QubesOS/qubes-core-admin-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

qrexec: initial convert qrexec-policy to core3 API

Browse Source
This commit is contained in:
Marek Marczykowski-Górecki 2016-02-11 02:16:01 +01:00
parent 6ca61dc709
commit 0568d2ae3b
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 34 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
qrexec/qrexec-policy
View File

@ -3,12 +3,12 @@ import sys
import os import os
import os.path import os.path
import subprocess import subprocess
from qubes.qubes import vmm import qubes
from qubes.qubes import QubesVmCollection
import qubes.guihelpers
import libvirt import libvirt
from optparse import OptionParser from optparse import OptionParser
import fcntl import fcntl
from PyQt4.QtGui import QApplication,QMessageBox
POLICY_FILE_DIR="/etc/qubes-rpc/policy" POLICY_FILE_DIR="/etc/qubes-rpc/policy"
# XXX: Backward compatibility, to be removed soon # XXX: Backward compatibility, to be removed soon
@ -21,6 +21,31 @@ class UserChoice:
DENY=1 DENY=1
ALWAYS_ALLOW=2 ALWAYS_ALLOW=2
def prepare_app():
app = QApplication(sys.argv)
app.setOrganizationName("The Qubes Project")
app.setOrganizationDomain("http://qubes-os.org")
app.setApplicationName("Qubes")
return app
def ask(text, title="Question", yestoall=False):
prepare_app()
buttons = QMessageBox.Yes | QMessageBox.No
if yestoall:
buttons |= QMessageBox.YesToAll
reply = QMessageBox.question(None, title, text, buttons, defaultButton=QMessageBox.Yes)
if reply == QMessageBox.Yes:
return 0
elif reply == QMessageBox.No:
return 1
elif reply == QMessageBox.YesToAll:
return 2
else:
#?!
return 127
def line_to_dict(line): def line_to_dict(line):
tokens=line.split() tokens=line.split()
if len(tokens) < 3: if len(tokens) < 3:
@ -92,12 +117,9 @@ def validate_target(target):
if target in ['$dispvm']: if target in ['$dispvm']:
return True return True
qc = QubesVmCollection() app = qubes.Qubes()
qc.lock_db_for_reading()
qc.load()
qc.unlock_db()
return qc.get_vm_by_name(target) return app.domains[target]
def spawn_target_if_necessary(vm): def spawn_target_if_necessary(vm):
if vm.is_running(): if vm.is_running():
@ -115,7 +137,7 @@ def do_execute(domain, target, user, service_name, process_ident, vm=None):
os.execl(QREXEC_CLIENT, "qrexec-client", os.execl(QREXEC_CLIENT, "qrexec-client",
"-d", "dom0", "-c", process_ident, cmd) "-d", "dom0", "-c", process_ident, cmd)
else: else:
if isinstance(vm, qubes.qubes.QubesVm): if isinstance(vm, qubes.vm.qubesvm.QubesVM):
spawn_target_if_necessary(vm) spawn_target_if_necessary(vm)
if target == "dom0": if target == "dom0":
cmd = QUBES_RPC_MULTIPLEXER_PATH + " " + service_name + " " + domain cmd = QUBES_RPC_MULTIPLEXER_PATH + " " + service_name + " " + domain
@ -186,8 +208,9 @@ def main():
# connection # connection
process_ident+=","+domain+","+domain_id process_ident+=","+domain+","+domain_id
vm = validate_target(target) try:
if vm is None: vm = validate_target(target)
except KeyError:
print >> sys.stderr, "Rpc failed (unknown domain):", domain, target, service_name print >> sys.stderr, "Rpc failed (unknown domain):", domain, target, service_name
text = "Domain '%s' doesn't exist (service %s called by domain %s)." % ( text = "Domain '%s' doesn't exist (service %s called by domain %s)." % (
target, service_name, domain) target, service_name, domain)