Browse Source

api: improve handling of removed VMs just before the call (try 2)

If the destination domain doesn't exist anymore when the call gets
to qubesd, inform the client accordingly rather than giving it
a generic PermissionDenied error.
This enables client applications to handle such edge cases. Some
may want to inform the user about an incorrect request, others
(e.g. qvm-ls) may want to remove the specific domain from their
result list or try again later.

Fixes QubesOS/qubes-issues#5105
3hhh 3 years ago
parent
commit
d2ab40de54
1 changed files with 8 additions and 7 deletions
  1. 8 7
      qubes/api/__init__.py

+ 8 - 7
qubes/api/__init__.py

@@ -118,20 +118,21 @@ class AbstractQubesAPI:
         #: :py:class:`qubes.Qubes` object
         self.app = app
 
-        #: source qube
-        self.src = self.app.domains[src.decode('ascii')]
-
         try:
+            vm = src.decode('ascii')
+            #: source qube
+            self.src = self.app.domains[vm]
+
+            vm = dest.decode('ascii')
             #: destination qube
-            self.dest = self.app.domains[dest.decode('ascii')]
+            self.dest = self.app.domains[vm]
         except KeyError:
             # normally this should filtered out by qrexec policy, but there are
             # two cases it might not be:
             # 1. The call comes from dom0, which bypasses qrexec policy
             # 2. Domain was removed between checking the policy and here
-            # For uniform handling on the client side, treat this as permission
-            # denied error too
-            raise PermissionDenied
+            # we inform the client accordingly
+            raise qubes.exc.QubesVMNotFoundError(vm)
 
         #: argument
         self.arg = arg.decode('ascii')