backup: improve error reporting about passphrase retrieval

QubesOS/qubes-issues#2931
2017-07-29 04:41:38 +02:00 · 2017-07-29 04:41:38 +02:00 · 27ce27b6e9
commit 27ce27b6e9
parent bde8d45cca
1 changed files with 11 additions and 2 deletions
--- a/qubes/api/admin.py
+++ b/qubes/api/admin.py
@ -27,6 +27,7 @@ import functools
 import itertools
 import os
 import string
+import subprocess

 import libvirt
 import pkg_resources
@ -1146,8 +1147,16 @@ class QubesAdminAPI(qubes.api.AbstractQubesAPI):
            except KeyError:
                raise qubes.exc.QubesException(
                    'Invalid backup profile - invalid passphrase_vm')
-            passphrase, _ = yield from passphrase_vm.run_service_for_stdio(
-                'qubes.BackupPassphrase+' + self.arg)
+            try:
+                passphrase, _ = yield from passphrase_vm.run_service_for_stdio(
+                    'qubes.BackupPassphrase+' + self.arg)
+                # make it foolproof against "echo passphrase" implementation
+                passphrase = passphrase.strip()
+                assert b'\n' not in passphrase
+            except subprocess.CalledProcessError:
+                raise qubes.exc.QubesException(
+                    'Failed to retrieve passphrase from \'{}\' VM'.format(
+                        passphrase_vm_name))
        else:
            raise qubes.exc.QubesException(
                'Invalid backup profile - you need to '