull();
169 strCertError.setNull();
170 if (fContentInfoLoaded)
171 {
172 RTCrPkcs7ContentInfo_Delete(&ContentInfo);
173 fContentInfoLoaded = false;
174 }
175 RT_ZERO(ContentInfo);
176 }
177
178 Appliance::ApplianceState state;
179
180 LocationInfo locInfo; // location info for the currently processed OVF
181 /** The digests types to calculate (RTMANIFEST_ATTR_XXX) for the manifest.
182 * This will be a single value when exporting. Zero, one or two. */
183 uint32_t fDigestTypes;
184 /** Manifest created while importing or exporting. */
185 RTMANIFEST hOurManifest;
186
187 /** @name Write data
188 * @{ */
189 bool fManifest; // Create a manifest file on export
190 /** @} */
191
192 /** @name Read data
193 * @{ */
194 /** The manifest entry name of the OVF-file. */
195 Utf8Str strOvfManifestEntry;
196
197 /** Set if we've parsed the manifest and determined the digest types. */
198 bool fDeterminedDigestTypes;
199
200 /** Manifest read in during read() and kept around for later verification. */
201 RTMANIFEST hTheirManifest;
202 /** Memorized copy of the manifest file for signature checking purposes. */
203 RTVFSFILE hMemFileTheirManifest;
204
205 /** The signer certificate from the signature file (.cert).
206 * This will be used in the future provide information about the signer via
207 * the API. */
208 RTCRX509CERTIFICATE SignerCert;
209 /** Set if the SignerCert member contains usable data. */
210 bool fSignerCertLoaded;
211 /** Cached RTCrX509Validity_IsValidAtTimeSpec result set by read(). */
212 bool fCertificateIsSelfSigned;
213 /** Set by read() if pbSignedDigest verified correctly against SignerCert. */
214 bool fSignatureValid;
215 /** Set by read() when the SignerCert checked out fine. */
216 bool fCertificateValid;
217 /** Set by read() when the SignerCert certificate path couldn't be built. */
218 bool fCertificateMissingPath;
219 /** Set by read() when the SignerCert (+path) is valid in the temporal sense. */
220 bool fCertificateValidTime;
221 /** For keeping certificate error messages we delay from read() to import(). */
222 Utf8Str strCertError;
223 /** The signed digest of the manifest. */
224 uint8_t *pbSignedDigest;
225 /** The size of the signed digest. */
226 size_t cbSignedDigest;
227 /** The digest type used to sign the manifest. */
228 RTDIGESTTYPE enmSignedDigestType;
229 /** The certificate info object. This is NULL if no signature and
230 * successfully loaded certificate. */
231 ComObjPtr<Certificate> ptrCertificateInfo;
232
233 /** The PKCS\#7/CMS signed data signing manifest, optional VBox extension.
234 * This contains at least one signature using the same certificate as above
235 * (SignerCert), but should preferrably use a different digest. The PKCS\#7/CMS
236 * format is a lot more versatile, allow multiple signatures using different
237 * digests and certificates, optionally with counter signed timestamps.
238 * Additional intermediate certificates can also be shipped, helping to bridge
239 * the gap to a trusted root certificate installed on the recieving system. */
240 RTCRPKCS7CONTENTINFO ContentInfo;
241 /** Set if the ContentInfo member contains usable data. */
242 bool fContentInfoLoaded;
243 /** Set by read() if the ContentInfo member checked out okay (says nothing about
244 * the signature or certificates within it). */
245 bool fContentInfoOkay;
246 /** Set by read() if the ContentInfo member is using the SignerCert too. */
247 bool fContentInfoSameCert;
248 /** Set by read() if the ContentInfo member contains valid signatures (not
249 * saying anything about valid signing certificates). */
250 bool fContentInfoValidSignature;
251 /** Set by read() if we've already verified the signed data signature(s). */
252 bool fContentInfoDoneVerification;
253
254 bool fContentInfoVerifiedOkay;
255 /** @} */
256
257 bool fExportISOImages;// when 1 the ISO images are exported
258
259 RTCList<ImportOptions_T> optListImport;
260 RTCList<ExportOptions_T> optListExport;
261
262 ovf::OVFReader *pReader;
263
264 std::list< ComObjPtr<VirtualSystemDescription> >
265 virtualSystemDescriptions;
266
267 std::list<Utf8Str> llWarnings;
268
269 ULONG ulWeightForXmlOperation;
270 ULONG ulWeightForManifestOperation;
271 ULONG ulTotalDisksMB;
272 ULONG cDisks;
273
274 std::list<Guid> llGuidsMachinesCreated;
275
276 /** Sequence of password identifiers to encrypt disk images during export. */
277 std::vector<com::Utf8Str> m_vecPasswordIdentifiers;
278 /** Map to get all medium identifiers assoicated with a given password identifier. */
279 std::map<com::Utf8Str, GUIDVEC> m_mapPwIdToMediumIds;
280 /** Secret key store used to hold the passwords during export. */
281 SecretKeyStore *m_pSecretKeyStore;
282 /** Number of passwords provided. */
283 uint32_t m_cPwProvided;
284};
285
286struct Appliance::XMLStack
287{
288 std::map<Utf8Str, const VirtualSystemDescriptionEntry*> mapDisks;
289 std::list<Utf8Str> mapDiskSequence;
290 std::list<Utf8Str> mapDiskSequenceForOneVM;//temporary keeps all disks attached to one exported VM
291 std::map<Utf8Str, bool> mapNetworks;
292};
293
294class Appliance::TaskOVF : public ThreadTask
295{
296public:
297 enum TaskType
298 {
299 Read,
300 Import,
301 Write
302 };
303
304 TaskOVF(Appliance *aThat,
305 TaskType aType,
306 LocationInfo aLocInfo,
307 ComObjPtr<Progress> &aProgress)
308 : ThreadTask("TaskOVF")
309 , pAppliance(aThat)
310 , taskType(aType)
311 , locInfo(aLocInfo)
312 , pProgress(aProgress)
313 , enFormat(ovf::OVFVersion_unknown)
314 , hrc(S_OK)
315 {
316 switch (taskType)
317 {
318 case TaskOVF::Read: m_strTaskName = "ApplRead"; break;
319 case TaskOVF::Import: m_strTaskName = "ApplImp"; break;
320 case TaskOVF::Write: m_strTaskName = "ApplWrit"; break;
321 default: m_strTaskName = "ApplTask"; break;
322 }
323 }
324
325 static DECLCALLBACK(int) updateProgress(unsigned uPercent, void *pvUser);
326
327 Appliance *pAppliance;
328 TaskType taskType;
329 const LocationInfo locInfo;
330 ComObjPtr<Progress> pProgress;
331
332 ovf::OVFVersion_T enFormat;
333
334 HRESULT hrc;
335
336 void handler()
337 {
338 Appliance::i_importOrExportThreadTask(this);
339 }
340};
341
342class Appliance::TaskOPC : public ThreadTask
343{
344public:
345 enum TaskType
346 {
347 Export
348 };
349
350 TaskOPC(Appliance *aThat,
351 TaskType aType,
352 LocationInfo aLocInfo,
353 ComObjPtr<Progress> &aProgress)
354 : ThreadTask("TaskOPC")
355 , pAppliance(aThat)
356 , taskType(aType)
357 , locInfo(aLocInfo)
358 , pProgress(aProgress)
359 , hrc(S_OK)
360 {
361 m_strTaskName = "OPCExpt";
362 }
363
364 ~TaskOPC()
365 {
366 }
367
368 static DECLCALLBACK(int) updateProgress(unsigned uPercent, void *pvUser);
369
370 Appliance *pAppliance;
371 TaskType taskType;
372 const LocationInfo locInfo;
373 ComObjPtr<Progress> pProgress;
374
375 HRESULT hrc;
376
377 void handler()
378 {
379 Appliance::i_exportOPCThreadTask(this);
380 }
381};
382
383
384class Appliance::TaskCloud : public ThreadTask
385{
386public:
387 enum TaskType
388 {
389 Export,
390 Import,
391 ReadData
392 };
393
394 TaskCloud(Appliance *aThat,
395 TaskType aType,
396 LocationInfo aLocInfo,
397 ComObjPtr<Progress> &aProgress)
398 : ThreadTask("TaskCloud")
399 , pAppliance(aThat)
400 , taskType(aType)
401 , locInfo(aLocInfo)
402 , pProgress(aProgress)
403 , hrc(S_OK)
404 {
405 switch (taskType)
406 {
407 case TaskCloud::Export: m_strTaskName = "CloudExpt"; break;
408 case TaskCloud::Import: m_strTaskName = "CloudImpt"; break;
409 case TaskCloud::ReadData: m_strTaskName = "CloudRead"; break;
410 default: m_strTaskName = "CloudTask"; break;
411 }
412 }
413
414 ~TaskCloud()
415 {
416 }
417
418 static DECLCALLBACK(int) updateProgress(unsigned uPercent, void *pvUser);
419
420 Appliance *pAppliance;
421 TaskType taskType;
422 const LocationInfo locInfo;
423 ComObjPtr<Progress> pProgress;
424
425 HRESULT hrc;
426
427 void handler()
428 {
429 Appliance::i_importOrExportCloudThreadTask(this);
430 }
431};
432
433struct MyHardDiskAttachment
434{
435 ComPtr<IMachine> pMachine;
436 Utf8Str controllerName;
437 int32_t lControllerPort; // 0-29 for SATA
438 int32_t lDevice; // IDE: 0 or 1, otherwise 0 always
439};
440
441/**
442 * Used by Appliance::importMachineGeneric() to store
443 * input parameters and rollback information.
444 */
445struct Appliance::ImportStack
446{
447 // input pointers
448 const LocationInfo &locInfo; // ptr to location info from Appliance::importFS()
449 Utf8Str strSourceDir; // directory where source files reside
450 const ovf::DiskImagesMap &mapDisks; // ptr to disks map in OVF
451 ComObjPtr<Progress> &pProgress; // progress object passed into Appliance::importFS()
452
453 // input parameters from VirtualSystemDescriptions
454 Utf8Str strNameVBox; // VM name
455 Utf8Str strSettingsFilename; // Absolute path to VM config file
456 Utf8Str strMachineFolder; // Absolute path to VM folder (derived from strSettingsFilename)
457 Utf8Str strOsTypeVBox; // VirtualBox guest OS type as string
458 Utf8Str strPrimaryGroup; // VM primary group as string
459 Utf8Str strDescription;
460 uint32_t cCPUs; // CPU count
461 bool fForceHWVirt; // if true, we force enabling hardware virtualization
462 bool fForceIOAPIC; // if true, we force enabling the IOAPIC
463 uint32_t ulMemorySizeMB; // virtual machine RAM in megabytes
464 Utf8Str strFirmwareType; //Firmware - BIOS or EFI
465#ifdef VBOX_WITH_USB
466 bool fUSBEnabled;
467#endif
468 Utf8Str strAudioAdapter; // if not empty, then the guest has audio enabled, and this is the decimal
469 // representation of the audio adapter (should always be "0" for AC97 presently)
470
471 // session (not initially created)
472 ComPtr<ISession> pSession; // session opened in Appliance::importFS() for machine manipulation
473 bool fSessionOpen; // true if the pSession is currently open and needs closing
474
475 /** @name File access related stuff (TAR stream)
476 * @{ */
477 /** OVA file system stream handle. NIL if not OVA. */
478 RTVFSFSSTREAM hVfsFssOva;
479 /** OVA lookahead I/O stream object. */
480 RTVFSIOSTREAM hVfsIosOvaLookAhead;
481 /** OVA lookahead I/O stream object name. */
482 char *pszOvaLookAheadName;
483 /** @} */
484
485 // a list of images that we created/imported; this is initially empty
486 // and will be cleaned up on errors
487 std::list<MyHardDiskAttachment> llHardDiskAttachments; // disks that were attached
488 std::map<Utf8Str, Utf8Str> mapNewUUIDsToOriginalUUIDs;
489
490 ImportStack(const LocationInfo &aLocInfo,
491 const ovf::DiskImagesMap &aMapDisks,
492 ComObjPtr<Progress> &aProgress,
493 RTVFSFSSTREAM aVfsFssOva)
494 : locInfo(aLocInfo),
495 mapDisks(aMapDisks),
496 pProgress(aProgress),
497 cCPUs(1),
498 fForceHWVirt(false),
499 fForceIOAPIC(false),
500 ulMemorySizeMB(0),
501 fSessionOpen(false),
502 hVfsFssOva(aVfsFssOva),
503 hVfsIosOvaLookAhead(NIL_RTVFSIOSTREAM),
504 pszOvaLookAheadName(NULL)
505 {
506 if (hVfsFssOva != NIL_RTVFSFSSTREAM)
507 RTVfsFsStrmRetain(hVfsFssOva);
508
509 // disk images have to be on the same place as the OVF file. So
510 // strip the filename out of the full file path
511 strSourceDir = aLocInfo.strPath;
512 strSourceDir.stripFilename();
513 }
514
515 ~ImportStack()
516 {
517 if (hVfsFssOva != NIL_RTVFSFSSTREAM)
518 {
519 RTVfsFsStrmRelease(hVfsFssOva);
520 hVfsFssOva = NIL_RTVFSFSSTREAM;
521 }
522 if (hVfsIosOvaLookAhead != NIL_RTVFSIOSTREAM)
523 {
524 RTVfsIoStrmRelease(hVfsIosOvaLookAhead);
525 hVfsIosOvaLookAhead = NIL_RTVFSIOSTREAM;
526 }
527 if (pszOvaLookAheadName)
528 {
529 RTStrFree(pszOvaLookAheadName);
530 pszOvaLookAheadName = NULL;
531 }
532 }
533
534 HRESULT restoreOriginalUUIDOfAttachedDevice(settings::MachineConfigFile *config);
535 HRESULT saveOriginalUUIDOfAttachedDevice(settings::AttachedDevice &device, const Utf8Str &newlyUuid);
536 RTVFSIOSTREAM claimOvaLookAHead(void);
537};
538
539////////////////////////////////////////////////////////////////////////////////
540//
541// VirtualSystemDescription data definition
542//
543////////////////////////////////////////////////////////////////////////////////
544
545struct VirtualSystemDescription::Data
546{
547 /** item descriptions */
548 std::vector<VirtualSystemDescriptionEntry> maDescriptions;
549
550 /** VirtualBox machine this description was exported from (export only) */
551 ComPtr<Machine> pMachine;
552
553 /** machine config created from <vbox:Machine> element if found (import only) */
554 settings::MachineConfigFile *pConfig;
555};
556
557////////////////////////////////////////////////////////////////////////////////
558//
559// Internal helpers
560//
561////////////////////////////////////////////////////////////////////////////////
562
563void convertCIMOSType2VBoxOSType(Utf8Str &strType, ovf::CIMOSType_T c, const Utf8Str &cStr);
564
565ovf::CIMOSType_T convertVBoxOSType2CIMOSType(const char *pcszVBox, BOOL fLongMode);
566
567Utf8Str convertNetworkAttachmentTypeToString(NetworkAttachmentType_T type);
568
569
570#endif /* !MAIN_INCLUDED_ApplianceImplPrivate_h */
571
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette