Changeset 54885 in vbox

Timestamp:

Mar 20, 2015 5:38:27 PM (10 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

99100

Message:

Main: Add a method to check for the correct encryption password

Location:

trunk/src/VBox

Files:

• Frontends/VBoxManage/VBoxManage.cpp (modified) (1 diff)
• Frontends/VBoxManage/VBoxManage.h (modified) (2 diffs)
• Frontends/VBoxManage/VBoxManageDisk.cpp (modified) (1 diff)
• Frontends/VBoxManage/VBoxManageHelp.cpp (modified) (1 diff)
• Main/idl/VirtualBox.xidl (modified) (2 diffs)
• Main/include/MediumImpl.h (modified) (1 diff)
• Main/src-server/MediumImpl.cpp (modified) (1 diff)

trunk/src/VBox/Frontends/VBoxManage/VBoxManage.cpp

@@ -492 +492 @@
             { "clonevdi",         USAGE_CLONEMEDIUM,       handleCloneMedium }, /* backward compatibility */
             { "encryptmedium",    USAGE_ENCRYPTMEDIUM,     handleEncryptMedium},
+            { "checkmediumpwd",   USAGE_MEDIUMENCCHKPWD,   handleCheckMediumPassword},
             { "createvm",         USAGE_CREATEVM,          handleCreateVM },
             { "modifyvm",         USAGE_MODIFYVM,          handleModifyVM },

trunk/src/VBox/Frontends/VBoxManage/VBoxManage.h

@@ -106 +106 @@
 #define USAGE_MEDIUMPROPERTY        RT_BIT_64(60)
 #define USAGE_ENCRYPTMEDIUM         RT_BIT_64(61)
+#define USAGE_MEDIUMENCCHKPWD       RT_BIT_64(62)
 #define USAGE_ALL                   (~(uint64_t)0)
 /** @} */
@@ -264 +265 @@
 int handleMediumProperty(HandlerArg *a);
 int handleEncryptMedium(HandlerArg *a);
+int handleCheckMediumPassword(HandlerArg *a);
 RTEXITCODE handleConvertFromRaw(int argc, char *argv[]);
 HRESULT showMediumInfo(const ComPtr<IVirtualBox> &pVirtualBox,

trunk/src/VBox/Frontends/VBoxManage/VBoxManageDisk.cpp

@@ -1841 +1841 @@
 }
 
+int handleCheckMediumPassword(HandlerArg *a)
+{
+    HRESULT rc;
+    int vrc;
+    ComPtr<IMedium> hardDisk;
+    const char *pszFilenameOrUuid = NULL;
+    Utf8Str strPassword;
+
+    if (a->argc != 2)
+        return errorSyntax(USAGE_MEDIUMENCCHKPWD, "Invalid number of arguments: %d", a->argc);
+
+    pszFilenameOrUuid = a->argv[0];
+
+    if (!RTStrCmp(a->argv[1], "-"))
+    {
+        /* Get password from console. */
+        vrc = getPassword("Enter password:", &strPassword);
+        if (RT_FAILURE(vrc))
+        {
+            RTMsgError("Failed to read password from standard input");
+            return 1;
+        }
+    }
+    else
+    {
+        RTEXITCODE rcExit = readPasswordFile(a->argv[1], &strPassword);
+        if (rcExit == RTEXITCODE_FAILURE)
+        {
+            RTMsgError("Failed to read password from file");
+            return rcExit;
+        }
+    }
+
+    /* Always open the medium if necessary, there is no other way. */
+    rc = openMedium(a, pszFilenameOrUuid, DeviceType_HardDisk,
+                    AccessMode_ReadWrite, hardDisk,
+                    false /* fForceNewUuidOnOpen */, false /* fSilent */);
+    if (FAILED(rc))
+        return 1;
+    if (hardDisk.isNull())
+    {
+        RTMsgError("Invalid hard disk reference, avoiding crash");
+        return 1;
+    }
+
+    CHECK_ERROR(hardDisk, CheckEncryptionPassword(Bstr(strPassword).raw()));
+    if (SUCCEEDED(rc))
+        RTPrintf("The given password is correct\n");
+    return SUCCEEDED(rc) ? 0 : 1;
+}
+
 #endif /* !VBOX_ONLY_DOCS */

trunk/src/VBox/Frontends/VBoxManage/VBoxManageHelp.cpp

@@ -645 +645 @@
                      "\n", SEP);
 
+    if (fCategory & USAGE_MEDIUMENCCHKPWD)
+        RTStrmPrintf(pStrm,
+                           "%s checkmediumpwd %s  <uuid|filename>\n"
+                     "                            <pwd file>|-\n"
+                     "\n", SEP);
+
     if (fCategory & USAGE_CONVERTFROMRAW)
         RTStrmPrintf(pStrm,

trunk/src/VBox/Main/idl/VirtualBox.xidl

@@ -13489 +13489 @@
   <interface
     name="IMedium" extends="$unknown"
-    uuid="9fae9ea1-c57c-4a3d-8992-cbb2b9b4b4a3"
+    uuid="9680d99b-3550-4e14-8fc4-82ad1426cbde"
     wsmap="managed"
     >
@@ -14793 +14793 @@
       <param name="passwordId" type="wstring" dir="return">
         <desc>The ID of the password when unlocking the medium.</desc>
+      </param>
+    </method>
+
+    <method name="checkEncryptionPassword" const="yes">
+      <desc>
+        Checks whether the supplied password is correct for the medium.
+
+        <result name="VBOX_E_NOT_SUPPORTED">
+          Encryption is not configured for this medium.
+        </result>
+        <result name="VBOX_E_PASSWORD_INCORRECT">
+          The given password is incorrect.
+        </result>
+      </desc>
+      <param name="password" type="wstring" dir="in">
+        <desc>The password to check.</desc>
       </param>
     </method>

trunk/src/VBox/Main/include/MediumImpl.h

@@ -280 +280 @@
                              ComPtr<IProgress> &aProgress);
     HRESULT getEncryptionSettings(com::Utf8Str &aCipher, com::Utf8Str &aPasswordId);
+    HRESULT checkEncryptionPassword(const com::Utf8Str &aPassword);
 
     // Private internal nmethods

trunk/src/VBox/Main/src-server/MediumImpl.cpp

@@ -3230 +3230 @@
         aCipher = CryptoSettings.pszCipherReturned;
         RTStrFree(CryptoSettings.pszCipherReturned);
+
+        VDDestroy(pDisk);
+# else
+        throw setError(VBOX_E_NOT_SUPPORTED,
+                       tr("Encryption is not supported because extension pack support is not built in"));
+# endif
+    }
+    catch (HRESULT aRC) { rc = aRC; }
+
+    return rc;
+}
+
+HRESULT Medium::checkEncryptionPassword(const com::Utf8Str &aPassword)
+{
+    HRESULT rc = S_OK;
+
+    try
+    {
+        ComObjPtr<Medium> pBase = i_getBase();
+        AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
+
+        settings::StringsMap::iterator it = pBase->m->mapProperties.find("CRYPT/KeyStore");
+        if (it == pBase->m->mapProperties.end())
+            throw setError(VBOX_E_NOT_SUPPORTED,
+                           tr("The image is not configured for encryption"));
+
+        if (aPassword.isEmpty())
+            throw setError(E_INVALIDARG,
+                           tr("The given password must not be empty"));
+
+# ifdef VBOX_WITH_EXTPACK
+        static const Utf8Str strExtPackPuel("Oracle VM VirtualBox Extension Pack");
+        static const char *s_pszVDPlugin = "VDPluginCrypt";
+        ExtPackManager *pExtPackManager = m->pVirtualBox->i_getExtPackManager();
+        if (pExtPackManager->i_isExtPackUsable(strExtPackPuel.c_str()))
+        {
+            /* Load the plugin */
+            Utf8Str strPlugin;
+            rc = pExtPackManager->i_getLibraryPathForExtPack(s_pszVDPlugin, &strExtPackPuel, &strPlugin);
+            if (SUCCEEDED(rc))
+            {
+                int vrc = VDPluginLoadFromFilename(strPlugin.c_str());
+                if (RT_FAILURE(vrc))
+                    throw setError(VBOX_E_NOT_SUPPORTED,
+                                   tr("Retrieving encryption settings of the image failed because the encryption plugin could not be loaded (%s)"),
+                                   i_vdError(vrc).c_str());
+            }
+            else
+                throw setError(VBOX_E_NOT_SUPPORTED,
+                               tr("Encryption is not supported because the extension pack '%s' is missing the encryption plugin (old extension pack installed?)"),
+                               strExtPackPuel.c_str());
+        }
+        else
+            throw setError(VBOX_E_NOT_SUPPORTED,
+                           tr("Encryption is not supported because the extension pack '%s' is missing"),
+                           strExtPackPuel.c_str());
+
+        PVBOXHDD pDisk = NULL;
+        int vrc = VDCreate(m->vdDiskIfaces, i_convertDeviceType(), &pDisk);
+        ComAssertRCThrow(vrc, E_FAIL);
+
+        Medium::CryptoFilterSettings CryptoSettings;
+
+        i_taskEncryptSettingsSetup(&CryptoSettings, NULL, it->second.c_str(), aPassword.c_str(),
+                                   false /* fCreateKeyStore */);
+        vrc = VDFilterAdd(pDisk, "CRYPT", VD_FILTER_FLAGS_READ, CryptoSettings.vdFilterIfaces);
+        if (vrc == VERR_VD_PASSWORD_INCORRECT)
+            throw setError(VBOX_E_PASSWORD_INCORRECT,
+                           tr("The given password is incorrect"));
+        else if (RT_FAILURE(vrc))
+            throw setError(VBOX_E_INVALID_OBJECT_STATE,
+                           tr("Failed to load the encryption filter: %s"),
+                           i_vdError(vrc).c_str());
 
         VDDestroy(pDisk);