From 602155374a9d913702e27e5a820fcb05c7c6445a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Mon, 4 May 2015 00:41:33 +0200
Subject: [PATCH] dispvm: restore DispVM naming independent of Qubes VM ID
 (#983)

Using QID for DispVM ID was a bad idea in terms of anonymity:
1. It gives some clue about VMs count in the system. In case of large
numbers, this can be quite unique.
2. If new DispVM is started just after closing previous one, it will get
the same ID, and in consequence the same IP. In case of using TorVM,
this leads to use the same circuit as just closed DispVM.

Fixes qubesos/qubes-issues#983
---
 core-modules/01QubesDisposableVm.py | 36 ++++++++++++++++++++++++++---
 1 file changed, 33 insertions(+), 3 deletions(-)

diff --git a/core-modules/01QubesDisposableVm.py b/core-modules/01QubesDisposableVm.py
index 5eb0713f..706797bd 100644
--- a/core-modules/01QubesDisposableVm.py
+++ b/core-modules/01QubesDisposableVm.py
@@ -30,6 +30,8 @@ from qubes.qubes import QubesVm,QubesVmLabel,register_qubes_vm_class, \
     QubesException
 from qubes.qubes import QubesDispVmLabels
 from qubes.qubes import dry_run,vmm
+import grp
+
 qmemman_present = False
 try:
     from qubes.qmemman_client import QMemmanClient
@@ -37,6 +39,8 @@ try:
 except ImportError:
     pass
 
+DISPID_STATE_FILE = '/var/run/qubes/dispid'
+
 class QubesDisposableVm(QubesVm):
     """
     A class that represents an DisposableVM. A child of QubesVm.
@@ -45,14 +49,40 @@ class QubesDisposableVm(QubesVm):
     # In which order load this VM type from qubes.xml
     load_order = 120
 
+
+    def _assign_new_dispid(self):
+        # This method in called while lock on qubes.xml is held, so no need for
+        # additional lock
+        if os.path.exists(DISPID_STATE_FILE):
+            f = open(DISPID_STATE_FILE, 'r+')
+            dispid = int(f.read())
+            f.seek(0)
+            f.truncate(0)
+            f.write(str(dispid+1))
+            f.close()
+        else:
+            dispid = 1
+            f = open(DISPID_STATE_FILE, 'w')
+            f.write(str(dispid+1))
+            f.close()
+            os.chown(DISPID_STATE_FILE, -1, grp.getgrnam('qubes').gr_gid)
+            os.chmod(DISPID_STATE_FILE, 0664)
+        return dispid
+
     def get_attrs_config(self):
         attrs_config = super(QubesDisposableVm, self).get_attrs_config()
 
-        attrs_config['name']['eval'] = '"disp%d" % self._qid if value is None else value'
+        attrs_config['name']['func'] = \
+            lambda x: "disp%d" % self.dispid if x is None else x
 
         # New attributes
-        attrs_config['dispid'] = { 'func': lambda x: self._qid if x is None else int(x),
-            'save': lambda: str(self.dispid) }
+        attrs_config['dispid'] = {
+            'func': lambda x: (self._assign_new_dispid() if x is None
+                               else int(x)),
+            'save': lambda: str(self.dispid),
+            # needs to be set before name
+            'order': 0
+        }
         attrs_config['include_in_backups']['func'] = lambda x: False
         attrs_config['disp_savefile'] = {
                 'default': '/var/run/qubes/current-savefile',