VBoxService

Timestamp:

Jan 3, 2024 5:24:32 PM (14 months ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

160930

Message:

Guest Properties/VBoxService: Deal with long(er) user name / domain name combinations on Windows guests. See comments for details. bugref:10575

Location:

trunk/src/VBox/Additions/common/VBoxService

Files:

: 4 edited

VBoxServicePropCache.cpp (modified) (4 diffs)
VBoxServiceVMInfo-win.cpp (modified) (5 diffs)
VBoxServiceVMInfo.cpp (modified) (6 diffs)
VBoxServiceVMInfo.h (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/VBox/Additions/common/VBoxService/VBoxServicePropCache.cpp

-              r98103
+              r102753
 #include <VBox/VBoxGuestLib.h>
+#include <VBox/HostServices/GuestPropertySvc.h> /* For GUEST_PROP_MAX_VALUE_LEN */
 #include "VBoxServiceInternal.h"
 #include "VBoxServiceUtils.h"
 …
+ *
  * @returns VBox status code.
+ *
+ * @retval  VERR_BUFFER_OVERFLOW if the property name or value exceeds the limit.
  * @param   pCache          The property cache.
  * @param   pszName         The property name.
 …
     Assert(pCache->uClientID);
+    if (RTStrNLen(pszName, GUEST_PROP_MAX_NAME_LEN) > GUEST_PROP_MAX_NAME_LEN - 1 /* Terminator */)
+        return VERR_BUFFER_OVERFLOW;
     /*
 …
         if (!pszValue)
             return VERR_NO_STR_MEMORY;
+        if (RTStrNLen(pszValue, GUEST_PROP_MAX_VALUE_LEN) > GUEST_PROP_MAX_VALUE_LEN - 1 /* Terminator */)
+        {
+            RTStrFree(pszValue);
+            return VERR_BUFFER_OVERFLOW;
+        }
+    }

trunk/src/VBox/Additions/common/VBoxService/VBoxServiceVMInfo-win.cpp

-              r99828
+              r102753
 #include <wtsapi32.h>        /* For WTS* calls. */
 #include <psapi.h>           /* EnumProcesses. */
+#include <sddl.h>            /* For ConvertSidToStringSidW. */
 #include <Ntsecapi.h>        /* Needed for process security information. */
 …
+/**
+ * Destroys an allocated SID.
+ *
+ * @param   pSid                SID to dsetroy. The pointer will be invalid on return.
+ */
+static void vgsvcVMInfoWinUserSidDestroy(PSID pSid)
+{
+    RTMemFree(pSid);
+    pSid = NULL;
+}
+/**
+ * Looks up and returns a SID for a given user.
+ *
+ * @returns VBox status code.
+ * @param   pszUser             User to look up a SID for.
+ * @param   ppSid               Where to return the allocated SID.
+ *                              Must be destroyed with vgsvcVMInfoWinUserSidDestroy().
+ */
+static int vgsvcVMInfoWinUserSidLookup(const char *pszUser, PSID *ppSid)
+{
+    RTUTF16 *pwszUser = NULL;
+    size_t cwUser = 0;
+    int rc = RTStrToUtf16Ex(pszUser, RTSTR_MAX, &pwszUser, 0, &cwUser);
+    AssertRCReturn(rc, rc);
+    PSID pSid = NULL;
+    DWORD cbSid = 0;
+    DWORD cbDomain = 0;
+    SID_NAME_USE enmSidUse = SidTypeUser;
+    if (!LookupAccountNameW(NULL, pwszUser, pSid, &cbSid, NULL, &cbDomain, &enmSidUse))
+    {
+        DWORD const dwErr = GetLastError();
+        if (dwErr == ERROR_INSUFFICIENT_BUFFER)
+        {
+            pSid = (PSID)RTMemAllocZ(cbSid);
+            if (pSid)
+            {
+                PRTUTF16 pwszDomain = (PRTUTF16)RTMemAllocZ(cbDomain * sizeof(RTUTF16));
+                if (pwszDomain)
+                {
+                    if (LookupAccountNameW(NULL, pwszUser, pSid, &cbSid, pwszDomain, &cbDomain, &enmSidUse))
+                    {
+                        if (IsValidSid(pSid))
+                            *ppSid = pSid;
+                        else
+                            rc = VERR_INVALID_PARAMETER;
+                    }
+                    else
+                        rc = RTErrConvertFromWin32(GetLastError());
+                }
+                else
+                    rc = VERR_NO_MEMORY;
+            }
+            else
+                rc = VERR_NO_MEMORY;
+        }
+        else
+            rc = RTErrConvertFromWin32(dwErr);
+    }
+    else
+        rc = RTErrConvertFromWin32(GetLastError());
+    if (RT_FAILURE(rc))
+        vgsvcVMInfoWinUserSidDestroy(pSid);
+    return rc;
+}
+/**
+ * Fallback function in case writing the user name failed within vgsvcVMInfoWinUserUpdateF().
+ *
+ * This uses the following approach:
+ *   - only use the user name as part of the property name from now on
+ *   - write the domain name into a separate "Domain" property
+ *   - write the (full) SID into a  separate "SID" property
+ *
+ * @returns VBox status code.
+ * @retval  VERR_BUFFER_OVERFLOW if the final property name length exceeds the maximum supported length.
+ * @param   pCache                  Pointer to guest property cache to update user in.
+ * @param   pszUser                 Name of guest user to update.
+ * @param   pszDomain               Domain of guest user to update. Optional.
+ * @param   pszKey                  Key name of guest property to update.
+ * @param   pszValueFormat          Guest property value to set. Pass NULL for deleting
+ *                                  the property.
+ * @param   va                      Variable arguments.
+ */
+int vgsvcVMInfoWinUserUpdateFallbackV(PVBOXSERVICEVEPROPCACHE pCache, const char *pszUser, const char *pszDomain,
+                                      WCHAR *pwszSid, const char *pszKey, const char *pszValueFormat, va_list va)
+{
+    int rc = VGSvcUserUpdateF(pCache, pszUser, NULL /* pszDomain */, "Domain", pszDomain);
+    if (RT_SUCCESS(rc))
+        rc = VGSvcUserUpdateF(pCache, pszUser, NULL /* pszDomain */, "SID", "%ls", pwszSid);
+    /* Last but no least, write the actual guest property value we initially were called for.
+     * We always do this, no matter of what the outcome from above was. */
+    int rc2 = VGSvcUserUpdateV(pCache, pszUser, NULL /* pszDomain */, pszKey, pszValueFormat, va);
+    if (RT_SUCCESS(rc))
+        rc2 = rc;
+    return rc;
+}
+/**
+ * Wrapper function for VGSvcUserUpdateF() that deals with too long guest property names.
+ *
+ * @return  VBox status code.
+ * @retval  VERR_BUFFER_OVERFLOW if the final property name length exceeds the maximum supported length.
+ * @param   pCache                  Pointer to guest property cache to update user in.
+ * @param   pszUser                 Name of guest user to update.
+ * @param   pszDomain               Domain of guest user to update. Optional.
+ * @param   pszKey                  Key name of guest property to update.
+ * @param   pszValueFormat          Guest property value to set. Pass NULL for deleting
+ *                                  the property.
+ * @param   ...                     Variable arguments.
+ */
+int vgsvcVMInfoWinUserUpdateF(PVBOXSERVICEVEPROPCACHE pCache, const char *pszUser, const char *pszDomain,
+                              const char *pszKey, const char *pszValueFormat, ...)
+{
+    va_list va;
+    va_start(va, pszValueFormat);
+    /* First, try to write stuff as we always did, to not break older VBox versions. */
+    int rc = VGSvcUserUpdateV(pCache, pszUser, pszDomain, pszKey, pszValueFormat, va);
+    if (rc == VERR_BUFFER_OVERFLOW)
+    {
+        /**
+         * If the constructed property name was too long, we have to be a little more creative here:
+         *
+         *   - only use the user name as part of the property name from now on
+         *   - write the domain name into a separate "Domain" property
+         *   - write the (full) SID into a  separate "SID" property
+         */
+        PSID pSid;
+        rc = vgsvcVMInfoWinUserSidLookup(pszUser, &pSid); /** @todo Shall we cache this? */
+        if (RT_SUCCESS(rc))
+        {
+            WCHAR *pwszSid;
+            if (ConvertSidToStringSidW(pSid, &pwszSid)) /** @todo Ditto. */
+            {
+                rc = vgsvcVMInfoWinUserUpdateFallbackV(pCache, pszUser, pszDomain, pwszSid, pszKey, pszValueFormat, va);
+                if (RT_FAILURE(rc))
+                {
+                    /**
+                     * If using the sole user name as a property name still is too long or something else failed,
+                     * at least try to look up the user's RID (relative identifier). Note that the RID always is bound to the
+                     * to the authority that issued the SID.
+                     */
+                    int const cSubAuth = *GetSidSubAuthorityCount(pSid);
+                    if (cSubAuth > 1)
+                    {
+                        DWORD const dwUserRid = *GetSidSubAuthority(pSid, cSubAuth - 1);
+                        char  szUserRid[16 + 1];
+                        if (RTStrPrintf2(szUserRid, sizeof(szUserRid), "%ld", dwUserRid) > 0)
+                            rc = vgsvcVMInfoWinUserUpdateFallbackV(pCache, szUserRid, pszDomain, pwszSid, pszKey,
+                                                                   pszValueFormat, va);
+                        else
+                            rc = VERR_BUFFER_OVERFLOW;
+                    }
+                    /* else not much else we can do then. */
+                }
+                LocalFree(pwszSid);
+                pwszSid = NULL;
+            }
+            else
+                rc = RTErrConvertFromWin32(GetLastError());
+            vgsvcVMInfoWinUserSidDestroy(pSid);
+        }
+        else
+            VGSvcError("Looking up SID for user '%s' (domain '%s') failed with %Rrc\n", pszUser, pszDomain, rc);
+    }
+    va_end(va);
+    return rc;
+}
 static int vgsvcVMInfoWinWriteLastInput(PVBOXSERVICEVEPROPCACHE pCache, const char *pszUser, const char *pszDomain)
+{
 …
                               : VBoxGuestUserState_Idle;
+                    rc = VGSvcUserUpdateF(pCache, pszUser, pszDomain, "UsageState",
+                                          userState == VBoxGuestUserState_InUse ? "InUse" : "Idle");
+                    rc = vgsvcVMInfoWinUserUpdateF(pCache, pszUser, pszDomain, "UsageState",
+                                                   userState == VBoxGuestUserState_InUse ? "InUse" : "Idle");
                     /*
                      * Note: vboxServiceUserUpdateF can return VINF_NO_CHANGE in case there wasn't anything
 …
                         /* Also write the user's current idle time, if there is any. */
                         if (userState == VBoxGuestUserState_Idle)
+                            rc = vgsvcUserUpdateF(pCache, pszUser, pszDomain, "IdleTimeMs", "%RU32", ipcReply.cSecSinceLastInput);
+                            rc = vgsvcVMInfoWinUserUpdateF(pCache, pszUser, pszDomain, "IdleTimeMs", "%RU32",
+                                                           ipcReply.cSecSinceLastInput);
                         else
                             rc = vgsvcUserUpdateF(pCache, pszUser, pszDomain, "IdleTimeMs", NULL /* Delete property */);
+                            rc = vgsvcVMInfoWinUserUpdateF(pCache, pszUser, pszDomain, "IdleTimeMs",
+                                                           NULL /* Delete property */);
                         if (RT_SUCCESS(rc))
 #endif
 …
                     /* Overwrite rc from above. */
                     rc = VGSvcUserUpdateF(pCache, pszUser, pszDomain, "UsageState", "Idle");
+                    rc = vgsvcVMInfoWinUserUpdateF(pCache, pszUser, pszDomain, "UsageState", "Idle");
                     fReportToHost = rc == VINF_SUCCESS;

trunk/src/VBox/Additions/common/VBoxService/VBoxServiceVMInfo.cpp

-              r102716
+              r102753
 #include <VBox/version.h>
 #include <VBox/VBoxGuestLib.h>
+#include <VBox/HostServices/GuestPropertySvc.h> /* For GUEST_PROP_MAX_VALUE_LEN */
 #include "VBoxServiceInternal.h"
 #include "VBoxServiceUtils.h"
 …
 static const char              *g_pszPropCacheValNetCount = "/VirtualBox/GuestInfo/Net/Count";
 /** A guest user's guest property root key. */
 static const char              *g_pszPropCacheValUser = "/VirtualBox/GuestInfo/User/";
+static const char              *g_pszPropCacheKeyUser = "/VirtualBox/GuestInfo/User";
 /** The VM session ID. Changes whenever the VM is restored or reset. */
 static uint64_t                 g_idVMInfoSession;
 …
  * Updates a per-guest user guest property inside the given property cache.
+ *
+ * @return  IPRT status code.
+ * @return  VBox status code.
+ * @retval  VERR_BUFFER_OVERFLOW if the final property name length exceeds the maximum supported length.
  * @param   pCache                  Pointer to guest property cache to update user in.
  * @param   pszUser                 Name of guest user to update.
 …
     /* pszValueFormat is optional. */
+    /** Historically we limit guest property names to 64 characters (see GUEST_PROP_MAX_NAME_LEN, including terminator).
+     *  So we need to make sure the stuff we want to write as a value fits into that space. See bugref{10575}. */
+    /* Try to write things the legacy way first. */
+    char szName[GUEST_PROP_MAX_NAME_LEN];
+    AssertCompile(GUEST_PROP_MAX_NAME_LEN == 64); /* Can we improve stuff once we (ever) raise this limit? */
+    ssize_t const cchVal = pszDomain
+                         ? RTStrPrintf2(szName, sizeof(szName), "%s/%s@%s/%s", g_pszPropCacheKeyUser, pszUser, pszDomain, pszKey)
+                         : RTStrPrintf2(szName, sizeof(szName), "%s/%s/%s",    g_pszPropCacheKeyUser, pszUser, pszKey);
+    /* Did we exceed the length limit? Tell the caller to try again with some more sane values. */
+    if (cchVal < 0)
+        return VERR_BUFFER_OVERFLOW;
     int rc = VINF_SUCCESS;
-    /** @todo r=bird: This is just asking for trouble with long names, esp. when
-     * domain names are included.  The max property name limit is 64 characters,
-     * so it is really easy to run into the limit here. E.g.
-     *      "/VirtualBox/GuestInfo/User/Administrator@DGV-W10X64-TEST/UsageState"
-     * is too long and will be rejected by the host servce (assert in strict builds)
-     * as Dmitrii just observed.
+     *
-     * A slightly more managable design here would've been to use the user ID rather
-     * than the user name. Not sure how this would work for domains, though, these
-     * can probably be pretty long as well. Any numeric/fixed-sized IDs for domains?
-     * Since these mistakes have been made already, perhaps use the UID as a
-     * fallback?
+     *
-     * Also, since we're working a max length limit here, WTF do we use
-     * RTStrAPrintf?  We could use a fixed buffer size and RTStrPrintf2 and detect
-     * the problem here before we even get to the host side.
-     */
-    char *pszName;
-    if (pszDomain)
+    {
-        if (RTStrAPrintf(&pszName, "%s%s@%s/%s", g_pszPropCacheValUser, pszUser, pszDomain, pszKey) < 0)
-            rc = VERR_NO_MEMORY;
+    }
-    else
+    {
-        if (RTStrAPrintf(&pszName, "%s%s/%s", g_pszPropCacheValUser, pszUser, pszKey) < 0)
-            rc = VERR_NO_MEMORY;
+    }
     char *pszValue = NULL;
+    if (   RT_SUCCESS(rc)
+        && pszValueFormat)
+    if (pszValueFormat)
+    {
         va_list va;
 …
     if (RT_SUCCESS(rc))
         rc = VGSvcPropCacheUpdate(pCache, pszName, pszValue);
+        rc = VGSvcPropCacheUpdate(pCache, szName, pszValue);
     if (rc == VINF_SUCCESS) /* VGSvcPropCacheUpdate will also return VINF_NO_CHANGE. */
+    {
         /** @todo Combine updating flags w/ updating the actual value. */
         rc = VGSvcPropCacheUpdateEntry(pCache, pszName,
+        rc = VGSvcPropCacheUpdateEntry(pCache, szName,
                                        VGSVCPROPCACHE_FLAGS_TEMPORARY | VGSVCPROPCACHE_FLAGS_TRANSIENT,
                                        NULL /* Delete on exit */);
 …
     RTStrFree(pszValue);
+    RTStrFree(pszName);
+    return rc;
+}
+/**
+ * Updates a per-guest user guest property inside the given property cache.
+ *
+ * @return  VBox status code.
+ * @retval  VERR_BUFFER_OVERFLOW if the final property name length exceeds the maximum supported length.
+ * @param   pCache                  Pointer to guest property cache to update user in.
+ * @param   pszUser                 Name of guest user to update.
+ * @param   pszDomain               Domain of guest user to update. Optional.
+ * @param   pszKey                  Key name of guest property to update.
+ * @param   pszFormat               Format string to set. Pass NULL for deleting the property.
+ * @param   va                      Format arguments.
+ */
+int VGSvcUserUpdateV(PVBOXSERVICEVEPROPCACHE pCache, const char *pszUser, const char *pszDomain,
+                     const char *pszKey, const char *pszFormat, va_list va)
+{
+    char *psz = NULL;
+    if (pszFormat) /* Might be NULL to delete a property. */
+    {
+        if (RTStrAPrintfV(&psz, pszFormat, va) < 0)
+            return VERR_NO_MEMORY;
+    }
+    int const rc = VGSvcUserUpdateF(pCache, pszUser, pszDomain, pszKey, psz);
+    RTStrFree(psz);
     return rc;
+}

trunk/src/VBox/Additions/common/VBoxService/VBoxServiceVMInfo.h

-              r98103
+              r102753
 extern int VGSvcUserUpdateF(PVBOXSERVICEVEPROPCACHE pCache, const char *pszUser, const char *pszDomain,
                             const char *pszKey, const char *pszValueFormat, ...);
+extern int VGSvcUserUpdateV(PVBOXSERVICEVEPROPCACHE pCache, const char *pszUser, const char *pszDomain,
+                            const char *pszKey, const char *pszFormat, va_list va);
+extern int vgsvcVMInfoWinUserUpdateF(PVBOXSERVICEVEPROPCACHE pCache, const char *pszUser, const char *pszDomain,
+                                     const char *pszKey, const char *pszValueFormat, ...);
 extern uint32_t g_uVMInfoUserIdleThresholdMS;

Note: See TracChangeset for help on using the changeset viewer.