[Feature Request] User/Device Authorization in windows server

14 posts / 0 new
Last post
amatveev
[Feature Request] User/Device Authorization in windows server

Like in Linux server this feature would be quite useful

external cmd scripts?

Michael
OK this is available in 2.9.1

OK this is available in 2.9.1 of the windows server. Its identical to the linux version but uses batch files instead. So instead of $1 etc its %1 and use EXIT 1 etc to return a value back to the server

e.g in the server config.ini file:

..
..
clientAuthorization=c:/users/michael/auth.bat "$VENDOR_ID$" "$PRODUCT_ID$" "$CLIENT_ID$" "$CLIENT_IP$" "$PRODUCT_SERIAL$" "$PASSWORD$" "$DEVPATH$" "$NICKNAME$" "$NUM_BINDINGS$"

Eg. the auth.bat file which dumps the arguments to a file and always returns unauthorized

echo '%1' '%2' %3' '%4' '%5' '%6' '%7' '%8' '%9' > out.txt
exit 1
sumkrnboy
Michael, do you have an

Michael, do you have an example code for Windows server based on the Linux version below?

https://virtualhere.com/authorization

Michael
.

Firstly, did you get the example above to work ok?

sumkrnboy
No, it did not work.

No, it did not work.

Here's the auth.bat script:

#!/bin/bash
#Example script for performing basic user authorization for VirtualHere
# Also includes a simple password protection mechanism for accessing a device
# Return 2 if the user needs to provide a password (or the password is incorrect) to use the device
# Return 1 if the user is allowed to access this device
# Return 0 if the user is not allowed to access this device
# Parameters are passed in as:
# $1 = VENDOR_ID
# $2 = PRODUCT_ID
# $3 = CLIENT_ID
# $4 = CLIENT_IP
# $5 = PRODUCT_SERIAL
# $6 = PASSWORD
# $7 = DEVPATH
# $8 = NICKNAME
# $9 = NUM_BINDINGS
logger "Authorizing -> '$1' '$2' '$3' '$4' '$5' '$6' '$7' '$8' '$9'"
# "mypassword" = "34819d7beeabb9260a5c854bc85b3e44" as an MD5 hash
if [ "$6" == "34819d7beeabb9260a5c854bc85b3e44" ]; then
echo "Password ok"
echo $3
else
exit 2
fi
logger "Authorized!"
exit 1
else
logger "NOT Authorized!"
exit 0
fi

sumkrnboy
The $ signs have been

The $ signs have been replaced with %, but it does not work. The config.ini file has been modified as the example above.

Michael
.

I meant the script in #2 above, anyway you have to write it as a batch file, not as a bash file. The example is a bash file for linux based servers. You need to convert it to a windows batch file.

sumkrnboy
I did not see an example for

I did not see an example for Windows server. Can you provide an example batch script for Windows doing the same thing as the Linux bash script?

Michael
.

You are not reading my postings, can you do number #2 above. Repeated here again:

..
..
clientAuthorization=c:/users/michael/auth.bat "$VENDOR_ID$" "$PRODUCT_ID$" "$CLIENT_ID$" "$CLIENT_IP$" "$PRODUCT_SERIAL$" "$PASSWORD$" "$DEVPATH$" "$NICKNAME$" "$NUM_BINDINGS$"

Eg. the auth.bat file which dumps the arguments to a file and always returns unauthorized

echo '%1' '%2' %3' '%4' '%5' '%6' '%7' '%8' '%9' > out.txt
exit 1
sumkrnboy
An out.txt file is created

An out.txt file is created with all of the arguments.

Michael
.

OK so you just compare the values you need to and return 1 if the user is allowed to use the device and0 otherwise

bklynbren
Client Authentication

Does client authentication work on Windows installations when vhusbdwin64.exe is run as a service? With our current configuration, client authentication works fine when run by a logged in user, but does not work when run as a service (vhusbdwin64.exe -b).

Michael
.

Yes it works fine, whats it doing for you? Just jamming or ? Note: have a look in Event Viewer->Application And Services Logs -> VirtualHere USB Server and under the Details tab it will say the message. Look for an error message in the list of messages

bklynbren
Client Authentication

Michael, thanks for your reply. The issue has been resolved, we had to include the path to our auth.bat and log files when running as a service. This wasn't required while running the server inside of a user session because everything is in the same folder. We're using active directory security groups to manage access; so far so good, thanks again!

Log in or register to post comments