Skip to content

Make qubesd connected directly as an socket qrexec service #339

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
May 24, 2020
Merged

Make qubesd connected directly as an socket qrexec service #339

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
48ae89f
Make qubesd connected directly as an socket qrexec service
marmarek Apr 20, 2020
61143a9
Remove qubesd-query-fast
marmarek Apr 20, 2020
158e22c
rpm: update dependency on qrexec
marmarek May 24, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,6 @@ rpms-dom0:

all:
$(PYTHON) setup.py build
$(MAKE) -C qubes-rpc all
# Currently supported only on xen

install:
Expand Down Expand Up @@ -201,13 +200,12 @@ endif
cp qubes-rpc/qubes.NotifyTools $(DESTDIR)/etc/qubes-rpc/
cp qubes-rpc/qubes.NotifyUpdates $(DESTDIR)/etc/qubes-rpc/
cp qubes-rpc/qubes.ConnectTCP $(DESTDIR)/etc/qubes-rpc/
install qubes-rpc/qubesd-query-fast $(DESTDIR)/usr/libexec/qubes/
install -m 0755 qvm-tools/qubes-bug-report $(DESTDIR)/usr/bin/qubes-bug-report
install -m 0755 qvm-tools/qubes-hcl-report $(DESTDIR)/usr/bin/qubes-hcl-report
install -m 0755 qvm-tools/qvm-sync-clock $(DESTDIR)/usr/bin/qvm-sync-clock
install -m 0755 qvm-tools/qvm-console-dispvm $(DESTDIR)/usr/bin/qvm-console-dispvm
for method in $(ADMIN_API_METHODS_SIMPLE); do \
ln -s ../../usr/libexec/qubes/qubesd-query-fast \
ln -s ../../var/run/qubesd.sock \
$(DESTDIR)/etc/qubes-rpc/$$method || exit 1; \
done
install qubes-rpc/admin.vm.volume.Import $(DESTDIR)/etc/qubes-rpc/
Expand Down
1 change: 0 additions & 1 deletion qubes-rpc/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1 @@
qfile-dom0-unpacker
qubesd-query-fast
8 changes: 0 additions & 8 deletions qubes-rpc/Makefile
View file
Open in desktop

This file was deleted.

112 changes: 0 additions & 112 deletions qubes-rpc/qubesd-query-fast.c
View file
Open in desktop

This file was deleted.

16 changes: 14 additions & 2 deletions qubes/api/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -252,8 +252,20 @@ def data_received(self, untrusted_data): # pylint: disable=arguments-differ

def eof_received(self):
try:
src, meth, dest, arg, untrusted_payload = \
self.untrusted_buffer.getvalue().split(b'\0', 4)
connection_params, untrusted_payload = \
self.untrusted_buffer.getvalue().split(b'\0', 1)
meth_arg, src, dest_type, dest = \
connection_params.split(b' ', 3)
if dest_type == b'keyword' and dest == b'adminvm':
dest_type, dest = b'name', b'dom0'
if dest_type != b'name':
raise ValueError(
'got {} destination type, '
'while only explicit name supported'.format(dest_type))
if b'+' in meth_arg:
meth, arg = meth_arg.split(b'+', 1)
else:
meth, arg = meth_arg, b''
except ValueError:
self.app.log.warning('framing error')
self.transport.abort()
Expand Down
25 changes: 17 additions & 8 deletions qubes/tests/api.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,18 +118,18 @@ def tearDown(self):
super(TC_00_QubesDaemonProtocol, self).tearDown()

def test_000_message_ok(self):
self.writer.write(b'dom0\0mgmt.success\0dom0\0arg\0payload')
self.writer.write(b'mgmt.success+arg src name dest\0payload')
self.writer.write_eof()
with self.assertNotRaises(asyncio.TimeoutError):
response = self.loop.run_until_complete(
asyncio.wait_for(self.reader.read(), 1))
self.assertEqual(response,
b"0\0src: b'dom0', dest: b'dom0', arg: b'arg', payload: b'payload'")
b"0\0src: b'src', dest: b'dest', arg: b'arg', payload: b'payload'")

def test_001_message_ok_in_parts(self):
self.writer.write(b'dom0\0mgmt.')
self.writer.write(b'mgmt.success+arg')
self.loop.run_until_complete(self.writer.drain())
self.writer.write(b'success\0dom0\0arg\0payload')
self.writer.write(b' dom0 name dom0\0payload')
self.writer.write_eof()
with self.assertNotRaises(asyncio.TimeoutError):
response = self.loop.run_until_complete(
Expand All @@ -138,31 +138,31 @@ def test_001_message_ok_in_parts(self):
b"0\0src: b'dom0', dest: b'dom0', arg: b'arg', payload: b'payload'")

def test_002_message_ok_empty(self):
self.writer.write(b'dom0\0mgmt.success_none\0dom0\0arg\0payload')
self.writer.write(b'mgmt.success_none+arg dom0 name dom0\0payload')
self.writer.write_eof()
with self.assertNotRaises(asyncio.TimeoutError):
response = self.loop.run_until_complete(
asyncio.wait_for(self.reader.read(), 1))
self.assertEqual(response, b"0\0")

def test_003_exception_qubes(self):
self.writer.write(b'dom0\0mgmt.qubesexception\0dom0\0arg\0payload')
self.writer.write(b'mgmt.qubesexception+arg dom0 name dom0\0payload')
self.writer.write_eof()
with self.assertNotRaises(asyncio.TimeoutError):
response = self.loop.run_until_complete(
asyncio.wait_for(self.reader.read(), 1))
self.assertEqual(response, b"2\0QubesException\0\0qubes-exception\0")

def test_004_exception_generic(self):
self.writer.write(b'dom0\0mgmt.exception\0dom0\0arg\0payload')
self.writer.write(b'mgmt.exception+arg dom0 name dom0\0payload')
self.writer.write_eof()
with self.assertNotRaises(asyncio.TimeoutError):
response = self.loop.run_until_complete(
asyncio.wait_for(self.reader.read(), 1))
self.assertEqual(response, b"")

def test_005_event(self):
self.writer.write(b'dom0\0mgmt.event\0dom0\0arg\0payload')
self.writer.write(b'mgmt.event+arg dom0 name dom0\0payload')
self.writer.write_eof()
with self.assertNotRaises(asyncio.TimeoutError):
response = self.loop.run_until_complete(
Expand All @@ -174,3 +174,12 @@ def test_005_event(self):
with self.assertNotRaises(asyncio.TimeoutError):
self.loop.run_until_complete(
asyncio.wait_for(self.protocol.mgmt.task, 1))

def test_006_target_adminvm(self):
self.writer.write(b'mgmt.success+arg src keyword adminvm\0payload')
self.writer.write_eof()
with self.assertNotRaises(asyncio.TimeoutError):
response = self.loop.run_until_complete(
asyncio.wait_for(self.reader.read(), 1))
self.assertEqual(response,
b"0\0src: b'src', dest: b'dom0', arg: b'arg', payload: b'payload'")
5 changes: 3 additions & 2 deletions qubes/tools/qubesd_query.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,9 @@ def main(args=None):
payload = sys.stdin.buffer.read() if args.payload else b''
# pylint: enable=no-member

coro = asyncio.ensure_future(qubesd_client(args.socket, payload,
args.src, args.method, args.dest, args.arg))
coro = asyncio.ensure_future(qubesd_client(
args.socket, payload,
f'{args.method}+{args.arg} {args.src} name {args.dest}'))

for signame in ('SIGINT', 'SIGTERM'):
loop.add_signal_handler(getattr(signal, signame),
Expand Down
8 changes: 3 additions & 5 deletions rpm_spec/core-dom0.spec.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,13 +41,11 @@ URL: http://www.qubes-os.org
# /bin -> usr/bin symlink). python*.rpm provides only /usr/bin/python.
AutoReq: no

# FIXME: Enable this and disable debug_package
#BuildArch: noarch
BuildArch: noarch

BuildRequires: ImageMagick
BuildRequires: systemd-units
BuildRequires: systemd
BuildRequires: gcc

BuildRequires: python3-devel

Expand Down Expand Up @@ -76,7 +74,8 @@ Requires: libvirt-python3

Requires: pciutils
Requires: qubes-core-dom0-linux >= 4.0.11
Requires: qubes-core-qrexec-dom0
# policy (daemon) using changed qubesd socket protocol
Requires: qubes-core-qrexec-dom0 >= 4.1.8
Requires: qubes-db-dom0
# TODO: R: qubes-gui-dom0 >= 2.1.11
Conflicts: qubes-gui-dom0 < 1.1.13
Expand Down Expand Up @@ -364,7 +363,6 @@ fi
/usr/lib/qubes/cleanup-dispvms
/usr/lib/qubes/fix-dir-perms.sh
/usr/lib/qubes/startup-misc.sh
/usr/libexec/qubes/qubesd-query-fast
%{_unitdir}/[email protected]/30_qubes.conf
%{_unitdir}/qubes-core.service
%{_unitdir}/qubes-qmemman.service
Expand Down