From d2ab40de546275c4f7122f6544408d3d4579e6d4 Mon Sep 17 00:00:00 2001 From: 3hhh Date: Fri, 9 Apr 2021 16:46:07 +0200 Subject: [PATCH] api: improve handling of removed VMs just before the call (try 2) If the destination domain doesn't exist anymore when the call gets to qubesd, inform the client accordingly rather than giving it a generic PermissionDenied error. This enables client applications to handle such edge cases. Some may want to inform the user about an incorrect request, others (e.g. qvm-ls) may want to remove the specific domain from their result list or try again later. Fixes QubesOS/qubes-issues#5105 --- qubes/api/__init__.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/qubes/api/__init__.py b/qubes/api/__init__.py index 43472346..aaae4b02 100644 --- a/qubes/api/__init__.py +++ b/qubes/api/__init__.py @@ -118,20 +118,21 @@ class AbstractQubesAPI: #: :py:class:`qubes.Qubes` object self.app = app - #: source qube - self.src = self.app.domains[src.decode('ascii')] - try: + vm = src.decode('ascii') + #: source qube + self.src = self.app.domains[vm] + + vm = dest.decode('ascii') #: destination qube - self.dest = self.app.domains[dest.decode('ascii')] + self.dest = self.app.domains[vm] except KeyError: # normally this should filtered out by qrexec policy, but there are # two cases it might not be: # 1. The call comes from dom0, which bypasses qrexec policy # 2. Domain was removed between checking the policy and here - # For uniform handling on the client side, treat this as permission - # denied error too - raise PermissionDenied + # we inform the client accordingly + raise qubes.exc.QubesVMNotFoundError(vm) #: argument self.arg = arg.decode('ascii')