Changeset 34558 in vbox

Timestamp:

Dec 1, 2010 10:56:44 AM (14 years ago)

Author:

vboxsync

Message:

Updated VBox authentication library interface, removed references to VRDP.

Location:

trunk

Files:

• include/VBox/VRDPAuth.h (modified) (6 diffs)
• src/VBox/HostServices/auth/Makefile.kmk (modified) (2 diffs)
• src/VBox/HostServices/auth/directoryservice/directoryservice.cpp (modified) (3 diffs)
• src/VBox/HostServices/auth/pam/VBoxAuthPAM.c (modified) (13 diffs)
• src/VBox/HostServices/auth/simple/VBoxAuthSimple.cpp (modified) (4 diffs)
• src/VBox/HostServices/auth/winlogon/winlogon.cpp (modified) (6 diffs)
• src/VBox/Main/ConsoleImpl.cpp (modified) (11 diffs)
• src/VBox/Main/ConsoleVRDPServer.cpp (modified) (8 diffs)
• src/VBox/Main/include/ConsoleVRDPServer.h (modified) (2 diffs)
• src/VBox/Main/webservice/vboxweb.cpp (modified) (4 diffs)

trunk/include/VBox/VRDPAuth.h

@@ -1 +1 @@
 /** @file
- * VBox Remote Desktop Protocol - External Authentication Library Interface.
- * (VRDP)
+ * VirtualBox External Authentication Library Interface.
  */
 
 /*
- * Copyright (C) 2006-2007 Oracle Corporation
+ * Copyright (C) 2006-2010 Oracle Corporation
  *
  * This file is part of VirtualBox Open Source Edition (OSE), as
@@ -29 +28 @@
 
 /* The following 2 enums are 32 bits values.*/
-typedef enum _VRDPAuthResult
+typedef enum AuthResult
 {
-    VRDPAuthAccessDenied    = 0,
-    VRDPAuthAccessGranted   = 1,
-    VRDPAuthDelegateToGuest = 2,
-    VRDPAuthSizeHack        = 0x7fffffff
-} VRDPAuthResult;
+    AuthResultAccessDenied    = 0,
+    AuthResultAccessGranted   = 1,
+    AuthResultDelegateToGuest = 2,
+    AuthResultSizeHack        = 0x7fffffff
+} AuthResult;
 
-typedef enum _VRDPAuthGuestJudgement
+typedef enum AuthGuestJudgement
 {
-    VRDPAuthGuestNotAsked      = 0,
-    VRDPAuthGuestAccessDenied  = 1,
-    VRDPAuthGuestNoJudgement   = 2,
-    VRDPAuthGuestAccessGranted = 3,
-    VRDPAuthGuestNotReacted    = 4,
-    VRDPAuthGuestSizeHack      = 0x7fffffff
-} VRDPAuthGuestJudgement;
+    AuthGuestNotAsked      = 0,
+    AuthGuestAccessDenied  = 1,
+    AuthGuestNoJudgement   = 2,
+    AuthGuestAccessGranted = 3,
+    AuthGuestNotReacted    = 4,
+    AuthGuestSizeHack      = 0x7fffffff
+} AuthGuestJudgement;
 
 /* UUID memory representation. Array of 16 bytes. */
-typedef unsigned char VRDPAUTHUUID[16];
-typedef VRDPAUTHUUID *PVRDPAUTHUUID;
+typedef unsigned char AUTHUUID[16];
+typedef AUTHUUID *PAUTHUUID;
 /*
 Note: VirtualBox uses a consistent binary representation of UUIDs on all platforms. For this reason
@@ -65 +64 @@
 /* The library entry point calling convention. */
 #ifdef _MSC_VER
-# define VRDPAUTHCALL __cdecl
+# define AUTHCALL __cdecl
 #elif defined(__GNUC__)
-# define VRDPAUTHCALL
+# define AUTHCALL
 #else
 # error "Unsupported compiler"
@@ -74 +73 @@
 
 /**
- * Authentication library entry point. Decides whether to allow
- * a client connection.
+ * Authentication library entry point.
  *
  * Parameters:
  *
- *   pUuid            Pointer to the UUID of the virtual machine
- *                    which the client connected to.
+ *   pUuid            Pointer to the UUID of the accessed virtual machine. Can be NULL.
  *   guestJudgement   Result of the guest authentication.
  *   szUser           User name passed in by the client (UTF8).
@@ -88 +85 @@
  * Return code:
  *
- *   VRDPAuthAccessDenied    Client access has been denied.
- *   VRDPAuthAccessGranted   Client has the right to use the
- *                           virtual machine.
- *   VRDPAuthDelegateToGuest Guest operating system must
- *                           authenticate the client and the
- *                           library must be called again with
- *                           the result of the guest
- *                           authentication.
+ *   AuthAccessDenied    Client access has been denied.
+ *   AuthAccessGranted   Client has the right to use the
+ *                       virtual machine.
+ *   AuthDelegateToGuest Guest operating system must
+ *                       authenticate the client and the
+ *                       library must be called again with
+ *                       the result of the guest
+ *                       authentication.
  */
-typedef VRDPAuthResult VRDPAUTHCALL VRDPAUTHENTRY(PVRDPAUTHUUID pUuid,
-                                                  VRDPAuthGuestJudgement guestJudgement,
-                                                  const char *szUser,
-                                                  const char *szPassword,
-                                                  const char *szDomain);
+typedef AuthResult AUTHCALL AUTHENTRY(PAUTHUUID pUuid,
+                                      AuthGuestJudgement guestJudgement,
+                                      const char *szUser,
+                                      const char *szPassword,
+                                      const char *szDomain);
 
 
-typedef VRDPAUTHENTRY *PVRDPAUTHENTRY;
+typedef AUTHENTRY *PAUTHENTRY;
+
+#define AUTHENTRY_NAME "VRDPAuth"
 
 /**
- * Authentication library entry point version 2. Decides whether to allow
- * a client connection.
+ * Authentication library entry point version 2.
  *
  * Parameters:
  *
- *   pUuid            Pointer to the UUID of the virtual machine
- *                    which the client connected to.
+ *   pUuid            Pointer to the UUID of the accessed virtual machine. Can be NULL.
  *   guestJudgement   Result of the guest authentication.
  *   szUser           User name passed in by the client (UTF8).
@@ -124 +121 @@
  * Return code:
  *
- *   VRDPAuthAccessDenied    Client access has been denied.
- *   VRDPAuthAccessGranted   Client has the right to use the
- *                           virtual machine.
- *   VRDPAuthDelegateToGuest Guest operating system must
- *                           authenticate the client and the
- *                           library must be called again with
- *                           the result of the guest
- *                           authentication.
+ *   AuthAccessDenied    Client access has been denied.
+ *   AuthAccessGranted   Client has the right to use the
+ *                       virtual machine.
+ *   AuthDelegateToGuest Guest operating system must
+ *                       authenticate the client and the
+ *                       library must be called again with
+ *                       the result of the guest
+ *                       authentication.
  *
  * Note: When 'fLogon' is 0, only pUuid and clientId are valid and the return
  *       code is ignored.
  */
-typedef VRDPAuthResult VRDPAUTHCALL VRDPAUTHENTRY2(PVRDPAUTHUUID pUuid,
-                                                   VRDPAuthGuestJudgement guestJudgement,
-                                                   const char *szUser,
-                                                   const char *szPassword,
-                                                   const char *szDomain,
-                                                   int fLogon,
-                                                   unsigned clientId);
+typedef AuthResult AUTHCALL AUTHENTRY2(PAUTHUUID pUuid,
+                                       AuthGuestJudgement guestJudgement,
+                                       const char *szUser,
+                                       const char *szPassword,
+                                       const char *szDomain,
+                                       int fLogon,
+                                       unsigned clientId);
 
 
-typedef VRDPAUTHENTRY2 *PVRDPAUTHENTRY2;
+typedef AUTHENTRY2 *PAUTHENTRY2;
+
+#define AUTHENTRY2_NAME "VRDPAuth2"
+
+/**
+ * Authentication library entry point version 3.
+ *
+ * Parameters:
+ *
+ *   szCaller         The name of the component which calls the library (UTF8).
+ *   pUuid            Pointer to the UUID of the accessed virtual machine. Can be NULL.
+ *   guestJudgement   Result of the guest authentication.
+ *   szUser           User name passed in by the client (UTF8).
+ *   szPassword       Password passed in by the client (UTF8).
+ *   szDomain         Domain passed in by the client (UTF8).
+ *   fLogon           Boolean flag. Indicates whether the entry point is called
+ *                    for a client logon or the client disconnect.
+ *   clientId         Server side unique identifier of the client.
+ *
+ * Return code:
+ *
+ *   AuthAccessDenied    Client access has been denied.
+ *   AuthAccessGranted   Client has the right to use the
+ *                       virtual machine.
+ *   AuthDelegateToGuest Guest operating system must
+ *                       authenticate the client and the
+ *                       library must be called again with
+ *                       the result of the guest
+ *                       authentication.
+ *
+ * Note: When 'fLogon' is 0, only pszCaller, pUuid and clientId are valid and the return
+ *       code is ignored.
+ */
+typedef AuthResult AUTHCALL AUTHENTRY3(const char *szCaller,
+                                       PAUTHUUID pUuid,
+                                       AuthGuestJudgement guestJudgement,
+                                       const char *szUser,
+                                       const char *szPassword,
+                                       const char *szDomain,
+                                       int fLogon,
+                                       unsigned clientId);
+
+
+typedef AUTHENTRY3 *PAUTHENTRY3;
+
+#define AUTHENTRY3_NAME "AuthEntry"
 
 #endif

trunk/src/VBox/HostServices/auth/Makefile.kmk

@@ -44 +44 @@
 # Install the SDK samples.
 INSTALLS += VBoxAuth-samples
-VBoxAuth-samples_INST = $(INST_SDK)/bindings/vrdpauth/
+VBoxAuth-samples_INST = $(INST_SDK)/bindings/auth/
 VBoxAuth-samples_MODE = a+r,u+w
 VBoxAuth-samples_SOURCES = simple/VBoxAuthSimple.cpp
@@ -52 +52 @@
 # Install the SDK header.
 INSTALLS += VBoxAuth-sdkhdr
-VBoxAuth-sdkhdr_INST = $(INST_SDK)/bindings/vrdpauth/include/
+VBoxAuth-sdkhdr_INST = $(INST_SDK)/bindings/auth/include/
 VBoxAuth-sdkhdr_MODE = a+r,u+w
 VBoxAuth-sdkhdr_SOURCES = $(PATH_ROOT)/include/VBox/VRDPAuth.h=>VRDPAuth.h

trunk/src/VBox/HostServices/auth/directoryservice/directoryservice.cpp

@@ -258 +258 @@
 
 RT_C_DECLS_BEGIN
-DECLEXPORT(VRDPAuthResult) VRDPAUTHCALL VRDPAuth(PVRDPAUTHUUID pUuid,
-                                                 VRDPAuthGuestJudgement guestJudgement,
-                                                 const char *pszUser,
-                                                 const char *pszPassword,
-                                                 const char *pszDomain)
+DECLEXPORT(AuthResult) AUTHCALL VRDPAuth(PAUTHUUID pUuid,
+                                         AuthGuestJudgement guestJudgement,
+                                         const char *pszUser,
+                                         const char *pszPassword,
+                                         const char *pszDomain)
 {
     /* Validate input */
-    AssertPtrReturn(pszUser, VRDPAuthAccessDenied);
-    AssertPtrReturn(pszPassword, VRDPAuthAccessDenied);
+    AssertPtrReturn(pszUser, AuthResultAccessDenied);
+    AssertPtrReturn(pszPassword, AuthResultAccessDenied);
 
     /* Result to a default value */
-    VRDPAuthResult result = VRDPAuthAccessDenied;
+    AuthResult result = AuthResultAccessDenied;
 
     tDirStatus dsErr = eDSNoErr;
@@ -299 +299 @@
                     dsErr = authWithNode(pDirRef, pAuthNodeList, pszUser, pszPassword);
                     if (dsErr == eDSNoErr)
-                        result = VRDPAuthAccessGranted;
+                        result = AuthResultAccessGranted;
                     dsCleanErr = dsDataListDeallocate(pDirRef, pAuthNodeList);
                     if (dsCleanErr == eDSNoErr)
@@ -317 +317 @@
 RT_C_DECLS_END
 
-static PVRDPAUTHENTRY gpfnAuthEntry = VRDPAuth;
-
+static PAUTHENTRY gpfnAuthEntry = VRDPAuth;
+

trunk/src/VBox/HostServices/auth/pam/VBoxAuthPAM.c

@@ -147 +147 @@
 };
 
-static int vrdpauth_pam_init(void)
+static int auth_pam_init(void)
 {
     SymMap *iter;
@@ -155 +155 @@
     if (!gpvLibPam)
     {
-        debug_printf("vrdpauth_pam_init: dlopen %s failed\n", VRDP_PAM_LIB);
+        debug_printf("auth_pam_init: dlopen %s failed\n", VRDP_PAM_LIB);
         return PAM_SYSTEM_ERR;
     }
@@ -167 +167 @@
         if (pv == NULL)
         {
-            debug_printf("vrdpauth_pam_init: dlsym %s failed\n", iter->pszName);
+            debug_printf("auth_pam_init: dlsym %s failed\n", iter->pszName);
 
             dlclose(gpvLibPam);
@@ -183 +183 @@
 }
 
-static void vrdpauth_pam_close(void)
+static void auth_pam_close(void)
 {
     if (gpvLibPam)
@@ -194 +194 @@
 }
 #else
-static int vrdpauth_pam_init(void)
+static int auth_pam_init(void)
 {
     return PAM_SUCCESS;
 }
 
-static void vrdpauth_pam_close(void)
+static void auth_pam_close(void)
 {
     return;
@@ -205 +205 @@
 #endif /* VRDP_PAM_DLLOAD */
 
-static const char *vrdpauth_get_pam_service (void)
+static const char *auth_get_pam_service (void)
 {
     const char *service = getenv (VRDP_AUTH_PAM_SERVICE_NAME_ENV);
@@ -273 +273 @@
 }
 
-/* The VRDPAuth entry point must be visible. */
+/* The entry point must be visible. */
 #if defined(_MSC_VER) || defined(__OS2__)
 # define DECLEXPORT(type)       __declspec(dllexport) type
@@ -285 +285 @@
 
 /* prototype to prevent gcc warning */
-DECLEXPORT(VRDPAuthResult) VRDPAUTHCALL VRDPAuth (PVRDPAUTHUUID pUuid,
-                                                  VRDPAuthGuestJudgement guestJudgement,
-                                                  const char *szUser,
-                                                  const char *szPassword,
-                                                  const char *szDomain);
-DECLEXPORT(VRDPAuthResult) VRDPAUTHCALL VRDPAuth (PVRDPAUTHUUID pUuid,
-                                                  VRDPAuthGuestJudgement guestJudgement,
-                                                  const char *szUser,
-                                                  const char *szPassword,
-                                                  const char *szDomain)
-{
-    VRDPAuthResult result = VRDPAuthAccessDenied;
+DECLEXPORT(AuthResult) AUTHCALL VRDPAuth (PAUTHUUID pUuid,
+                                          AuthGuestJudgement guestJudgement,
+                                          const char *szUser,
+                                          const char *szPassword,
+                                          const char *szDomain);
+DECLEXPORT(AuthResult) AUTHCALL VRDPAuth (PAUTHUUID pUuid,
+                                          AuthGuestJudgement guestJudgement,
+                                          const char *szUser,
+                                          const char *szPassword,
+                                          const char *szDomain)
+{
+    AuthResult result = AuthResultAccessDenied;
 
     int rc;
@@ -313 +313 @@
     pam_conversation.appdata_ptr = &ctx;
 
-    rc = vrdpauth_pam_init ();
+    rc = auth_pam_init ();
 
     if (rc == PAM_SUCCESS)
@@ -319 +319 @@
         debug_printf("init ok\n");
 
-        rc = fn_pam_start(vrdpauth_get_pam_service (), szUser, &pam_conversation, &pam_handle);
+        rc = fn_pam_start(auth_get_pam_service (), szUser, &pam_conversation, &pam_handle);
 
         if (rc == PAM_SUCCESS)
@@ -344 +344 @@
                     debug_printf("access granted\n");
 
-                    result = VRDPAuthAccessGranted;
+                    result = AuthResultAccessGranted;
                 }
                 else
@@ -363 +363 @@
         }
 
-        vrdpauth_pam_close ();
-
-        debug_printf("vrdpauth_pam_close completed\n");
+        auth_pam_close ();
+
+        debug_printf("auth_pam_close completed\n");
     }
     else
     {
-        debug_printf("vrdpauth_pam_init failed %d\n", rc);
+        debug_printf("auth_pam_init failed %d\n", rc);
     }
 
@@ -376 +376 @@
 
 /* Verify the function prototype. */
-static PVRDPAUTHENTRY gpfnAuthEntry = VRDPAuth;
+static PAUTHENTRY gpfnAuthEntry = VRDPAuth;

trunk/src/VBox/HostServices/auth/simple/VBoxAuthSimple.cpp

@@ -51 +51 @@
 
     FILE *f = fopen(VRDPAUTH_DEBUG_FILE_NAME, "ab");
-    fprintf(f, "%s", buffer);
-    fclose(f);
+    if (f)
+    {
+        fprintf(f, "%s", buffer);
+        fclose(f);
+    }
 
     va_end (va);
@@ -59 +62 @@
 
 RT_C_DECLS_BEGIN
-DECLEXPORT(VRDPAuthResult) VRDPAUTHCALL VRDPAuth2(PVRDPAUTHUUID pUuid,
-                                                  VRDPAuthGuestJudgement guestJudgement,
-                                                  const char *szUser,
-                                                  const char *szPassword,
-                                                  const char *szDomain,
-                                                  int fLogon,
-                                                  unsigned clientId)
+DECLEXPORT(AuthResult) AUTHCALL AuthEntry(const char *szCaller,
+                                          PAUTHUUID pUuid,
+                                          AuthGuestJudgement guestJudgement,
+                                          const char *szUser,
+                                          const char *szPassword,
+                                          const char *szDomain,
+                                          int fLogon,
+                                          unsigned clientId)
 {
     /* default is failed */
-    VRDPAuthResult result = VRDPAuthAccessDenied;
+    AuthResult result = AuthResultAccessDenied;
 
     /* only interested in logon */
@@ -117 +121 @@
 
             if (password == pszDigest)
-                result = VRDPAuthAccessGranted;
+                result = AuthResultAccessGranted;
         }
     }
@@ -126 +130 @@
 
 /* Verify the function prototype. */
-static PVRDPAUTHENTRY2 gpfnAuthEntry = VRDPAuth2;
+static PAUTHENTRY3 gpfnAuthEntry = AuthEntry;

trunk/src/VBox/HostServices/auth/winlogon/winlogon.cpp

@@ -19 +19 @@
 
 /* If defined, debug messages will be written to the specified file. */
-// #define VRDPAUTH_DEBUG_FILE_NAME "\\VRDPAuth.log"
+// #define AUTH_DEBUG_FILE_NAME "\\VBoxAuth.log"
 
 #include <stdio.h>
@@ -30 +30 @@
 static void dprintf(const char *fmt, ...)
 {
+#ifdef AUTH_DEBUG_FILE_NAME
    va_list va;
 
@@ -40 +41 @@
    OutputDebugStringA(buffer);
 
-#ifdef VRDPAUTH_DEBUG_FILE_NAME
-   FILE *f = fopen (VRDPAUTH_DEBUG_FILE_NAME, "ab");
-   fprintf (f, "%s", buffer);
-   fclose (f);
-#endif
+   FILE *f = fopen (AUTH_DEBUG_FILE_NAME, "ab");
+   if (f)
+   {
+       fprintf (f, "%s", buffer);
+       fclose (f);
+   }
 
    va_end (va);
+#endif
 }
 
@@ -53 +56 @@
 __declspec(dllexport)
 #endif
-VRDPAuthResult VRDPAUTHCALL VRDPAuth (PVRDPAUTHUUID pUuid,
-                                      VRDPAuthGuestJudgement guestJudgement,
-                                      const char *szUser,
-                                      const char *szPassword,
-                                      const char *szDomain)
+AuthResult AUTHCALL AuthEntry (const char *szCaller,
+                               PAUTHUUID pUuid,
+                               AuthGuestJudgement guestJudgement,
+                               const char *szUser,
+                               const char *szPassword,
+                               const char *szDomain,
+                               int fLogon,
+                               unsigned clientId)
 {
-    VRDPAuthResult result = VRDPAuthAccessDenied;
+    AuthResult result = AuthResultAccessDenied;
 
     LPTSTR lpszUsername = (char *)szUser;
@@ -86 +92 @@
         dprintf("LogonUser success. hToken = %p\n", hToken);
 
-        result = VRDPAuthAccessGranted;
+        result = AuthResultAccessGranted;
 
         CloseHandle (hToken);
@@ -99 +105 @@
 
 /* Verify the function prototype. */
-static PVRDPAUTHENTRY gpfnAuthEntry = VRDPAuth;
+static PAUTHENTRY3 gpfnAuthEntry = AuthEntry;

trunk/src/VBox/Main/ConsoleImpl.cpp

@@ -743 +743 @@
     {
         /* Console has been already uninitialized, deny request */
-        LogRel(("VRDPAUTH: Access denied (Console uninitialized).\n"));
+        LogRel(("AUTH: Access denied (Console uninitialized).\n"));
         LogFlowFuncLeave();
         return VERR_ACCESS_DENIED;
@@ -762 +762 @@
     AssertComRCReturn(hrc, VERR_ACCESS_DENIED);
 
-    VRDPAuthResult result = VRDPAuthAccessDenied;
-    VRDPAuthGuestJudgement guestJudgement = VRDPAuthGuestNotAsked;
+    AuthResult result = AuthResultAccessDenied;
+    AuthGuestJudgement guestJudgement = AuthGuestNotAsked;
 
     LogFlowFunc(("Auth type %d\n", authType));
 
-    LogRel(("VRDPAUTH: User: [%s]. Domain: [%s]. Authentication type: [%s]\n",
+    LogRel(("AUTH: User: [%s]. Domain: [%s]. Authentication type: [%s]\n",
                 pszUser, pszDomain,
                 authType == AuthType_Null?
@@ -784 +784 @@
         case AuthType_Null:
         {
-            result = VRDPAuthAccessGranted;
+            result = AuthResultAccessGranted;
             break;
         }
@@ -793 +793 @@
             result = mConsoleVRDPServer->Authenticate(uuid, guestJudgement, pszUser, pszPassword, pszDomain, u32ClientId);
 
-            if (result != VRDPAuthDelegateToGuest)
+            if (result != AuthResultDelegateToGuest)
             {
                 break;
             }
 
-            LogRel(("VRDPAUTH: Delegated to guest.\n"));
+            LogRel(("AUTH: Delegated to guest.\n"));
 
             LogFlowFunc(("External auth asked for guest judgement\n"));
@@ -805 +805 @@
         case AuthType_Guest:
         {
-            guestJudgement = VRDPAuthGuestNotReacted;
+            guestJudgement = AuthGuestNotReacted;
 
             // @todo r=dj locking required here for m_pVMMDev?
@@ -829 +829 @@
                         switch (u32GuestFlags & (VMMDEV_CREDENTIALS_JUDGE_OK | VMMDEV_CREDENTIALS_JUDGE_DENY | VMMDEV_CREDENTIALS_JUDGE_NOJUDGEMENT))
                         {
-                            case VMMDEV_CREDENTIALS_JUDGE_DENY:        guestJudgement = VRDPAuthGuestAccessDenied;  break;
-                            case VMMDEV_CREDENTIALS_JUDGE_NOJUDGEMENT: guestJudgement = VRDPAuthGuestNoJudgement;   break;
-                            case VMMDEV_CREDENTIALS_JUDGE_OK:          guestJudgement = VRDPAuthGuestAccessGranted; break;
+                            case VMMDEV_CREDENTIALS_JUDGE_DENY:        guestJudgement = AuthGuestAccessDenied;  break;
+                            case VMMDEV_CREDENTIALS_JUDGE_NOJUDGEMENT: guestJudgement = AuthGuestNoJudgement;   break;
+                            case VMMDEV_CREDENTIALS_JUDGE_OK:          guestJudgement = AuthGuestAccessGranted; break;
                             default:
                                 LogFlowFunc(("Invalid guest flags %08X!!!\n", u32GuestFlags)); break;
@@ -851 +851 @@
             if (authType == AuthType_External)
             {
-                LogRel(("VRDPAUTH: Guest judgement %d.\n", guestJudgement));
+                LogRel(("AUTH: Guest judgement %d.\n", guestJudgement));
                 LogFlowFunc(("External auth called again with guest judgement = %d\n", guestJudgement));
                 result = mConsoleVRDPServer->Authenticate(uuid, guestJudgement, pszUser, pszPassword, pszDomain, u32ClientId);
@@ -859 +859 @@
                 switch (guestJudgement)
                 {
-                    case VRDPAuthGuestAccessGranted:
-                        result = VRDPAuthAccessGranted;
+                    case AuthGuestAccessGranted:
+                        result = AuthResultAccessGranted;
                         break;
                     default:
-                        result = VRDPAuthAccessDenied;
+                        result = AuthResultAccessDenied;
                         break;
                 }
@@ -876 +876 @@
     LogFlowFuncLeave();
 
-    if (result != VRDPAuthAccessGranted)
+    if (result != AuthResultAccessGranted)
     {
         /* Reject. */
-        LogRel(("VRDPAUTH: Access denied.\n"));
+        LogRel(("AUTH: Access denied.\n"));
         return VERR_ACCESS_DENIED;
     }
 
-    LogRel(("VRDPAUTH: Access granted.\n"));
+    LogRel(("AUTH: Access granted.\n"));
 
     /* Multiconnection check must be made after authentication, so bad clients would not interfere with a good one. */
@@ -910 +910 @@
             if (reuseSingleConnection)
             {
-                LogRel(("VRDPAUTH: Multiple connections are not enabled. Disconnecting existing client.\n"));
+                LogRel(("AUTH: Multiple connections are not enabled. Disconnecting existing client.\n"));
                 mConsoleVRDPServer->DisconnectClient(mu32SingleRDPClientId, false);
             }
@@ -916 +916 @@
             {
                 /* Reject. */
-                LogRel(("VRDPAUTH: Multiple connections are not enabled. Access denied.\n"));
+                LogRel(("AUTH: Multiple connections are not enabled. Access denied.\n"));
                 return VERR_ACCESS_DENIED;
             }

trunk/src/VBox/Main/ConsoleVRDPServer.cpp

@@ -1347 +1347 @@
     mpfnAuthEntry = NULL;
     mpfnAuthEntry2 = NULL;
+    mpfnAuthEntry3 = NULL;
 
     if (mAuthLibrary)
@@ -1471 +1472 @@
 #endif /* VBOX_WITH_USB */
 
-VRDPAuthResult ConsoleVRDPServer::Authenticate(const Guid &uuid, VRDPAuthGuestJudgement guestJudgement,
+AuthResult ConsoleVRDPServer::Authenticate(const Guid &uuid, AuthGuestJudgement guestJudgement,
                                                 const char *pszUser, const char *pszPassword, const char *pszDomain,
                                                 uint32_t u32ClientId)
 {
-    VRDPAUTHUUID rawuuid;
+    AUTHUUID rawuuid;
 
     memcpy(rawuuid, uuid.raw(), sizeof(rawuuid));
@@ -1504 +1505 @@
         Utf8Str filename = authLibrary;
 
-        LogRel(("VRDPAUTH: ConsoleVRDPServer::Authenticate: loading external authentication library '%ls'\n", authLibrary.raw()));
+        LogRel(("AUTH: ConsoleVRDPServer::Authenticate: loading external authentication library '%ls'\n", authLibrary.raw()));
 
         int rc;
@@ -1513 +1514 @@
 
         if (RT_FAILURE(rc))
-            LogRel(("VRDPAUTH: Failed to load external authentication library. Error code: %Rrc\n", rc));
+            LogRel(("AUTH: Failed to load external authentication library. Error code: %Rrc\n", rc));
 
         if (RT_SUCCESS(rc))
         {
+            typedef struct AuthEntryInfo
+            {
+                const char *pszName;
+                void **ppvAddress;
+                
+            } AuthEntryInfo;
+            AuthEntryInfo entries[] =
+            {
+                { AUTHENTRY3_NAME, (void **)&mpfnAuthEntry3 },
+                { AUTHENTRY2_NAME, (void **)&mpfnAuthEntry2 },
+                { AUTHENTRY_NAME,  (void **)&mpfnAuthEntry },
+                { NULL, NULL }
+            };
+
             /* Get the entry point. */
-            mpfnAuthEntry2 = NULL;
-            int rc2 = RTLdrGetSymbol(mAuthLibrary, "VRDPAuth2", (void**)&mpfnAuthEntry2);
-            if (RT_FAILURE(rc2))
-            {
+            AuthEntryInfo *pEntryInfo = &entries[0];
+            while (pEntryInfo->pszName)
+            {
+                *pEntryInfo->ppvAddress = NULL;
+
+                int rc2 = RTLdrGetSymbol(mAuthLibrary, pEntryInfo->pszName, pEntryInfo->ppvAddress);
+                if (RT_SUCCESS(rc2))
+                {
+                    /* Found an entry point. */
+                    LogRel(("AUTH: Using entry point '%s'.\n", pEntryInfo->pszName));
+                    rc = VINF_SUCCESS;
+                    break;
+                }
+
                 if (rc2 != VERR_SYMBOL_NOT_FOUND)
                 {
-                    LogRel(("VRDPAUTH: Could not resolve import '%s'. Error code: %Rrc\n", "VRDPAuth2", rc2));
+                    LogRel(("AUTH: Could not resolve import '%s'. Error code: %Rrc\n", pEntryInfo->pszName, rc2));
                 }
                 rc = rc2;
-            }
-
-            /* Get the entry point. */
-            mpfnAuthEntry = NULL;
-            rc2 = RTLdrGetSymbol(mAuthLibrary, "VRDPAuth", (void**)&mpfnAuthEntry);
-            if (RT_FAILURE(rc2))
-            {
-                if (rc2 != VERR_SYMBOL_NOT_FOUND)
-                {
-                    LogRel(("VRDPAUTH: Could not resolve import '%s'. Error code: %Rrc\n", "VRDPAuth", rc2));
-                }
-                rc = rc2;
-            }
-
-            if (mpfnAuthEntry2 || mpfnAuthEntry)
-            {
-                LogRel(("VRDPAUTH: Using entry point '%s'.\n", mpfnAuthEntry2? "VRDPAuth2": "VRDPAuth"));
-                rc = VINF_SUCCESS;
+
+                pEntryInfo++;
             }
         }
@@ -1557 +1566 @@
             mpfnAuthEntry = NULL;
             mpfnAuthEntry2 = NULL;
+            mpfnAuthEntry3 = NULL;
 
             if (mAuthLibrary)
@@ -1564 +1574 @@
             }
 
-            return VRDPAuthAccessDenied;
-        }
-    }
-
-    Assert(mAuthLibrary && (mpfnAuthEntry || mpfnAuthEntry2));
-
-    VRDPAuthResult result = mpfnAuthEntry2?
-                                mpfnAuthEntry2(&rawuuid, guestJudgement, pszUser, pszPassword, pszDomain, true, u32ClientId):
-                                mpfnAuthEntry(&rawuuid, guestJudgement, pszUser, pszPassword, pszDomain);
+            return AuthResultAccessDenied;
+        }
+    }
+
+    Assert(mAuthLibrary && (mpfnAuthEntry || mpfnAuthEntry2 || mpfnAuthEntry3));
+
+    AuthResult result; 
+    if (mpfnAuthEntry3)
+    {
+        result = mpfnAuthEntry3("vrde", &rawuuid, guestJudgement, pszUser, pszPassword, pszDomain, true, u32ClientId);
+    }
+    else if (mpfnAuthEntry2)
+    {
+        result = mpfnAuthEntry2(&rawuuid, guestJudgement, pszUser, pszPassword, pszDomain, true, u32ClientId);
+    }
+    else if (mpfnAuthEntry)
+    {
+        result = mpfnAuthEntry(&rawuuid, guestJudgement, pszUser, pszPassword, pszDomain);
+    }
 
     switch (result)
     {
-        case VRDPAuthAccessDenied:
-            LogRel(("VRDPAUTH: external authentication module returned 'access denied'\n"));
+        case AuthResultAccessDenied:
+            LogRel(("AUTH: external authentication module returned 'access denied'\n"));
             break;
-        case VRDPAuthAccessGranted:
-            LogRel(("VRDPAUTH: external authentication module returned 'access granted'\n"));
+        case AuthResultAccessGranted:
+            LogRel(("AUTH: external authentication module returned 'access granted'\n"));
             break;
-        case VRDPAuthDelegateToGuest:
-            LogRel(("VRDPAUTH: external authentication module returned 'delegate request to guest'\n"));
+        case AuthResultDelegateToGuest:
+            LogRel(("AUTH: external authentication module returned 'delegate request to guest'\n"));
             break;
         default:
-            LogRel(("VRDPAUTH: external authentication module returned incorrect return code %d\n", result));
-            result = VRDPAuthAccessDenied;
+            LogRel(("AUTH: external authentication module returned incorrect return code %d\n", result));
+            result = AuthResultAccessDenied;
     }
 
@@ -1597 +1617 @@
 void ConsoleVRDPServer::AuthDisconnect(const Guid &uuid, uint32_t u32ClientId)
 {
-    VRDPAUTHUUID rawuuid;
+    AUTHUUID rawuuid;
 
     memcpy(rawuuid, uuid.raw(), sizeof(rawuuid));
@@ -1604 +1624 @@
              rawuuid, u32ClientId));
 
-    Assert(mAuthLibrary && (mpfnAuthEntry || mpfnAuthEntry2));
-
-    if (mpfnAuthEntry2)
-        mpfnAuthEntry2(&rawuuid, VRDPAuthGuestNotAsked, NULL, NULL, NULL, false, u32ClientId);
+    Assert(mAuthLibrary && (mpfnAuthEntry || mpfnAuthEntry2 || mpfnAuthEntry3));
+
+    if (mpfnAuthEntry3)
+        mpfnAuthEntry3("vrde", &rawuuid, AuthGuestNotAsked, NULL, NULL, NULL, false, u32ClientId);
+    else if (mpfnAuthEntry2)
+        mpfnAuthEntry2(&rawuuid, AuthGuestNotAsked, NULL, NULL, NULL, false, u32ClientId);
 }
 

trunk/src/VBox/Main/include/ConsoleVRDPServer.h

@@ -90 +90 @@
     void Stop (void);
 
-    VRDPAuthResult Authenticate (const Guid &uuid, VRDPAuthGuestJudgement guestJudgement,
-                                 const char *pszUser, const char *pszPassword, const char *pszDomain,
-                                 uint32_t u32ClientId);
+    AuthResult Authenticate (const Guid &uuid, AuthGuestJudgement guestJudgement,
+                             const char *pszUser, const char *pszPassword, const char *pszDomain,
+                             uint32_t u32ClientId);
 
     void AuthDisconnect (const Guid &uuid, uint32_t u32ClientId);
@@ -209 +209 @@
      */
     RTLDRMOD mAuthLibrary;
-    PVRDPAUTHENTRY mpfnAuthEntry;
-    PVRDPAUTHENTRY2 mpfnAuthEntry2;
+    PAUTHENTRY mpfnAuthEntry;
+    PAUTHENTRY2 mpfnAuthEntry2;
+    PAUTHENTRY3 mpfnAuthEntry3;
 };
 

trunk/src/VBox/Main/webservice/vboxweb.cpp

@@ -1131 +1131 @@
 
     static bool fAuthLibLoaded = false;
-    static PVRDPAUTHENTRY pfnAuthEntry = NULL;
-    static PVRDPAUTHENTRY2 pfnAuthEntry2 = NULL;
+    static PAUTHENTRY pfnAuthEntry = NULL;
+    static PAUTHENTRY2 pfnAuthEntry2 = NULL;
+    static PAUTHENTRY3 pfnAuthEntry3 = NULL;
 
     if (!fAuthLibLoaded)
@@ -1161 +1162 @@
                 }
 
-                if (RT_FAILURE(rc = RTLdrGetSymbol(hlibAuth, "VRDPAuth2", (void**)&pfnAuthEntry2)))
-                    WEBDEBUG(("%s(): Could not resolve import '%s'. Error code: %Rrc\n", __FUNCTION__, "VRDPAuth2", rc));
-
-                if (RT_FAILURE(rc = RTLdrGetSymbol(hlibAuth, "VRDPAuth", (void**)&pfnAuthEntry)))
-                    WEBDEBUG(("%s(): Could not resolve import '%s'. Error code: %Rrc\n", __FUNCTION__, "VRDPAuth", rc));
-
-                if (pfnAuthEntry || pfnAuthEntry2)
+                if (RT_FAILURE(rc = RTLdrGetSymbol(hlibAuth, AUTHENTRY3_NAME, (void**)&pfnAuthEntry3)))
+                    WEBDEBUG(("%s(): Could not resolve import '%s'. Error code: %Rrc\n", __FUNCTION__, AUTHENTRY3_NAME, rc));
+
+                if (RT_FAILURE(rc = RTLdrGetSymbol(hlibAuth, AUTHENTRY2_NAME, (void**)&pfnAuthEntry2)))
+                    WEBDEBUG(("%s(): Could not resolve import '%s'. Error code: %Rrc\n", __FUNCTION__, AUTHENTRY2_NAME, rc));
+
+                if (RT_FAILURE(rc = RTLdrGetSymbol(hlibAuth, AUTHENTRY_NAME, (void**)&pfnAuthEntry)))
+                    WEBDEBUG(("%s(): Could not resolve import '%s'. Error code: %Rrc\n", __FUNCTION__, AUTHENTRY_NAME, rc));
+
+                if (pfnAuthEntry || pfnAuthEntry2 || pfnAuthEntry3)
                     fAuthLibLoaded = true;
 
@@ -1175 +1179 @@
 
     rc = VERR_WEB_NOT_AUTHENTICATED;
-    VRDPAuthResult result;
-    if (pfnAuthEntry2)
-    {
-        result = pfnAuthEntry2(NULL, VRDPAuthGuestNotAsked, pcszUsername, pcszPassword, NULL, true, 0);
+    AuthResult result;
+    if (pfnAuthEntry3)
+    {
+        result = pfnAuthEntry3("webservice", NULL, AuthGuestNotAsked, pcszUsername, pcszPassword, NULL, true, 0);
+        WEBDEBUG(("%s(): result of AuthEntry(): %d\n", __FUNCTION__, result));
+        if (result == AuthResultAccessGranted)
+            rc = 0;
+    }
+    else if (pfnAuthEntry2)
+    {
+        result = pfnAuthEntry2(NULL, AuthGuestNotAsked, pcszUsername, pcszPassword, NULL, true, 0);
         WEBDEBUG(("%s(): result of VRDPAuth2(): %d\n", __FUNCTION__, result));
-        if (result == VRDPAuthAccessGranted)
+        if (result == AuthResultAccessGranted)
             rc = 0;
     }
     else if (pfnAuthEntry)
     {
-        result = pfnAuthEntry(NULL, VRDPAuthGuestNotAsked, pcszUsername, pcszPassword, NULL);
+        result = pfnAuthEntry(NULL, AuthGuestNotAsked, pcszUsername, pcszPassword, NULL);
         WEBDEBUG(("%s(): result of VRDPAuth(%s, [%d]): %d\n", __FUNCTION__, pcszUsername, strlen(pcszPassword), result));
-        if (result == VRDPAuthAccessGranted)
+        if (result == AuthResultAccessGranted)
             rc = 0;
     }
@@ -1196 +1207 @@
     else
     {
-        WEBDEBUG(("Could not resolve VRDPAuth2 or VRDPAuth entry point"));
+        WEBDEBUG(("Could not resolve AuthEntry, VRDPAuth2 or VRDPAuth entry point"));
     }