Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,943 Commits 1 Branch 0 Tags 20 MiB
cb5479666c
Commit Graph

92 Commits

Author SHA1 Message Date
Rafal Wojtczuk
b4f28152b8 qrexec: CONNECT_EXISTING command handling in daemon and client 2011-07-04 20:55:25 +02:00
Rafal Wojtczuk
c05b26763a qrexec: new communication scheme, agent<->server part 
1) Instead of a set of predefined commands, we send MSG_AGENT_TO_SERVER_TRIGGER_CONNECT_EXISTING msg with a parameter (e.g. "org.qubes-os.vm.Filecopy")
defining required action
2) qrexec_daemon just forks qrexec_policy, that will take care of actually
allowing and executing required action
3) after MSG_AGENT_TO_SERVER_TRIGGER_CONNECT_EXISTING, qrexec_agent does not
execute a command - it justs uses already established file descriptors to
send data to/from. Thus, there is no need to use ~/.xxxxxspool - a command line
tool can have direct access to remote fds.
 2011-07-04 18:56:56 +02:00
Rafal Wojtczuk
732a90443e qrexec: move daemon-specific code out of unix_server.c 
So that agent can use code in unix_server.c
 2011-07-04 17:06:29 +02:00
Marek Marczykowski
83d211836a dom0+vm: Trigger appmenus sync after yum transaction (#45), NEW QREXEC COMMAND 
After yum transaction (install/upgrade/remove),
yum-plugin-post-transaction-actions will execute script which trigger
qvm-sync-appmenus in dom0 (through qrexec).
THIS INTRODUCE NEW PREDEFINED COMMAND IN QREXEC
 2011-06-12 01:46:24 +02:00
Marek Marczykowski
986f4a888c Merge branch 'r1-beta1-fixes' 
Conflicts:
	dom0/qvm-core/qubes.py
	version_dom0
	version_vm
 2011-05-24 00:20:39 +02:00
Rafal Wojtczuk
e7d2eefecd qrexec: fix stdout flush on process exit 
In case a child of qrexec_daemon has exited and there is still data in its
stdout pipe, we need to flush it to the peer. Previously, the case when the
peer is blocked was not handled; it is now. The bug impact was premature EOF.
 2011-05-23 15:35:40 +02:00
Rafal Wojtczuk
c677f1cc4e qrexec and qfile-*: compile with -pie 
For full ASLR.
 2011-05-10 12:19:28 +02:00
Marek Marczykowski
ef517e5e66 Merge branch 'sane-and-pretty' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core 2011-05-09 13:57:21 +02:00
Rafal Wojtczuk
8733c0ef77 qrexec_daemon: fixed typo in msg name 2011-05-09 13:31:38 +02:00
Marek Marczykowski
3d92e50792 Merge branch 'sane-and-pretty' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core 2011-05-09 12:25:14 +02:00
Rafal Wojtczuk
d84289f983 qrexec - indentation 2011-05-04 13:00:39 +02:00
Rafal Wojtczuk
b4fb7a4b5d qrexec: added two I/O error checks, even though it is redundant in these cases 2011-05-04 12:56:52 +02:00
Rafal Wojtczuk
d68183da0c qrexec: added comments, made identifiers more verbose 2011-05-04 12:52:54 +02:00
Rafal Wojtczuk
675d4ce25b qrexec_daemon: add explicite sanitize routine 
It sanitizes messages from agent, the only untrusted input. No new
checks have been added, just moved the code.
 2011-05-04 10:53:43 +02:00
Marek Marczykowski
3f310e5f3e Adopt vchan to xen-libs-4.1.0 API. 
Add #ifdefs to support new and old API
 2011-04-19 01:21:48 +02:00
Rafal Wojtczuk
b7698de251 qrexec_daemon: print dots when waiting for agent 2011-03-31 11:23:44 +02:00
Rafal Wojtczuk
1fc8f242c5 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into spring-merge 2011-03-28 17:27:50 +02:00
Rafal Wojtczuk
5c10812e36 qrexec_agent: When running as root, make the socket accessible 
... world-rw. Perms on /var/run/qubes still limit access to group qubes.
 2011-03-25 13:47:01 +01:00
Marek Marczykowski
14e50e983d gitignores 2011-03-23 19:57:48 -04:00
Rafal Wojtczuk
01b75b5987 Enable build on non-appvm. 2011-03-23 17:47:35 +01:00
Rafal Wojtczuk
7f6a06c354 qrexec: in write_stdin, remove dependency on write size 
Previous code could barf when write was partial; probably can happen
only if we increase vchan buffer size, but it is better isolated now.
 2011-03-18 11:16:05 +01:00
Rafal Wojtczuk
1d24ef9d1a qrexec: when forgetting about a client/process, flush buffered data 
We need to spawn a child to take care of buffered data flushing, if there
is any. Expensive, but should be needed rarely.
 2011-03-17 18:15:04 +01:00
Rafal Wojtczuk
53b517f6a5 qrexec: move set_nonblock function to write_stdin 
It will be needed there.
 2011-03-17 17:53:33 +01:00
Rafal Wojtczuk
fb71bf968c qrexec_agent: when receiving close from daemon, check buffered data 
We need to wait for buffer flush, so that buffered data is not lost,
and only then close pipe to the child.
 2011-03-17 17:37:35 +01:00
Rafal Wojtczuk
af7fefa73f qrexec: handle buffered writes correctly 
In case when we have a buffered write, always append to the
buffer, even if the pipe happens to be writable now. If not,
in case of certain tight race we might end up writing buffered data in
wrong order.
 2011-03-17 16:53:29 +01:00
Rafal Wojtczuk
d40fb3a2e1 Fifo semantics is hard to get right. 
Finally: we need to close the command pipe at EOF.
 2011-03-16 16:11:05 +01:00
Rafal Wojtczuk
15bab70eae Handle pipe io in qrexec_agent properly 
Don't reopen pipe after each read - no need, and it could lose events.
 2011-03-16 15:18:37 +01:00
Rafal Wojtczuk
769eedd33a Make qrexec_client wait for its local child before exiting 
If we do not wait and exit imemdiately, qrexec_daemon will decrease
the children count and continue spawning processes, while e.g.
qfile-daemon still waits for kdialog - so dom0 will be DoSed by
multiple processes.
 2011-03-16 14:52:35 +01:00
Rafal Wojtczuk
27cfd6111a qrexec_daemon limits the number of its children 
So that evil VM cannot just send flood of exec qfile-daemon requests,
and DoS dom0.
 2011-03-16 14:21:45 +01:00
Rafal Wojtczuk
00f4bf1197 qrexec_client accepts non-numeric domain description. 
Just tries to open qrexec.argv[1].
 2011-03-11 16:06:00 +01:00
Rafal Wojtczuk
470ddce435 qrexec_daemon creates VMname-based link to its socket 2011-03-11 14:14:04 +01:00
Rafal Wojtczuk
b9e0e93a90 In qrexec_client, check write_all(local_stdin_fd,..) value 2011-03-11 13:16:33 +01:00
Rafal Wojtczuk
1a5bfd8c2b Reset SIGPIPE in qrexec_daemon, too. 2011-03-11 13:08:19 +01:00
Rafal Wojtczuk
e19390ca1c Moved ioall.c file to "common" 2011-03-11 11:47:20 +01:00
Rafal Wojtczuk
f1a7df6e95 Implemented mechanism to trigger predefined execution in dom0. 
Processes in AppVM can ask qrexec-agent to send a
MSG_AGENT_TO_SERVER_TRIGGER_EXEC message to qrexec-daemon.
The latter will execute predefined program. It is useful for
the purpose of file copy; the predefined program will create
a connected qfile-daemon<->qfile-agent pair.
 2011-03-10 15:41:31 +01:00
Rafal Wojtczuk
8f90623661 Add ability to execute command without help of /bin/su 
It is important, if the program closes stdout, but does not exit.
Then, qrexec_agent does not see EOF (because su still holds the
file descriptor).
 2011-03-10 13:08:06 +01:00
Rafal Wojtczuk
f263aa6b7c Moved vchan and u2mfn code to core. 2011-03-08 12:24:47 +01:00
Rafal Wojtczuk
27c8b05792 qrexec_daemon child should notify the parent. 2011-03-07 13:54:57 +01:00
Rafal Wojtczuk
50252ec64e qrexec_daemon parent should exit after connection to VM. 2011-03-07 13:50:30 +01:00
Rafal Wojtczuk
bb0507c89a Make qrexec_daemon socket accessible. 
Set restructive umask after socket creation.
 2011-03-04 17:41:54 +01:00
Rafal Wojtczuk
b899bfc9ba Daemonize qrexec_daemon. 2011-03-04 17:38:59 +01:00
Rafal Wojtczuk
b98dffc965 qrexec* tools, initial version 2011-03-04 16:32:58 +01:00