api: improve handling of removed VMs just before the call (try 2)

If the destination domain doesn't exist anymore when the call gets
to qubesd, inform the client accordingly rather than giving it
a generic PermissionDenied error.
This enables client applications to handle such edge cases. Some
may want to inform the user about an incorrect request, others
(e.g. qvm-ls) may want to remove the specific domain from their
result list or try again later.

Fixes QubesOS/qubes-issues#5105

qubes/api/__init__.py

@@ -118,20 +118,21 @@ class AbstractQubesAPI:
         #: :py:class:`qubes.Qubes` object
         self.app = app
 
-        #: source qube
-        self.src = self.app.domains[src.decode('ascii')]
-
         try:
+            vm = src.decode('ascii')
+            #: source qube
+            self.src = self.app.domains[vm]
+
+            vm = dest.decode('ascii')
             #: destination qube
-            self.dest = self.app.domains[dest.decode('ascii')]
+            self.dest = self.app.domains[vm]
         except KeyError:
             # normally this should filtered out by qrexec policy, but there are
             # two cases it might not be:
             # 1. The call comes from dom0, which bypasses qrexec policy
             # 2. Domain was removed between checking the policy and here
-            # For uniform handling on the client side, treat this as permission
+            # we inform the client accordingly
-            # denied error too
+            raise qubes.exc.QubesVMNotFoundError(vm)
-            raise PermissionDenied
 
         #: argument
         self.arg = arg.decode('ascii')