Changeset 40066 in vbox

Timestamp:

Feb 10, 2012 2:52:47 PM (13 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

76200

Message:

hash the teleporter token.

Location:

trunk

Files:

• include/VBox/settings.h (modified) (1 diff)
• src/VBox/Main/Makefile.kmk (modified) (2 diffs)
• src/VBox/Main/idl/VirtualBox.xidl (modified) (1 diff)
• src/VBox/Main/include/HashedPw.h (added)
• src/VBox/Main/src-all/Global.cpp (modified) (3 diffs)
• src/VBox/Main/src-all/HashedPw.cpp (added)
• src/VBox/Main/src-client/ConsoleImplTeleporter.cpp (modified) (3 diffs)
• src/VBox/Main/src-server/MachineImpl.cpp (modified) (3 diffs)
• src/VBox/Main/xml/Settings.cpp (modified) (4 diffs)

trunk/include/VBox/settings.h

@@ -1057 +1057 @@
     void readStorageControllers(const xml::ElementNode &elmStorageControllers, Storage &strg);
     void readDVDAndFloppies_pre1_9(const xml::ElementNode &elmHardware, Storage &strg);
+    void readTeleporter(const xml::ElementNode *pElmTeleporter, MachineUserData *pUserData);
     void readSnapshot(const xml::ElementNode &elmSnapshot, Snapshot &snap);
     void convertOldOSType_pre1_5(com::Utf8Str &str);

trunk/src/VBox/Main/Makefile.kmk

@@ -286 +286 @@
         src-all/EventImpl.cpp \
         src-all/Global.cpp \
+        src-all/HashedPw.cpp \
         src-all/Logging.cpp \
         src-all/PciDeviceAttachmentImpl.cpp \
@@ -638 +639 @@
         src-all/EventImpl.cpp \
         src-all/Global.cpp \
+        src-all/HashedPw.cpp \
         src-all/Logging.cpp \
         src-all/PciDeviceAttachmentImpl.cpp \

trunk/src/VBox/Main/idl/VirtualBox.xidl

@@ -4169 +4169 @@
         very basic measure to prevent simple hacks and operators accidentally
         beaming a virtual machine to the wrong place.
+
+        Note that you SET a plain text password while reading back a HASHED
+        password.  Setting a hashed password is currently not supported.
       </desc>
     </attribute>

trunk/src/VBox/Main/src-all/Global.cpp

@@ -1 +1 @@
 /* $Id$ */
 /** @file
- *
  * VirtualBox COM global definitions
  *
@@ -8 +7 @@
 
 /*
- * Copyright (C) 2008-2011 Oracle Corporation
+ * Copyright (C) 2008-2012 Oracle Corporation
  *
  * This file is part of VirtualBox Open Source Edition (OSE), as
@@ -537 +536 @@
 }
 
-
 /* vi: set tabstop=4 shiftwidth=4 expandtab: */

trunk/src/VBox/Main/src-client/ConsoleImplTeleporter.cpp

@@ -26 +26 @@
 #include "AutoCaller.h"
 #include "Logging.h"
+#include "HashedPw.h"
 
 #include <iprt/asm.h>
@@ -932 +933 @@
     CheckComArgOutPointerValid(aProgress);
     CheckComArgStrNotEmptyOrNull(aHostname);
-    CheckComArgStrNotEmptyOrNull(aHostname);
+    CheckComArgStrNotEmptyOrNull(aPassword);
     CheckComArgExprMsg(aPort, aPort > 0 && aPort <= 65535, ("is %u", aPort));
     CheckComArgExprMsg(aMaxDowntime, aMaxDowntime > 0, ("is %u", aMaxDowntime));
+
+    Utf8Str strPassword(aPassword);
+    if (!strPassword.isEmpty())
+    {
+        if (VBoxIsPasswordHashed(&strPassword))
+            return setError(E_INVALIDARG, tr("The specified password resembles a hashed password, expected plain text"));
+        VBoxHashPassword(&strPassword);
+    }
 
     AutoCaller autoCaller(this);
@@ -971 +980 @@
 
     TeleporterStateSrc *pState = new TeleporterStateSrc(this, mpUVM, ptrProgress, mMachineState);
-    pState->mstrPassword    = aPassword;
+    pState->mstrPassword    = strPassword;
     pState->mstrHostname    = aHostname;
     pState->muPort          = aPort;

trunk/src/VBox/Main/src-server/MachineImpl.cpp

@@ -60 +60 @@
 
 #include "AutoCaller.h"
+#include "HashedPw.h"
 #include "Performance.h"
 
@@ -70 +71 @@
 #include <iprt/cpp/utils.h>
 #include <iprt/cpp/xml.h>               /* xml::XmlFileWriter::s_psz*Suff. */
+#include <iprt/sha.h>
 #include <iprt/string.h>
 
@@ -2696 +2698 @@
 
     AutoCaller autoCaller(this);
-    if (FAILED(autoCaller.rc())) return autoCaller.rc();
-
-    AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    mUserData->s.strTeleporterPassword.cloneTo(aPassword);
-
-    return S_OK;
+    HRESULT hrc = autoCaller.rc();
+    if (SUCCEEDED(hrc))
+    {
+        AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
+        mUserData->s.strTeleporterPassword.cloneTo(aPassword);
+    }
+
+    return hrc;
 }
 
 STDMETHODIMP Machine::COMSETTER(TeleporterPassword)(IN_BSTR aPassword)
 {
-    AutoCaller autoCaller(this);
-    if (FAILED(autoCaller.rc())) return autoCaller.rc();
-
-    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    HRESULT rc = checkStateDependency(MutableStateDep);
-    if (FAILED(rc)) return rc;
-
-    setModified(IsModified_MachineData);
-    mUserData.backup();
-    mUserData->s.strTeleporterPassword = aPassword;
-
-    return S_OK;
+    /*
+     * Hash the password first.
+     */
+    Utf8Str strPassword(aPassword);
+    if (!strPassword.isEmpty())
+    {
+        if (VBoxIsPasswordHashed(&strPassword))
+            return setError(E_INVALIDARG, tr("Cannot set an already hashed password, only plain text password please"));
+        VBoxHashPassword(&strPassword);
+    }
+
+    /*
+     * Do the update.
+     */
+    AutoCaller autoCaller(this);
+    HRESULT hrc = autoCaller.rc();
+    if (SUCCEEDED(hrc))
+    {
+        AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
+        hrc = checkStateDependency(MutableStateDep);
+        if (SUCCEEDED(hrc))
+        {
+            setModified(IsModified_MachineData);
+            mUserData.backup();
+            mUserData->s.strTeleporterPassword = strPassword;
+        }
+    }
+
+    return hrc;
 }
 

trunk/src/VBox/Main/xml/Settings.cpp

@@ -52 +52 @@
 
 /*
- * Copyright (C) 2007-2011 Oracle Corporation
+ * Copyright (C) 2007-2012 Oracle Corporation
  *
  * This file is part of VirtualBox Open Source Edition (OSE), as
@@ -77 +77 @@
 
 #include "Logging.h"
+#include "HashedPw.h"
 
 using namespace com;
@@ -3143 +3144 @@
 
 /**
+ * Called for reading the <Teleporter> element under <Machine>.
+ */
+void MachineConfigFile::readTeleporter(const xml::ElementNode *pElmTeleporter,
+                                       MachineUserData *pUserData)
+{
+    pElmTeleporter->getAttributeValue("enabled", pUserData->fTeleporterEnabled);
+    pElmTeleporter->getAttributeValue("port", pUserData->uTeleporterPort);
+    pElmTeleporter->getAttributeValue("address", pUserData->strTeleporterAddress);
+    pElmTeleporter->getAttributeValue("password", pUserData->strTeleporterPassword);
+
+    if (   pUserData->strTeleporterPassword.isNotEmpty()
+        && !VBoxIsPasswordHashed(&pUserData->strTeleporterPassword))
+        VBoxHashPassword(&pUserData->strTeleporterPassword);
+}
+
+/**
  * Called initially for the <Snapshot> element under <Machine>, if present,
  * to store the snapshot's data into the given Snapshot structure (which is
@@ -3341 +3358 @@
                 machineUserData.strDescription = pelmMachineChild->getValue();
             else if (pelmMachineChild->nameEquals("Teleporter"))
-            {
-                pelmMachineChild->getAttributeValue("enabled", machineUserData.fTeleporterEnabled);
-                pelmMachineChild->getAttributeValue("port", machineUserData.uTeleporterPort);
-                pelmMachineChild->getAttributeValue("address", machineUserData.strTeleporterAddress);
-                pelmMachineChild->getAttributeValue("password", machineUserData.strTeleporterPassword);
-            }
+                readTeleporter(pelmMachineChild, &machineUserData);
             else if (pelmMachineChild->nameEquals("FaultTolerance"))
             {