qrexec: allow for more options in the policy files
This commit is contained in:
parent
7b39b15f6d
commit
c80ee3b231
@ -126,6 +126,8 @@ def main():
|
||||
global notify_object
|
||||
exec_index = sys.argv[1]
|
||||
src_vmname = sys.argv[2]
|
||||
user = sys.argv[3]
|
||||
|
||||
notify_object = dbus.SessionBus().get_object("org.freedesktop.Notifications", "/org/freedesktop/Notifications")
|
||||
qfile = QfileDaemonDvm(src_vmname)
|
||||
lockf = open("/var/run/qubes/qfile-daemon-dvm.lock", 'a')
|
||||
@ -135,7 +137,7 @@ def main():
|
||||
lockf.close()
|
||||
if dispname is not None:
|
||||
subprocess.call(['/usr/lib/qubes/qrexec_client', '-d', dispname,
|
||||
'user:exec /usr/lib/qubes/qubes_rpc_multiplexer ' + exec_index + " " + src_vmname])
|
||||
user+":exec /usr/lib/qubes/qubes_rpc_multiplexer ' + exec_index + " " + src_vmname])
|
||||
subprocess.call(['/usr/sbin/xl', 'destroy', dispname])
|
||||
qfile.remove_disposable_from_qdb(dispname)
|
||||
|
||||
|
@ -1,45 +1,69 @@
|
||||
#!/usr/bin/python
|
||||
import sys
|
||||
import os
|
||||
import os.path
|
||||
import subprocess
|
||||
|
||||
POLICY_FILE_DIR="/etc/qubes_rpc/policy"
|
||||
QREXEC_CLIENT="/usr/lib/qubes/qrexec_client"
|
||||
|
||||
def line_to_dict(line):
|
||||
tokens=line.split()
|
||||
if len(tokens) < 3:
|
||||
return None
|
||||
dict={}
|
||||
dict['source']=tokens[0]
|
||||
dict['dest']=tokens[1]
|
||||
|
||||
action_list=tokens[2].split(',')
|
||||
dict['action']=action_list.pop(0)
|
||||
|
||||
for iter in action_list:
|
||||
paramval=iter.split("=")
|
||||
dict["action."+paramval[0]]=paramval[1]
|
||||
|
||||
return dict
|
||||
|
||||
|
||||
def read_policy_file(exec_index):
|
||||
policy=list()
|
||||
f = open(POLICY_FILE_DIR+"/"+exec_index)
|
||||
policy_file=POLICY_FILE_DIR+"/"+exec_index
|
||||
if not os.path.isfile(policy_file):
|
||||
return None
|
||||
policy_list=list()
|
||||
f = open(policy_file)
|
||||
for iter in f.readlines():
|
||||
policy.append(iter.split())
|
||||
dict = line_to_dict(iter)
|
||||
if dict is not None:
|
||||
policy_list.append(dict)
|
||||
f.close()
|
||||
return policy
|
||||
return policy_list
|
||||
|
||||
def is_match(item, config_term):
|
||||
return (item is not "dom0" and config_term == "anyvm") or item == config_term
|
||||
|
||||
def apply_policy(policy, domain, target):
|
||||
for iter in policy:
|
||||
if len(iter) < 3:
|
||||
continue
|
||||
if not is_match(domain, iter[0]):
|
||||
continue
|
||||
if not is_match(target, iter[1]):
|
||||
continue
|
||||
ret=iter[2].split("=")
|
||||
if len(ret)==1:
|
||||
return (ret[0], None)
|
||||
else:
|
||||
return (ret[0], ret[1])
|
||||
return (None, None)
|
||||
def get_default_policy():
|
||||
dict={}
|
||||
dict["action"]="deny"
|
||||
return dict
|
||||
|
||||
def do_execute(domain, target, exec_index, process_ident):
|
||||
|
||||
def find_policy(policy, domain, target):
|
||||
for iter in policy:
|
||||
if not is_match(domain, iter["source"]):
|
||||
continue
|
||||
if not is_match(target, iter["dest"]):
|
||||
continue
|
||||
return iter
|
||||
return get_default_policy()
|
||||
|
||||
def do_execute(domain, target, user, exec_index, process_ident):
|
||||
if target == "dom0":
|
||||
cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain
|
||||
elif target == "dispvm":
|
||||
cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain
|
||||
cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
|
||||
else:
|
||||
#fixme: qvm-run --pass_io is broken for non-running target domain
|
||||
cmd= "qvm-run -uroot -q -a --pass_io "+target
|
||||
cmd= "qvm-run -uroot -q -a --pass_io "+target + " -u" + user
|
||||
cmd+=" '/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain + "'"
|
||||
os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", cmd, "-c", process_ident)
|
||||
|
||||
@ -61,19 +85,30 @@ def main():
|
||||
exec_index=sys.argv[3]
|
||||
process_ident=sys.argv[4]
|
||||
|
||||
action = None
|
||||
while action is None:
|
||||
policy = read_policy_file(exec_index)
|
||||
(action, params) = apply_policy(policy, domain, target)
|
||||
if action is None:
|
||||
policy_list=read_policy_file(exec_index)
|
||||
if policy_list==None:
|
||||
policy_editor(domain, target, exec_index)
|
||||
if action == "allow":
|
||||
do_execute(domain, target, exec_index, process_ident)
|
||||
elif action == "divert":
|
||||
do_execute(domain, params, exec_index, process_ident)
|
||||
elif action == "ask":
|
||||
policy_list=read_policy_file(exec_index)
|
||||
if policy_list==None:
|
||||
policy_list=list()
|
||||
|
||||
policy_dict=find_policy(policy_list, domain, target)
|
||||
|
||||
if policy_dict["action"] == "ask":
|
||||
if confirm_execution(domain, target, exec_index):
|
||||
do_execute(domain, target, exec_index, process_ident)
|
||||
policy_dict["action"] = "allow"
|
||||
else:
|
||||
policy_dict["action"] = "deny"
|
||||
|
||||
if policy_dict["action"] == "allow":
|
||||
if policy_dict.has_key("action.target"):
|
||||
target=policy_dict["action.target"]
|
||||
if policy_dict.has_key("action.user"):
|
||||
user=policy_dict["action.user"]
|
||||
else:
|
||||
user="user"
|
||||
do_execute(domain, target, user, exec_index, process_ident)
|
||||
|
||||
print >> sys.stderr, "Rpc denied:", domain, target, exec_index
|
||||
os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", "/bin/false", "-c", process_ident)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user