qrexec: allow for more options in the policy files

2011-07-06 18:34:00 +02:00 · 2011-07-06 18:34:00 +02:00 · c80ee3b231
commit c80ee3b231
parent 7b39b15f6d
2 changed files with 69 additions and 32 deletions
--- a/dom0/restore/qfile-daemon-dvm
+++ b/dom0/restore/qfile-daemon-dvm
@ -126,6 +126,8 @@ def main():
    global notify_object
    exec_index = sys.argv[1]
    src_vmname = sys.argv[2]
+    user = sys.argv[3]
+
    notify_object = dbus.SessionBus().get_object("org.freedesktop.Notifications", "/org/freedesktop/Notifications")
    qfile = QfileDaemonDvm(src_vmname)
    lockf = open("/var/run/qubes/qfile-daemon-dvm.lock", 'a')
@ -135,7 +137,7 @@ def main():
    lockf.close()
    if dispname is not None:
        subprocess.call(['/usr/lib/qubes/qrexec_client', '-d', dispname,
-            'user:exec /usr/lib/qubes/qubes_rpc_multiplexer ' + exec_index + " " + src_vmname])
+            user+":exec /usr/lib/qubes/qubes_rpc_multiplexer ' + exec_index + " " + src_vmname])
        subprocess.call(['/usr/sbin/xl', 'destroy', dispname])
        qfile.remove_disposable_from_qdb(dispname)

--- a/qrexec/qrexec_policy
+++ b/qrexec/qrexec_policy
@ -1,45 +1,69 @@
 #!/usr/bin/python
 import sys
 import os
+import os.path
 import subprocess
 
 POLICY_FILE_DIR="/etc/qubes_rpc/policy"
 QREXEC_CLIENT="/usr/lib/qubes/qrexec_client"

+def line_to_dict(line):
+    tokens=line.split()
+    if len(tokens) < 3:
+        return None
+    dict={}
+    dict['source']=tokens[0]
+    dict['dest']=tokens[1]
+    
+    action_list=tokens[2].split(',')
+    dict['action']=action_list.pop(0)
+    
+    for iter in action_list:
+        paramval=iter.split("=")
+        dict["action."+paramval[0]]=paramval[1]
+    
+    return dict 
+
+
 def read_policy_file(exec_index):
-    policy=list()
-    f = open(POLICY_FILE_DIR+"/"+exec_index)
+    policy_file=POLICY_FILE_DIR+"/"+exec_index
+    if not os.path.isfile(policy_file):
+        return None
+    policy_list=list()
+    f = open(policy_file)
    for iter in f.readlines():
-        policy.append(iter.split())
+        dict = line_to_dict(iter)
+        if dict is not None:
+            policy_list.append(dict)
    f.close()
-    return policy
+    return policy_list

 def is_match(item, config_term):
    return (item is not "dom0" and config_term == "anyvm") or item == config_term

-def apply_policy(policy, domain, target):
+def get_default_policy():
+    dict={}
+    dict["action"]="deny"
+    return dict
+    
+
+def find_policy(policy, domain, target):
    for iter in policy:
-        if len(iter) < 3:
+        if not is_match(domain, iter["source"]):
            continue
-        if not is_match(domain, iter[0]):
+        if not is_match(target, iter["dest"]):
            continue
-        if not is_match(target, iter[1]):
-            continue
-        ret=iter[2].split("=")
-        if len(ret)==1:
-            return (ret[0], None)
-        else:
-            return (ret[0], ret[1])
-    return (None, None)
-        
-def do_execute(domain, target, exec_index, process_ident):
+        return iter
+    return get_default_policy()
+                
+def do_execute(domain, target, user, exec_index, process_ident):
    if target == "dom0":
        cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain
    elif target == "dispvm":
-        cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain
+        cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
    else:
 #fixme: qvm-run --pass_io is broken for non-running target domain
-        cmd= "qvm-run -uroot -q -a --pass_io "+target
+        cmd= "qvm-run -uroot -q -a --pass_io "+target + " -u" + user 
        cmd+=" '/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain + "'"
    os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", cmd, "-c", process_ident)

@ -61,19 +85,30 @@ def main():
    exec_index=sys.argv[3]
    process_ident=sys.argv[4]
    
-    action = None
-    while action is None:
-        policy = read_policy_file(exec_index)
-        (action, params) = apply_policy(policy, domain, target)
-        if action is None:
-            policy_editor(domain, target, exec_index)
-    if action == "allow":
-        do_execute(domain, target, exec_index, process_ident)
-    elif action == "divert":
-        do_execute(domain, params, exec_index, process_ident)
-    elif action == "ask":
+    policy_list=read_policy_file(exec_index)
+    if policy_list==None:
+        policy_editor(domain, target, exec_index)
+        policy_list=read_policy_file(exec_index)
+        if policy_list==None:
+            policy_list=list()
+
+    policy_dict=find_policy(policy_list, domain, target)
+    
+    if policy_dict["action"] == "ask":
        if confirm_execution(domain, target, exec_index):
-            do_execute(domain, target, exec_index, process_ident)
+            policy_dict["action"] = "allow"
+        else:
+            policy_dict["action"] = "deny"
+    
+    if policy_dict["action"] == "allow":
+        if policy_dict.has_key("action.target"):
+            target=policy_dict["action.target"]
+        if policy_dict.has_key("action.user"):
+            user=policy_dict["action.user"]
+        else:
+            user="user"
+        do_execute(domain, target, user, exec_index, process_ident)
+
    print >> sys.stderr, "Rpc denied:", domain, target, exec_index    
    os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", "/bin/false", "-c", process_ident)