Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core

Browse Source
This commit is contained in:
Marek Marczykowski 2011-03-31 02:51:34 +02:00
commit 3a5cc0cc21
17 changed files with 185 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
appvm/copy_file.c
View File

@ -1,8 +1,10 @@
#include <unistd.h> #include <unistd.h>
#include <ioall.h> #include <ioall.h>
#include "filecopy.h"
extern void notify_progress(int, int); extern void notify_progress(int, int);
char * copy_file(int outfd, int infd, long long size) int copy_file(int outfd, int infd, long long size)
{ {
char buf[4096]; char buf[4096];
long long written = 0; long long written = 0;
@ -15,14 +17,24 @@ char * copy_file(int outfd, int infd, long long size)
count = size - written; count = size - written;
ret = read(infd, buf, count); ret = read(infd, buf, count);
if (!ret) if (!ret)
return("EOF while reading file"); return COPY_FILE_READ_EOF;
if (ret < 0) if (ret < 0)
return("error reading file"); return COPY_FILE_READ_ERROR;
if (!write_all(outfd, buf, ret)) if (!write_all(outfd, buf, ret))
return("error writing file content"); return COPY_FILE_WRITE_ERROR;
notify_progress(ret, 0); notify_progress(ret, 0);
written += ret; written += ret;
} }
return NULL; return COPY_FILE_OK;
} }
char * copy_file_status_to_str(int status)
{
switch (status) {
case COPY_FILE_OK: return "OK";
case COPY_FILE_READ_EOF: return "Unexpected end of data while reading";
case COPY_FILE_READ_ERROR: return "Error reading";
case COPY_FILE_WRITE_ERROR: return "Error writing";
default: return "????????";
}
}

24
appvm/filecopy.h
View File

@ -6,13 +6,21 @@
#define LEGAL_EOF 31415926 #define LEGAL_EOF 31415926
struct file_header { struct file_header {
unsigned int namelen; unsigned int namelen;
unsigned int mode; unsigned int mode;
unsigned long long filelen; unsigned long long filelen;
unsigned int atime; unsigned int atime;
unsigned int atime_nsec; unsigned int atime_nsec;
unsigned int mtime; unsigned int mtime;
unsigned int mtime_nsec; unsigned int mtime_nsec;
}; };
char * copy_file(int outfd, int infd, long long size); enum {
COPY_FILE_OK,
COPY_FILE_READ_EOF,
COPY_FILE_READ_ERROR,
COPY_FILE_WRITE_ERROR
};
int copy_file(int outfd, int infd, long long size);
char *copy_file_status_to_str(int status);

18
appvm/qfile-agent.c
View File

@ -50,7 +50,7 @@ void write_headers(struct file_header *hdr, char *filename)
{ {
if (!write_all(1, hdr, sizeof(*hdr)) if (!write_all(1, hdr, sizeof(*hdr))
|| !write_all(1, filename, hdr->namelen)) || !write_all(1, filename, hdr->namelen))
gui_fatal("writing file headers to remove AppVM"); exit(1);
} }
int single_file_processor(char *filename, struct stat *st) int single_file_processor(char *filename, struct stat *st)
@ -67,15 +67,21 @@ int single_file_processor(char *filename, struct stat *st)
hdr.mtime_nsec = st->st_mtim.tv_nsec; hdr.mtime_nsec = st->st_mtim.tv_nsec;
if (S_ISREG(mode)) { if (S_ISREG(mode)) {
char *ret; int ret;
fd = open(filename, O_RDONLY); fd = open(filename, O_RDONLY);
if (!fd) if (!fd)
gui_fatal("open %s", filename); gui_fatal("open %s", filename);
hdr.filelen = st->st_size; hdr.filelen = st->st_size;
write_headers(&hdr, filename); write_headers(&hdr, filename);
ret = copy_file(1, fd, hdr.filelen); ret = copy_file(1, fd, hdr.filelen);
if (ret) // if COPY_FILE_WRITE_ERROR, hopefully remote will produce a message
gui_fatal("Copying file %s: %s", filename, ret); if (ret != COPY_FILE_OK) {
if (ret != COPY_FILE_WRITE_ERROR)
gui_fatal("Copying file %s: %s", filename,
copy_file_status_to_str(ret));
else
exit(1);
}
close(fd); close(fd);
} }
if (S_ISDIR(mode)) { if (S_ISDIR(mode)) {
@ -89,7 +95,7 @@ int single_file_processor(char *filename, struct stat *st)
hdr.filelen = st->st_size + 1; hdr.filelen = st->st_size + 1;
write_headers(&hdr, filename); write_headers(&hdr, filename);
if (!write_all(1, name, st->st_size + 1)) if (!write_all(1, name, st->st_size + 1))
gui_fatal("write to remote VM"); exit(1);
} }
return 0; return 0;
} }
@ -130,7 +136,7 @@ void send_vmname(char *vmname)
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
strncat(buf, vmname, sizeof(buf) - 1); strncat(buf, vmname, sizeof(buf) - 1);
if (!write_all(1, buf, sizeof buf)) if (!write_all(1, buf, sizeof buf))
gui_fatal("writing vmname to remote VM"); exit(1);
} }
char *get_item(char *data, char **current, int size) char *get_item(char *data, char **current, int size)

69
appvm/qvm-copy-to-vm Executable file
View File

@ -0,0 +1,69 @@
#!/bin/sh
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2010 Rafal Wojtczuk <rafal@invisiblethingslab.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
#
if [ x"$1" = "x--with-progress" ] ; then
DO_PROGRESS=1
shift
else
DO_PROGRESS=0
fi
if [ $# -lt 2 ] ; then
echo usage: $0 '[--with-progress] dest_vmname file [file]+'
exit 1
fi
VM="$1"
shift
if [ $DO_PROGRESS = 1 ] ; then
SIZE=$(du --apparent-size -c "$@" | tail -1 | cut -f 1)
fi
export PROGRESS_FILE=$(mktemp)
/usr/lib/qubes/qvm-trigger-copy-to-vm $VM "$@"
while ! [ -s $PROGRESS_FILE ] ; do
sleep 0.1
done
while true ; do
read agentpid sentsize agentstatus < $PROGRESS_FILE
if [ "x"$agentstatus = x ] ; then continue ; fi
if ! [ -e /proc/$agentpid ] ; then break ; fi
if [ "x"$agentstatus = xdone ] ; then break ; fi
CURRSIZE=$(($sentsize/1024))
if [ $DO_PROGRESS = 1 ] ; then
echo -ne "\r sent $CURRSIZE/$SIZE KB "
fi
sleep 0.4
done
rm -f $PROGRESS_FILE
if [ $DO_PROGRESS = 1 ] ; then
echo
fi
if ! [ "x"$agentstatus = xDONE ] ; then
exit 1
else
exit 0
fi

12
appvm/qvm-copy-to-vm2.kde
View File

@ -23,17 +23,18 @@
VM=$(kdialog -inputbox "Enter the VM name to send files to:") VM=$(kdialog -inputbox "Enter the VM name to send files to:")
if [ X$VM = X ] ; then exit 0 ; fi if [ X$VM = X ] ; then exit 0 ; fi
SIZE=$(du -c "$@" | tail -1 | cut -f 1) SIZE=$(du --apparent-size -c "$@" | tail -1 | cut -f 1)
REF=$(kdialog --progressbar "Copy progress") REF=$(kdialog --progressbar "Copy progress")
qdbus $REF org.freedesktop.DBus.Properties.Set "" maximum $SIZE qdbus $REF org.freedesktop.DBus.Properties.Set "" maximum $SIZE
export PROGRESS_FILE=$(mktemp) export PROGRESS_FILE=$(mktemp)
qvm-copy-to-vm2 $VM "$@" /usr/lib/qubes/qvm-trigger-copy-to-vm $VM "$@"
while ! [ -s $PROGRESS_FILE ] ; do while ! [ -s $PROGRESS_FILE ] ; do
sleep 0.1 sleep 0.1
done done
while true ; do while true ; do
read agentpid sentsize agentstatus < $PROGRESS_FILE read agentpid sentsize agentstatus < $PROGRESS_FILE
if [ "x"$agentstatus = x ] ; then continue ; fi
if ! [ -e /proc/$agentpid ] ; then break ; fi if ! [ -e /proc/$agentpid ] ; then break ; fi
if [ "x"$agentstatus = xdone ] ; then break ; fi if [ "x"$agentstatus = xdone ] ; then break ; fi
CURRSIZE=$(($sentsize/1024)) CURRSIZE=$(($sentsize/1024))
@ -43,6 +44,7 @@ done
qdbus $REF close qdbus $REF close
rm -f $PROGRESS_FILE rm -f $PROGRESS_FILE
if ! [ "x"$agentstatus = xDONE ] ; then # we do not want a dozen error messages, do we
kdialog --sorry 'Abnormal file copy termination; see /var/log/qubes/qrexec.xid.log in dom0 for more details' # if ! [ "x"$agentstatus = xDONE ] ; then
fi # kdialog --sorry 'Abnormal file copy termination; see /var/log/qubes/qrexec.xid.log in dom0 for more details'
# fi

0
appvm/qvm-copy-to-vm2 → appvm/qvm-trigger-copy-to-vm
View File

15
appvm/unpack.c
View File

@ -38,14 +38,19 @@ void fix_times_and_perms(struct file_header *hdr, char *name)
void process_one_file_reg(struct file_header *hdr, char *name) void process_one_file_reg(struct file_header *hdr, char *name)
{ {
char *ret; int ret;
int fdout = int fdout =
open(name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0700); open(name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0700);
if (fdout < 0) if (fdout < 0)
do_exit(errno); do_exit(errno);
ret = copy_file(fdout, 0, hdr->filelen); ret = copy_file(fdout, 0, hdr->filelen);
if (ret) if (ret != COPY_FILE_OK) {
do_exit(errno); if (ret == COPY_FILE_READ_EOF
|| ret == COPY_FILE_READ_ERROR)
do_exit(LEGAL_EOF); // hopefully remote will produce error message
else
do_exit(errno);
}
close(fdout); close(fdout);
fix_times_and_perms(hdr, name); fix_times_and_perms(hdr, name);
} }
@ -68,7 +73,7 @@ void process_one_file_link(struct file_header *hdr, char *name)
if (hdr->filelen > MAX_PATH_LENGTH - 1) if (hdr->filelen > MAX_PATH_LENGTH - 1)
do_exit(ENAMETOOLONG); do_exit(ENAMETOOLONG);
if (!read_all(0, content, hdr->filelen)) if (!read_all(0, content, hdr->filelen))
do_exit(errno); do_exit(LEGAL_EOF); // hopefully remote has produced error message
content[hdr->filelen] = 0; content[hdr->filelen] = 0;
if (symlink(content, name)) if (symlink(content, name))
do_exit(errno); do_exit(errno);
@ -80,7 +85,7 @@ void process_one_file(struct file_header *hdr)
if (hdr->namelen > MAX_PATH_LENGTH - 1) if (hdr->namelen > MAX_PATH_LENGTH - 1)
do_exit(ENAMETOOLONG); do_exit(ENAMETOOLONG);
if (!read_all(0, namebuf, hdr->namelen)) if (!read_all(0, namebuf, hdr->namelen))
do_exit(errno); do_exit(LEGAL_EOF); // hopefully remote has produced error message
namebuf[hdr->namelen] = 0; namebuf[hdr->namelen] = 0;
if (S_ISREG(hdr->mode)) if (S_ISREG(hdr->mode))
process_one_file_reg(hdr, namebuf); process_one_file_reg(hdr, namebuf);

2
common/qubes_fix_nm_conf.sh
View File

@ -3,6 +3,8 @@ FILE=/etc/NetworkManager/NetworkManager.conf
VIFMAC=mac:fe:ff:ff:ff:ff:ff VIFMAC=mac:fe:ff:ff:ff:ff:ff
if ! grep -q ^plugins.*keyfile $FILE ; then if ! grep -q ^plugins.*keyfile $FILE ; then
sed -i 's/^plugins.*$/&,keyfile/' $FILE sed -i 's/^plugins.*$/&,keyfile/' $FILE
fi
if ! grep -q '^\[keyfile\]$' $FILE ; then
echo '[keyfile]' >> $FILE echo '[keyfile]' >> $FILE
fi fi
if ! grep -q ^unmanaged-devices $FILE ; then if ! grep -q ^unmanaged-devices $FILE ; then

47
dom0/init.d/qubes_setupdvm
View File

@ -30,20 +30,33 @@ start()
if ! [ -f $ROOT ] ; then create_neeed=1 ; fi if ! [ -f $ROOT ] ; then create_neeed=1 ; fi
if [ $ROOT -nt $DEFAULT ] ; then create_neeed=1 ; fi if [ $ROOT -nt $DEFAULT ] ; then create_neeed=1 ; fi
if [ $create_neeed = 1 ] ; then if [ $create_neeed = 1 ] ; then
echo Creating the default DVM. This may take up to 2 minutes... MSG="Creating default DVM. This may take up to 2 minutes..."
qvm-create-default-dvm --default-template --default-script echo " $MSG"
if [ -x /usr/bin/plymouth ]; then
/usr/bin/plymouth message --text="$MSG"
/usr/bin/plymouth pause-progress
fi
qvm-create-default-dvm --default-template --default-script
DVMDIR="/var/lib/qubes/appvms/`qvm-get-default-template`-dvm"
/bin/chown -R root.qubes "$DVMDIR"
/bin/chmod -R ug=rwX,o=rX "$DVMDIR"
if [ -x /usr/bin/plymouth ]; then
/usr/bin/plymouth message --text=""
/usr/bin/plymouth unpause-progress
fi
success
return return
fi fi
if [ -f /var/lib/qubes/dvmdata/dont_use_shm ] ; then if [ -f /var/lib/qubes/dvmdata/dont_use_shm ] ; then
ln -s $DEFAULT /var/run/qubes/current_savefile ln -s $DEFAULT /var/run/qubes/current_savefile
else else
mkdir -m 770 /dev/shm/qubes mkdir -m 770 /dev/shm/qubes
chown root.qubes /dev/shm/qubes chown root.qubes /dev/shm/qubes
cp $DEFAULT /dev/shm/qubes/current_savefile cp $DEFAULT /dev/shm/qubes/current_savefile
chown root.qubes /dev/shm/qubes/current_savefile chown root.qubes /dev/shm/qubes/current_savefile
chmod 660 /dev/shm/qubes/current_savefile chmod 660 /dev/shm/qubes/current_savefile
ln -s /dev/shm/qubes/current_savefile /var/run/qubes/current_savefile ln -s /dev/shm/qubes/current_savefile /var/run/qubes/current_savefile
fi fi
touch /var/lock/subsys/qubes_setupdvm touch /var/lock/subsys/qubes_setupdvm
success success
@ -60,15 +73,15 @@ stop()
case "$1" in case "$1" in
start) start)
start start
;; ;;
stop) stop)
stop stop
;; ;;
*) *)
echo $"Usage: $0 {start|stop}" echo $"Usage: $0 {start|stop}"
exit 3 exit 3
;; ;;
esac esac
exit $RETVAL exit $RETVAL

2
dom0/qvm-core/qubes.py
View File

@ -1340,7 +1340,7 @@ class QubesProxyVm(QubesNetVm):
iptables += "-A FORWARD -i vif{0}.0 -j {1}\n".format(xid, default_action) iptables += "-A FORWARD -i vif{0}.0 -j {1}\n".format(xid, default_action)
iptables += "#End of VM rules\n" iptables += "#End of VM rules\n"
iptables += "-A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT\n" iptables += "-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT\n"
iptables += "-A FORWARD -j DROP\n" iptables += "-A FORWARD -j DROP\n"
iptables += "COMMIT" iptables += "COMMIT"

4
dom0/restore/qfile-daemon-dvm
View File

@ -23,6 +23,7 @@ import os
import dbus import dbus
import subprocess import subprocess
import sys import sys
import fcntl
from qubes.qubes import QubesVmCollection from qubes.qubes import QubesVmCollection
from qubes.qubes import QubesException from qubes.qubes import QubesException
@ -123,7 +124,10 @@ def main():
global notify_object global notify_object
notify_object = dbus.SessionBus().get_object("org.freedesktop.Notifications", "/org/freedesktop/Notifications") notify_object = dbus.SessionBus().get_object("org.freedesktop.Notifications", "/org/freedesktop/Notifications")
qfile = QfileDaemonDvm(os.getenv("QREXEC_REMOTE_DOMAIN")) qfile = QfileDaemonDvm(os.getenv("QREXEC_REMOTE_DOMAIN"))
lockf = open("/var/run/qubes/qfile-daemon-dvm.lock", 'a')
fcntl.flock(lockf, fcntl.LOCK_EX)
dispname = qfile.get_dvm() dispname = qfile.get_dvm()
lockf.close()
if dispname is not None: if dispname is not None:
subprocess.call(['/usr/lib/qubes/qrexec_client', '-d', dispname, 'directly:user:/usr/lib/qubes/dvm_file_editor']) subprocess.call(['/usr/lib/qubes/qrexec_client', '-d', dispname, 'directly:user:/usr/lib/qubes/dvm_file_editor'])
subprocess.call(['/usr/sbin/xm', 'destroy', dispname]) subprocess.call(['/usr/sbin/xm', 'destroy', dispname])

1
proxyvm/bin/qubes_netwatcher
View File

@ -18,6 +18,7 @@ while true; do
/sbin/service qubes_firewall stop /sbin/service qubes_firewall stop
/sbin/service qubes_firewall start /sbin/service qubes_firewall start
CURR_NETCFG="$NETCFG" CURR_NETCFG="$NETCFG"
/usr/bin/xenstore-write qubes_netvm_external_ip "$CURR_NETCFG"
fi fi
/usr/bin/xenstore-watch /local/domain/$NET_DOMID/qubes_netvm_external_ip /usr/bin/xenstore-watch /local/domain/$NET_DOMID/qubes_netvm_external_ip

9
rpm_spec/core-appvm.spec
View File

@ -54,6 +54,9 @@ exit 0
fi fi
adduser --create-home user adduser --create-home user
su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts'
su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm2.kde /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"'
su user -c 'ln -s /usr/bin/qvm-open-in-dvm2 /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"'
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
@ -71,9 +74,10 @@ cp qubes_core_appvm $RPM_BUILD_ROOT/etc/init.d/
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
mkdir -p $RPM_BUILD_ROOT/usr/bin mkdir -p $RPM_BUILD_ROOT/usr/bin
cp qubes_timestamp qvm-open-in-dvm2 $RPM_BUILD_ROOT/usr/bin cp qubes_timestamp qvm-open-in-dvm2 $RPM_BUILD_ROOT/usr/bin
cp qvm-copy-to-vm2 $RPM_BUILD_ROOT/usr/bin cp qvm-copy-to-vm $RPM_BUILD_ROOT/usr/bin
mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
cp qvm-copy-to-vm2.kde $RPM_BUILD_ROOT/usr/lib/qubes cp qvm-copy-to-vm2.kde $RPM_BUILD_ROOT/usr/lib/qubes
cp qvm-trigger-copy-to-vm $RPM_BUILD_ROOT/usr/lib/qubes
cp ../qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes cp ../qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes
cp dvm_file_editor qfile-agent qfile-agent-dvm qfile-unpacker $RPM_BUILD_ROOT/usr/lib/qubes cp dvm_file_editor qfile-agent qfile-agent-dvm qfile-unpacker $RPM_BUILD_ROOT/usr/lib/qubes
cp ../common/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes cp ../common/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes
@ -123,13 +127,14 @@ rm -rf $RPM_BUILD_ROOT
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
/etc/init.d/qubes_core_appvm /etc/init.d/qubes_core_appvm
/usr/bin/qvm-copy-to-vm2 /usr/bin/qvm-copy-to-vm
/usr/lib/qubes/qvm-copy-to-vm2.kde /usr/lib/qubes/qvm-copy-to-vm2.kde
/usr/bin/qvm-open-in-dvm2 /usr/bin/qvm-open-in-dvm2
/usr/lib/qubes/meminfo-writer /usr/lib/qubes/meminfo-writer
/usr/lib/qubes/dvm_file_editor /usr/lib/qubes/dvm_file_editor
%{kde_service_dir}/qvm-copy.desktop %{kde_service_dir}/qvm-copy.desktop
%{kde_service_dir}/qvm-dvm.desktop %{kde_service_dir}/qvm-dvm.desktop
/usr/lib/qubes/qvm-trigger-copy-to-vm
/usr/lib/qubes/qrexec_agent /usr/lib/qubes/qrexec_agent
/usr/lib/qubes/qfile-agent /usr/lib/qubes/qfile-agent
/usr/lib/qubes/qfile-agent-dvm /usr/lib/qubes/qfile-agent-dvm

1
rpm_spec/core-commonvm.spec
View File

@ -33,6 +33,7 @@ License: GPL
URL: http://www.qubes-os.org URL: http://www.qubes-os.org
Requires: /usr/bin/xenstore-read Requires: /usr/bin/xenstore-read
Requires: fedora-release Requires: fedora-release
BuildRequires: xen-devel
%define _builddir %(pwd)/common %define _builddir %(pwd)/common

6
rpm_spec/core-netvm.spec
View File

@ -68,6 +68,12 @@ cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts
%post %post
# Create NetworkManager configuration if we do not have it
if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
echo '[main]' > /etc/NetworkManager/NetworkManager.conf
echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
fi
/usr/lib/qubes/qubes_fix_nm_conf.sh /usr/lib/qubes/qubes_fix_nm_conf.sh
chkconfig --add qubes_core_netvm || echo "WARNING: Cannot add service qubes_core!" chkconfig --add qubes_core_netvm || echo "WARNING: Cannot add service qubes_core!"

2
version_dom0
View File

@ -1 +1 @@
1.5.2 1.5.4

2
version_vm
View File

@ -1 +1 @@
1.5.2 1.5.4