Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core

This commit is contained in:
Marek Marczykowski 2011-03-31 02:51:34 +02:00
commit 3a5cc0cc21
17 changed files with 185 additions and 51 deletions

View File

@ -1,8 +1,10 @@
#include <unistd.h>
#include <ioall.h>
#include "filecopy.h"
extern void notify_progress(int, int);
char * copy_file(int outfd, int infd, long long size)
int copy_file(int outfd, int infd, long long size)
{
char buf[4096];
long long written = 0;
@ -15,14 +17,24 @@ char * copy_file(int outfd, int infd, long long size)
count = size - written;
ret = read(infd, buf, count);
if (!ret)
return("EOF while reading file");
return COPY_FILE_READ_EOF;
if (ret < 0)
return("error reading file");
return COPY_FILE_READ_ERROR;
if (!write_all(outfd, buf, ret))
return("error writing file content");
return COPY_FILE_WRITE_ERROR;
notify_progress(ret, 0);
written += ret;
}
return NULL;
return COPY_FILE_OK;
}
char * copy_file_status_to_str(int status)
{
switch (status) {
case COPY_FILE_OK: return "OK";
case COPY_FILE_READ_EOF: return "Unexpected end of data while reading";
case COPY_FILE_READ_ERROR: return "Error reading";
case COPY_FILE_WRITE_ERROR: return "Error writing";
default: return "????????";
}
}

View File

@ -6,13 +6,21 @@
#define LEGAL_EOF 31415926
struct file_header {
unsigned int namelen;
unsigned int mode;
unsigned long long filelen;
unsigned int atime;
unsigned int atime_nsec;
unsigned int mtime;
unsigned int mtime_nsec;
unsigned int namelen;
unsigned int mode;
unsigned long long filelen;
unsigned int atime;
unsigned int atime_nsec;
unsigned int mtime;
unsigned int mtime_nsec;
};
char * copy_file(int outfd, int infd, long long size);
enum {
COPY_FILE_OK,
COPY_FILE_READ_EOF,
COPY_FILE_READ_ERROR,
COPY_FILE_WRITE_ERROR
};
int copy_file(int outfd, int infd, long long size);
char *copy_file_status_to_str(int status);

View File

@ -50,7 +50,7 @@ void write_headers(struct file_header *hdr, char *filename)
{
if (!write_all(1, hdr, sizeof(*hdr))
|| !write_all(1, filename, hdr->namelen))
gui_fatal("writing file headers to remove AppVM");
exit(1);
}
int single_file_processor(char *filename, struct stat *st)
@ -67,15 +67,21 @@ int single_file_processor(char *filename, struct stat *st)
hdr.mtime_nsec = st->st_mtim.tv_nsec;
if (S_ISREG(mode)) {
char *ret;
int ret;
fd = open(filename, O_RDONLY);
if (!fd)
gui_fatal("open %s", filename);
hdr.filelen = st->st_size;
write_headers(&hdr, filename);
ret = copy_file(1, fd, hdr.filelen);
if (ret)
gui_fatal("Copying file %s: %s", filename, ret);
// if COPY_FILE_WRITE_ERROR, hopefully remote will produce a message
if (ret != COPY_FILE_OK) {
if (ret != COPY_FILE_WRITE_ERROR)
gui_fatal("Copying file %s: %s", filename,
copy_file_status_to_str(ret));
else
exit(1);
}
close(fd);
}
if (S_ISDIR(mode)) {
@ -89,7 +95,7 @@ int single_file_processor(char *filename, struct stat *st)
hdr.filelen = st->st_size + 1;
write_headers(&hdr, filename);
if (!write_all(1, name, st->st_size + 1))
gui_fatal("write to remote VM");
exit(1);
}
return 0;
}
@ -130,7 +136,7 @@ void send_vmname(char *vmname)
memset(buf, 0, sizeof(buf));
strncat(buf, vmname, sizeof(buf) - 1);
if (!write_all(1, buf, sizeof buf))
gui_fatal("writing vmname to remote VM");
exit(1);
}
char *get_item(char *data, char **current, int size)

69
appvm/qvm-copy-to-vm Executable file
View File

@ -0,0 +1,69 @@
#!/bin/sh
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2010 Rafal Wojtczuk <rafal@invisiblethingslab.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
#
if [ x"$1" = "x--with-progress" ] ; then
DO_PROGRESS=1
shift
else
DO_PROGRESS=0
fi
if [ $# -lt 2 ] ; then
echo usage: $0 '[--with-progress] dest_vmname file [file]+'
exit 1
fi
VM="$1"
shift
if [ $DO_PROGRESS = 1 ] ; then
SIZE=$(du --apparent-size -c "$@" | tail -1 | cut -f 1)
fi
export PROGRESS_FILE=$(mktemp)
/usr/lib/qubes/qvm-trigger-copy-to-vm $VM "$@"
while ! [ -s $PROGRESS_FILE ] ; do
sleep 0.1
done
while true ; do
read agentpid sentsize agentstatus < $PROGRESS_FILE
if [ "x"$agentstatus = x ] ; then continue ; fi
if ! [ -e /proc/$agentpid ] ; then break ; fi
if [ "x"$agentstatus = xdone ] ; then break ; fi
CURRSIZE=$(($sentsize/1024))
if [ $DO_PROGRESS = 1 ] ; then
echo -ne "\r sent $CURRSIZE/$SIZE KB "
fi
sleep 0.4
done
rm -f $PROGRESS_FILE
if [ $DO_PROGRESS = 1 ] ; then
echo
fi
if ! [ "x"$agentstatus = xDONE ] ; then
exit 1
else
exit 0
fi

View File

@ -23,17 +23,18 @@
VM=$(kdialog -inputbox "Enter the VM name to send files to:")
if [ X$VM = X ] ; then exit 0 ; fi
SIZE=$(du -c "$@" | tail -1 | cut -f 1)
SIZE=$(du --apparent-size -c "$@" | tail -1 | cut -f 1)
REF=$(kdialog --progressbar "Copy progress")
qdbus $REF org.freedesktop.DBus.Properties.Set "" maximum $SIZE
export PROGRESS_FILE=$(mktemp)
qvm-copy-to-vm2 $VM "$@"
/usr/lib/qubes/qvm-trigger-copy-to-vm $VM "$@"
while ! [ -s $PROGRESS_FILE ] ; do
sleep 0.1
done
while true ; do
read agentpid sentsize agentstatus < $PROGRESS_FILE
if [ "x"$agentstatus = x ] ; then continue ; fi
if ! [ -e /proc/$agentpid ] ; then break ; fi
if [ "x"$agentstatus = xdone ] ; then break ; fi
CURRSIZE=$(($sentsize/1024))
@ -43,6 +44,7 @@ done
qdbus $REF close
rm -f $PROGRESS_FILE
if ! [ "x"$agentstatus = xDONE ] ; then
kdialog --sorry 'Abnormal file copy termination; see /var/log/qubes/qrexec.xid.log in dom0 for more details'
fi
# we do not want a dozen error messages, do we
# if ! [ "x"$agentstatus = xDONE ] ; then
# kdialog --sorry 'Abnormal file copy termination; see /var/log/qubes/qrexec.xid.log in dom0 for more details'
# fi

View File

@ -38,14 +38,19 @@ void fix_times_and_perms(struct file_header *hdr, char *name)
void process_one_file_reg(struct file_header *hdr, char *name)
{
char *ret;
int ret;
int fdout =
open(name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0700);
if (fdout < 0)
do_exit(errno);
ret = copy_file(fdout, 0, hdr->filelen);
if (ret)
if (ret != COPY_FILE_OK) {
if (ret == COPY_FILE_READ_EOF
|| ret == COPY_FILE_READ_ERROR)
do_exit(LEGAL_EOF); // hopefully remote will produce error message
else
do_exit(errno);
}
close(fdout);
fix_times_and_perms(hdr, name);
}
@ -68,7 +73,7 @@ void process_one_file_link(struct file_header *hdr, char *name)
if (hdr->filelen > MAX_PATH_LENGTH - 1)
do_exit(ENAMETOOLONG);
if (!read_all(0, content, hdr->filelen))
do_exit(errno);
do_exit(LEGAL_EOF); // hopefully remote has produced error message
content[hdr->filelen] = 0;
if (symlink(content, name))
do_exit(errno);
@ -80,7 +85,7 @@ void process_one_file(struct file_header *hdr)
if (hdr->namelen > MAX_PATH_LENGTH - 1)
do_exit(ENAMETOOLONG);
if (!read_all(0, namebuf, hdr->namelen))
do_exit(errno);
do_exit(LEGAL_EOF); // hopefully remote has produced error message
namebuf[hdr->namelen] = 0;
if (S_ISREG(hdr->mode))
process_one_file_reg(hdr, namebuf);

View File

@ -3,6 +3,8 @@ FILE=/etc/NetworkManager/NetworkManager.conf
VIFMAC=mac:fe:ff:ff:ff:ff:ff
if ! grep -q ^plugins.*keyfile $FILE ; then
sed -i 's/^plugins.*$/&,keyfile/' $FILE
fi
if ! grep -q '^\[keyfile\]$' $FILE ; then
echo '[keyfile]' >> $FILE
fi
if ! grep -q ^unmanaged-devices $FILE ; then

View File

@ -30,8 +30,21 @@ start()
if ! [ -f $ROOT ] ; then create_neeed=1 ; fi
if [ $ROOT -nt $DEFAULT ] ; then create_neeed=1 ; fi
if [ $create_neeed = 1 ] ; then
echo Creating the default DVM. This may take up to 2 minutes...
MSG="Creating default DVM. This may take up to 2 minutes..."
echo " $MSG"
if [ -x /usr/bin/plymouth ]; then
/usr/bin/plymouth message --text="$MSG"
/usr/bin/plymouth pause-progress
fi
qvm-create-default-dvm --default-template --default-script
DVMDIR="/var/lib/qubes/appvms/`qvm-get-default-template`-dvm"
/bin/chown -R root.qubes "$DVMDIR"
/bin/chmod -R ug=rwX,o=rX "$DVMDIR"
if [ -x /usr/bin/plymouth ]; then
/usr/bin/plymouth message --text=""
/usr/bin/plymouth unpause-progress
fi
success
return
fi
if [ -f /var/lib/qubes/dvmdata/dont_use_shm ] ; then

View File

@ -1340,7 +1340,7 @@ class QubesProxyVm(QubesNetVm):
iptables += "-A FORWARD -i vif{0}.0 -j {1}\n".format(xid, default_action)
iptables += "#End of VM rules\n"
iptables += "-A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT\n"
iptables += "-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT\n"
iptables += "-A FORWARD -j DROP\n"
iptables += "COMMIT"

View File

@ -23,6 +23,7 @@ import os
import dbus
import subprocess
import sys
import fcntl
from qubes.qubes import QubesVmCollection
from qubes.qubes import QubesException
@ -123,7 +124,10 @@ def main():
global notify_object
notify_object = dbus.SessionBus().get_object("org.freedesktop.Notifications", "/org/freedesktop/Notifications")
qfile = QfileDaemonDvm(os.getenv("QREXEC_REMOTE_DOMAIN"))
lockf = open("/var/run/qubes/qfile-daemon-dvm.lock", 'a')
fcntl.flock(lockf, fcntl.LOCK_EX)
dispname = qfile.get_dvm()
lockf.close()
if dispname is not None:
subprocess.call(['/usr/lib/qubes/qrexec_client', '-d', dispname, 'directly:user:/usr/lib/qubes/dvm_file_editor'])
subprocess.call(['/usr/sbin/xm', 'destroy', dispname])

View File

@ -18,6 +18,7 @@ while true; do
/sbin/service qubes_firewall stop
/sbin/service qubes_firewall start
CURR_NETCFG="$NETCFG"
/usr/bin/xenstore-write qubes_netvm_external_ip "$CURR_NETCFG"
fi
/usr/bin/xenstore-watch /local/domain/$NET_DOMID/qubes_netvm_external_ip

View File

@ -54,6 +54,9 @@ exit 0
fi
adduser --create-home user
su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts'
su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm2.kde /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"'
su user -c 'ln -s /usr/bin/qvm-open-in-dvm2 /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"'
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
@ -71,9 +74,10 @@ cp qubes_core_appvm $RPM_BUILD_ROOT/etc/init.d/
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
mkdir -p $RPM_BUILD_ROOT/usr/bin
cp qubes_timestamp qvm-open-in-dvm2 $RPM_BUILD_ROOT/usr/bin
cp qvm-copy-to-vm2 $RPM_BUILD_ROOT/usr/bin
cp qvm-copy-to-vm $RPM_BUILD_ROOT/usr/bin
mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
cp qvm-copy-to-vm2.kde $RPM_BUILD_ROOT/usr/lib/qubes
cp qvm-trigger-copy-to-vm $RPM_BUILD_ROOT/usr/lib/qubes
cp ../qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes
cp dvm_file_editor qfile-agent qfile-agent-dvm qfile-unpacker $RPM_BUILD_ROOT/usr/lib/qubes
cp ../common/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes
@ -123,13 +127,14 @@ rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
/etc/init.d/qubes_core_appvm
/usr/bin/qvm-copy-to-vm2
/usr/bin/qvm-copy-to-vm
/usr/lib/qubes/qvm-copy-to-vm2.kde
/usr/bin/qvm-open-in-dvm2
/usr/lib/qubes/meminfo-writer
/usr/lib/qubes/dvm_file_editor
%{kde_service_dir}/qvm-copy.desktop
%{kde_service_dir}/qvm-dvm.desktop
/usr/lib/qubes/qvm-trigger-copy-to-vm
/usr/lib/qubes/qrexec_agent
/usr/lib/qubes/qfile-agent
/usr/lib/qubes/qfile-agent-dvm

View File

@ -33,6 +33,7 @@ License: GPL
URL: http://www.qubes-os.org
Requires: /usr/bin/xenstore-read
Requires: fedora-release
BuildRequires: xen-devel
%define _builddir %(pwd)/common

View File

@ -68,6 +68,12 @@ cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts
%post
# Create NetworkManager configuration if we do not have it
if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
echo '[main]' > /etc/NetworkManager/NetworkManager.conf
echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
fi
/usr/lib/qubes/qubes_fix_nm_conf.sh
chkconfig --add qubes_core_netvm || echo "WARNING: Cannot add service qubes_core!"

View File

@ -1 +1 @@
1.5.2
1.5.4

View File

@ -1 +1 @@
1.5.2
1.5.4