Changeset 102398 in vbox

Timestamp:

Nov 30, 2023 2:03:14 PM (12 months ago)

Author:

vboxsync

Message:

Main/Unattended: Removed the more flexible solution of being able to shasum/shacrypt every variable upon request. Now only the USER_PASSWORD + ROOT_PASSWORD variables can be shacrypted via hardcoded USER_PASSWORD_SHACRYPT512 + ROOT_PASSWORD_SHACRYPT512. bugref:10551

File:

• trunk/src/VBox/Main/src-server/UnattendedScript.cpp (modified) (5 diffs)

trunk/src/VBox/Main/src-server/UnattendedScript.cpp

@@ -647 +647 @@
 {
 #define IS_MATCH(a_szMatch) \
-        (cchNameWithoutSuffix == sizeof(a_szMatch) - 1U && memcmp(pchName, a_szMatch, sizeof(a_szMatch) - 1U) == 0)
-#define ENDS_WITH(a_szMatch) \
-        (   cchName \
-         && cchName >= sizeof(a_szMatch) - 1U \
-         && memcmp(&pchName[cchName - (sizeof(a_szMatch) - 1U)], a_szMatch, sizeof(a_szMatch) - 1U) == 0)
-#define CALCULATE_SUFFIX_LEN_IF_ENDS_WITH(a_szSuff) \
-        if (ENDS_WITH(a_szSuff)) \
-            cchNameWithoutSuffix = cchName - (sizeof(a_szSuff) - 1U);
-#define HASH_AND_ASSIGN(a_abData, a_cbData, a_fnHash, a_cbHashSize) \
-        do { \
-            uint8_t abHash[a_cbHashSize]; \
-            a_fnHash(a_abData, a_cbData, abHash); \
-            char    szDigest[a_cbHashSize * 4]; \
-            a_fnHash##ToString(abHash, szDigest, sizeof(szDigest)); \
-            pszValue = rstrTmp.assign(szDigest, strlen(szDigest)).c_str(); \
-        } while (0)
+        (cchName == sizeof(a_szMatch) - 1U && memcmp(pchName, a_szMatch, sizeof(a_szMatch) - 1U) == 0)
 /** Uses the RTCrShaCrypt APIs to hash and crypt data. Uses a randomized salt + (recommended) default rounds. */
 #define SHACRYPT_AND_ASSIGN(a_szKey, a_fnHashAndCrypt, a_cbHashSize) \
@@ -685 +670 @@
 
     /*
-     * Calculate the variable name length w/o any suffixes we want to handle down below.
-     */
-    size_t cchNameWithoutSuffix = cchName;
-    CALCULATE_SUFFIX_LEN_IF_ENDS_WITH("_SHACRYPT512");
-    CALCULATE_SUFFIX_LEN_IF_ENDS_WITH("_SHACRYPT256");
-    CALCULATE_SUFFIX_LEN_IF_ENDS_WITH("_SHA512");
-    CALCULATE_SUFFIX_LEN_IF_ENDS_WITH("_SHA256");
-    CALCULATE_SUFFIX_LEN_IF_ENDS_WITH("_SHA1");
-    CALCULATE_SUFFIX_LEN_IF_ENDS_WITH("_MD5");
-
-    /*
      * Variables
      */
@@ -702 +676 @@
     else if (IS_MATCH("USER_PASSWORD"))
         pszValue = mpUnattended->i_getPassword().c_str();
+    else if (IS_MATCH("USER_PASSWORD_SHACRYPT512"))
+        SHACRYPT_AND_ASSIGN(mpUnattended->i_getPassword().c_str(), RTCrShaCrypt512, RTSHA512_HASH_SIZE);
     else if (IS_MATCH("ROOT_PASSWORD"))
         pszValue = mpUnattended->i_getPassword().c_str();
+    else if (IS_MATCH("ROOT_PASSWORD_SHACRYPT512"))
+        SHACRYPT_AND_ASSIGN(mpUnattended->i_getPassword().c_str(), RTCrShaCrypt512, RTSHA512_HASH_SIZE);
     else if (IS_MATCH("USER_FULL_NAME"))
         pszValue = mpUnattended->i_getFullUserName().c_str();
@@ -803 +781 @@
     else if (IS_MATCH("HAS_PROXY"))
         pszValue = mpUnattended->i_getProxy().isNotEmpty() ? "1" : "0";
-
-    /*
-     * Hash output, if needed.
-     *
-     * Keep them ordered, strongest first (most likely nowadays).
-     * Add more here once we need them.
-     */
-    if (pszValue)
-    {
-        /*
-         * SHAcrypt stuff.
-         */
-        if (ENDS_WITH("_SHACRYPT512"))
-            SHACRYPT_AND_ASSIGN(pszValue, RTCrShaCrypt512, RTSHA512_HASH_SIZE);
-        else if (ENDS_WITH("_SHACRYPT256"))
-            SHACRYPT_AND_ASSIGN(pszValue, RTCrShaCrypt256, RTSHA256_HASH_SIZE);
-        /*
-         * Regular hashing.
-         */
-        else if (ENDS_WITH("_SHA512"))
-            HASH_AND_ASSIGN(pszValue, strlen(pszValue), RTSha512, RTSHA512_HASH_SIZE);
-        else if (ENDS_WITH("_SHA256"))
-            HASH_AND_ASSIGN(pszValue, strlen(pszValue), RTSha256, RTSHA256_HASH_SIZE);
-        else if (ENDS_WITH("_SHA1"))
-            HASH_AND_ASSIGN(pszValue, strlen(pszValue), RTSha1, RTSHA1_HASH_SIZE);
-        else if (ENDS_WITH("_MD5"))
-            HASH_AND_ASSIGN(pszValue, strlen(pszValue), RTMd5, RTMD5_HASH_SIZE);
-    }
     /*
      * Unknown variable.
@@ -843 +793 @@
     if (ppszValue)
         *ppszValue = pszValue;
-
-#undef HASH_AND_ASSIGN
-#undef CALCULATE_SUFFIX_LEN_IF_ENDS_WITH
-#undef ENDS_WITH
-#undef IS_MATCH
-
     return VINF_SUCCESS;
 }