[Feature Request] User/Device Authorization in windows server

Like in Linux server this feature would be quite useful

external cmd scripts?

#2

OK this is available in 2.9.1 of the windows server. Its identical to the linux version but uses batch files instead. So instead of $1 etc its %1 and use EXIT 1 etc to return a value back to the server

e.g in the server config.ini file:

..
..
clientAuthorization=c:/users/michael/auth.bat "$VENDOR_ID$" "$PRODUCT_ID$" "$CLIENT_ID$" "$CLIENT_IP$" "$PRODUCT_SERIAL$" "$PASSWORD$" "$DEVPATH$" "$NICKNAME$" "$NUM_BINDINGS$"

Eg. the auth.bat file which dumps the arguments to a file and always returns unauthorized

echo '%1' '%2' %3' '%4' '%5' '%6' '%7' '%8' '%9' > out.txt
exit 1
#4

Firstly, did you get the example above to work ok?

#5

No, it did not work.

Here's the auth.bat script:

#!/bin/bash
#Example script for performing basic user authorization for VirtualHere
# Also includes a simple password protection mechanism for accessing a device
# Return 2 if the user needs to provide a password (or the password is incorrect) to use the device
# Return 1 if the user is allowed to access this device
# Return 0 if the user is not allowed to access this device
# Parameters are passed in as:
# $1 = VENDOR_ID
# $2 = PRODUCT_ID
# $3 = CLIENT_ID
# $4 = CLIENT_IP
# $5 = PRODUCT_SERIAL
# $6 = PASSWORD
# $7 = DEVPATH
# $8 = NICKNAME
# $9 = NUM_BINDINGS
logger "Authorizing -> '$1' '$2' '$3' '$4' '$5' '$6' '$7' '$8' '$9'"
# "mypassword" = "34819d7beeabb9260a5c854bc85b3e44" as an MD5 hash
if [ "$6" == "34819d7beeabb9260a5c854bc85b3e44" ]; then
echo "Password ok"
echo $3
else
exit 2
fi
logger "Authorized!"
exit 1
else
logger "NOT Authorized!"
exit 0
fi

#6

The $ signs have been replaced with %, but it does not work. The config.ini file has been modified as the example above.

#7

I meant the script in #2 above, anyway you have to write it as a batch file, not as a bash file. The example is a bash file for linux based servers. You need to convert it to a windows batch file.

#8

I did not see an example for Windows server. Can you provide an example batch script for Windows doing the same thing as the Linux bash script?

#9

You are not reading my postings, can you do number #2 above. Repeated here again:

..
..
clientAuthorization=c:/users/michael/auth.bat "$VENDOR_ID$" "$PRODUCT_ID$" "$CLIENT_ID$" "$CLIENT_IP$" "$PRODUCT_SERIAL$" "$PASSWORD$" "$DEVPATH$" "$NICKNAME$" "$NUM_BINDINGS$"

Eg. the auth.bat file which dumps the arguments to a file and always returns unauthorized

echo '%1' '%2' %3' '%4' '%5' '%6' '%7' '%8' '%9' > out.txt
exit 1
#11

OK so you just compare the values you need to and return 1 if the user is allowed to use the device and0 otherwise

#12

Does client authentication work on Windows installations when vhusbdwin64.exe is run as a service? With our current configuration, client authentication works fine when run by a logged in user, but does not work when run as a service (vhusbdwin64.exe -b).

#13

Yes it works fine, whats it doing for you? Just jamming or ? Note: have a look in Event Viewer->Application And Services Logs -> VirtualHere USB Server and under the Details tab it will say the message. Look for an error message in the list of messages

#14

Michael, thanks for your reply. The issue has been resolved, we had to include the path to our auth.bat and log files when running as a service. This wasn't required while running the server inside of a user session because everything is in the same folder. We're using active directory security groups to manage access; so far so good, thanks again!