1 | /* $Id: ApplianceImplPrivate.h 60337 2016-04-05 14:46:38Z vboxsync $ */
|
---|
2 | /** @file
|
---|
3 | * VirtualBox Appliance private data definitions
|
---|
4 | */
|
---|
5 |
|
---|
6 | /*
|
---|
7 | * Copyright (C) 2006-2013 Oracle Corporation
|
---|
8 | *
|
---|
9 | * This file is part of VirtualBox Open Source Edition (OSE), as
|
---|
10 | * available from http://www.virtualbox.org. This file is free software;
|
---|
11 | * you can redistribute it and/or modify it under the terms of the GNU
|
---|
12 | * General Public License (GPL) as published by the Free Software
|
---|
13 | * Foundation, in version 2 as it comes in the "COPYING" file of the
|
---|
14 | * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
|
---|
15 | * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
|
---|
16 | */
|
---|
17 |
|
---|
18 | #ifndef ____H_APPLIANCEIMPLPRIVATE
|
---|
19 | #define ____H_APPLIANCEIMPLPRIVATE
|
---|
20 |
|
---|
21 | class VirtualSystemDescription;
|
---|
22 |
|
---|
23 | #include "ovfreader.h"
|
---|
24 | #include "SecretKeyStore.h"
|
---|
25 | #include "ThreadTask.h"
|
---|
26 | #include "CertificateImpl.h"
|
---|
27 | #include <map>
|
---|
28 | #include <vector>
|
---|
29 | #include <iprt/manifest.h>
|
---|
30 | #include <iprt/vfs.h>
|
---|
31 | #include <iprt/crypto/x509.h>
|
---|
32 |
|
---|
33 | ////////////////////////////////////////////////////////////////////////////////
|
---|
34 | //
|
---|
35 | // Appliance data definition
|
---|
36 | //
|
---|
37 | ////////////////////////////////////////////////////////////////////////////////
|
---|
38 |
|
---|
39 | typedef std::pair<Utf8Str, Utf8Str> STRPAIR;
|
---|
40 |
|
---|
41 | typedef std::vector<com::Guid> GUIDVEC;
|
---|
42 |
|
---|
43 | /* Describe a location for the import/export. The location could be a file on a
|
---|
44 | * local hard disk or a remote target based on the supported inet protocols. */
|
---|
45 | struct LocationInfo
|
---|
46 | {
|
---|
47 | LocationInfo()
|
---|
48 | : storageType(VFSType_File) {}
|
---|
49 | VFSType_T storageType; /* Which type of storage should be handled */
|
---|
50 | Utf8Str strPath; /* File path for the import/export */
|
---|
51 | Utf8Str strHostname; /* Hostname on remote storage locations (could be empty) */
|
---|
52 | Utf8Str strUsername; /* Username on remote storage locations (could be empty) */
|
---|
53 | Utf8Str strPassword; /* Password on remote storage locations (could be empty) */
|
---|
54 | };
|
---|
55 |
|
---|
56 | // opaque private instance data of Appliance class
|
---|
57 | struct Appliance::Data
|
---|
58 | {
|
---|
59 | enum ApplianceState { ApplianceIdle, ApplianceImporting, ApplianceExporting };
|
---|
60 | enum digest_T {SHA1, SHA256};
|
---|
61 |
|
---|
62 | Data()
|
---|
63 | : state(ApplianceIdle)
|
---|
64 | , fDigestTypes(0)
|
---|
65 | , hOurManifest(NIL_RTMANIFEST)
|
---|
66 | , fManifest(true)
|
---|
67 | , fSha256(false)
|
---|
68 | , fDeterminedDigestTypes(false)
|
---|
69 | , hTheirManifest(NIL_RTMANIFEST)
|
---|
70 | , hMemFileTheirManifest(NIL_RTVFSFILE)
|
---|
71 | , fSignerCertLoaded(false)
|
---|
72 | , fCertificateIsSelfSigned(false)
|
---|
73 | , fSignatureValid(false)
|
---|
74 | , fCertificateValid(false)
|
---|
75 | , fCertificateMissingPath(true)
|
---|
76 | , fCertificateValidTime(false)
|
---|
77 | , pbSignedDigest(NULL)
|
---|
78 | , cbSignedDigest(0)
|
---|
79 | , enmSignedDigestType(RTDIGESTTYPE_INVALID)
|
---|
80 | , fExportISOImages(false)
|
---|
81 | , pReader(NULL)
|
---|
82 | , ulWeightForXmlOperation(0)
|
---|
83 | , ulWeightForManifestOperation(0)
|
---|
84 | , ulTotalDisksMB(0)
|
---|
85 | , cDisks(0)
|
---|
86 | , m_cPwProvided(0)
|
---|
87 | {
|
---|
88 | }
|
---|
89 |
|
---|
90 | ~Data()
|
---|
91 | {
|
---|
92 | if (pReader)
|
---|
93 | {
|
---|
94 | delete pReader;
|
---|
95 | pReader = NULL;
|
---|
96 | }
|
---|
97 | resetReadData();
|
---|
98 | }
|
---|
99 |
|
---|
100 | /**
|
---|
101 | * Resets data used by read.
|
---|
102 | */
|
---|
103 | void resetReadData(void)
|
---|
104 | {
|
---|
105 | strOvfManifestEntry.setNull();
|
---|
106 | if (hOurManifest != NIL_RTMANIFEST)
|
---|
107 | {
|
---|
108 | RTManifestRelease(hOurManifest);
|
---|
109 | hOurManifest = NIL_RTMANIFEST;
|
---|
110 | }
|
---|
111 | if (hTheirManifest != NIL_RTMANIFEST)
|
---|
112 | {
|
---|
113 | RTManifestRelease(hTheirManifest);
|
---|
114 | hTheirManifest = NIL_RTMANIFEST;
|
---|
115 | }
|
---|
116 | if (hMemFileTheirManifest)
|
---|
117 | {
|
---|
118 | RTVfsFileRelease(hMemFileTheirManifest);
|
---|
119 | hMemFileTheirManifest = NIL_RTVFSFILE;
|
---|
120 | }
|
---|
121 | if (pbSignedDigest)
|
---|
122 | {
|
---|
123 | RTMemFree(pbSignedDigest);
|
---|
124 | pbSignedDigest = NULL;
|
---|
125 | cbSignedDigest = 0;
|
---|
126 | }
|
---|
127 | if (fSignerCertLoaded)
|
---|
128 | {
|
---|
129 | RTCrX509Certificate_Delete(&SignerCert);
|
---|
130 | fSignerCertLoaded = false;
|
---|
131 | }
|
---|
132 | enmSignedDigestType = RTDIGESTTYPE_INVALID;
|
---|
133 | fCertificateIsSelfSigned = false;
|
---|
134 | fSignatureValid = false;
|
---|
135 | fCertificateValid = false;
|
---|
136 | fCertificateMissingPath = true;
|
---|
137 | fCertificateValidTime = false;
|
---|
138 | fDeterminedDigestTypes = false;
|
---|
139 | fDigestTypes = RTMANIFEST_ATTR_SHA1 | RTMANIFEST_ATTR_SHA256 | RTMANIFEST_ATTR_SHA512;
|
---|
140 | ptrCertificateInfo.setNull();
|
---|
141 | strCertError.setNull();
|
---|
142 | }
|
---|
143 |
|
---|
144 | ApplianceState state;
|
---|
145 |
|
---|
146 | LocationInfo locInfo; // location info for the currently processed OVF
|
---|
147 | /** The digests types to calculate (RTMANIFEST_ATTR_XXX) for the manifest.
|
---|
148 | * This will be a single value when exporting. Zero, one or two. */
|
---|
149 | uint32_t fDigestTypes;
|
---|
150 | /** Manifest created while importing or exporting. */
|
---|
151 | RTMANIFEST hOurManifest;
|
---|
152 |
|
---|
153 | /** @name Write data
|
---|
154 | * @{ */
|
---|
155 | bool fManifest; // Create a manifest file on export
|
---|
156 | bool fSha256; // true = SHA256 (OVF 2.0), false = SHA1 (OVF 1.0)
|
---|
157 | /** @} */
|
---|
158 |
|
---|
159 | /** @name Read data
|
---|
160 | * @{ */
|
---|
161 | /** The manifest entry name of the OVF-file. */
|
---|
162 | Utf8Str strOvfManifestEntry;
|
---|
163 |
|
---|
164 | /** Set if we've parsed the manifest and determined the digest types. */
|
---|
165 | bool fDeterminedDigestTypes;
|
---|
166 |
|
---|
167 | /** Manifest read in during read() and kept around for later verification. */
|
---|
168 | RTMANIFEST hTheirManifest;
|
---|
169 | /** Memorized copy of the manifest file for signature checking purposes. */
|
---|
170 | RTVFSFILE hMemFileTheirManifest;
|
---|
171 |
|
---|
172 | /** The signer certificate from the signature file (.cert).
|
---|
173 | * This will be used in the future provide information about the signer via
|
---|
174 | * the API. */
|
---|
175 | RTCRX509CERTIFICATE SignerCert;
|
---|
176 | /** Set if the SignerCert member contains usable data. */
|
---|
177 | bool fSignerCertLoaded;
|
---|
178 | /** Cached RTCrX509Validity_IsValidAtTimeSpec result set by read(). */
|
---|
179 | bool fCertificateIsSelfSigned;
|
---|
180 | /** Set by read() if pbSignedDigest verified correctly against SignerCert. */
|
---|
181 | bool fSignatureValid;
|
---|
182 | /** Set by read() when the SignerCert checked out fine. */
|
---|
183 | bool fCertificateValid;
|
---|
184 | /** Set by read() when the SignerCert certificate path couldn't be built. */
|
---|
185 | bool fCertificateMissingPath;
|
---|
186 | /** Set by read() when the SignerCert (+path) is valid in the temporal sense. */
|
---|
187 | bool fCertificateValidTime;
|
---|
188 | /** For keeping certificate error messages we delay from read() to import(). */
|
---|
189 | Utf8Str strCertError;
|
---|
190 | /** The signed digest of the manifest. */
|
---|
191 | uint8_t *pbSignedDigest;
|
---|
192 | /** The size of the signed digest. */
|
---|
193 | size_t cbSignedDigest;
|
---|
194 | /** The digest type used to sign the manifest. */
|
---|
195 | RTDIGESTTYPE enmSignedDigestType;
|
---|
196 | /** The certificate info object. This is NULL if no signature and
|
---|
197 | * successfully loaded certificate. */
|
---|
198 | ComObjPtr<Certificate> ptrCertificateInfo;
|
---|
199 | /** @} */
|
---|
200 |
|
---|
201 | bool fExportISOImages;// when 1 the ISO images are exported
|
---|
202 |
|
---|
203 | RTCList<ImportOptions_T> optListImport;
|
---|
204 | RTCList<ExportOptions_T> optListExport;
|
---|
205 |
|
---|
206 | ovf::OVFReader *pReader;
|
---|
207 |
|
---|
208 | std::list< ComObjPtr<VirtualSystemDescription> >
|
---|
209 | virtualSystemDescriptions;
|
---|
210 |
|
---|
211 | std::list<Utf8Str> llWarnings;
|
---|
212 |
|
---|
213 | ULONG ulWeightForXmlOperation;
|
---|
214 | ULONG ulWeightForManifestOperation;
|
---|
215 | ULONG ulTotalDisksMB;
|
---|
216 | ULONG cDisks;
|
---|
217 |
|
---|
218 | std::list<Guid> llGuidsMachinesCreated;
|
---|
219 |
|
---|
220 | /** Sequence of password identifiers to encrypt disk images during export. */
|
---|
221 | std::vector<com::Utf8Str> m_vecPasswordIdentifiers;
|
---|
222 | /** Map to get all medium identifiers assoicated with a given password identifier. */
|
---|
223 | std::map<com::Utf8Str, GUIDVEC> m_mapPwIdToMediumIds;
|
---|
224 | /** Secret key store used to hold the passwords during export. */
|
---|
225 | SecretKeyStore *m_pSecretKeyStore;
|
---|
226 | /** Number of passwords provided. */
|
---|
227 | uint32_t m_cPwProvided;
|
---|
228 | };
|
---|
229 |
|
---|
230 | struct Appliance::XMLStack
|
---|
231 | {
|
---|
232 | std::map<Utf8Str, const VirtualSystemDescriptionEntry*> mapDisks;
|
---|
233 | std::map<Utf8Str, bool> mapNetworks;
|
---|
234 | };
|
---|
235 |
|
---|
236 | class Appliance::TaskOVF: public ThreadTask
|
---|
237 | {
|
---|
238 | public:
|
---|
239 | enum TaskType
|
---|
240 | {
|
---|
241 | Read,
|
---|
242 | Import,
|
---|
243 | Write
|
---|
244 | };
|
---|
245 |
|
---|
246 | TaskOVF(Appliance *aThat,
|
---|
247 | TaskType aType,
|
---|
248 | LocationInfo aLocInfo,
|
---|
249 | ComObjPtr<Progress> &aProgress)
|
---|
250 | : ThreadTask("TaskOVF"),
|
---|
251 | pAppliance(aThat),
|
---|
252 | taskType(aType),
|
---|
253 | locInfo(aLocInfo),
|
---|
254 | pProgress(aProgress),
|
---|
255 | enFormat(ovf::OVFVersion_unknown),
|
---|
256 | rc(S_OK)
|
---|
257 | {
|
---|
258 | switch (taskType)
|
---|
259 | {
|
---|
260 | case TaskOVF::Read: m_strTaskName = "ApplRead"; break;
|
---|
261 | case TaskOVF::Import: m_strTaskName = "ApplImp"; break;
|
---|
262 | case TaskOVF::Write: m_strTaskName = "ApplWrit"; break;
|
---|
263 | default: m_strTaskName = "ApplTask"; break;
|
---|
264 | }
|
---|
265 | }
|
---|
266 |
|
---|
267 | static DECLCALLBACK(int) updateProgress(unsigned uPercent, void *pvUser);
|
---|
268 |
|
---|
269 | Appliance *pAppliance;
|
---|
270 | TaskType taskType;
|
---|
271 | const LocationInfo locInfo;
|
---|
272 | ComObjPtr<Progress> pProgress;
|
---|
273 |
|
---|
274 | ovf::OVFVersion_T enFormat;
|
---|
275 |
|
---|
276 | HRESULT rc;
|
---|
277 |
|
---|
278 | void handler()
|
---|
279 | {
|
---|
280 | int vrc = Appliance::i_taskThreadImportOrExport(NULL, this); NOREF(vrc);
|
---|
281 | }
|
---|
282 | };
|
---|
283 |
|
---|
284 | struct MyHardDiskAttachment
|
---|
285 | {
|
---|
286 | ComPtr<IMachine> pMachine;
|
---|
287 | Bstr controllerType;
|
---|
288 | int32_t lControllerPort; // 0-29 for SATA
|
---|
289 | int32_t lDevice; // IDE: 0 or 1, otherwise 0 always
|
---|
290 | };
|
---|
291 |
|
---|
292 | /**
|
---|
293 | * Used by Appliance::importMachineGeneric() to store
|
---|
294 | * input parameters and rollback information.
|
---|
295 | */
|
---|
296 | struct Appliance::ImportStack
|
---|
297 | {
|
---|
298 | // input pointers
|
---|
299 | const LocationInfo &locInfo; // ptr to location info from Appliance::importFS()
|
---|
300 | Utf8Str strSourceDir; // directory where source files reside
|
---|
301 | const ovf::DiskImagesMap &mapDisks; // ptr to disks map in OVF
|
---|
302 | ComObjPtr<Progress> &pProgress; // progress object passed into Appliance::importFS()
|
---|
303 |
|
---|
304 | // input parameters from VirtualSystemDescriptions
|
---|
305 | Utf8Str strNameVBox; // VM name
|
---|
306 | Utf8Str strMachineFolder; // FQ host folder where the VirtualBox machine would be created
|
---|
307 | Utf8Str strOsTypeVBox; // VirtualBox guest OS type as string
|
---|
308 | Utf8Str strDescription;
|
---|
309 | uint32_t cCPUs; // CPU count
|
---|
310 | bool fForceHWVirt; // if true, we force enabling hardware virtualization
|
---|
311 | bool fForceIOAPIC; // if true, we force enabling the IOAPIC
|
---|
312 | uint32_t ulMemorySizeMB; // virtual machine RAM in megabytes
|
---|
313 | #ifdef VBOX_WITH_USB
|
---|
314 | bool fUSBEnabled;
|
---|
315 | #endif
|
---|
316 | Utf8Str strAudioAdapter; // if not empty, then the guest has audio enabled, and this is the decimal
|
---|
317 | // representation of the audio adapter (should always be "0" for AC97 presently)
|
---|
318 |
|
---|
319 | // session (not initially created)
|
---|
320 | ComPtr<ISession> pSession; // session opened in Appliance::importFS() for machine manipulation
|
---|
321 | bool fSessionOpen; // true if the pSession is currently open and needs closing
|
---|
322 |
|
---|
323 | /** @name File access related stuff (TAR stream)
|
---|
324 | * @{ */
|
---|
325 | /** OVA file system stream handle. NIL if not OVA. */
|
---|
326 | RTVFSFSSTREAM hVfsFssOva;
|
---|
327 | /** OVA lookahead I/O stream object. */
|
---|
328 | RTVFSIOSTREAM hVfsIosOvaLookAhead;
|
---|
329 | /** OVA lookahead I/O stream object name. */
|
---|
330 | char *pszOvaLookAheadName;
|
---|
331 | /** @} */
|
---|
332 |
|
---|
333 | // a list of images that we created/imported; this is initially empty
|
---|
334 | // and will be cleaned up on errors
|
---|
335 | std::list<MyHardDiskAttachment> llHardDiskAttachments; // disks that were attached
|
---|
336 | std::map<Utf8Str , Utf8Str> mapNewUUIDsToOriginalUUIDs;
|
---|
337 |
|
---|
338 | ImportStack(const LocationInfo &aLocInfo,
|
---|
339 | const ovf::DiskImagesMap &aMapDisks,
|
---|
340 | ComObjPtr<Progress> &aProgress,
|
---|
341 | RTVFSFSSTREAM aVfsFssOva)
|
---|
342 | : locInfo(aLocInfo),
|
---|
343 | mapDisks(aMapDisks),
|
---|
344 | pProgress(aProgress),
|
---|
345 | cCPUs(1),
|
---|
346 | fForceHWVirt(false),
|
---|
347 | fForceIOAPIC(false),
|
---|
348 | ulMemorySizeMB(0),
|
---|
349 | fSessionOpen(false),
|
---|
350 | hVfsFssOva(aVfsFssOva),
|
---|
351 | hVfsIosOvaLookAhead(NIL_RTVFSIOSTREAM),
|
---|
352 | pszOvaLookAheadName(NULL)
|
---|
353 | {
|
---|
354 | if (hVfsFssOva != NIL_RTVFSFSSTREAM)
|
---|
355 | RTVfsFsStrmRetain(hVfsFssOva);
|
---|
356 |
|
---|
357 | // disk images have to be on the same place as the OVF file. So
|
---|
358 | // strip the filename out of the full file path
|
---|
359 | strSourceDir = aLocInfo.strPath;
|
---|
360 | strSourceDir.stripFilename();
|
---|
361 | }
|
---|
362 |
|
---|
363 | ~ImportStack()
|
---|
364 | {
|
---|
365 | if (hVfsFssOva != NIL_RTVFSFSSTREAM)
|
---|
366 | {
|
---|
367 | RTVfsFsStrmRelease(hVfsFssOva);
|
---|
368 | hVfsFssOva = NIL_RTVFSFSSTREAM;
|
---|
369 | }
|
---|
370 | if (hVfsIosOvaLookAhead != NIL_RTVFSIOSTREAM)
|
---|
371 | {
|
---|
372 | RTVfsIoStrmRelease(hVfsIosOvaLookAhead);
|
---|
373 | hVfsIosOvaLookAhead = NIL_RTVFSIOSTREAM;
|
---|
374 | }
|
---|
375 | if (pszOvaLookAheadName)
|
---|
376 | {
|
---|
377 | RTStrFree(pszOvaLookAheadName);
|
---|
378 | pszOvaLookAheadName = NULL;
|
---|
379 | }
|
---|
380 | }
|
---|
381 |
|
---|
382 | HRESULT restoreOriginalUUIDOfAttachedDevice(settings::MachineConfigFile *config);
|
---|
383 | HRESULT saveOriginalUUIDOfAttachedDevice(settings::AttachedDevice &device,
|
---|
384 | const Utf8Str &newlyUuid);
|
---|
385 | RTVFSIOSTREAM claimOvaLookAHead(void);
|
---|
386 |
|
---|
387 | };
|
---|
388 |
|
---|
389 | ////////////////////////////////////////////////////////////////////////////////
|
---|
390 | //
|
---|
391 | // VirtualSystemDescription data definition
|
---|
392 | //
|
---|
393 | ////////////////////////////////////////////////////////////////////////////////
|
---|
394 |
|
---|
395 | struct VirtualSystemDescription::Data
|
---|
396 | {
|
---|
397 | std::vector<VirtualSystemDescriptionEntry>
|
---|
398 | maDescriptions; // item descriptions
|
---|
399 |
|
---|
400 | ComPtr<Machine> pMachine; // VirtualBox machine this description was exported from (export only)
|
---|
401 |
|
---|
402 | settings::MachineConfigFile
|
---|
403 | *pConfig; // machine config created from <vbox:Machine> element if found (import only)
|
---|
404 | };
|
---|
405 |
|
---|
406 | ////////////////////////////////////////////////////////////////////////////////
|
---|
407 | //
|
---|
408 | // Internal helpers
|
---|
409 | //
|
---|
410 | ////////////////////////////////////////////////////////////////////////////////
|
---|
411 |
|
---|
412 | void convertCIMOSType2VBoxOSType(Utf8Str &strType, ovf::CIMOSType_T c, const Utf8Str &cStr);
|
---|
413 |
|
---|
414 | ovf::CIMOSType_T convertVBoxOSType2CIMOSType(const char *pcszVBox, BOOL fLongMode);
|
---|
415 |
|
---|
416 | Utf8Str convertNetworkAttachmentTypeToString(NetworkAttachmentType_T type);
|
---|
417 |
|
---|
418 |
|
---|
419 | typedef struct SHASTORAGE
|
---|
420 | {
|
---|
421 | PVDINTERFACE pVDImageIfaces;
|
---|
422 | bool fCreateDigest;
|
---|
423 | bool fSha256; /* false = SHA1 (OVF 1.x), true = SHA256 (OVF 2.0) */
|
---|
424 | Utf8Str strDigest;
|
---|
425 | } SHASTORAGE, *PSHASTORAGE;
|
---|
426 |
|
---|
427 | PVDINTERFACEIO ShaCreateInterface();
|
---|
428 | PVDINTERFACEIO FileCreateInterface();
|
---|
429 | PVDINTERFACEIO tarWriterCreateInterface(void);
|
---|
430 |
|
---|
431 | int writeBufferToFile(const char *pcszFilename, void *pvBuf, size_t cbSize, PVDINTERFACEIO pIfIo, void *pvUser);
|
---|
432 |
|
---|
433 | #endif // !____H_APPLIANCEIMPLPRIVATE
|
---|
434 |
|
---|