vm_qrexec_gui.py 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520
  1. #!/usr/bin/python
  2. # vim: fileencoding=utf-8
  3. #
  4. # The Qubes OS Project, https://www.qubes-os.org/
  5. #
  6. # Copyright (C) 2014-2015
  7. # Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
  8. # Copyright (C) 2015 Wojtek Porczyk <woju@invisiblethingslab.com>
  9. #
  10. # This program is free software; you can redistribute it and/or modify
  11. # it under the terms of the GNU General Public License as published by
  12. # the Free Software Foundation; either version 2 of the License, or
  13. # (at your option) any later version.
  14. #
  15. # This program is distributed in the hope that it will be useful,
  16. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. # GNU General Public License for more details.
  19. #
  20. # You should have received a copy of the GNU General Public License along
  21. # with this program; if not, write to the Free Software Foundation, Inc.,
  22. # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  23. #
  24. import multiprocessing
  25. import os
  26. import subprocess
  27. import unittest
  28. import time
  29. from qubes.qubes import QubesVmCollection, defaults, QubesException
  30. import qubes.tests
  31. TEST_DATA = "0123456789" * 1024
  32. class TC_00_AppVM(qubes.tests.SystemTestsMixin, unittest.TestCase):
  33. def setUp(self):
  34. super(TC_00_AppVM, self).setUp()
  35. self.testvm1 = self.qc.add_new_vm("QubesAppVm",
  36. name=self.make_vm_name('vm1'),
  37. template=self.qc.get_default_template())
  38. self.testvm1.create_on_disk(verbose=False)
  39. self.testvm2 = self.qc.add_new_vm("QubesAppVm",
  40. name=self.make_vm_name('vm2'),
  41. template=self.qc.get_default_template())
  42. self.testvm2.create_on_disk(verbose=False)
  43. self.qc.save()
  44. def test_000_start_shutdown(self):
  45. self.testvm1.start()
  46. self.assertEquals(self.testvm1.get_power_state(), "Running")
  47. self.testvm1.shutdown()
  48. shutdown_counter = 0
  49. while self.testvm1.is_running():
  50. if shutdown_counter > defaults["shutdown_counter_max"]:
  51. self.fail("VM hanged during shutdown")
  52. shutdown_counter += 1
  53. time.sleep(1)
  54. time.sleep(1)
  55. self.assertEquals(self.testvm1.get_power_state(), "Halted")
  56. def test_010_run_gui_app(self):
  57. self.testvm1.start()
  58. self.assertEquals(self.testvm1.get_power_state(), "Running")
  59. self.testvm1.run("gnome-terminal")
  60. wait_count = 0
  61. while subprocess.call(['xdotool', 'search', '--name', 'user@%s' %
  62. self.testvm1.name], stdout=open(os.path.devnull, 'w'),
  63. stderr=subprocess.STDOUT) > 0:
  64. wait_count += 1
  65. if wait_count > 100:
  66. self.fail("Timeout while waiting for gnome-terminal window")
  67. time.sleep(0.1)
  68. time.sleep(0.5)
  69. subprocess.check_call(['xdotool', 'search', '--name', 'user@%s' %
  70. self.testvm1.name, 'windowactivate', 'type', 'exit\n'])
  71. wait_count = 0
  72. while subprocess.call(['xdotool', 'search', '--name', 'user@%s' %
  73. self.testvm1.name], stdout=open(os.path.devnull, 'w'),
  74. stderr=subprocess.STDOUT) == 0:
  75. wait_count += 1
  76. if wait_count > 100:
  77. self.fail("Timeout while waiting for gnome-terminal "
  78. "termination")
  79. time.sleep(0.1)
  80. def test_050_qrexec_simple_eof(self):
  81. """Test for data and EOF transmission dom0->VM"""
  82. result = multiprocessing.Value('i', 0)
  83. def run(self, result):
  84. p = self.testvm1.run("cat", passio_popen=True,
  85. passio_stderr=True)
  86. (stdout, stderr) = p.communicate(TEST_DATA)
  87. if stdout != TEST_DATA:
  88. result.value = 1
  89. if len(stderr) > 0:
  90. result.value = 2
  91. self.testvm1.start()
  92. t = multiprocessing.Process(target=run, args=(self, result))
  93. t.start()
  94. t.join(timeout=10)
  95. if t.is_alive():
  96. t.terminate()
  97. self.fail("Timeout, probably EOF wasn't transferred to the VM "
  98. "process")
  99. if result.value == 1:
  100. self.fail("Received data differs from what was sent")
  101. elif result.value == 2:
  102. self.fail("Some data was printed to stderr")
  103. @unittest.expectedFailure
  104. def test_051_qrexec_simple_eof_reverse(self):
  105. """Test for EOF transmission VM->dom0"""
  106. result = multiprocessing.Value('i', 0)
  107. def run(self, result):
  108. p = self.testvm1.run("echo test; exec >&-; cat > /dev/null",
  109. passio_popen=True, passio_stderr=True)
  110. # this will hang on test failure
  111. stdout = p.stdout.read()
  112. p.stdin.write(TEST_DATA)
  113. p.stdin.close()
  114. if stdout.strip() != "test":
  115. result.value = 1
  116. # this may hang in some buggy cases
  117. elif len(p.stderr.read()) > 0:
  118. result.value = 2
  119. elif p.pull() is None:
  120. result.value = 3
  121. self.testvm1.start()
  122. t = multiprocessing.Process(target=run, args=(self, result))
  123. t.start()
  124. t.join(timeout=10)
  125. if t.is_alive():
  126. t.terminate()
  127. self.fail("Timeout, probably EOF wasn't transferred from the VM "
  128. "process")
  129. if result.value == 1:
  130. self.fail("Received data differs from what was expected")
  131. elif result.value == 2:
  132. self.fail("Some data was printed to stderr")
  133. elif result.value == 3:
  134. self.fail("VM proceess didn't terminated on EOF")
  135. def test_052_qrexec_vm_service_eof(self):
  136. """Test for EOF transmission VM(src)->VM(dst)"""
  137. result = multiprocessing.Value('i', 0)
  138. def run(self, result):
  139. p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm %s test.EOF "
  140. "/bin/sh -c 'echo test; exec >&-; cat "
  141. ">&$SAVED_FD_1'" % self.testvm2.name,
  142. passio_popen=True)
  143. (stdout, stderr) = p.communicate()
  144. if stdout != "test\n":
  145. result.value = 1
  146. self.testvm1.start()
  147. self.testvm2.start()
  148. p = self.testvm2.run("cat > /etc/qubes-rpc/test.EOF", user="root",
  149. passio_popen=True)
  150. p.stdin.write("/bin/cat")
  151. p.stdin.close()
  152. p.wait()
  153. policy = open("/etc/qubes-rpc/policy/test.EOF", "w")
  154. policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name))
  155. policy.close()
  156. self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.EOF")
  157. t = multiprocessing.Process(target=run, args=(self, result))
  158. t.start()
  159. t.join(timeout=10)
  160. if t.is_alive():
  161. t.terminate()
  162. self.fail("Timeout, probably EOF wasn't transferred")
  163. if result.value == 1:
  164. self.fail("Received data differs from what was expected")
  165. @unittest.expectedFailure
  166. def test_053_qrexec_vm_service_eof_reverse(self):
  167. """Test for EOF transmission VM(src)<-VM(dst)"""
  168. result = multiprocessing.Value('i', 0)
  169. def run(self, result):
  170. p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm %s test.EOF "
  171. "/bin/sh -c 'cat >&$SAVED_FD_1'"
  172. % self.testvm1.name,
  173. passio_popen=True)
  174. (stdout, stderr) = p.communicate()
  175. if stdout != "test\n":
  176. result.value = 1
  177. self.testvm1.start()
  178. self.testvm2.start()
  179. p = self.testvm2.run("cat > /etc/qubes-rpc/test.EOF", user="root",
  180. passio_popen=True)
  181. p.stdin.write("echo test; exec >&-; cat >/dev/null")
  182. p.stdin.close()
  183. p.wait()
  184. policy = open("/etc/qubes-rpc/policy/test.EOF", "w")
  185. policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name))
  186. policy.close()
  187. self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.EOF")
  188. t = multiprocessing.Process(target=run, args=(self, result))
  189. t.start()
  190. t.join(timeout=10)
  191. if t.is_alive():
  192. t.terminate()
  193. self.fail("Timeout, probably EOF wasn't transferred")
  194. if result.value == 1:
  195. self.fail("Received data differs from what was expected")
  196. def test_060_qrexec_exit_code_dom0(self):
  197. self.testvm1.start()
  198. p = self.testvm1.run("exit 0", passio_popen=True)
  199. p.wait()
  200. self.assertEqual(0, p.returncode)
  201. p = self.testvm1.run("exit 3", passio_popen=True)
  202. p.wait()
  203. self.assertEqual(3, p.returncode)
  204. @unittest.expectedFailure
  205. def test_065_qrexec_exit_code_vm(self):
  206. self.testvm1.start()
  207. self.testvm2.start()
  208. policy = open("/etc/qubes-rpc/policy/test.Retcode", "w")
  209. policy.write("%s %s allow" % (self.testvm1.name, self.testvm2.name))
  210. policy.close()
  211. self.addCleanup(os.unlink, "/etc/qubes-rpc/policy/test.Retcode")
  212. p = self.testvm2.run("cat > /etc/qubes-rpc/test.Retcode", user="root",
  213. passio_popen=True)
  214. p.stdin.write("exit 0")
  215. p.stdin.close()
  216. p.wait()
  217. p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm %s test.Retcode "
  218. "/bin/sh -c 'cat >/dev/null'; echo $?"
  219. % self.testvm1.name,
  220. passio_popen=True)
  221. (stdout, stderr) = p.communicate()
  222. self.assertEqual(stdout, "0\n")
  223. p = self.testvm2.run("cat > /etc/qubes-rpc/test.Retcode", user="root",
  224. passio_popen=True)
  225. p.stdin.write("exit 3")
  226. p.stdin.close()
  227. p.wait()
  228. p = self.testvm1.run("/usr/lib/qubes/qrexec-client-vm %s test.Retcode "
  229. "/bin/sh -c 'cat >/dev/null'; echo $?"
  230. % self.testvm1.name,
  231. passio_popen=True)
  232. (stdout, stderr) = p.communicate()
  233. self.assertEqual(stdout, "3\n")
  234. def test_100_qrexec_filecopy(self):
  235. self.testvm1.start()
  236. self.testvm2.start()
  237. p = self.testvm1.run("qvm-copy-to-vm %s /etc/passwd" %
  238. self.testvm2.name, passio_popen=True,
  239. passio_stderr=True)
  240. # Confirm transfer
  241. subprocess.check_call(['xdotool', 'search', '--sync', '--name', 'Question',
  242. 'key', 'y'])
  243. p.wait()
  244. self.assertEqual(p.returncode, 0, "qvm-copy-to-vm failed: %s" %
  245. p.stderr.read())
  246. retcode = self.testvm2.run("diff /etc/passwd "
  247. "/home/user/QubesIncoming/%s/passwd" % self.testvm1.name, wait=True)
  248. self.assertEqual(retcode, 0, "file differs")
  249. def test_110_qrexec_filecopy_deny(self):
  250. self.testvm1.start()
  251. self.testvm2.start()
  252. p = self.testvm1.run("qvm-copy-to-vm %s /etc/passwd" %
  253. self.testvm2.name, passio_popen=True)
  254. # Deny transfer
  255. subprocess.check_call(['xdotool', 'search', '--sync', '--name', 'Question',
  256. 'key', 'n'])
  257. p.wait()
  258. self.assertNotEqual(p.returncode, 0, "qvm-copy-to-vm unexpectedly "
  259. "succeeded")
  260. retcode = self.testvm1.run("ls /home/user/QubesIncoming/%s" %
  261. self.testvm1.name, wait=True,
  262. ignore_stderr=True)
  263. self.assertNotEqual(retcode, 0, "QubesIncoming exists although file "
  264. "copy was "
  265. "denied")
  266. @unittest.skip("Xen gntalloc driver crashes when page is mapped in the "
  267. "same domain")
  268. def test_120_qrexec_filecopy_self(self):
  269. self.testvm1.start()
  270. p = self.testvm1.run("qvm-copy-to-vm %s /etc/passwd" %
  271. self.testvm1.name, passio_popen=True,
  272. passio_stderr=True)
  273. # Confirm transfer
  274. subprocess.check_call(['xdotool', 'search', '--sync', '--name', 'Question',
  275. 'key', 'y'])
  276. p.wait()
  277. self.assertEqual(p.returncode, 0, "qvm-copy-to-vm failed: %s" %
  278. p.stderr.read())
  279. retcode = self.testvm1.run("diff /etc/passwd "
  280. "/home/user/QubesIncoming/%s/passwd" % self.testvm1.name, wait=True)
  281. self.assertEqual(retcode, 0, "file differs")
  282. class TC_10_HVM(qubes.tests.SystemTestsMixin, unittest.TestCase):
  283. # TODO: test with some OS inside
  284. # TODO: windows tools tests
  285. def test_000_create_start(self):
  286. self.testvm1 = self.qc.add_new_vm("QubesHVm",
  287. name=self.make_vm_name('vm1'))
  288. self.testvm1.create_on_disk(verbose=False)
  289. self.qc.save()
  290. self.testvm1.start()
  291. self.assertEquals(self.testvm1.get_power_state(), "Running")
  292. def test_010_create_start_template(self):
  293. self.templatevm = self.qc.add_new_vm("QubesTemplateHVm",
  294. name=self.make_vm_name('template'))
  295. self.templatevm.create_on_disk(verbose=False)
  296. self.templatevm.start()
  297. self.assertEquals(self.templatevm.get_power_state(), "Running")
  298. def test_020_create_start_template_vm(self):
  299. self.templatevm = self.qc.add_new_vm("QubesTemplateHVm",
  300. name=self.make_vm_name('template'))
  301. self.templatevm.create_on_disk(verbose=False)
  302. self.testvm2 = self.qc.add_new_vm("QubesHVm",
  303. name=self.make_vm_name('vm2'),
  304. template=self.templatevm)
  305. self.testvm2.create_on_disk(verbose=False)
  306. self.qc.save()
  307. self.testvm2.start()
  308. self.assertEquals(self.testvm2.get_power_state(), "Running")
  309. def test_030_prevent_simultaneus_start(self):
  310. self.templatevm = self.qc.add_new_vm("QubesTemplateHVm",
  311. name=self.make_vm_name('template'))
  312. self.templatevm.create_on_disk(verbose=False)
  313. self.testvm2 = self.qc.add_new_vm("QubesHVm",
  314. name=self.make_vm_name('vm2'),
  315. template=self.templatevm)
  316. self.testvm2.create_on_disk(verbose=False)
  317. self.qc.save()
  318. self.templatevm.start()
  319. self.assertEquals(self.templatevm.get_power_state(), "Running")
  320. self.assertRaises(QubesException, self.testvm2.start)
  321. self.templatevm.force_shutdown()
  322. self.testvm2.start()
  323. self.assertEquals(self.testvm2.get_power_state(), "Running")
  324. self.assertRaises(QubesException, self.templatevm.start)
  325. class TC_20_DispVM(qubes.tests.SystemTestsMixin, unittest.TestCase):
  326. def test_000_prepare_dvm(self):
  327. self.qc.unlock_db()
  328. retcode = subprocess.call(['/usr/bin/qvm-create-default-dvm',
  329. '--default-template'],
  330. stderr=open(os.devnull, 'w'))
  331. self.assertEqual(retcode, 0)
  332. self.qc.lock_db_for_writing()
  333. self.qc.load()
  334. self.assertIsNotNone(self.qc.get_vm_by_name(
  335. self.qc.get_default_template().name + "-dvm"))
  336. # TODO: check mtime of snapshot file
  337. def test_010_simple_dvm_run(self):
  338. self.qc.unlock_db()
  339. p = subprocess.Popen(['/usr/lib/qubes/qfile-daemon-dvm',
  340. 'qubes.VMShell', 'dom0', 'DEFAULT'],
  341. stdin=subprocess.PIPE,
  342. stdout=subprocess.PIPE,
  343. stderr=open(os.devnull, 'w'))
  344. (stdout, _) = p.communicate(input="echo test")
  345. self.assertEqual(stdout, "test\n")
  346. # TODO: check if DispVM is destroyed
  347. def test_020_gui_app(self):
  348. self.qc.unlock_db()
  349. p = subprocess.Popen(['/usr/lib/qubes/qfile-daemon-dvm',
  350. 'qubes.VMShell', 'dom0', 'DEFAULT'],
  351. stdin=subprocess.PIPE,
  352. stdout=subprocess.PIPE,
  353. stderr=open(os.devnull, 'w'))
  354. # wait for DispVM startup:
  355. p.stdin.write("echo test\n")
  356. p.stdin.flush()
  357. l = p.stdout.readline()
  358. self.assertEqual(l, "test\n")
  359. # potential race condition, but our tests are supposed to be
  360. # running on dedicated machine, so should not be a problem
  361. self.qc.lock_db_for_reading()
  362. self.qc.load()
  363. self.qc.unlock_db()
  364. max_qid = 0
  365. for vm in self.qc.values():
  366. if not vm.is_disposablevm():
  367. continue
  368. if vm.qid > max_qid:
  369. max_qid = vm.qid
  370. dispvm = self.qc[max_qid]
  371. self.assertNotEqual(dispvm.qid, 0, "DispVM not found in qubes.xml")
  372. self.assertTrue(dispvm.is_running())
  373. p.stdin.write("gnome-terminal\n")
  374. wait_count = 0
  375. window_title = 'user@%s' % (dispvm.template.name + "-dvm")
  376. while subprocess.call(['xdotool', 'search', '--name', window_title],
  377. stdout=open(os.path.devnull, 'w'),
  378. stderr=subprocess.STDOUT) > 0:
  379. wait_count += 1
  380. if wait_count > 100:
  381. self.fail("Timeout while waiting for gnome-terminal window")
  382. time.sleep(0.1)
  383. time.sleep(0.5)
  384. subprocess.check_call(['xdotool', 'search', '--name', window_title,
  385. 'windowactivate', 'type', 'exit\n'])
  386. wait_count = 0
  387. while subprocess.call(['xdotool', 'search', '--name', window_title],
  388. stdout=open(os.path.devnull, 'w'),
  389. stderr=subprocess.STDOUT) == 0:
  390. wait_count += 1
  391. if wait_count > 100:
  392. self.fail("Timeout while waiting for gnome-terminal "
  393. "termination")
  394. time.sleep(0.1)
  395. p.stdin.close()
  396. wait_count = 0
  397. while dispvm.is_running():
  398. wait_count += 1
  399. if wait_count > 100:
  400. self.fail("Timeout while waiting for DispVM destruction")
  401. time.sleep(0.1)
  402. wait_count = 0
  403. while p.poll() is None:
  404. wait_count += 1
  405. if wait_count > 100:
  406. self.fail("Timeout while waiting for qfile-daemon-dvm "
  407. "termination")
  408. time.sleep(0.1)
  409. self.assertEqual(p.returncode, 0)
  410. self.qc.lock_db_for_reading()
  411. self.qc.load()
  412. self.qc.unlock_db()
  413. self.assertIsNone(self.qc.get_vm_by_name(dispvm.name),
  414. "DispVM not removed from qubes.xml")
  415. def test_030_edit_file(self):
  416. self.testvm1 = self.qc.add_new_vm("QubesAppVm",
  417. name=self.make_vm_name('vm1'),
  418. template=self.qc.get_default_template())
  419. self.testvm1.create_on_disk(verbose=False)
  420. self.qc.save()
  421. self.testvm1.start()
  422. self.testvm1.run("echo test1 > /home/user/test.txt", wait=True)
  423. self.qc.unlock_db()
  424. p = self.testvm1.run("qvm-open-in-dvm /home/user/test.txt",
  425. passio_popen=True)
  426. wait_count = 0
  427. # TODO: ensure that gedit is default editor?
  428. window_title = '(/tmp/%s)' % self.testvm1.name
  429. while subprocess.call(['xdotool', 'search', '--name', window_title],
  430. stdout=open(os.path.devnull, 'w'),
  431. stderr=subprocess.STDOUT) > 0:
  432. wait_count += 1
  433. if wait_count > 100:
  434. self.fail("Timeout while waiting for editor window")
  435. time.sleep(0.3)
  436. time.sleep(0.5)
  437. subprocess.check_call(['xdotool', 'search', '--name', window_title,
  438. 'windowactivate', 'type', 'test test 2\n'])
  439. subprocess.check_call(['xdotool', 'search', '--name', window_title,
  440. 'key', 'ctrl+s', 'ctrl+q'])
  441. p.wait()
  442. p = self.testvm1.run("cat /home/user/test.txt",
  443. passio_popen=True)
  444. (test_txt_content, _) = p.communicate()
  445. self.assertEqual(test_txt_content, "test test 2\ntest1\n")