Changeset 40130 in vbox

Timestamp:

Feb 14, 2012 3:17:35 PM (13 years ago)

Author:

vboxsync

Message:

Main/webservice+doc/manual: Add SSL support to the webservice, and also add an optional parameter which ensures the authentication setting is correct. Update manual and SDK reference.

Location:

trunk

Files:

• Config.kmk (modified) (2 diffs)
• doc/manual/docbook2latex.xsl (modified) (3 diffs)
• doc/manual/en_US/SDKRef.xml (modified) (6 diffs)
• doc/manual/en_US/user_AdvancedTopics.xml (modified) (2 diffs)
• src/VBox/Installer/linux/vboxweb-service.sh.in (modified) (2 diffs)
• src/VBox/Installer/solaris/smf-vboxwebsrv.sh (modified) (3 diffs)
• src/VBox/Installer/solaris/virtualbox-webservice.xml (modified) (2 diffs)
• src/VBox/Main/webservice/Makefile.kmk (modified) (4 diffs)
• src/VBox/Main/webservice/vboxweb.cpp (modified) (20 diffs)
• src/VBox/Main/webservice/webtest.cpp (modified) (21 diffs)
• src/VBox/Runtime/VBox/VBoxRTDeps.cpp (modified) (4 diffs)

trunk/Config.kmk

@@ -8 +8 @@
 
 #
-# Copyright (C) 2006-2011 Oracle Corporation
+# Copyright (C) 2006-2012 Oracle Corporation
 #
 # This file is part of VirtualBox Open Source Edition (OSE), as
@@ -483 +483 @@
 # The webservices api.
 VBOX_WITH_WEBSERVICES = 1
+VBOX_WITH_WEBSERVICES_SSL = 1
 # The Qt 4 GUI.
 VBOX_WITH_QTGUI = 1

trunk/doc/manual/docbook2latex.xsl

@@ -19 +19 @@
         by this XSLT (see below).
 
-     Copyright (C) 2006-2010 Oracle Corporation
+     Copyright (C) 2006-2012 Oracle Corporation
 
      This file is part of VirtualBox Open Source Edition (OSE), as
@@ -585 +585 @@
             <xsl:with-param name="text" select="$subst6" />
             <xsl:with-param name="replace" select="'~'" />
-            <xsl:with-param name="with" select="'\~'" />
+            <xsl:with-param name="with" select="'\textasciitilde '" />
             <xsl:with-param name="disable-output-escaping" select="no" />
           </xsl:call-template>
@@ -676 +676 @@
             <xsl:with-param name="text" select="$subst8" />
             <xsl:with-param name="replace" select="'~'" />
-            <xsl:with-param name="with" select="'\~'" />
+            <xsl:with-param name="with" select="'\textasciitilde '" />
             <xsl:with-param name="disable-output-escaping" select="no" />
           </xsl:call-template>

trunk/doc/manual/en_US/SDKRef.xml

@@ -293 +293 @@
           binary package for your specific platform. Since the SDK contains
           only platform-independent text files and documentation, the binaries
-          are instead shipped with the platform-specific packages.</para>
+          are instead shipped with the platform-specific packages. For this
+          reason the information how to run it as a service is included in the
+          VirtualBox documentation.</para>
         </note></para>
 
@@ -340 +342 @@
             <computeroutput>-p</computeroutput>): This specifies which port to
             bind to on the host and defaults to 18083.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--ssl</computeroutput> (or
+            <computeroutput>-s</computeroutput>): This enables SSL support.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--keyfile</computeroutput> (or
+            <computeroutput>-K</computeroutput>): This specifies the file name
+            containing the server private key and the certificate. This is a
+            mandatory parameter if SSL is enabled.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--passwordfile</computeroutput> (or
+            <computeroutput>-a</computeroutput>): This specifies the file name
+            containing the password for the server private key. If unspecified
+            or an empty string is specified this is interpreted as an empty
+            password (i.e. the private key is not protected by a password). If
+            the file name <computeroutput>-</computeroutput> is specified then
+            then the password is read from the standard input stream, otherwise
+            from the specified file. The user is responsible for appropriate
+            access rights to protect the confidential password.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--cacert</computeroutput> (or
+            <computeroutput>-c</computeroutput>): This specifies the file name
+            containing the CA certificate appropriate for the server
+            certificate.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--capath</computeroutput> (or
+            <computeroutput>-C</computeroutput>): This specifies the directory
+            containing several CA certificates appropriate for the server
+            certificate.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--dhfile</computeroutput> (or
+            <computeroutput>-D</computeroutput>): This specifies the file name
+            containing the DH key. Alternatively it can contain the number of
+            bits of the DH key to generate. If left empty, RSA is used.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--randfile</computeroutput> (or
+            <computeroutput>-r</computeroutput>): This specifies the file name
+            containing the seed for the random number generator. If left empty,
+            an operating system specific source of the seed.</para>
           </listitem>
 
@@ -370 +424 @@
 
           <listitem>
+            <para><computeroutput>--threads</computeroutput> (or
+            <computeroutput>-T</computeroutput>): This specifies the maximum
+            number or worker threads, and defaults to 100. This normally does
+            not need to be changed.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--keepalive</computeroutput> (or
+            <computeroutput>-k</computeroutput>): This specifies the maximum
+            number of requests which can be sent in one web service connection,
+            and defaults to 100. This normally does not need to be changed.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--authentication</computeroutput> (or
+            <computeroutput>-A</computeroutput>): This specifies the desired
+            web service authentication method. If the parameter is not
+            specified or the empty string is specified it does not change the
+            authentication method, otherwise it is set to the specified value.
+            Using this parameter is a good measure against accidental
+            misconfiguration, as the web service ensures periodically that it
+            isn't changed.</para>
+          </listitem>
+
+          <listitem>
             <para><computeroutput>--verbose</computeroutput> (or
             <computeroutput>-v</computeroutput>): Normally, the web service
@@ -377 +456 @@
             are mapped to internally, which can be useful for debugging client
             programs.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--pidfile</computeroutput> (or
+            <computeroutput>-P</computeroutput>): Name of the PID file which is
+            created when the daemon was started.</para>
           </listitem>
 
@@ -389 +474 @@
             unattended and need to debug problems after they have
             occurred.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--logrotate</computeroutput> (or
+            <computeroutput>-R</computeroutput>): Number of old log files to
+            keep, defaults to 10. Log rotation is disabled if set to 0.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--logsize</computeroutput> (or
+            <computeroutput>-S</computeroutput>): Maximum size of log file in
+            bytes, defaults to 100MB. Log rotation is triggered if the file
+            grows beyond this limit.</para>
+          </listitem>
+
+          <listitem>
+            <para><computeroutput>--loginterval</computeroutput> (or
+            <computeroutput>-I</computeroutput>): Maximum time interval to be
+            put in a log file before rotation is triggered, in seconds, and
+            defaults to one day.</para>
           </listitem>
         </itemizedlist>
@@ -445 +550 @@
         use this variable carefully, and only if you fully understand what
         you're doing.</para>
-      </sect2>
-
-      <sect2>
-        <title>Solaris host: starting the web service via SMF</title>
-
-        <para>On Solaris hosts, the VirtualBox web service daemon is
-        integrated into the SMF framework. You can change the parameters, but
-        don't have to if the defaults below already match your needs:<screen>svccfg -s svc:/application/virtualbox/webservice:default setprop config/host=localhost
-svccfg -s svc:/application/virtualbox/webservice:default setprop config/port=18083
-svccfg -s svc:/application/virtualbox/webservice:default setprop config/user=root</screen></para>
-
-        <para>If you made any change, don't forget to run the following
-        command to put the changes into effect immediately:<screen>svcadm refresh svc:/application/virtualbox/webservice:default</screen></para>
-
-        <para>If you forget the above command then the previous settings will
-        be used when enabling the service. Check the current property settings
-        with:<screen>svcprop -p config svc:/application/virtualbox/webservice:default</screen></para>
-
-        <para>When everything is configured correctly you can start the
-        VirtualBox web service with the following command:<screen>svcadm enable svc:/application/virtualbox/webservice:default</screen></para>
-
-        <para>For more information about SMF, please refer to the Solaris
-        documentation.</para>
       </sect2>
     </sect1>

trunk/doc/manual/en_US/user_AdvancedTopics.xml

@@ -860 +860 @@
         device. Read/write access is also later needed when using the image
         from a virtual machine. On some host platforms (e.g. Windows Vista
-        and later), raw disk access may be restricted and not permitted by
-        the host OS in some situations.</para>
+        and later), raw disk access may be restricted and not permitted by
+        the host OS in some situations.</para>
 
         <para>Just like with regular disk images, this does not automatically
@@ -1877 +1877 @@
     Development Kit (SDK); please see <xref linkend="VirtualBoxAPI" />. As the
     client base using this interface is growing, we added start scripts for
-    the various operation systems we support. The following describes how to
-    use them. Please be aware that the web service is never started automatically
-    as a result of a standard installation.<itemizedlist>
-        <listitem>
-          <para>On Mac OS X, launchd is used. An example configuration file
-          can be found in
-          <computeroutput>$HOME/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist</computeroutput>.
-          It can be enabled by changing the
-          <computeroutput>Disabled</computeroutput> key from
-          <computeroutput>true</computeroutput> to
-          <computeroutput>false</computeroutput>. To manually start the
-          service use the following command: <screen>launchctl load ~/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist</screen>
-          For additional information on how launchd services could be
-          configured see <literal><ulink
-          url="http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/BPSystemStartup.html">http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/BPSystemStartup.html</ulink></literal>.</para>
-        </listitem>
-        <listitem>
-          <para>On Linux, the web service can be automatically started during
-            host boot by adding appropriate parameters to the file /etc/default/virtualbox.
-            There is one mandatory parameter, VBOXWEB_USER which must be set to
-            the user which will later start the VMs.
-            <table>
-              <title>ignored</title>
-              <tgroup cols="2">
-                <tbody>
-                  <row>
-                    <entry><emphasis role="bold">Parameter</emphasis></entry>
-                    <entry><emphasis role="bold">Description</emphasis></entry>
-                    <entry><emphasis role="bold">Default</emphasis></entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_HOST</entry>
-                    <entry>The host to bind the web service to</entry>
-                    <entry>localhost</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_PORT</entry>
-                    <entry>The port to bind the web service to</entry>
-                    <entry>18083</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_TIMEOUT</entry>
-                    <entry>Session timeout in seconds; 0 disables timeouts</entry>
-                    <entry>300</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_ CHECK_INTERVAL</entry>
-                    <entry>Frequency of timeout checks in seconds</entry>
-                    <entry>5</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_THREADS</entry>
-                    <entry>Maximum number of worker threads to run in parallel</entry>
-                    <entry>100</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_KEEPALIVE</entry>
-                    <entry>Maximum number of requests before a socket will be closed</entry>
-                    <entry>100</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_LOGFILE</entry>
-                    <entry>Name of file to write log to</entry>
-                    <entry><emphasis>no file</emphasis></entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_ROTATE</entry>
-                    <entry>Number of log files; 0 disables log rotation</entry>
-                    <entry>10</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_LOGSIZE</entry>
-                    <entry>Maximum size of a log file in bytes to trigger rotation</entry>
-                    <entry>1MB</entry>
-                  </row>
-                  <row>
-                    <entry>VBOXWEB_LOGINTERVAL</entry>
-                    <entry>Maximum time interval in seconds to trigger log rotation</entry>
-                    <entry>1 day</entry>
-                  </row>
-                </tbody>
-              </tgroup>
-            </table>
-          </para>
-        </listitem>
-      </itemizedlist></para>
+    the various operation systems we support. The following sections describe
+    how to use them. The VirtualBox web service is never started automatically
+    as a result of a standard installation.</para>
+
+    <sect2 id="vboxwebsrv-linux">
+      <title>Linux: starting the webservice via <computeroutput>init</computeroutput></title>
+
+      <para>On Linux, the web service can be automatically started during
+      host boot by adding appropriate parameters to the file
+      <computeroutput>/etc/default/virtualbox</computeroutput>.
+      There is one mandatory parameter, <computeroutput>VBOXWEB_USER</computeroutput>,
+      which must be set to the user which will later start the VMs. The
+      paramters in the table below all start with <computeroutput>VBOXWEB_</computeroutput>
+      (<computeroutput>VBOXWEB_HOST</computeroutput>,
+      <computeroutput>VBOXWEB_PORT</computeroutput> etc.):
+      <table>
+        <title>ignored</title>
+        <tgroup cols="3">
+          <tbody>
+            <row>
+              <entry><emphasis role="bold">Parameter</emphasis></entry>
+              <entry><emphasis role="bold">Description</emphasis></entry>
+              <entry><emphasis role="bold">Default</emphasis></entry>
+            </row>
+            <row>
+              <entry>USER</entry>
+              <entry>The user as which the web service runs</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>HOST</entry>
+              <entry>The host to bind the web service to</entry>
+              <entry>localhost</entry>
+            </row>
+            <row>
+              <entry>PORT</entry>
+              <entry>The port to bind the web service to</entry>
+              <entry>18083</entry>
+            </row>
+            <row>
+              <entry>SSL_KEYFILE</entry>
+              <entry>Server key and certificate file, PEM format</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>SSL_PASSWORDFILE</entry>
+              <entry>File name for password to server key</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>SSL_CACERT</entry>
+              <entry>CA certificate file, PEM format</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>SSL_CAPATH</entry>
+              <entry>CA certificate path</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>SSL_DHFILE</entry>
+              <entry>DH file name or DH key length in bits</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>SSL_RANDFILE</entry>
+              <entry>File containing seed for random number generator</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>TIMEOUT</entry>
+              <entry>Session timeout in seconds; 0 disables timeouts</entry>
+              <entry>300</entry>
+            </row>
+            <row>
+              <entry>CHECK_INTERVAL</entry>
+              <entry>Frequency of timeout checks in seconds</entry>
+              <entry>5</entry>
+            </row>
+            <row>
+              <entry>THREADS</entry>
+              <entry>Maximum number of worker threads to run in parallel</entry>
+              <entry>100</entry>
+            </row>
+            <row>
+              <entry>KEEPALIVE</entry>
+              <entry>Maximum number of requests before a socket will be closed</entry>
+              <entry>100</entry>
+            </row>
+            <row>
+              <entry>LOGFILE</entry>
+              <entry>Name of file to write log to</entry>
+              <entry></entry>
+            </row>
+            <row>
+              <entry>ROTATE</entry>
+              <entry>Number of log files; 0 disables log rotation</entry>
+              <entry>10</entry>
+            </row>
+            <row>
+              <entry>LOGSIZE</entry>
+              <entry>Maximum size of a log file in bytes to trigger rotation</entry>
+              <entry>1MB</entry>
+            </row>
+            <row>
+              <entry>LOGINTERVAL</entry>
+              <entry>Maximum time interval in seconds to trigger log rotation</entry>
+              <entry>1 day</entry>
+            </row>
+          </tbody>
+        </tgroup>
+      </table>
+      </para>
+
+      <para>Setting the parameter <computeroutput>SSL_KEYFILE</computeroutput>
+      enables the SSL/TLS support. Using encryption is strongly encouraged, as
+      otherwise everything (including passwords) is transferred in clear
+      text.</para>
+    </sect2>
+
+    <sect2 id="vboxwebsrv-solaris">
+      <title>Solaris: starting the web service via SMF</title>
+
+      <para>On Solaris hosts, the VirtualBox web service daemon is
+      integrated into the SMF framework. You can change the parameters, but
+      don't have to if the defaults below already match your needs:<screen>svccfg -s svc:/application/virtualbox/webservice:default setprop config/host=localhost
+svccfg -s svc:/application/virtualbox/webservice:default setprop config/port=18083
+svccfg -s svc:/application/virtualbox/webservice:default setprop config/user=root</screen></para>
+
+      <para>The table in the previous section showing the parameter names and
+      defaults also applies to Solaris. The parameter names must be changed
+      to lowercase and a prefix of <computeroutput>config/</computeroutput>
+      has to be added, e.g. <computeroutput>config/user</computeroutput> or
+      <computeroutput>config/ssl_keyfile</computeroutput>. If you made any
+      change, don't forget to run the following command to put the changes into
+      effect immediately:<screen>svcadm refresh svc:/application/virtualbox/webservice:default</screen></para>
+
+      <para>If you forget the above command then the previous settings will
+      be used when enabling the service. Check the current property settings
+      with:<screen>svcprop -p config svc:/application/virtualbox/webservice:default</screen></para>
+
+      <para>When everything is configured correctly you can start the
+      VirtualBox web service with the following command:<screen>svcadm enable svc:/application/virtualbox/webservice:default</screen></para>
+
+      <para>For more information about SMF, please refer to the Solaris
+      documentation.</para>
+    </sect2>
+
+    <sect2 id="vboxwebsrv-osx">
+      <title>Mac OS X: starting the webservice via launchd</title>
+
+      <para>On Mac OS X, launchd is used to start the VirtualBox webservice. An
+      example configuration file can be found in
+      <computeroutput>$HOME/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist</computeroutput>.
+      It can be enabled by changing the
+      <computeroutput>Disabled</computeroutput> key from
+      <computeroutput>true</computeroutput> to
+      <computeroutput>false</computeroutput>. To manually start the
+      service use the following command: <screen>launchctl load ~/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist</screen>
+      For additional information on how launchd services could be
+      configured see <literal><ulink
+      url="http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/BPSystemStartup.html">http://developer.apple.com/mac/library/documentation/MacOSX/Conceptual/BPSystemStartup/BPSystemStartup.html</ulink></literal>.</para>
+    </sect2>
   </sect1>
 

trunk/src/VBox/Installer/linux/vboxweb-service.sh.in

@@ -3 +3 @@
 # VirtualBox web service API daemon init script.
 #
-# Copyright (C) 2006-2011 Oracle Corporation
+# Copyright (C) 2006-2012 Oracle Corporation
 #
 # This file is part of VirtualBox Open Source Edition (OSE), as
@@ -293 +293 @@
         [ -n "$VBOXWEB_HOST" ]           && PARAMS="$PARAMS -H $VBOXWEB_HOST"
         [ -n "$VBOXWEB_PORT" ]           && PARAMS="$PARAMS -p $VBOXWEB_PORT"
+        [ -n "$VBOXWEB_SSL_KEYFILE" ]    && PARAMS="$PARAMS -s -K $VBOXWEB_SSL_KEYFILE"
+        [ -n "$VBOXWEB_SSL_PASSWORDFILE" ] && PARAMS="$PARAMS -a $VBOXWEB_SSL_PASSWORDFILE"
+        [ -n "$VBOXWEB_SSL_CACERT" ]     && PARAMS="$PARAMS -c $VBOXWEB_SSL_CACERT"
+        [ -n "$VBOXWEB_SSL_CAPATH" ]     && PARAMS="$PARAMS -C $VBOXWEB_SSL_CAPATH"
+        [ -n "$VBOXWEB_SSL_DHFILE" ]     && PARAMS="$PARAMS -D $VBOXWEB_SSL_DHFILE"
+        [ -n "$VBOXWEB_SSL_RANDFILE" ]   && PARAMS="$PARAMS -r $VBOXWEB_SSL_RANDFILE"
         [ -n "$VBOXWEB_TIMEOUT" ]        && PARAMS="$PARAMS -t $VBOXWEB_TIMEOUT"
         [ -n "$VBOXWEB_CHECK_INTERVAL" ] && PARAMS="$PARAMS -i $VBOXWEB_CHECK_INTERVAL"
         [ -n "$VBOXWEB_THREADS" ]        && PARAMS="$PARAMS -T $VBOXWEB_THREADS"
         [ -n "$VBOXWEB_KEEPALIVE" ]      && PARAMS="$PARAMS -k $VBOXWEB_KEEPALIVE"
+        [ -n "$VBOXWEB_AUTHENTICATION" ] && PARAMS="$PARAMS -A $VBOXWEB_AUTHENTICATION"
         [ -n "$VBOXWEB_LOGFILE" ]        && PARAMS="$PARAMS -F $VBOXWEB_LOGFILE"
         [ -n "$VBOXWEB_ROTATE" ]         && PARAMS="$PARAMS -R $VBOXWEB_ROTATE"

trunk/src/VBox/Installer/solaris/smf-vboxwebsrv.sh

@@ -2 +2 @@
 # $Id$
 
-# Copyright (C) 2008-2011 Oracle Corporation
+# Copyright (C) 2008-2012 Oracle Corporation
 #
 # This file is part of VirtualBox Open Source Edition (OSE), as
@@ -42 +42 @@
         VW_PORT=`/usr/bin/svcprop -p config/port $SMF_FMRI 2>/dev/null`
         [ $? != 0 ] && VW_PORT=
+        VW_SSL_KEYFILE=`/usr/bin/svcprop -p config/ssl_keyfile $SMF_FMRI 2>/dev/null`
+        [ $? != 0 ] && VW_SSL_KEYFILE=
+        VW_SSL_PASSWORDFILE=`/usr/bin/svcprop -p config/ssl_passwordfile $SMF_FMRI 2>/dev/null`
+        [ $? != 0 ] && VW_SSL_PASSWORDFILE=
+        VW_SSL_CACERT=`/usr/bin/svcprop -p config/ssl_cacert $SMF_FMRI 2>/dev/null`
+        [ $? != 0 ] && VW_SSL_CACERT=
+        VW_SSL_CAPATH=`/usr/bin/svcprop -p config/ssl_capath $SMF_FMRI 2>/dev/null`
+        [ $? != 0 ] && VW_SSL_CAPATH=
+        VW_SSL_DHFILE=`/usr/bin/svcprop -p config/ssl_dhfile $SMF_FMRI 2>/dev/null`
+        [ $? != 0 ] && VW_SSL_DHFILE=
+        VW_SSL_RANDFILE=`/usr/bin/svcprop -p config/ssl_randfile $SMF_FMRI 2>/dev/null`
+        [ $? != 0 ] && VW_SSL_RANDFILE=
         VW_TIMEOUT=`/usr/bin/svcprop -p config/timeout $SMF_FMRI 2>/dev/null`
         [ $? != 0 ] && VW_TIMEOUT=
         VW_CHECK_INTERVAL=`/usr/bin/svcprop -p config/checkinterval $SMF_FMRI 2>/dev/null`
         [ $? != 0 ] && VW_CHECK_INTERVAL=
+        VW_THREADS=`/usr/bin/svcprop -p config/threads $SMF_FMRI 2>/dev/null`
+        [ $? != 0 ] && VW_THREADS=
         VW_KEEPALIVE=`/usr/bin/svcprop -p config/keepalive $SMF_FMRI 2>/dev/null`
         [ $? != 0 ] && VW_KEEPALIVE=
+        VW_AUTHENTICATION=`/usr/bin/svcprop -p config/authentication $SMF_FMRI 2>/dev/null`
+        [ $? != 0 ] && VW_AUTHENTICATION=
+        VW_LOGFILE=`/usr/bin/svcprop -p config/logfile $SMF_FMRI 2>/dev/null`
+        [ $? != 0 ] && VW_LOGFILE=
         VW_ROTATE=`/usr/bin/svcprop -p config/logrotate $SMF_FMRI 2>/dev/null`
         [ $? != 0 ] && VW_ROTATE=
@@ -61 +79 @@
         [ -z "$VW_TIMEOUT" ] && VW_TIMEOUT=20
         [ -z "$VW_CHECK_INTERVAL" ] && VW_CHECK_INTERVAL=5
+        [ -z "$VW_THREADS" ] && VW_THREADS=100
         [ -z "$VW_KEEPALIVE" ] && VW_KEEPALIVE=100
         [ -z "$VW_ROTATE" ] && VW_ROTATE=10
         [ -z "$VW_LOGSIZE" ] && VW_LOGSIZE=104857600
         [ -z "$VW_LOGINTERVAL" ] && VW_LOGINTERVAL=86400
-        exec su - "$VW_USER" -c "/opt/VirtualBox/vboxwebsrv --background --host \"$VW_HOST\" --port \"$VW_PORT\" --timeout \"$VW_TIMEOUT\" --check-interval \"$VW_CHECK_INTERVAL\" --keepalive \"$VW_KEEPALIVE\" --logrotate \"$VW_ROTATE\" --logsize \"$VW_LOGSIZE\" --loginterval \"$VW_LOGINTERVAL\""
+
+        # Derived and optional settings
+        VW_SSL=
+        [ -n "$VW_SSL_KEYFILE" ] && VW_SSL=--ssl
+        [ -n "$VW_SSL_KEYFILE" ] && VW_SSL_KEYFILE="--keyfile $VW_SSL_KEYFILE"
+        [ -n "$VW_SSL_PASSWORDFILE" ] && VW_SSL_PASSWORDFILE="--passwordfile $VW_SSL_PASSWORDFILE"
+        [ -n "$VW_SSL_CACERT" ] && VW_SSL_CACERT="--cacert $VW_SSL_CACERT"
+        [ -n "$VW_SSL_CAPATH" ] && VW_SSL_CAPATH="--capath $VW_SSL_CAPATH"
+        [ -n "$VW_SSL_DHFILE" ] && VW_SSL_DHFILE="--dhfile $VW_SSL_DHFILE"
+        [ -n "$VW_SSL_RANDFILE" ] && VW_SSL_RANDFILE="--randfile $VW_SSL_RANDFILE"
+        [ -n "$VW_LOGFILE" ] && VW_LOGFILE="--logfile $VW_LOGFILE"
+
+        exec su - "$VW_USER" -c "/opt/VirtualBox/vboxwebsrv --background --host \"$VW_HOST\" --port \"$VW_PORT\" $VW_SSL $VW_SSL_KEYFILE $VW_SSL_PASSWORDFILE $VW_SSL_CACERT $VW_SSL_CAPATH $VW_SSL_DHFILE $VW_SSL_RANDFILE --timeout \"$VW_TIMEOUT\" --check-interval \"$VW_CHECK_INTERVAL\" --threads \"$VW_THREADS\" --keepalive \"$VW_KEEPALIVE\" --authentication \"$VW_AUTHENTICATION\" $VW_LOGFILE --logrotate \"$VW_ROTATE\" --logsize \"$VW_LOGSIZE\" --loginterval \"$VW_LOGINTERVAL\""
 
         VW_EXIT=$?

trunk/src/VBox/Installer/solaris/virtualbox-webservice.xml

@@ -5 +5 @@
 # $Id$
 
-     Copyright (C) 2008-2011 Oracle Corporation
+     Copyright (C) 2008-2012 Oracle Corporation
 
      This file is part of VirtualBox Open Source Edition (OSE), as
@@ -87 +87 @@
             <propval name='host' type='astring' value='localhost' />
             <propval name='port' type='integer' value='18083' />
+            <propval name='keyfile' type='astring' value='' />
         </property_group>
 

trunk/src/VBox/Main/webservice/Makefile.kmk

@@ -7 +7 @@
 
 #
-# Copyright (C) 2006-2011 Oracle Corporation
+# Copyright (C) 2006-2012 Oracle Corporation
 #
 # This file is part of VirtualBox Open Source Edition (OSE), as
@@ -212 +212 @@
         $(VBOXWEB_OUT_DIR) \
         $(PATH_SUB_CURRENT)
+ ifdef VBOX_WITH_WEBSERVICES_SSL
+  vboxsoap_DEFS += WITH_OPENSSL
+  vboxsoap_SDKS += VBOX_OPENSSL2
+ endif
  ifdef VBOX_WITHOUT_SPLIT_SOAPC
   vboxsoap_SOURCES = \
@@ -287 +291 @@
  vboxwebsrv_LIBS += \
         $(PATH_STAGE_LIB)/vboxsoap$(VBOX_SUFF_LIB) \
-        $(VBOX_GSOAP_CXX_LIBS)
+        $(VBOX_GSOAP_CXX_LIBS) \
+        $(LIB_RUNTIME)
  vboxwebsrv_LIBS.solaris += socket nsl
+ ifdef VBOX_WITH_WEBSERVICES_SSL
+  vboxwebsrv_DEFS += WITH_OPENSSL
+  vboxwebsrv_SDKS += VBOX_OPENSSL2
+ endif
  vboxwebsrv_SOURCES = \
         vboxweb.cpp \
@@ -430 +439 @@
  webtest_LIBS += \
         $(PATH_STAGE_LIB)/vboxsoap$(VBOX_SUFF_LIB) \
-        $(VBOX_GSOAP_CXX_LIBS)
+        $(VBOX_GSOAP_CXX_LIBS) \
+        $(LIB_RUNTIME)
  webtest_LIBS.solaris += nsl
+ ifdef VBOX_WITH_WEBSERVICES_SSL
+  webtest_DEFS += WITH_OPENSSL
+  webtest_SDKS += VBOX_OPENSSL2
+ endif
  webtest_SOURCES = \
         webtest.cpp \

trunk/src/VBox/Main/webservice/vboxweb.cpp

@@ -6 +6 @@
  *      server, to which clients can connect.
  *
- * Copyright (C) 2006-2011 Oracle Corporation
+ * Copyright (C) 2006-2012 Oracle Corporation
  *
  * This file is part of VirtualBox Open Source Edition (OSE), as
@@ -23 +23 @@
 #include <VBox/com/com.h>
 #include <VBox/com/array.h>
+#include <VBox/com/string.h>
 #include <VBox/com/ErrorInfo.h>
 #include <VBox/com/errorprint.h>
@@ -42 +43 @@
 #include <iprt/rand.h>
 #include <iprt/semaphore.h>
+#include <iprt/critsect.h>
 #include <iprt/string.h>
 #include <iprt/thread.h>
@@ -48 +50 @@
 #include <iprt/system.h>
 #include <iprt/base64.h>
+#include <iprt/stream.h>
 
 // workaround for compile problems on gcc 4.1
@@ -75 +78 @@
 
 RT_C_DECLS_END
+
+static void WebLogSoapError(struct soap *soap);
 
 /****************************************************************************
@@ -117 +122 @@
 unsigned int            g_uBindToPort = 18083;          // port
 unsigned int            g_uBacklog = 100;               // backlog = max queue size for requests
+
+#ifdef WITH_OPENSSL
+bool                    g_fSSL = false;                 // if SSL is enabled
+const char              *g_pcszKeyFile = NULL;          // server key file
+const char              *g_pcszPassword = NULL;         // password for server key
+const char              *g_pcszCACert = NULL;           // file with trusted CA certificates
+const char              *g_pcszCAPath = NULL;           // directory with trusted CA certificates
+const char              *g_pcszDHFile = NULL;           // DH file name or DH key length in bits, NULL=use RSA
+const char              *g_pcszRandFile = NULL;         // file with random data seed
+const char              *g_pcszSID = "vboxwebsrv";      // server ID for SSL session cache
+#endif /* WITH_OPENSSL */
+
 unsigned int            g_cMaxWorkerThreads = 100;      // max. no. of worker threads
 unsigned int            g_cMaxKeepAlive = 100;          // maximum number of soap requests in one connection
+
+const char              *g_pcszAuthentication = NULL;   // web service authentication
 
 uint32_t                g_cHistory = 10;                // enable log rotation, 10 files
@@ -180 +199 @@
         { "--host",             'H', RTGETOPT_REQ_STRING },
         { "--port",             'p', RTGETOPT_REQ_UINT32 },
+#ifdef WITH_OPENSSL
+        { "--ssl",              's', RTGETOPT_REQ_NOTHING },
+        { "--keyfile",          'K', RTGETOPT_REQ_STRING },
+        { "--passwordfile",     'a', RTGETOPT_REQ_STRING },
+        { "--cacert",           'c', RTGETOPT_REQ_STRING },
+        { "--capath",           'C', RTGETOPT_REQ_STRING },
+        { "--dhfile",           'D', RTGETOPT_REQ_STRING },
+        { "--randfile",         'r', RTGETOPT_REQ_STRING },
+#endif /* WITH_OPENSSL */
         { "--timeout",          't', RTGETOPT_REQ_UINT32 },
         { "--check-interval",   'i', RTGETOPT_REQ_UINT32 },
         { "--threads",          'T', RTGETOPT_REQ_UINT32 },
         { "--keepalive",        'k', RTGETOPT_REQ_UINT32 },
+        { "--authentication",   'A', RTGETOPT_REQ_STRING },
         { "--verbose",          'v', RTGETOPT_REQ_NOTHING },
         { "--pidfile",          'P', RTGETOPT_REQ_STRING },
@@ -226 +255 @@
                 break;
 
+#ifdef WITH_OPENSSL
+            case 's':
+                pcszDescr = "Enable SSL/TLS encryption.";
+                break;
+
+            case 'K':
+                pcszDescr = "Server key and certificate file, PEM format (\"\").";
+                break;
+
+            case 'a':
+                pcszDescr = "File name for password to server key (\"\").";
+                break;
+
+            case 'c':
+                pcszDescr = "CA certificate file, PEM format (\"\").";
+                break;
+
+            case 'C':
+                pcszDescr = "CA certificate path (\"\").";
+                break;
+
+            case 'D':
+                pcszDescr = "DH file name or DH key length in bits (\"\").";
+                break;
+
+            case 'r':
+                pcszDescr = "File containing seed for random number generator (\"\").";
+                break;
+#endif /* WITH_OPENSSL */
+
             case 't':
                 pcszDescr = "Session timeout in seconds; 0 = disable timeouts (" DEFAULT_TIMEOUT_SECS_STRING ").";
@@ -236 +295 @@
             case 'k':
                 pcszDescr = "Maximum number of requests before a socket will be closed (100).";
+                break;
+
+            case 'A':
+                pcszDescr = "Authentication method for the webservice (\"\").";
                 break;
 
@@ -516 +579 @@
         m_soap->recv_timeout = 60;
         // process the request; this goes into the COM code in methodmaps.cpp
-        soap_serve(m_soap);
+        do {
+#ifdef WITH_OPENSSL
+            if (g_fSSL && soap_ssl_accept(m_soap))
+            {
+                WebLogSoapError(m_soap);
+                break;
+            }
+#endif /* WITH_OPENSSL */
+            soap_serve(m_soap);
+        } while (0);
 
         soap_destroy(m_soap); // clean up class instances
@@ -632 +704 @@
  * @param soap
  */
+/*static*/
 void WebLogSoapError(struct soap *soap)
 {
@@ -715 +788 @@
 }
 
+#ifdef WITH_OPENSSL
 /****************************************************************************
  *
+ * OpenSSL convenience functions for multithread support
+ *
+ ****************************************************************************/
+
+static RTCRITSECT *g_pSSLMutexes = NULL;
+
+struct CRYPTO_dynlock_value
+{
+    RTCRITSECT mutex;
+};
+
+static unsigned long CRYPTO_id_function()
+{
+    return RTThreadNativeSelf();
+}
+
+static void CRYPTO_locking_function(int mode, int n, const char * /*file*/, int /*line*/)
+{
+    if (mode & CRYPTO_LOCK)
+        RTCritSectEnter(&g_pSSLMutexes[n]);
+    else
+        RTCritSectLeave(&g_pSSLMutexes[n]);
+}
+
+static struct CRYPTO_dynlock_value *CRYPTO_dyn_create_function(const char * /*file*/, int /*line*/)
+{
+    struct CRYPTO_dynlock_value *value = (struct CRYPTO_dynlock_value *)RTMemAlloc(sizeof(struct CRYPTO_dynlock_value));
+    if (value)
+        RTCritSectInit(&value->mutex);
+
+    return value;
+}
+
+static void CRYPTO_dyn_lock_function(int mode, struct CRYPTO_dynlock_value *value, const char * /*file*/, int /*line*/)
+{
+    if (mode & CRYPTO_LOCK)
+        RTCritSectEnter(&value->mutex);
+    else
+        RTCritSectLeave(&value->mutex);
+}
+
+static void CRYPTO_dyn_destroy_function(struct CRYPTO_dynlock_value *value, const char * /*file*/, int /*line*/)
+{
+    if (value)
+    {
+        RTCritSectDelete(&value->mutex);
+        free(value);
+    }
+}
+
+static int CRYPTO_thread_setup()
+{
+    int num_locks = CRYPTO_num_locks();
+    g_pSSLMutexes = (RTCRITSECT *)RTMemAlloc(num_locks * sizeof(RTCRITSECT));
+    if (!g_pSSLMutexes)
+        return SOAP_EOM;
+
+    for (int i = 0; i < num_locks; i++)
+    {
+        int rc = RTCritSectInit(&g_pSSLMutexes[i]);
+        if (RT_FAILURE(rc))
+        {
+            for ( ; i >= 0; i--)
+                RTCritSectDelete(&g_pSSLMutexes[i]);
+            RTMemFree(g_pSSLMutexes);
+            g_pSSLMutexes = NULL;
+            return SOAP_EOM;
+        }
+    }
+
+    CRYPTO_set_id_callback(CRYPTO_id_function);
+    CRYPTO_set_locking_callback(CRYPTO_locking_function);
+    CRYPTO_set_dynlock_create_callback(CRYPTO_dyn_create_function);
+    CRYPTO_set_dynlock_lock_callback(CRYPTO_dyn_lock_function);
+    CRYPTO_set_dynlock_destroy_callback(CRYPTO_dyn_destroy_function);
+
+    return SOAP_OK;
+}
+
+static void CRYPTO_thread_cleanup()
+{
+    if (!g_pSSLMutexes)
+        return;
+
+    CRYPTO_set_id_callback(NULL);
+    CRYPTO_set_locking_callback(NULL);
+    CRYPTO_set_dynlock_create_callback(NULL);
+    CRYPTO_set_dynlock_lock_callback(NULL);
+    CRYPTO_set_dynlock_destroy_callback(NULL);
+
+    int num_locks = CRYPTO_num_locks();
+    for (int i = 0; i < num_locks; i++)
+        RTCritSectDelete(&g_pSSLMutexes[i]);
+
+    RTMemFree(g_pSSLMutexes);
+    g_pSSLMutexes = NULL;
+}
+#endif /* WITH_OPENSSL */
+
+/****************************************************************************
+ *
  * SOAP queue pumper thread
  *
@@ -723 +898 @@
 void doQueuesLoop()
 {
+#ifdef WITH_OPENSSL
+    if (g_fSSL && CRYPTO_thread_setup())
+    {
+        WebLog("Failed to set up OpenSSL thread mutex!");
+        exit(RTEXITCODE_FAILURE);
+    }
+#endif /* WITH_OPENSSL */
+
     // set up gSOAP
     struct soap soap;
     soap_init(&soap);
+
+#ifdef WITH_OPENSSL
+    if (g_fSSL && soap_ssl_server_context(&soap, SOAP_SSL_DEFAULT, g_pcszKeyFile,
+                                         g_pcszPassword, g_pcszCACert, g_pcszCAPath,
+                                         g_pcszDHFile, g_pcszRandFile, g_pcszSID))
+    {
+        WebLogSoapError(&soap);
+        exit(RTEXITCODE_FAILURE);
+    }
+#endif /* WITH_OPENSSL */
 
     soap.bind_flags |= SO_REUSEADDR;
@@ -739 +932 @@
     else
     {
-        WebLog("Socket connection successful: host = %s, port = %u, master socket = %d\n",
+        WebLog("Socket connection successful: host = %s, port = %u, %smaster socket = %d\n",
                (g_pcszBindToHost) ? g_pcszBindToHost : "default (localhost)",
                g_uBindToPort,
+#ifdef WITH_OPENSSL
+               g_fSSL ? "SSL, " : "",
+#else /* !WITH_OPENSSL */
+               "",
+#endif /*!WITH_OPENSSL */
                m);
 
@@ -766 +964 @@
     }
     soap_done(&soap); // close master socket and detach environment
+
+#ifdef WITH_OPENSSL
+    if (g_fSSL)
+        CRYPTO_thread_cleanup();
+#endif /* WITH_OPENSSL */
 }
 
@@ -840 +1043 @@
                 break;
 
+#ifdef WITH_OPENSSL
+            case 's':
+                g_fSSL = true;
+                break;
+
+            case 'K':
+                g_pcszKeyFile = ValueUnion.psz;
+                break;
+
+            case 'a':
+                if (ValueUnion.psz[0] == '\0')
+                    g_pcszPassword = NULL;
+                else
+                {
+                    PRTSTREAM StrmIn;
+                    if (!strcmp(ValueUnion.psz, "-"))
+                        StrmIn = g_pStdIn;
+                    else
+                    {
+                        int vrc = RTStrmOpen(ValueUnion.psz, "r", &StrmIn);
+                        if (RT_FAILURE(vrc))
+                            return RTMsgErrorExit(RTEXITCODE_FAILURE, "failed to open password file (%s, %Rrc)", ValueUnion.psz, vrc);
+                    }
+                    char szPasswd[512];
+                    int vrc = RTStrmGetLine(StrmIn, szPasswd, sizeof(szPasswd));
+                    if (RT_FAILURE(vrc))
+                        return RTMsgErrorExit(RTEXITCODE_FAILURE, "failed to read password (%s, %Rrc)", ValueUnion.psz, vrc);
+                    g_pcszPassword = RTStrDup(szPasswd);
+                    memset(szPasswd, '\0', sizeof(szPasswd));
+                    if (StrmIn != g_pStdIn)
+                        RTStrmClose(StrmIn);
+                }
+                break;
+
+            case 'c':
+                g_pcszCACert = ValueUnion.psz;
+                break;
+
+            case 'C':
+                g_pcszCAPath = ValueUnion.psz;
+                break;
+
+            case 'D':
+                g_pcszDHFile = ValueUnion.psz;
+                break;
+
+            case 'r':
+                g_pcszRandFile = ValueUnion.psz;
+                break;
+#endif /* WITH_OPENSSL */
+
             case 't':
                 g_iWatchdogTimeoutSecs = ValueUnion.u32;
@@ -874 +1128 @@
             case 'k':
                 g_cMaxKeepAlive = ValueUnion.u32;
+                break;
+
+            case 'A':
+                g_pcszAuthentication = ValueUnion.psz;
                 break;
 
@@ -964 +1222 @@
 #endif
 
+    // initialize SOAP SSL support if enabled
+#ifdef WITH_OPENSSL
+    if (g_fSSL)
+        soap_ssl_init();
+#endif /* WITH_OPENSSL */
+
     // initialize COM/XPCOM
     HRESULT hrc = com::Initialize();
@@ -989 +1253 @@
         RTMsgError("Failed to get VirtualBox object (rc=%Rhrc)!", hrc);
         return RTEXITCODE_FAILURE;
+    }
+
+    // set the authentication method if requested
+    if (g_pVirtualBox && g_pcszAuthentication && g_pcszAuthentication[0])
+    {
+        ComPtr<ISystemProperties> pSystemProperties;
+        g_pVirtualBox->COMGETTER(SystemProperties)(pSystemProperties.asOutParam());
+        if (pSystemProperties)
+            pSystemProperties->COMSETTER(WebServiceAuthLibrary)(com::Bstr(g_pcszAuthentication).raw());
     }
 
@@ -1114 +1387 @@
                 ++it;
         }
+
+        // re-set the authentication method in case it has been changed
+        if (g_pVirtualBox && g_pcszAuthentication && g_pcszAuthentication[0])
+        {
+            ComPtr<ISystemProperties> pSystemProperties;
+            g_pVirtualBox->COMGETTER(SystemProperties)(pSystemProperties.asOutParam());
+            if (pSystemProperties)
+                pSystemProperties->COMSETTER(WebServiceAuthLibrary)(com::Bstr(g_pcszAuthentication).raw());
+        }
     }
 

trunk/src/VBox/Main/webservice/webtest.cpp

@@ -4 +4 @@
  *      functionality of VBoxManage for testing purposes.
  *
- * Copyright (C) 2006-2010 Oracle Corporation
+ * Copyright (C) 2006-2012 Oracle Corporation
  *
  * This file is part of VirtualBox Open Source Edition (OSE), as
@@ -26 +26 @@
 
 
+static void usage(int exitcode)
+{
+    std::cout <<
+       "webtest: VirtualBox webservice testcase.\n"
+       "\nUsage: webtest [options] [command]...\n"
+       "\nSupported options:\n"
+       " -h: print this help message and exit.\n"
+       " -c URL: specify the webservice server URL (default http://localhost:18083/).\n"
+       "\nSupported commands:\n"
+       " - IWebsessionManager:\n"
+       "   - webtest logon <user> <pass>: IWebsessionManager::logon().\n"
+       "   - webtest getsession <vboxref>: IWebsessionManager::getSessionObject().\n"
+       "   - webtest logoff <vboxref>: IWebsessionManager::logoff().\n"
+       " - IVirtualBox:\n"
+       "   - webtest version <vboxref>: IVirtualBox::getVersion().\n"
+       "   - webtest gethost <vboxref>: IVirtualBox::getHost().\n"
+       "   - webtest getpc <vboxref>: IVirtualBox::getPerformanceCollector().\n"
+       "   - webtest getmachines <vboxref>: IVirtualBox::getMachines().\n"
+       "   - webtest createmachine <vboxref> <settingsPath> <name>: IVirtualBox::createMachine().\n"
+       "   - webtest registermachine <vboxref> <machineref>: IVirtualBox::registerMachine().\n"
+       " - IHost:\n"
+       "   - webtest getdvddrives <hostref>: IHost::getDVDDrives.\n"
+       " - IHostDVDDrive:\n"
+       "   - webtest getdvdname <dvdref>: IHostDVDDrive::getname.\n"
+       " - IMachine:\n"
+       "   - webtest getname <machineref>: IMachine::getName().\n"
+       "   - webtest getid <machineref>: IMachine::getId().\n"
+       "   - webtest getostype <machineref>: IMachine::getGuestOSType().\n"
+       "   - webtest savesettings <machineref>: IMachine::saveSettings().\n"
+       " - IPerformanceCollector:\n"
+       "   - webtest setupmetrics <pcref>: IPerformanceCollector::setupMetrics()\n"
+       "   - webtest querymetricsdata <pcref>: IPerformanceCollector::QueryMetricsData()\n"
+       " - All managed object references:\n"
+       "   - webtest getif <ref>: report interface of object.\n"
+       "   - webtest release <ref>: IUnknown::Release().\n";
+    exit(exitcode);
+}
+
 /**
  *
@@ -34 +72 @@
 int main(int argc, char* argv[])
 {
+    bool fSSL = false;
+    const char *pcszArgEndpoint = "http://localhost:18083/";
+
+    int ap;
+    for (ap = 1; ap <= argc; ap++)
+    {
+        if (argv[ap][0] == '-')
+        {
+            if (!strcmp(argv[ap], "-h"))
+                usage(0);
+            else if (!strcmp(argv[ap], "-c"))
+            {
+                ap++;
+                if (ap > argc)
+                    usage(1);
+                pcszArgEndpoint = argv[ap];
+                fSSL = !strncmp(pcszArgEndpoint, "https://", 8);
+            }
+            else
+                usage(1);
+        }
+        else
+            break;
+    }
+
+    if (argc < 1 + ap)
+        usage(1);
+
+#ifdef WITH_OPENSSL
+    if (fSSL)
+        soap_ssl_init();
+#endif /* WITH_OPENSSL */
+
     struct soap soap; // gSOAP runtime environment
     soap_init(&soap); // initialize runtime environment (only once)
-
-    if (argc < 2)
-    {
-        std::cout <<
-               "webtest: VirtualBox webservice testcase.\n"
-               "Usage:\n"
-               " - IWebsessionManager:\n"
-               "   - webtest logon <user> <pass>: IWebsessionManager::logon().\n"
-               "   - webtest getsession <vboxref>: IWebsessionManager::getSessionObject().\n"
-               "   - webtest logoff <vboxref>: IWebsessionManager::logoff().\n"
-               " - IVirtualBox:\n"
-               "   - webtest version <vboxref>: IVirtualBox::getVersion().\n"
-               "   - webtest gethost <vboxref>: IVirtualBox::getHost().\n"
-               "   - webtest getpc <vboxref>: IVirtualBox::getPerformanceCollector().\n"
-               "   - webtest getmachines <vboxref>: IVirtualBox::getMachines().\n"
-               "   - webtest createmachine <vboxref> <settingsPath> <name>: IVirtualBox::createMachine().\n"
-               "   - webtest registermachine <vboxref> <machineref>: IVirtualBox::registerMachine().\n"
-               " - IHost:\n"
-               "   - webtest getdvddrives <hostref>: IHost::getDVDDrives.\n"
-               " - IHostDVDDrive:\n"
-               "   - webtest getdvdname <dvdref>: IHostDVDDrive::getname.\n"
-               " - IMachine:\n"
-               "   - webtest getname <machineref>: IMachine::getName().\n"
-               "   - webtest getid <machineref>: IMachine::getId().\n"
-               "   - webtest getostype <machineref>: IMachine::getGuestOSType().\n"
-               "   - webtest savesettings <machineref>: IMachine::saveSettings().\n"
-               " - IPerformanceCollector:\n"
-               "   - webtest setupmetrics <pcref>: IPerformanceCollector::setupMetrics()\n"
-               "   - webtest querymetricsdata <pcref>: IPerformanceCollector::QueryMetricsData()\n"
-               " - All managed object references:\n"
-               "   - webtest getif <ref>: report interface of object.\n"
-               "   - webtest release <ref>: IUnknown::Release().\n";
+#ifdef WITH_OPENSSL
+    // Use SOAP_SSL_NO_AUTHENTICATION here to accept broken server configs.
+    // In a real world setup please use at least SOAP_SSL_DEFAULT and provide
+    // the necessary CA certificate for validating the server's certificate.
+    if (fSSL && soap_ssl_client_context(&soap, SOAP_SSL_NO_AUTHENTICATION,
+                                        NULL /*clientkey*/, NULL /*password*/,
+                                        NULL /*cacert*/, NULL /*capath*/,
+                                        NULL /*randfile*/))
+    {
+        soap_print_fault(&soap, stderr);
         exit(1);
     }
-
-    const char *pcszArgEndpoint = "localhost:18083";
-
-    const char *pcszMode = argv[1];
-    int soaprc = 2;
+#endif /* WITH_OPENSSL */
+
+    const char *pcszMode = argv[ap];
+    int soaprc = SOAP_SVR_FAULT;
 
     if (!strcmp(pcszMode, "logon"))
     {
-        if (argc < 4)
+        if (argc < 3 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IWebsessionManager_USCORElogon req;
-            req.username = argv[2];
-            req.password = argv[3];
+            req.username = argv[ap + 1];
+            req.password = argv[ap + 2];
             _vbox__IWebsessionManager_USCORElogonResponse resp;
 
@@ -97 +145 @@
     else if (!strcmp(pcszMode, "getsession"))
     {
-        if (argc < 3)
+        if (argc < 2 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IWebsessionManager_USCOREgetSessionObject req;
-            req.refIVirtualBox = argv[2];
+            req.refIVirtualBox = argv[ap + 1];
             _vbox__IWebsessionManager_USCOREgetSessionObjectResponse resp;
 
@@ -115 +163 @@
     else if (!strcmp(pcszMode, "logoff"))
     {
-        if (argc < 3)
+        if (argc < 2 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IWebsessionManager_USCORElogoff req;
-            req.refIVirtualBox = argv[2];
+            req.refIVirtualBox = argv[ap + 1];
             _vbox__IWebsessionManager_USCORElogoffResponse resp;
 
@@ -135 +183 @@
     else if (!strcmp(pcszMode, "version"))
     {
-        if (argc < 3)
+        if (argc < 2 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IVirtualBox_USCOREgetVersion req;
-            req._USCOREthis = argv[2];
+            req._USCOREthis = argv[ap + 1];
             _vbox__IVirtualBox_USCOREgetVersionResponse resp;
 
@@ -153 +201 @@
     else if (!strcmp(pcszMode, "gethost"))
     {
-        if (argc < 3)
+        if (argc < 2 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IVirtualBox_USCOREgetHost req;
-            req._USCOREthis = argv[2];
+            req._USCOREthis = argv[ap + 1];
             _vbox__IVirtualBox_USCOREgetHostResponse resp;
 
@@ -173 +221 @@
     else if (!strcmp(pcszMode, "getpc"))
     {
-        if (argc < 3)
+        if (argc < 2 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IVirtualBox_USCOREgetPerformanceCollector req;
-            req._USCOREthis = argv[2];
+            req._USCOREthis = argv[ap + 1];
             _vbox__IVirtualBox_USCOREgetPerformanceCollectorResponse resp;
 
@@ -193 +241 @@
     else if (!strcmp(pcszMode, "getmachines"))
     {
-        if (argc < 3)
+        if (argc < 2 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IVirtualBox_USCOREgetMachines req;
-            req._USCOREthis = argv[2];
+            req._USCOREthis = argv[ap + 1];
             _vbox__IVirtualBox_USCOREgetMachinesResponse resp;
 
@@ -219 +267 @@
     else if (!strcmp(pcszMode, "createmachine"))
     {
-        if (argc < 5)
+        if (argc < 4 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IVirtualBox_USCOREcreateMachine req;
-            req._USCOREthis = argv[2];
-            req.settingsFile = argv[3];
-            req.name = argv[4];
+            req._USCOREthis = argv[ap + 1];
+            req.settingsFile = argv[ap + 2];
+            req.name = argv[ap + 3];
             std::cout << "createmachine: settingsFile = \"" << req.settingsFile << "\", name = \"" << req.name << "\"\n";
             _vbox__IVirtualBox_USCOREcreateMachineResponse resp;
@@ -240 +288 @@
     else if (!strcmp(pcszMode, "registermachine"))
     {
-        if (argc < 4)
+        if (argc < 3 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IVirtualBox_USCOREregisterMachine req;
-            req._USCOREthis = argv[2];
-            req.machine = argv[3];
+            req._USCOREthis = argv[ap + 1];
+            req.machine = argv[ap + 2];
             _vbox__IVirtualBox_USCOREregisterMachineResponse resp;
             if (!(soaprc = soap_call___vbox__IVirtualBox_USCOREregisterMachine(&soap,
@@ -258 +306 @@
     else if (!strcmp(pcszMode, "getdvddrives"))
     {
-        if (argc < 3)
+        if (argc < 2 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IHost_USCOREgetDVDDrives req;
-            req._USCOREthis = argv[2];
+            req._USCOREthis = argv[ap + 1];
             _vbox__IHost_USCOREgetDVDDrivesResponse resp;
             if (!(soaprc = soap_call___vbox__IHost_USCOREgetDVDDrives(&soap,
@@ -283 +331 @@
     else if (!strcmp(pcszMode, "getname"))
     {
-        if (argc < 3)
+        if (argc < 2 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IMachine_USCOREgetName req;
-            req._USCOREthis = argv[2];
+            req._USCOREthis = argv[ap + 1];
             _vbox__IMachine_USCOREgetNameResponse resp;
             if (!(soaprc = soap_call___vbox__IMachine_USCOREgetName(&soap,
@@ -300 +348 @@
     else if (!strcmp(pcszMode, "getid"))
     {
-        if (argc < 3)
+        if (argc < 2 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IMachine_USCOREgetId req;
-            req._USCOREthis = argv[2];
+            req._USCOREthis = argv[ap + 1];
             _vbox__IMachine_USCOREgetIdResponse resp;
             if (!(soaprc = soap_call___vbox__IMachine_USCOREgetId(&soap,
@@ -317 +365 @@
     else if (!strcmp(pcszMode, "getostypeid"))
     {
-        if (argc < 3)
+        if (argc < 2 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IMachine_USCOREgetOSTypeId req;
-            req._USCOREthis = argv[2];
+            req._USCOREthis = argv[ap + 1];
             _vbox__IMachine_USCOREgetOSTypeIdResponse resp;
             if (!(soaprc = soap_call___vbox__IMachine_USCOREgetOSTypeId(&soap,
@@ -334 +382 @@
     else if (!strcmp(pcszMode, "savesettings"))
     {
-        if (argc < 3)
+        if (argc < 2 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IMachine_USCOREsaveSettings req;
-            req._USCOREthis = argv[2];
+            req._USCOREthis = argv[ap + 1];
             _vbox__IMachine_USCOREsaveSettingsResponse resp;
             if (!(soaprc = soap_call___vbox__IMachine_USCOREsaveSettings(&soap,
@@ -351 +399 @@
     else if (!strcmp(pcszMode, "setupmetrics"))
     {
-        if (argc < 3)
+        if (argc < 2 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IPerformanceCollector_USCOREsetupMetrics req;
-            req._USCOREthis = argv[2];
+            req._USCOREthis = argv[ap + 1];
 //             req.metricNames[0] = "*";
 //             req.objects
@@ -380 +428 @@
     else if (!strcmp(pcszMode, "querymetricsdata"))
     {
-        if (argc < 3)
+        if (argc < 2 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IPerformanceCollector_USCOREqueryMetricsData req;
-            req._USCOREthis = argv[2];
+            req._USCOREthis = argv[ap + 1];
 //             req.metricNames[0] = "*";
 //             req.objects
@@ -407 +455 @@
     else if (!strcmp(pcszMode, "release"))
     {
-        if (argc < 3)
+        if (argc < 2 + ap)
             std::cout << "Not enough arguments for \"" << pcszMode << "\" mode.\n";
         else
         {
             _vbox__IManagedObjectRef_USCORErelease req;
-            req._USCOREthis = argv[2];
+            req._USCOREthis = argv[ap + 1];
             _vbox__IManagedObjectRef_USCOREreleaseResponse resp;
             if (!(soaprc = soap_call___vbox__IManagedObjectRef_USCORErelease(&soap,
@@ -435 +483 @@
                 std::cout << "Bad object ID: " << soap.fault->detail->vbox__InvalidObjectFault->badObjectID << "\n";
             }
-            if (soap.fault->detail->vbox__RuntimeFault)
+            else if (soap.fault->detail->vbox__RuntimeFault)
             {
                 std::cout << "Result code:   0x" << std::hex << soap.fault->detail->vbox__RuntimeFault->resultCode << "\n";
@@ -442 +490 @@
                 std::cout << "Interface ID:  " << std::hex << soap.fault->detail->vbox__RuntimeFault->interfaceID << "\n";
             }
+            else
+            {
+                // generic fault
+                std::cerr << "Generic fault message:\n";
+                soap_print_fault(&soap, stderr); // display the SOAP fault message on the stderr stream
+            }
         }
         else

trunk/src/VBox/Runtime/VBox/VBoxRTDeps.cpp

@@ -5 +5 @@
 
 /*
- * Copyright (C) 2006-2011 Oracle Corporation
+ * Copyright (C) 2006-2012 Oracle Corporation
  *
  * This file is part of VirtualBox Open Source Edition (OSE), as
@@ -44 +44 @@
 #include <openssl/rsa.h>
 #include <openssl/ssl.h>
+#include <openssl/rand.h>
 
 
@@ -63 +64 @@
     (PFNRT)PEM_read_bio_PrivateKey,
     (PFNRT)X509_free,
+    (PFNRT)X509_verify_cert_error_string,
+    (PFNRT)i2d_X509,
     (PFNRT)i2d_X509,
     (PFNRT)RSA_generate_key,
+    (PFNRT)RAND_load_file,
+    (PFNRT)CRYPTO_set_dynlock_create_callback,
+    (PFNRT)CRYPTO_set_dynlock_lock_callback,
+    (PFNRT)CRYPTO_set_dynlock_destroy_callback,
     (PFNRT)RTAssertShouldPanic,
     (PFNRT)ASMAtomicReadU64,
@@ -71 +78 @@
     (PFNRT)SSL_free,
     (PFNRT)SSL_library_init,
+    (PFNRT)SSL_load_error_strings,
     (PFNRT)SSL_CTX_free,
     (PFNRT)SSL_CTX_use_certificate_file,
+    (PFNRT)SSLv23_method,
     (PFNRT)TLSv1_server_method,
     NULL