From e8e14f3fadb21e151c45fa9d7e3234b532951e2c Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Tue, 13 Nov 2012 04:28:09 +0100 Subject: [PATCH] dom0/core: API CHANGE: pass username as keyword param to vm.run() (#577) Get rid of ugly embedding username into commandline. This will make much easier avoid hardcoding username in dom0 code. Currently dom0 is free of hardcoded "user" username ("root" still is used). --- dom0/qubes_rpc/qubes-receive-appmenus | 2 +- dom0/qvm-core/qubes.py | 18 ++++++++++-------- dom0/qvm-tools/qvm-run | 9 ++------- dom0/qvm-tools/qvm-sync-clock | 8 ++++---- misc/xl-qvm-usb-attach.py | 2 +- misc/xl-qvm-usb-detach.py | 2 +- 6 files changed, 19 insertions(+), 22 deletions(-) diff --git a/dom0/qubes_rpc/qubes-receive-appmenus b/dom0/qubes_rpc/qubes-receive-appmenus index 97fcc796..860c221b 100755 --- a/dom0/qubes_rpc/qubes-receive-appmenus +++ b/dom0/qubes_rpc/qubes-receive-appmenus @@ -61,7 +61,7 @@ def get_appmenus(vm): if appmenus_line_count == 0: raise QubesException("Line count limit exceeded") else: - p = vm.run('DEFAULT:QUBESRPC qubes.GetAppmenus dom0', passio_popen=True) + p = vm.run('QUBESRPC qubes.GetAppmenus dom0', passio_popen=True) while appmenus_line_count > 0: untrusted_line = p.stdout.readline(appmenus_line_size) if untrusted_line == "": diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 82d6fbf7..7603c166 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -778,8 +778,8 @@ class QubesVm(object): # resize loop device subprocess.check_call(["sudo", "losetup", "--set-capacity", loop_dev]) - retcode = self.run("root:while [ \"`blockdev --getsize64 /dev/xvdb`\" -lt {0} ]; do ".format(size) + - "head /dev/xvdb > /dev/null; sleep 0.2; done; resize2fs /dev/xvdb", wait=True) + retcode = self.run("while [ \"`blockdev --getsize64 /dev/xvdb`\" -lt {0} ]; do ".format(size) + + "head /dev/xvdb > /dev/null; sleep 0.2; done; resize2fs /dev/xvdb", user="root", wait=True) else: retcode = subprocess.check_call(["sudo", "resize2fs", "-f", self.private_img]) if retcode != 0: @@ -1326,13 +1326,15 @@ class QubesVm(object): return conf - def run(self, command, verbose = True, autostart = False, notify_function = None, passio = False, passio_popen = False, passio_stderr=False, ignore_stderr=False, localcmd = None, wait = False, gui = True): - """command should be in form 'user:cmdline' + def run(self, command, user = None, verbose = True, autostart = False, notify_function = None, passio = False, passio_popen = False, passio_stderr=False, ignore_stderr=False, localcmd = None, wait = False, gui = True): + """command should be in form 'cmdline' When passio_popen=True, popen object with stdout connected to pipe. When additionally passio_stderr=True, stderr also is connected to pipe. When ignore_stderr=True, stderr is connected to /dev/null. """ + if user is None: + user = self.default_user null = None if not self.is_running(): if not autostart: @@ -1354,7 +1356,7 @@ class QubesVm(object): if gui and os.getenv("DISPLAY") is not None and not self.is_guid_running(): self.start_guid(verbose = verbose, notify_function = notify_function) - args = [qrexec_client_path, "-d", str(xid), command] + args = [qrexec_client_path, "-d", str(xid), "%s:%s" % (user, command)] if localcmd is not None: args += [ "-l", localcmd] if passio: @@ -1437,7 +1439,7 @@ class QubesVm(object): if verbose: print >> sys.stderr, "--> Waiting for qubes-session..." - self.run('%s:echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && exec sleep 365d' % self.default_user, ignore_stderr=True, gui=False, wait=True) + self.run('echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && exec sleep 365d', ignore_stderr=True, gui=False, wait=True) retcode = subprocess.call([qubes_clipd_path]) if retcode != 0: @@ -1895,7 +1897,7 @@ class QubesNetVm(QubesVm): # force frontend to forget about this device # module actually will be loaded back by udev, as soon as network is attached - vm.run("root:modprobe -r xen-netfront xennet") + vm.run("modprobe -r xen-netfront xennet", user="root") try: vm.attach_network(wait=False) @@ -2474,7 +2476,7 @@ class QubesHVm(QubesVm): if kwargs.get('verbose'): print >> sys.stderr, "--> Waiting for user '%s' login..." % self.default_user - p = self.run('SYSTEM:QUBESRPC qubes.WaitForSession', passio_popen=True, gui=False, wait=True) + p = self.run('QUBESRPC qubes.WaitForSession', user="SYSTEM", passio_popen=True, gui=False, wait=True) p.communicate(input=self.default_user) retcode = subprocess.call([qubes_clipd_path]) diff --git a/dom0/qvm-tools/qvm-run b/dom0/qvm-tools/qvm-run index 6ed9f747..ddfa8406 100755 --- a/dom0/qvm-tools/qvm-run +++ b/dom0/qvm-tools/qvm-run @@ -85,6 +85,7 @@ def vm_run_cmd(vm, cmd, options): return vm.run(cmd, autostart = options.auto, verbose = options.verbose, + user = options.user, notify_function = tray_notify_generic if options.tray else None, passio = options.passio, localcmd = options.localcmd, gui = options.gui) except QubesException as err: @@ -194,13 +195,7 @@ def main(): vms_list.append(vm) for vm in vms_list: - if takes_cmd_argument: - cmd = "{user}:{cmd}".format(user=options.user if options.user else vm.default_user, cmd=cmdstr) - else: - cmd = None - - vm_run_cmd(vm, cmd, options) - + vm_run_cmd(vm, cmdstr, options) if options.wait_for_shutdown: if options.verbose: diff --git a/dom0/qvm-tools/qvm-sync-clock b/dom0/qvm-tools/qvm-sync-clock index 08a537fa..9378b29d 100755 --- a/dom0/qvm-tools/qvm-sync-clock +++ b/dom0/qvm-tools/qvm-sync-clock @@ -64,15 +64,15 @@ def main(): # Ignore retcode, try even if nm-online failed - user can setup network manually # on-online has timeout 30sec by default - net_vm.run('DEFAULT:nm-online -x', verbose=verbose, wait=True, ignore_stderr=True) + net_vm.run('nm-online -x', verbose=verbose, wait=True, ignore_stderr=True) # Sync clock - if clock_vm.run('root:QUBESRPC qubes.SyncNtpClock dom0', verbose=verbose, wait=True, ignore_stderr=True) != 0: + if clock_vm.run('QUBESRPC qubes.SyncNtpClock dom0', user="root", verbose=verbose, wait=True, ignore_stderr=True) != 0: print >> sys.stderr, 'Time sync failed, aborting!' sys.exit(1) # Use the date format based on RFC2822 to avoid localisation issues - p = clock_vm.run('DEFAULT:date -u -R', verbose=verbose, passio_popen=True, ignore_stderr=True) + p = clock_vm.run('date -u -R', verbose=verbose, passio_popen=True, ignore_stderr=True) date_out = p.stdout.read(100) date_out = date_out.strip() if not re.match(r'^[A-Za-z]+[,] [0-9][0-9] [A-Za-z]+ [0-9][0-9][0-9][0-9] [0-9][0-9]:[0-9][0-9]:[0-9][0-9] [+]0000$', date_out): @@ -92,7 +92,7 @@ def main(): if verbose: print >> sys.stderr, '--> Syncing \'%s\' clock.' % vm.name try: - vm.run('root:date -u -R -s "%s"' % date_out, verbose=verbose) + vm.run('date -u -R -s "%s"' % date_out, user="root", verbose=verbose) except Exception as e: print >> sys.stderr, "ERROR syncing time in VM '%s': %s" % (vm.name, str(e)) pass diff --git a/misc/xl-qvm-usb-attach.py b/misc/xl-qvm-usb-attach.py index e854229f..58ac2a8c 100755 --- a/misc/xl-qvm-usb-attach.py +++ b/misc/xl-qvm-usb-attach.py @@ -45,4 +45,4 @@ else: qvm_collection.unlock_db() # launch - qvm_collection.get_vm_by_name(backendvm_name).run("root: %s" % cmd) + qvm_collection.get_vm_by_name(backendvm_name).run(cmd, user="root") diff --git a/misc/xl-qvm-usb-detach.py b/misc/xl-qvm-usb-detach.py index 478d8bb5..e32fe479 100755 --- a/misc/xl-qvm-usb-detach.py +++ b/misc/xl-qvm-usb-detach.py @@ -41,7 +41,7 @@ else: qvm_collection.unlock_db() # launch - qvm_collection.get_vm_by_name(backendvm_name).run("root: %s" % cmd) + qvm_collection.get_vm_by_name(backendvm_name).run(cmd, user="root") # FIXME: command injection os.system("xenstore-write /local/domain/%s/backend/vusb/%s/%s/port/%s ''"