9 Advanced topics
External authentication is the most flexible as the external handler can both choose
to grant access to everyone (like the “null” authentication method would) and delegate
the request to the guest authentication component. When delegating the request to
the guest component, it will still be called afterwards with the option to override the
result.
A VRDP authentication library is required to implement exactly one entry point:
#include "VRDPAuth.h"
/**
* Authentication library entry point. Decides whether to allow
* a client connection.
*
* Parameters:
*
*
pUuid
Pointer to the UUID of the virtual machine
*
which the client connected to.
*
guestJudgement
Result of the guest authentication.
*
szUser
User name passed in by the client (UTF8).
*
szPassword
Password passed in by the client (UTF8).
*
szDomain
Domain passed in by the client (UTF8).
*
* Return code:
*
*
VRDPAuthAccessDenied
Client access has been denied.
*
VRDPAuthAccessGranted
Client has the right to use the
*
virtual machine.
*
VRDPAuthDelegateToGuest Guest operating system must
*
authenticate the client and the
*
library must be called again with
*
the result of the guest
*
authentication.
*/
VRDPAuthResult VRDPAUTHCALL VRDPAuth(
PVRDPAUTHUUID pUuid,
VRDPAuthGuestJudgement guestJudgement,
const char *szUser,
const char *szPassword
const char *szDomain)
{
/* process request against your authentication source of choice */
return VRDPAuthAccessGranted;
}
A note regarding the UUID implementation of the first argument: VirtualBox uses a
consistent binary representation of UUIDs on all platforms. For this reason the integer
fields comprising the UUID are stored as little endian values. If you want to pass such
UUIDs to code which assumes that the integer fields are big endian (often also called
network byte order), you need to adjust the contents of the UUID to e.g. achieve the
same string representation. The required changes are:
•
reverse the order of byte 0, 1, 2 and 3
•
reverse the order of byte 4 and 5
130