Changeset 1599 in vbox

Timestamp:

Mar 21, 2007 3:25:35 PM (18 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

19713

Message:

added RestrictAccess key to allow to disable the policy that only VMs of the same user may attach to an internal network

Location:

trunk

Files:

• include/VBox/intnet.h (modified) (2 diffs)
• src/VBox/Devices/Network/DrvIntNet.cpp (modified) (6 diffs)
• src/VBox/Devices/Network/SrvIntNetR0.cpp (modified) (7 diffs)
• src/VBox/VMM/VMMR0/VMMR0.cpp (modified) (1 diff)

trunk/include/VBox/intnet.h

@@ -215 +215 @@
     /** The size of the receive buffer. (input) */
     uint32_t        cbRecv;
+    /** check access? */
+    bool            fRestrictAccess;
     /** The handle to the network interface. (output) */
     INTNETIFHANDLE  hIf;
@@ -325 +327 @@
  * @param   pIntNet     The
  */
-INTNETR0DECL(int) INTNETR0Open(PINTNET pIntNet, PSUPDRVSESSION pSession, const char *pszNetwork, unsigned cbSend, unsigned cbRecv, PINTNETIFHANDLE phIf);
+INTNETR0DECL(int) INTNETR0Open(PINTNET pIntNet, PSUPDRVSESSION pSession, const char *pszNetwork, unsigned cbSend, unsigned cbRecv, bool fRestrictAccess, PINTNETIFHANDLE phIf);
 
 /**

trunk/src/VBox/Devices/Network/DrvIntNet.cpp

@@ -618 +618 @@
      * Validate the config.
      */
-    if (!CFGMR3AreValuesValid(pCfgHandle, "Network\0ReceiveBufferSize\0SendBufferSize\0"))
+    if (!CFGMR3AreValuesValid(pCfgHandle, "Network\0ReceiveBufferSize\0SendBufferSize\0RestrictAccess\0"))
         return VERR_PDM_DRVINS_UNKNOWN_CFG_VALUES;
 
@@ -648 +648 @@
     rc = CFGMR3QueryString(pCfgHandle, "Network", OpenArgs.szNetwork, sizeof(OpenArgs.szNetwork));
     if (VBOX_FAILURE(rc))
-    {
-        AssertMsgFailed(("Configuration error: query for \"Network\" string return %Vra.\n", rc));
-        return rc;
-    }
+        return PDMDRV_SET_ERROR(pDrvIns, rc,
+                                N_("Configuration error: Failed to get the \"Network\" value"));
     strcpy(pThis->szNetwork, OpenArgs.szNetwork);
 
@@ -658 +656 @@
         OpenArgs.cbRecv = _256K;
     else if (VBOX_FAILURE(rc))
-    {
-        AssertMsgFailed(("Configuration error: query for \"ReceiveBufferSize\" uint32_t return %Vra.\n", rc));
-        return rc;
-    }
+        return PDMDRV_SET_ERROR(pDrvIns, rc,
+                                N_("Configuration error: Failed to get the \"ReceiveBufferSize\" value"));
 
     rc = CFGMR3QueryU32(pCfgHandle, "SendBufferSize", &OpenArgs.cbSend);
@@ -667 +663 @@
         OpenArgs.cbSend = _4K;
     else if (VBOX_FAILURE(rc))
-    {
-        AssertMsgFailed(("Configuration error: query for \"SendBufferSize\" uint32_t return %Vra.\n", rc));
-        return rc;
-    }
+        return PDMDRV_SET_ERROR(pDrvIns, rc,
+                                N_("Configuration error: Failed to get the \"SendBufferSize\" value"));
+
+    rc = CFGMR3QueryBool(pCfgHandle, "RestrictAccess", &OpenArgs.fRestrictAccess);
+    if (rc == VERR_CFGM_VALUE_NOT_FOUND)
+        OpenArgs.fRestrictAccess = true;
+    else if (VBOX_FAILURE(rc))
+        return PDMDRV_SET_ERROR(pDrvIns, rc,
+                                N_("Configuration error: Failed to get the \"RestrictAccess\" value"));
 
     /*
@@ -688 +689 @@
     rc = pDrvIns->pDrvHlp->pfnSUPCallVMMR0Ex(pDrvIns, VMMR0_DO_INTNET_OPEN, &OpenArgs, sizeof(OpenArgs));
     if (VBOX_FAILURE(rc))
-    {
-        AssertMsgFailed(("Failed to open/create the network '%s', cbRecv=%RU32, cbSend=%RU32. rc=%Vrc\n",
-                         pThis->szNetwork, OpenArgs.cbRecv, OpenArgs.cbSend, rc));
-        return rc;
-    }
+        return PDMDrvHlpVMSetError(pDrvIns, rc, RT_SRC_POS,
+                                   N_("Failed to open/create the internal network '%s'"), pThis->szNetwork);
     AssertRelease(OpenArgs.hIf != INTNET_HANDLE_INVALID);
     pThis->hIf = OpenArgs.hIf;
@@ -705 +703 @@
     rc = pDrvIns->pDrvHlp->pfnSUPCallVMMR0Ex(pDrvIns, VMMR0_DO_INTNET_IF_GET_RING3_BUFFER, &GetRing3BufferArgs, sizeof(GetRing3BufferArgs));
     if (VBOX_FAILURE(rc))
-    {
-        AssertMsgFailed(("Failed to get ring-3 buffer for the newly created interface to '%s'. rc=%Vrc\n",
-                         pThis->szNetwork, rc));
-        return rc;
-    }
+        return PDMDrvHlpVMSetError(pDrvIns, rc, RT_SRC_POS,
+                                  N_("Failed to get ring-3 buffer for the newly created interface to '%s'"), pThis->szNetwork);
     AssertRelease(VALID_PTR(GetRing3BufferArgs.pRing3Buf));
     pThis->pBuf = GetRing3BufferArgs.pRing3Buf;

trunk/src/VBox/Devices/Network/SrvIntNetR0.cpp

@@ -103 +103 @@
     /** The SUPR0 object id. */
     void                   *pvObj;
+    /**  Access restricted? */
+    bool                    fRestrictAccess;
     /** The length of the network name. */
     uint8_t                 cchName;
@@ -1201 +1203 @@
 static int INTNETOpenNetwork(PINTNET pIntNet, PSUPDRVSESSION pSession, const char *pszNetwork, PINTNETNETWORK *ppNetwork)
 {
-    LogFlow(("INTNETCreateNetwork: pIntNet=%p pSession=%p pszNetwork=%p:{%s} ppNetwork=%p\n",
+    LogFlow(("INTNETOpenNetwork: pIntNet=%p pSession=%p pszNetwork=%p:{%s} ppNetwork=%p\n",
              pIntNet, pSession, pszNetwork, pszNetwork, ppNetwork));
 
@@ -1234 +1236 @@
             if (VBOX_SUCCESS(rc))
             {
-                rc = SUPR0ObjVerifyAccess(pCur->pvObj, pSession, pCur->szName);
+                if (pCur->fRestrictAccess)
+                    rc = SUPR0ObjVerifyAccess(pCur->pvObj, pSession, pCur->szName);
                 if (VBOX_SUCCESS(rc))
                     *ppNetwork = pCur;
@@ -1269 +1272 @@
  * @param   ppNetwork   Where to store the network.
  */
-static int INTNETCreateNetwork(PINTNET pIntNet, PSUPDRVSESSION pSession, const char *pszNetwork, PINTNETNETWORK *ppNetwork)
+static int INTNETCreateNetwork(PINTNET pIntNet, PSUPDRVSESSION pSession, const char *pszNetwork, bool fRestrictAccess, PINTNETNETWORK *ppNetwork)
 {
     LogFlow(("INTNETCreateNetwork: pIntNet=%p pSession=%p pszNetwork=%p:{%s} ppNetwork=%p\n",
@@ -1308 +1311 @@
         pNew->pIntNet = pIntNet;
         pNew->cchName = cchName;
+        pNew->fRestrictAccess = fRestrictAccess;
         Assert(cchName && cchName < sizeof(pNew->szName));  /* caller's responsibility. */
         memcpy(pNew->szName, pszNetwork, cchName);          /* '\0' by alloc. */
@@ -1366 +1370 @@
  * @param   phIf        Where to store the handle to the network interface.
  */
-INTNETR0DECL(int) INTNETR0Open(PINTNET pIntNet, PSUPDRVSESSION pSession, const char *pszNetwork, unsigned cbSend, unsigned cbRecv, PINTNETIFHANDLE phIf)
+INTNETR0DECL(int) INTNETR0Open(PINTNET pIntNet, PSUPDRVSESSION pSession, const char *pszNetwork, unsigned cbSend, unsigned cbRecv, bool fRestrictAccess, PINTNETIFHANDLE phIf)
 {
     LogFlow(("INTNETR0Open: pIntNet=%p pSession=%p pszNetwork=%p:{%s} cbSend=%u cbRecv=%u phIf=%p\n",
@@ -1395 +1399 @@
     rc = INTNETOpenNetwork(pIntNet, pSession, pszNetwork, &pNetwork);
     if (rc == VERR_FILE_NOT_FOUND)
-        rc = INTNETCreateNetwork(pIntNet, pSession, pszNetwork, &pNetwork);
+        rc = INTNETCreateNetwork(pIntNet, pSession, pszNetwork, fRestrictAccess, &pNetwork);
     if (VBOX_SUCCESS(rc))
     {

trunk/src/VBox/VMM/VMMR0/VMMR0.cpp

@@ -614 +614 @@
                 {
                     PINTNETOPENARGS pArgs = (PINTNETOPENARGS)pvArg;
-                    return INTNETR0Open(g_pIntNet, pVM->pSession, &pArgs->szNetwork[0], pArgs->cbSend, pArgs->cbRecv, &pArgs->hIf);
+                    return INTNETR0Open(g_pIntNet, pVM->pSession, &pArgs->szNetwork[0], pArgs->cbSend, pArgs->cbRecv, pArgs->fRestrictAccess, &pArgs->hIf);
                 }