Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

qubes.NotifyTools: ignore '/qubes-tools/version' completely

Browse Source 
It isn't used for anything, so simply ignore it for good.

https://github.com/QubesOS/qubes-core-admin/pull/109#discussion_r121421409
This commit is contained in:
Marek Marczykowski-Górecki 2017-06-14 03:58:55 +02:00
parent 55669c350c
commit 86a935e779
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
4 changed files with 1 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
qubes/api/misc.py
View File

@ -75,7 +75,7 @@ class QubesMiscAPI(qubes.api.AbstractQubesAPI):
untrusted_features = {} untrusted_features = {}
safe_set = string.ascii_letters + string.digits safe_set = string.ascii_letters + string.digits
expected_features = ('version', 'qrexec', 'gui', 'default-user') expected_features = ('qrexec', 'gui', 'default-user')
for feature in expected_features: for feature in expected_features:
untrusted_value = self.src.qdb.read('/qubes-tools/' + feature) untrusted_value = self.src.qdb.read('/qubes-tools/' + feature)
if untrusted_value: if untrusted_value:

6
qubes/ext/core_features.py
View File

@ -31,12 +31,6 @@ class CoreFeatures(qubes.ext.Extension):
'Ignoring qubes.NotifyTools for template-based VM') 'Ignoring qubes.NotifyTools for template-based VM')
return return
# for now used only to check for the tools presence
if 'version' in untrusted_features:
# any suspicious string will raise exception here,
# but otherwise ignored
int(untrusted_features['version'])
requested_features = {} requested_features = {}
for feature in ('qrexec', 'gui'): for feature in ('qrexec', 'gui'):
untrusted_value = untrusted_features.get(feature, None) untrusted_value = untrusted_features.get(feature, None)

22
qubes/tests/api_misc.py
View File

@ -125,13 +125,11 @@ class TC_00_API_Misc(qubes.tests.QubesTestCase):
mock.call.save() mock.call.save()
]) ])
self.assertEqual(self.src.mock_calls, [ self.assertEqual(self.src.mock_calls, [
mock.call.qdb.read('/qubes-tools/version'),
mock.call.qdb.read('/qubes-tools/qrexec'), mock.call.qdb.read('/qubes-tools/qrexec'),
mock.call.qdb.read('/qubes-tools/gui'), mock.call.qdb.read('/qubes-tools/gui'),
mock.call.qdb.read('/qubes-tools/default-user'), mock.call.qdb.read('/qubes-tools/default-user'),
mock.call.fire_event('features-request', untrusted_features={ mock.call.fire_event('features-request', untrusted_features={
'gui': '1', 'gui': '1',
'version': '1',
'default-user': 'user', 'default-user': 'user',
'qrexec': '1'}), 'qrexec': '1'}),
]) ])
@ -148,7 +146,6 @@ class TC_00_API_Misc(qubes.tests.QubesTestCase):
response = self.call_mgmt_func(b'qubes.NotifyTools') response = self.call_mgmt_func(b'qubes.NotifyTools')
self.assertIsNone(response) self.assertIsNone(response)
self.assertEqual(self.src.mock_calls, [ self.assertEqual(self.src.mock_calls, [
mock.call.qdb.read('/qubes-tools/version'),
mock.call.qdb.read('/qubes-tools/qrexec'), mock.call.qdb.read('/qubes-tools/qrexec'),
mock.call.qdb.read('/qubes-tools/gui'), mock.call.qdb.read('/qubes-tools/gui'),
mock.call.qdb.read('/qubes-tools/default-user'), mock.call.qdb.read('/qubes-tools/default-user'),
@ -159,23 +156,6 @@ class TC_00_API_Misc(qubes.tests.QubesTestCase):
]) ])
self.assertEqual(self.app.mock_calls, [mock.call.save()]) self.assertEqual(self.app.mock_calls, [mock.call.save()])
def test_014_notify_tools_invalid_version(self):
qdb_entries = {
'/qubes-tools/version': b'this is invalid',
'/qubes-tools/qrexec': b'0',
'/qubes-tools/gui': b'0',
'/qubes-tools/os': b'Linux',
'/qubes-tools/default-user': b'user',
}
self.configure_qdb(qdb_entries)
with self.assertRaises(AssertionError):
self.call_mgmt_func(b'qubes.NotifyTools')
# should be rejected later
self.assertEqual(self.src.mock_calls, [
mock.call.qdb.read('/qubes-tools/version'),
])
self.assertEqual(self.app.mock_calls, [])
def test_015_notify_tools_invalid_value_qrexec(self): def test_015_notify_tools_invalid_value_qrexec(self):
qdb_entries = { qdb_entries = {
'/qubes-tools/version': b'1', '/qubes-tools/version': b'1',
@ -189,7 +169,6 @@ class TC_00_API_Misc(qubes.tests.QubesTestCase):
self.call_mgmt_func(b'qubes.NotifyTools') self.call_mgmt_func(b'qubes.NotifyTools')
self.assertEqual(self.app.mock_calls, []) self.assertEqual(self.app.mock_calls, [])
self.assertEqual(self.src.mock_calls, [ self.assertEqual(self.src.mock_calls, [
mock.call.qdb.read('/qubes-tools/version'),
mock.call.qdb.read('/qubes-tools/qrexec'), mock.call.qdb.read('/qubes-tools/qrexec'),
]) ])
@ -206,7 +185,6 @@ class TC_00_API_Misc(qubes.tests.QubesTestCase):
self.call_mgmt_func(b'qubes.NotifyTools') self.call_mgmt_func(b'qubes.NotifyTools')
self.assertEqual(self.app.mock_calls, []) self.assertEqual(self.app.mock_calls, [])
self.assertEqual(self.src.mock_calls, [ self.assertEqual(self.src.mock_calls, [
mock.call.qdb.read('/qubes-tools/version'),
mock.call.qdb.read('/qubes-tools/qrexec'), mock.call.qdb.read('/qubes-tools/qrexec'),
mock.call.qdb.read('/qubes-tools/gui'), mock.call.qdb.read('/qubes-tools/gui'),
]) ])

12
qubes/tests/ext.py
View File

@ -101,18 +101,6 @@ class TC_00_CoreFeatures(qubes.tests.QubesTestCase):
('fire_event', ('template-postinstall',), {}) ('fire_event', ('template-postinstall',), {})
]) ])
def test_014_notify_tools_invalid_version(self):
del self.vm.template
with self.assertRaises(ValueError):
self.ext.qubes_features_request(self.vm, 'features-request',
untrusted_features={
'version': 'this is invalid',
'qrexec': '1',
'gui': '1',
'default-user': 'user',
})
self.assertEqual(self.vm.mock_calls, [])
def test_015_notify_tools_invalid_value_qrexec(self): def test_015_notify_tools_invalid_value_qrexec(self):
del self.vm.template del self.vm.template
self.ext.qubes_features_request(self.vm, 'features-request', self.ext.qubes_features_request(self.vm, 'features-request',