api: improve handling of removed VMs just before the call (try 2)

If the destination domain doesn't exist anymore when the call gets to qubesd, inform the client accordingly rather than giving it a generic PermissionDenied error. This enables client applications to handle such edge cases. Some may want to inform the user about an incorrect request, others (e.g. qvm-ls) may want to remove the specific domain from their result list or try again later. Fixes QubesOS/qubes-issues#5105
2021-04-09 16:46:07 +02:00 · 2021-04-09 16:46:07 +02:00 · d2ab40de54
--- a/qubes/api/init.py
+++ b/qubes/api/init.py
@ -118,20 +118,21 @@ class AbstractQubesAPI:
        #: :py:class:`qubes.Qubes` object
        self.app = app

-        #: source qube
-        self.src = self.app.domains[src.decode('ascii')]
-
        try:
+            vm = src.decode('ascii')
+            #: source qube
+            self.src = self.app.domains[vm]
+
+            vm = dest.decode('ascii')
            #: destination qube
-            self.dest = self.app.domains[dest.decode('ascii')]
+            self.dest = self.app.domains[vm]
        except KeyError:
            # normally this should filtered out by qrexec policy, but there are
            # two cases it might not be:
            # 1. The call comes from dom0, which bypasses qrexec policy
            # 2. Domain was removed between checking the policy and here
-            # For uniform handling on the client side, treat this as permission
-            # denied error too
-            raise PermissionDenied
+            # we inform the client accordingly
+            raise qubes.exc.QubesVMNotFoundError(vm)

        #: argument
        self.arg = arg.decode('ascii')