Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,449 Commits 1 Branch 0 Tags 15 MiB
868dbeac3e
Commit Graph

4449 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marek Marczykowski-Górecki
868dbeac3e
mgmt: implement mgmt.vm.property.Set 
Sanitization of input value is tricky here, and also very important at
the same time. If property define value type (and it's something more
specific than 'str'), use that. Otherwise allow only printable ASCII
characters, and let appropriate event and setter handle value.
At this point I've reviewed all QubesVM properties in this category and
added appropriate setters where needed.

QubesOS/qubes-issues#2622
 2017-03-16 20:04:03 +01:00
Marek Marczykowski-Górecki
da51e6f032
vm/qubesvm: add validator for default_user property 
Don't allow characters potentially interfering with qrexec. To be on the
safe side, allow only alphanumeric characters + very few selected
punctuations.
 2017-03-16 20:04:03 +01:00
Marek Marczykowski-Górecki
0f8fab088e
vm/qubesvm: remove pool_name property 
It isn't used anywhere - in core3 each storage volume have pool assigned
- which may be different for each volume.
 2017-03-16 20:04:03 +01:00
Marek Marczykowski-Górecki
2d2672ec58
vm/qubesvm: convert firewall_conf into dumb, read-only property 
Don't allow anything else than firewall.xml.
 2017-03-16 20:04:03 +01:00
Marek Marczykowski-Górecki
123feced36
vm/qubesvm: forbid '/' in kernel property 
It would give VM access to some files outside of
/var/lib/qubes/vm-kernels.
 2017-03-16 20:04:02 +01:00
Marek Marczykowski-Górecki
a036e2a8a0
vm/qubesvm: improve name property setter 
Split it into two functions: validate_name - context-less verification,
and actual _setter_name which perform additional verification in
context of actual VM.
Switch to qubes.exc.* exceptions where appropriate.
 2017-03-16 20:04:02 +01:00
Marek Marczykowski-Górecki
dbf2066dfd
mgmt: encode property type in property.Get 
This also require having property.type public.

QubesOS/qubes-issues#2622
 2017-03-16 20:04:02 +01:00
Marek Marczykowski-Górecki
3b36e92b6d
vm/qubesvm: fix few more keyword arguments for events 2017-03-16 20:04:02 +01:00
Marek Marczykowski-Górecki
772293d0b5
vm/qubesvm: define 'updateable' as qubes.property 
This will allow property being accessed through management API
 2017-03-16 20:04:01 +01:00
Marek Marczykowski-Górecki
f7eabf8eb0
tools/qubesd: do not close connection before sending response 
eof_received callback should return True, if connection should not be
automatically closed just after returning from it.
 2017-03-16 20:04:01 +01:00
Marek Marczykowski-Górecki
c41585e2f5
Initialize dom0 label 
It is required property. Additionally, define icon_path to None,
otherwise it tries to access dom0.dir_path, which isn't set.
 2017-03-16 20:04:01 +01:00
Marek Marczykowski-Górecki
10a07c8726
mgmt: allow vm.List call to a particular VM 
This allow getting info about a single VM.

QubesOS/qubes-issues#853
 2017-03-16 20:04:01 +01:00
Marek Marczykowski-Górecki
fb7bd6823a
mgmt: implement storage-related methods 
QubesOS/qubes-issues#2622
 2017-03-16 20:04:01 +01:00
Wojtek Porczyk
417cb6e912 qubes/vm/mix/net: fix event arguments 
Arguments to events are now keyword-only and require exact names.
 2017-03-06 17:20:57 +01:00
Wojtek Porczyk
4a247b1b1b Merge remote-tracking branch 'origin/pull/90/head' into core3-devel 2017-03-02 13:19:57 +01:00
Wojtek Porczyk
c228bc934e ci/pylintrc: disable deprecated-method 
Pylint deprecated-method report interferes with asyncio.ensure_future
compatibility monkeypatch. The function asyncio.async was renamed
between 3.4.3 (fc23) and 3.4.4 (what is currently on Travis). For
reference, debian stable has 3.4.2.
 2017-03-02 13:08:25 +01:00
Marek Marczykowski-Górecki
f7d73893d7
qubes/storage: py3k related fixes 2017-03-01 21:50:06 +01:00
Wojtek Porczyk
c2a0d34ade pylint: do not interpret asyncio.ensure_future compat hack 2017-03-01 18:30:49 +01:00
Wojtek Porczyk
865ab10a0c qubesd+mgmt: convert mgmt functions to coroutines 
QubesOS/qubes-issues#2622
 2017-03-01 17:31:37 +01:00
Marek Marczykowski-Górecki
3e0f225938
qubes: allow 'property' object comparing with str 
This will allow checking if a given name is valid property name, using
simple `name in vm.property_list()`.

QubesOS/qubes-issues#853
 2017-02-27 21:57:56 +01:00
Marek Marczykowski-Górecki
2169075807
qubesd: fix response message header 
Type is not 16 bit big-endian. Encode it as 8bit code and \x00 as
delimiter explicitly.

QubesOS/qubes-issues#853
 2017-02-27 21:43:14 +01:00
Marek Marczykowski-Górecki
6ab7032b11
qubes/mgmt: encode VM name without quotes 
That's how it is in the specification.

QubesOS/qubes-issues#853
 2017-02-27 21:42:30 +01:00
Marek Marczykowski-Górecki
f4616fc366
qubesd: make qubesd socket qubes-group owned 
QubesOS/qubes-issues#853
 2017-02-27 21:42:06 +01:00
Marek Marczykowski-Górecki
c454973596
qubes/mgmt: use keyword arguments in events 
QubesOS/qubes-issues#853
 2017-02-27 20:56:16 +01:00
Marek Marczykowski-Górecki
751415434c
backup: make hmac verification more defensive 
Check HMAC file size, read it as binary or with 'ascii' encoding only.
 2017-02-27 02:37:52 +01:00
Marek Marczykowski-Górecki
a6c7da6061
tests: be even more defensive on cleaning up VMs 
Don't fail even if qubes-test.xml do not load at all because of syntax
error - for example empty file.
 2017-02-27 02:37:52 +01:00
Marek Marczykowski-Górecki
c5a8135fdb
fix misplaced comment 2017-02-27 02:37:51 +01:00
Marek Marczykowski-Górecki
45709b510a
backup: minor fixes after bringing back scrypt support 2017-02-27 02:37:51 +01:00
Marek Marczykowski-Górecki
1363251438
Revert "Revert "backup: use 'scrypt' tool for backup encryption and integrity protection"" 
This reverts commit 0f1672dc63.

Bring it back. Lets not revert the whole feature just because required
package exists only in qubes-builder, not in some online repository.
Also, this revert didn't go as planned - there was a reference to a
'passphrase' local variable, but it wasn't assigned any value.

Cc: @woju
 2017-02-27 02:37:50 +01:00
Marek Marczykowski-Górecki
13fc810363
tests: some more fixes for core3 API 2017-02-27 02:37:50 +01:00
Marek Marczykowski-Górecki
3ecc0a9bcb
tests: improve devices API unit test 
Check fired events - inspired by qvm-device test.
 2017-02-27 02:37:50 +01:00
Marek Marczykowski-Górecki
7f2ca33774
tests: fix importing template in non-default pool 2017-02-27 02:37:50 +01:00
Marek Marczykowski-Górecki
3726c7d9c3
python: decode xrandr output earlier, don't use regexp on bytes 2017-02-27 02:37:49 +01:00
Marek Marczykowski-Górecki
5e43d26abd
qubes: unify property ordering 
We already have property ordering defined in property_list(), lets move
it to proper place: property.__lt__.
 2017-02-27 02:37:49 +01:00
Marek Marczykowski-Górecki
9ace4e66f1
tests: more py3k related fixes 2017-02-27 02:37:49 +01:00
Marek Marczykowski-Górecki
33416f2549
qmemman: update for py3k 
This just make the code compatible with py3k, but nothing more.
Converting to asyncio is probably the next step.
 2017-02-27 02:37:49 +01:00
Marek Marczykowski-Górecki
2c3e112951
backup: one more py3k related fix 2017-02-27 02:37:48 +01:00
Marek Marczykowski-Górecki
e52d8fb051
qubes: allow passing name of class to app.add_new_vm 
This will allow more flexible API usage, especially when using mgmt API
- we need to use VM type as string there.
We don't lose any flexibility here - VM class names needs to be uniquely
identified by a string (used in qubes.xml) anyway.
 2017-02-27 02:37:48 +01:00
Marek Marczykowski-Górecki
cae68f64ca
tests: just one more test in vm_qrexec_gui to core3 API 2017-02-27 02:37:48 +01:00
Marek Marczykowski-Górecki
3f29345d32
tests/storage: read-only volume should not have save_on_stop=True 2017-02-27 02:37:48 +01:00
Marek Marczykowski-Górecki
5ee05e06e5
qubes/core2migration: update locking API 
Sync with 0141e1a "qubes/app: Allow keeping lock after load"
 2017-02-27 02:37:47 +01:00
Marek Marczykowski-Górecki
570cbe5225
qubes: py3k related fixes 2017-02-27 02:37:45 +01:00
Marek Marczykowski-Górecki
9c5c70fe25
qubes/backup: py3k related fixes 
- str/bytes usage
- functools.reduce
- dict.items instead of dict.iteritems etc
 2017-02-27 02:35:50 +01:00
Marek Marczykowski-Górecki
f2a1687879
typos in comments 2017-02-27 02:35:49 +01:00
Marek Marczykowski-Górecki
9cad353939
tests: py3k related fixes - bytes/str 
Adjust usage of bytes vs str type.
 2017-02-27 02:35:49 +01:00
Marek Marczykowski-Górecki
d68499f17f
qubes: add property ordering 2017-02-27 02:35:49 +01:00
Wojtek Porczyk
be53db4db9 qubes/events: they accept only keyword arguments 
Positional arguments are hereby deprecated, with immediate effect.

QubesOS/qubes-issues#2622
 2017-02-21 14:46:42 +01:00
Wojtek Porczyk
48f10a79c9 qubes/tools/qubesd: add response header 
QubesOS/qubes-issues#2622
 2017-02-21 14:46:42 +01:00
Wojtek Porczyk
25d81b8ab6 Merge remote-tracking branch 'origin/pull/88/head' into core3-devel 2017-02-15 12:17:41 +01:00
Marek Marczykowski-Górecki
e50b17a6b3
tools/qvm-features: make pylint happy 
reduce number of return statements.
 2017-02-15 00:01:33 +01:00