git-svn-id: http://phpvirtualbox.googlecode.com/svn/trunk@209 e55cdbc…

…f-b542-e84e-dd2e-0249e671f570
paulnt04 · Apr 4, 2011 · 5c71e94 · 5c71e94
1 parent 638caf2
commit 5c71e94
Show file tree

Hide file tree

Showing 9 changed files with 479 additions and 186 deletions.
diff --git a/config.php-example b/config.php-example
@@ -152,6 +152,16 @@ Do not change / set unless you have a good reason.
 */
 #var $vmListSort = 'name';
 
+// Authentication library.
+var $authLib = 'Builtin';
+
+// VM ownership
+var $enforceVMOwnership = false;
+
+// Per-user VM quota
+// var $vmQuotaPerUser = 2;
+
+
 // Allow VDE network configuration. This must be supported by the underlying VirtualBox installation!
 #var $enableVDE = true; 
 

diff --git a/js/dialogs.js b/js/dialogs.js
@@ -433,7 +433,7 @@ function vboxPrefsInit() {
 	);	
 
 	// Check for noAuth setting
-	if($('#vboxIndex').data('vboxConfig').noAuth || !$('#vboxIndex').data('vboxSession').admin) {
+	if($('#vboxIndex').data('vboxConfig').noAuth || !$('#vboxIndex').data('vboxSession').admin || !$('#vboxIndex').data('vboxConfig').authCapabilities.canModifyUsers) {
 		panes.pop();
 		data.pop();
 	}

diff --git a/lib/ajax.php b/lib/ajax.php
@@ -11,6 +11,8 @@
 
 # Turn off PHP errors
 error_reporting(E_ALL & ~E_NOTICE & ~E_STRICT & ~E_WARNING);
+//error_reporting(E_ALL);
+//ini_set('display_errors', 'on');
 
 
 //Set no caching
@@ -23,6 +25,7 @@
 require_once(dirname(__FILE__).'/utils.php');
 require_once(dirname(__FILE__).'/vboxconnector.php');
 
+
 // Init session
 global $_SESSION;
 session_init();
@@ -70,10 +73,10 @@
 			if(!$response['data']['nicMax']) $response['data']['nicMax'] = 4;
 
 			// Update interval
-			$response['data']['previewUpdateInterval'] = max(3,intval($response['data']['previewUpdateInterval']));
+			$response['data']['previewUpdateInterval'] = max(3,intval(@$response['data']['previewUpdateInterval']));
 
 			// Are default settings being used?
-			if($settings->warnDefault) {
+			if(isset($settings->warnDefault)) {
 				throw new Exception("No configuration found. Rename the file <b>config.php-example</b> in phpVirtualBox's folder to <b>config.php</b> and edit as needed.<p>For more detailed instructions, please see the installation wiki on phpVirtualBox's web site. <p><a href='http://code.google.com/p/phpvirtualbox/w/list' target=_blank>http://code.google.com/p/phpvirtualbox/w/list</a>.</p>",vboxconnector::PHPVB_ERRNO_FATAL);
 			}
 
@@ -104,75 +107,47 @@
 				break;	
 			}
 
-			$vbox = new vboxconnector(true);
-			$vbox->skipSessionCheck = true;
-			$vbox->connect();
-			$p = $vbox->vbox->getExtraData('phpvb/users/'.$vboxRequest['u'].'/pass');
-
-			// Check for initial login
-			if($vboxRequest['u'] == 'admin' && !$p && !$vbox->vbox->getExtraData('phpvb/usersSetup')) {
-				$vbox->vbox->setExtraData('phpvb/usersSetup','1');
-				$vbox->vbox->setExtraData('phpvb/users/'.$vboxRequest['u'].'/pass', hash('sha512', 'admin'));
-				$vbox->vbox->setExtraData('phpvb/users/'.$vboxRequest['u'].'/admin', '1');
-				$p = hash('sha512', 'admin');
-			}
-
-			if($p == hash('sha512', $vboxRequest['p'])) {
-				$_SESSION['valid'] = true;
-				$_SESSION['user'] = $vboxRequest['u'];
-				$_SESSION['admin'] = intval($vbox->vbox->getExtraData('phpvb/users/'.$vboxRequest['u'].'/admin'));
-				$_SESSION['authCheckHeartbeat'] = time();
-				$_SESSION['uHash'] = $p;
-			}
+			$settings = new phpVBoxConfigClass();
+			$settings->auth->login($vboxRequest['u'], $vboxRequest['p']);
 
 		/* Get Session Data */
 		case 'getSession':
+
+			$settings = new phpVBoxConfigClass();
+			if(method_exists($settings->auth,'autoLoginHook'))
+			{
+				$settings->auth->autoLoginHook();
+			}
+
 			$response['data'] = $_SESSION;
 			$response['data']['result'] = 1;
 			break;
 
 		/* Logout */
 		case 'logout':
-			session_destroy();
-			echo('{"data":{"result":1},"errors":[],"persist":[]}');
-			return;
+
+			$settings = new phpVBoxConfigClass();
+			$settings->auth->logout($response);
+
+			break;
 
 		/* Password Change */
 		case 'changePassword':
 
-			// Use main / auth server
-			$vbox = new vboxconnector(true);
-			$vbox->connect();
-			$p = $vbox->vbox->getExtraData('phpvb/users/'.$_SESSION['user'].'/pass');
+			$settings = new phpVBoxConfigClass();
+			$settings->auth->changePassword($vboxRequest['old'], $vboxRequest['new'], $response);
 
-			if($p == hash('sha512', $vboxRequest['old'])) {
-				$np = hash('sha512', $vboxRequest['new']);
-				$vbox->vbox->setExtraData('phpvb/users/'.$_SESSION['user'].'/pass', $np);
-				$response['data']['result'] = 1;
-				$_SESSION['uHash'] = $np;
-			}
 			break;
 
 		/* Get a list of users */
 		case 'getUsers':
 
 			// Must be an admin
 			if(!$_SESSION['admin']) break;
-
-			// Use main / auth server
-			$vbox = new vboxconnector(true);
-			$vbox->connect();
 
+			$settings = new phpVBoxConfigClass();
+			$response['data'] = $settings->auth->listUsers();
 
-			$keys = $vbox->vbox->getExtraDataKeys();
-			foreach($keys as $k) {
-				if(strpos($k,'phpvb/users/') === 0) {
-					$user = substr($k,12,strpos($k,'/',13)-12);
-					if($response['data'][$user]) continue;
-					$admin = intval($vbox->vbox->getExtraData('phpvb/users/'.$user.'/admin'));
-					$response['data'][$user] = array('username'=>$user,'admin'=>$admin);
-				}
-			}
 			break;
 
 		/* remove a user */
@@ -181,13 +156,8 @@
 			// Must be an admin
 			if(!$_SESSION['admin']) break;
 
-			// Use main / auth server
-			$vbox = new vboxconnector(true);
-			$vbox->connect();
-
-			$vbox->vbox->setExtraData('phpvb/users/'.$vboxRequest['u'].'/pass','');
-			$vbox->vbox->setExtraData('phpvb/users/'.$vboxRequest['u'].'/admin','');
-			$vbox->vbox->setExtraData('phpvb/users/'.$vboxRequest['u'],'');
+			$settings = new phpVBoxConfigClass();
+			$settings->auth->deleteUser($vboxRequest['u']);
 
 			$response['data']['result'] = 1;
 			break;
@@ -200,40 +170,8 @@
 		/* Add a User */
 		case 'addUser':
 
-			// Must be an admin
-			if(!$_SESSION['admin']) break;
-
-			// Use main / auth server
-			$vbox = new vboxconnector(true);
-			$vbox->connect();
-
-			// See if it exists
-			if(!$skipExistCheck && $vbox->vbox->getExtraData('phpvb/users/'.$vboxRequest['u'].'/pass'))
-				break;
-
-			if($vboxRequest['p'])
-				$vbox->vbox->setExtraData('phpvb/users/'.$vboxRequest['u'].'/pass', hash('sha512', $vboxRequest['p']));
-
-			$vbox->vbox->setExtraData('phpvb/users/'.$vboxRequest['u'].'/admin', ($vboxRequest['a'] ? '1' : '0'));
-
-			$response['data']['result'] = 1;
-			break;
-
-
-			// Must be an admin
-			if(!$_SESSION['admin']) break;
-
-			// Use main / auth server
-			$vbox = new vboxconnector();
-			$vbox->skipSessionCheck = true;
-			$vbox->connect();
-
-			// See if it exists
-			if($vbox->vbox->getExtraData('phpvb/users/'.$vboxRequest['u'].'/pass'))
-				break;
-
-			$vbox->vbox->setExtraData('phpvb/users/'.$vboxRequest['u'].'/pass', hash('sha512', $vboxRequest['p']));
-			$vbox->vbox->setExtraData('phpvb/users/'.$vboxRequest['u'].'/admin', ($vboxRequest['a'] ? '1' : '0'));
+			$settings = new phpVBoxConfigClass();
+			$settings->auth->updateUser($vboxRequest, $skipExistCheck);
 
 			$response['data']['result'] = 1;
 			break;
@@ -247,30 +185,11 @@
 			 * Every 1 minute we'll check that the account has not
 			 * been deleted since login, and update admin credentials.
 			 */
+
 			if($_SESSION['user'] && ((intval($_SESSION['authCheckHeartbeat'])+60) < time())) {
-
-				// Check to see if we only have 1 server or are already connected
-				// to the authentication master server
-				if($vbox->settings['authMaster'] || count($vbox->settings['servers']) == 1) {
-					$vbcheck = &$vbox;
-				} else {
-					$vbcheck = new vboxconnector(true);
-				}
-
-				$vbcheck->connect();
-				$p = $vbcheck->vbox->getExtraData('phpvb/users/'.$_SESSION['user'].'/pass');
-				if(!$p || $_SESSION['uHash'] != $p) {
-					session_destroy();
-					unset($_SESSION['valid']);
-				} else {
-					$_SESSION['admin'] = intval($vbcheck->vbox->getExtraData('phpvb/users/'.$_SESSION['user'].'/admin'));
-					$_SESSION['authCheckHeartbeat'] = time();
-				}
+				$vbox->settings['auth']->heartbeat($vbox);
 			}
 
-			if(!$_SESSION['valid'])
-				throw new Exception(trans('Not logged in.'), vboxconnector::PHPVB_ERRNO_FATAL);
-
 			# fix for allow_call_time_pass_reference = Off setting
 			if(method_exists($vbox,$vboxRequest['fn'])) {
 				$vbox->$vboxRequest['fn']($vboxRequest,$response);
@@ -313,6 +232,6 @@
 }
 if(function_exists('session_write_close')) session_write_close();
 
-if($vboxRequest['printr']) print_r($response);
+if(isset($vboxRequest['printr'])) print_r($response);
 else echo(@json_encode($response));
 
diff --git a/lib/auth/Builtin.php b/lib/auth/Builtin.php
@@ -0,0 +1,141 @@
+<?php
+/*
+ * Built-in authentication. Uses vbox->get / set ExtraData
+ * $Id$
+ * 
+ */
+class phpvbAuthBuiltin {
+
+	var $capabilities = array(
+			'canChangePassword' => true,
+			'canModifyUsers' => true,
+			'canLogout' => true
+		);
+
+	function login($username, $password)
+	{
+		global $_SESSION;
+
+		$vbox = new vboxconnector(true);
+		$vbox->skipSessionCheck = true;
+		$vbox->connect();
+		$p = $vbox->vbox->getExtraData('phpvb/users/'.$username.'/pass');
+
+		// Check for initial login
+		if($username == 'admin' && !$p && !$vbox->vbox->getExtraData('phpvb/usersSetup')) {
+			$vbox->vbox->setExtraData('phpvb/usersSetup','1');
+			$vbox->vbox->setExtraData('phpvb/users/'.$username.'/pass', hash('sha512', 'admin'));
+			$vbox->vbox->setExtraData('phpvb/users/'.$username.'/admin', '1');
+			$p = hash('sha512', 'admin');
+		}
+
+		if($p == hash('sha512', $password)) {
+			$_SESSION['valid'] = true;
+			$_SESSION['user'] = $username;
+			$_SESSION['admin'] = intval($vbox->vbox->getExtraData('phpvb/users/'.$username.'/admin'));
+			$_SESSION['authCheckHeartbeat'] = time();
+			$_SESSION['uHash'] = $p;
+		}
+	}
+
+	function changePassword($old, $new, &$response)
+	{
+		global $_SESSION;
+
+		// Use main / auth server
+		$vbox = new vboxconnector(true);
+		$vbox->connect();
+		$p = $vbox->vbox->getExtraData('phpvb/users/'.$_SESSION['user'].'/pass');
+
+		if($p == hash('sha512', $old)) {
+			$np = hash('sha512', $new);
+			$vbox->vbox->setExtraData('phpvb/users/'.$_SESSION['user'].'/pass', $np);
+			$response['data']['result'] = 1;
+			$_SESSION['uHash'] = $np;
+		}
+	}
+
+	function heartbeat($vbox)
+	{
+		global $_SESSION;
+
+		// Check to see if we only have 1 server or are already connected
+		// to the authentication master server
+		if($vbox->settings['authMaster'] || count($vbox->settings['servers']) == 1) {
+			$vbcheck = &$vbox;
+		} else {
+			$vbcheck = new vboxconnector(true);
+		}
+
+		$vbcheck->connect();
+		$p = $vbcheck->vbox->getExtraData('phpvb/users/'.$_SESSION['user'].'/pass');
+		if(!$p || $_SESSION['uHash'] != $p) {
+			session_destroy();
+			unset($_SESSION['valid']);
+		} else {
+			$_SESSION['admin'] = intval($vbcheck->vbox->getExtraData('phpvb/users/'.$_SESSION['user'].'/admin'));
+			$_SESSION['authCheckHeartbeat'] = time();
+		}
+
+		if(!$_SESSION['valid'])
+			throw new Exception(trans('Not logged in.'), vboxconnector::PHPVB_ERRNO_FATAL);
+	}
+
+	function logout(&$response)
+	{
+		session_destroy();
+		$response['data']['result'] = 1;
+	}
+
+	function listUsers()
+	{
+		$response = array();
+
+		// Use main / auth server
+		$vbox = new vboxconnector(true);
+		$vbox->connect();
+
+		$keys = $vbox->vbox->getExtraDataKeys();
+		foreach($keys as $k) {
+			if(strpos($k,'phpvb/users/') === 0) {
+				$user = substr($k,12,strpos($k,'/',13)-12);
+				if(isset($response[$user])) continue;
+				$admin = intval($vbox->vbox->getExtraData('phpvb/users/'.$user.'/admin'));
+				$response[$user] = array('username'=>$user,'admin'=>$admin);
+			}
+		}
+		return $response;
+	}
+
+	function updateUser($vboxRequest, $skipExistCheck)
+	{
+		global $_SESSION;
+
+		// Must be an admin
+		if(!$_SESSION['admin']) break;
+
+		// Use main / auth server
+		$vbox = new vboxconnector(true);
+		$vbox->connect();
+
+		// See if it exists
+		if(!$skipExistCheck && $vbox->vbox->getExtraData('phpvb/users/'.$vboxRequest['u'].'/pass'))
+			break;
+
+		if($vboxRequest['p'])
+			$vbox->vbox->setExtraData('phpvb/users/'.$vboxRequest['u'].'/pass', hash('sha512', $vboxRequest['p']));
+
+		$vbox->vbox->setExtraData('phpvb/users/'.$vboxRequest['u'].'/admin', ($vboxRequest['a'] ? '1' : '0'));
+	}
+
+	function deleteUser($user)
+	{
+		// Use main / auth server
+		$vbox = new vboxconnector(true);
+		$vbox->connect();
+
+		$vbox->vbox->setExtraData('phpvb/users/'.$user.'/pass','');
+		$vbox->vbox->setExtraData('phpvb/users/'.$user.'/admin','');
+		$vbox->vbox->setExtraData('phpvb/users/'.$user,'');
+	}
+}