2011-07-05 18:35:03 +02:00
|
|
|
#!/usr/bin/python
|
|
|
|
import sys
|
|
|
|
import os
|
2011-07-06 18:34:00 +02:00
|
|
|
import os.path
|
2011-07-05 18:35:03 +02:00
|
|
|
import subprocess
|
2011-07-07 10:05:41 +02:00
|
|
|
import xen.lowlevel.xl
|
2011-10-12 00:08:28 +02:00
|
|
|
import qubes.guihelpers
|
|
|
|
import fcntl
|
2011-07-05 18:35:03 +02:00
|
|
|
|
|
|
|
POLICY_FILE_DIR="/etc/qubes_rpc/policy"
|
|
|
|
QREXEC_CLIENT="/usr/lib/qubes/qrexec_client"
|
|
|
|
|
2011-10-12 00:08:28 +02:00
|
|
|
class UserChoice:
|
|
|
|
ALLOW=0
|
|
|
|
DENY=1
|
|
|
|
ALWAYS_ALLOW=2
|
|
|
|
|
2011-07-06 18:34:00 +02:00
|
|
|
def line_to_dict(line):
|
|
|
|
tokens=line.split()
|
|
|
|
if len(tokens) < 3:
|
|
|
|
return None
|
2011-07-22 16:11:03 +02:00
|
|
|
|
|
|
|
if tokens[0][0] == '#':
|
|
|
|
return None
|
|
|
|
|
2011-07-06 18:34:00 +02:00
|
|
|
dict={}
|
|
|
|
dict['source']=tokens[0]
|
|
|
|
dict['dest']=tokens[1]
|
|
|
|
|
2011-10-12 00:08:28 +02:00
|
|
|
dict['full-action']=tokens[2]
|
2011-07-06 18:34:00 +02:00
|
|
|
action_list=tokens[2].split(',')
|
|
|
|
dict['action']=action_list.pop(0)
|
|
|
|
|
|
|
|
for iter in action_list:
|
|
|
|
paramval=iter.split("=")
|
|
|
|
dict["action."+paramval[0]]=paramval[1]
|
|
|
|
|
|
|
|
return dict
|
|
|
|
|
|
|
|
|
2011-07-05 18:35:03 +02:00
|
|
|
def read_policy_file(exec_index):
|
2011-07-06 18:34:00 +02:00
|
|
|
policy_file=POLICY_FILE_DIR+"/"+exec_index
|
|
|
|
if not os.path.isfile(policy_file):
|
|
|
|
return None
|
|
|
|
policy_list=list()
|
|
|
|
f = open(policy_file)
|
2011-10-12 00:08:28 +02:00
|
|
|
fcntl.flock(f, fcntl.LOCK_SH)
|
2011-07-05 18:35:03 +02:00
|
|
|
for iter in f.readlines():
|
2011-07-06 18:34:00 +02:00
|
|
|
dict = line_to_dict(iter)
|
|
|
|
if dict is not None:
|
|
|
|
policy_list.append(dict)
|
2011-07-05 18:35:03 +02:00
|
|
|
f.close()
|
2011-07-06 18:34:00 +02:00
|
|
|
return policy_list
|
2011-07-05 18:35:03 +02:00
|
|
|
|
|
|
|
def is_match(item, config_term):
|
2011-07-22 16:07:06 +02:00
|
|
|
return (item is not "dom0" and config_term == "$anyvm") or item == config_term
|
2011-07-05 18:35:03 +02:00
|
|
|
|
2011-07-06 18:34:00 +02:00
|
|
|
def get_default_policy():
|
|
|
|
dict={}
|
|
|
|
dict["action"]="deny"
|
|
|
|
return dict
|
|
|
|
|
|
|
|
|
|
|
|
def find_policy(policy, domain, target):
|
2011-07-05 18:35:03 +02:00
|
|
|
for iter in policy:
|
2011-07-06 18:34:00 +02:00
|
|
|
if not is_match(domain, iter["source"]):
|
2011-07-05 18:35:03 +02:00
|
|
|
continue
|
2011-07-06 18:34:00 +02:00
|
|
|
if not is_match(target, iter["dest"]):
|
2011-07-05 18:35:03 +02:00
|
|
|
continue
|
2011-07-06 18:34:00 +02:00
|
|
|
return iter
|
|
|
|
return get_default_policy()
|
2011-07-07 10:05:41 +02:00
|
|
|
|
|
|
|
def is_domain_running(target):
|
|
|
|
xl_ctx = xen.lowlevel.xl.ctx()
|
|
|
|
domains = xl_ctx.list_domains()
|
|
|
|
for dominfo in domains:
|
|
|
|
domname = xl_ctx.domid_to_name(dominfo.domid)
|
|
|
|
if domname == target:
|
|
|
|
return True
|
|
|
|
return False
|
|
|
|
|
|
|
|
def spawn_target_if_necessary(target):
|
2011-07-07 10:38:15 +02:00
|
|
|
if is_domain_running(target):
|
2011-07-07 10:05:41 +02:00
|
|
|
return
|
|
|
|
null=open("/dev/null", "r+")
|
2011-07-07 10:38:15 +02:00
|
|
|
subprocess.call(["qvm-run", "-a", "-q", target, "true"], stdin=null, stdout=null)
|
2011-07-07 10:05:41 +02:00
|
|
|
null.close()
|
2011-07-06 18:34:00 +02:00
|
|
|
|
|
|
|
def do_execute(domain, target, user, exec_index, process_ident):
|
2011-07-06 13:56:57 +02:00
|
|
|
if target == "dom0":
|
|
|
|
cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain
|
2011-07-22 16:07:06 +02:00
|
|
|
elif target == "$dispvm":
|
2011-07-06 18:34:00 +02:00
|
|
|
cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
|
2011-07-06 12:32:20 +02:00
|
|
|
else:
|
2011-07-07 10:05:41 +02:00
|
|
|
# see the previous commit why "qvm-run -a" is broken and dangerous
|
|
|
|
# also, dangling "xl" would keep stderr open and may prevent closing connection
|
|
|
|
spawn_target_if_necessary(target)
|
2011-07-07 10:38:15 +02:00
|
|
|
cmd= QREXEC_CLIENT + " -d " + target + " '" + user
|
|
|
|
cmd+=":/usr/lib/qubes/qubes_rpc_multiplexer "+ exec_index + " " + domain + "'"
|
2011-07-05 18:35:03 +02:00
|
|
|
os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", cmd, "-c", process_ident)
|
|
|
|
|
|
|
|
def confirm_execution(domain, target, exec_index):
|
|
|
|
text = "Do you allow domain \"" +domain + "\" to execute " + exec_index
|
2011-10-12 00:08:28 +02:00
|
|
|
text+= " operation on the domain \"" + target +"\"?<br>"
|
|
|
|
text+= " \"Yes to All\" option will automatically allow this operation in the future."
|
|
|
|
return qubes.guihelpers.ask(text, yestoall=True)
|
|
|
|
|
|
|
|
def add_always_allow(domain, target, exec_index, options):
|
|
|
|
policy_file=POLICY_FILE_DIR+"/"+exec_index
|
|
|
|
if not os.path.isfile(policy_file):
|
|
|
|
return None
|
|
|
|
f = open(policy_file, 'r+')
|
|
|
|
fcntl.flock(f, fcntl.LOCK_EX)
|
|
|
|
lines = []
|
|
|
|
for l in f.readlines():
|
|
|
|
lines.append(l)
|
|
|
|
lines.insert(0, "%s\t%s\tallow%s\n" % (domain, target, options))
|
|
|
|
f.seek(0)
|
|
|
|
f.write("".join(lines))
|
|
|
|
f.close()
|
2011-07-05 18:35:03 +02:00
|
|
|
|
|
|
|
def policy_editor(domain, target, exec_index):
|
|
|
|
text = "Policy editor not yet implemented. Please add a line in the form \""
|
|
|
|
text+= domain + " " + target + "action_to_take\""
|
|
|
|
text+= " to /etc/qubes_rpc/policy/" + exec_index +" file in dom0, then close this info."
|
|
|
|
subprocess.call(["/usr/bin/zenity", "--info", "--text", text])
|
|
|
|
|
|
|
|
def main():
|
|
|
|
domain=sys.argv[1]
|
|
|
|
target=sys.argv[2]
|
|
|
|
exec_index=sys.argv[3]
|
|
|
|
process_ident=sys.argv[4]
|
|
|
|
|
2011-07-06 18:34:00 +02:00
|
|
|
policy_list=read_policy_file(exec_index)
|
|
|
|
if policy_list==None:
|
|
|
|
policy_editor(domain, target, exec_index)
|
|
|
|
policy_list=read_policy_file(exec_index)
|
|
|
|
if policy_list==None:
|
|
|
|
policy_list=list()
|
|
|
|
|
|
|
|
policy_dict=find_policy(policy_list, domain, target)
|
|
|
|
|
|
|
|
if policy_dict["action"] == "ask":
|
2011-10-12 00:08:28 +02:00
|
|
|
user_choice = confirm_execution(domain, target, exec_index)
|
|
|
|
if user_choice == UserChoice.ALWAYS_ALLOW:
|
|
|
|
add_always_allow(domain, target, exec_index, policy_dict["full-action"].lstrip('ask'))
|
|
|
|
policy_dict["action"] = "allow"
|
|
|
|
elif user_choice == UserChoice.ALLOW:
|
2011-07-06 18:34:00 +02:00
|
|
|
policy_dict["action"] = "allow"
|
|
|
|
else:
|
|
|
|
policy_dict["action"] = "deny"
|
|
|
|
|
|
|
|
if policy_dict["action"] == "allow":
|
|
|
|
if policy_dict.has_key("action.target"):
|
|
|
|
target=policy_dict["action.target"]
|
|
|
|
if policy_dict.has_key("action.user"):
|
|
|
|
user=policy_dict["action.user"]
|
|
|
|
else:
|
|
|
|
user="user"
|
|
|
|
do_execute(domain, target, user, exec_index, process_ident)
|
|
|
|
|
2011-07-05 18:35:03 +02:00
|
|
|
print >> sys.stderr, "Rpc denied:", domain, target, exec_index
|
|
|
|
os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", "/bin/false", "-c", process_ident)
|
|
|
|
|
|
|
|
main()
|