__init__.py 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504
  1. #
  2. # The Qubes OS Project, https://www.qubes-os.org/
  3. #
  4. # Copyright (C) 2010-2015 Joanna Rutkowska <joanna@invisiblethingslab.com>
  5. # Copyright (C) 2011-2015 Marek Marczykowski-Górecki
  6. # <marmarek@invisiblethingslab.com>
  7. # Copyright (C) 2014-2015 Wojtek Porczyk <woju@invisiblethingslab.com>
  8. #
  9. # This library is free software; you can redistribute it and/or
  10. # modify it under the terms of the GNU Lesser General Public
  11. # License as published by the Free Software Foundation; either
  12. # version 2.1 of the License, or (at your option) any later version.
  13. #
  14. # This library is distributed in the hope that it will be useful,
  15. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  17. # Lesser General Public License for more details.
  18. #
  19. # You should have received a copy of the GNU Lesser General Public
  20. # License along with this library; if not, see <https://www.gnu.org/licenses/>.
  21. #
  22. '''Qubes Virtual Machines
  23. '''
  24. import asyncio
  25. import re
  26. import string
  27. import uuid
  28. import lxml.etree
  29. import qubes
  30. import qubes.devices
  31. import qubes.events
  32. import qubes.features
  33. import qubes.log
  34. VM_ENTRY_POINT = 'qubes.vm'
  35. def validate_name(holder, prop, value):
  36. ''' Check if value is syntactically correct VM name '''
  37. if not isinstance(value, str):
  38. raise TypeError('VM name must be string, {!r} found'.format(
  39. type(value).__name__))
  40. if len(value) > 31:
  41. if holder is not None and prop is not None:
  42. raise qubes.exc.QubesPropertyValueError(holder, prop, value,
  43. '{} value must be shorter than 32 characters'.format(
  44. prop.__name__))
  45. raise qubes.exc.QubesValueError(
  46. 'VM name must be shorter than 32 characters')
  47. # this regexp does not contain '+'; if it had it, we should specifically
  48. # disallow 'lost+found' #1440
  49. if re.match(r"^[a-zA-Z][a-zA-Z0-9_-]*$", value) is None:
  50. if holder is not None and prop is not None:
  51. raise qubes.exc.QubesPropertyValueError(holder, prop, value,
  52. '{} value contains illegal characters'.format(prop.__name__))
  53. raise qubes.exc.QubesValueError(
  54. 'VM name contains illegal characters')
  55. if value in ('none', 'default'):
  56. raise qubes.exc.QubesValueError(
  57. 'VM name cannot be \'none\' nor \'default\'')
  58. def setter_label(self, prop, value):
  59. ''' Helper for setting the domain label '''
  60. # pylint: disable=unused-argument
  61. if isinstance(value, qubes.Label):
  62. return value
  63. if isinstance(value, str) and value.startswith('label-'):
  64. return self.app.labels[int(value.split('-', 1)[1])]
  65. return self.app.get_label(value)
  66. def _setter_qid(self, prop, value):
  67. ''' Helper for setting the domain qid '''
  68. # pylint: disable=unused-argument
  69. value = int(value)
  70. if not 0 <= value <= qubes.config.max_qid:
  71. raise ValueError(
  72. '{} value must be between 0 and qubes.config.max_qid'.format(
  73. prop.__name__))
  74. return value
  75. class Tags(set):
  76. '''Manager of the tags.
  77. Tags are simple: tag either can be present on qube or not. Tag is a
  78. simple string consisting of ASCII alphanumeric characters, plus `_` and
  79. `-`.
  80. This class inherits from set, but has most of the methods that manipulate
  81. the item disarmed (they raise NotImplementedError). The ones that are left
  82. fire appropriate events on the qube that owns an instance of this class.
  83. '''
  84. #
  85. # Those are the methods that affect contents. Either disarm them or make
  86. # them report appropriate events. Good approach is to rewrite them carefully
  87. # using official documentation, but use only our (overloaded) methods.
  88. #
  89. def __init__(self, vm, seq=()):
  90. super(Tags, self).__init__()
  91. self.vm = vm
  92. self.update(seq)
  93. def clear(self):
  94. '''Remove all tags'''
  95. for item in tuple(self):
  96. self.remove(item)
  97. def symmetric_difference_update(self, *args, **kwargs):
  98. '''Not implemented
  99. :raises: NotImplementedError
  100. '''
  101. raise NotImplementedError()
  102. def intersection_update(self, *args, **kwargs):
  103. '''Not implemented
  104. :raises: NotImplementedError
  105. '''
  106. raise NotImplementedError()
  107. def pop(self):
  108. '''Not implemented
  109. :raises: NotImplementedError
  110. '''
  111. raise NotImplementedError()
  112. def discard(self, elem):
  113. '''Remove a tag if present'''
  114. if elem in self:
  115. self.remove(elem)
  116. def update(self, *others):
  117. '''Add tags from iterable(s)'''
  118. for other in others:
  119. for elem in other:
  120. self.add(elem)
  121. def add(self, elem):
  122. '''Add a tag'''
  123. allowed_chars = string.ascii_letters + string.digits + '_-'
  124. if any(i not in allowed_chars for i in elem):
  125. raise ValueError('Invalid character in tag')
  126. if elem in self:
  127. return
  128. super(Tags, self).add(elem)
  129. self.vm.fire_event('domain-tag-add:' + elem, tag=elem)
  130. def remove(self, elem):
  131. '''Remove a tag'''
  132. super(Tags, self).remove(elem)
  133. self.vm.fire_event('domain-tag-delete:' + elem, tag=elem)
  134. #
  135. # end of overriding
  136. #
  137. @staticmethod
  138. def validate_tag(tag):
  139. safe_set = string.ascii_letters + string.digits + '-_'
  140. if not all((x in safe_set) for x in tag):
  141. raise ValueError('disallowed characters')
  142. class BaseVM(qubes.PropertyHolder):
  143. '''Base class for all VMs
  144. :param app: Qubes application context
  145. :type app: :py:class:`qubes.Qubes`
  146. :param xml: xml node from which to deserialise
  147. :type xml: :py:class:`lxml.etree._Element` or :py:obj:`None`
  148. This class is responsible for serializing and deserialising machines and
  149. provides basic framework. It contains no management logic. For that, see
  150. :py:class:`qubes.vm.qubesvm.QubesVM`.
  151. '''
  152. # pylint: disable=no-member
  153. uuid = qubes.property('uuid', type=uuid.UUID, write_once=True,
  154. clone=False,
  155. doc='UUID from libvirt.')
  156. name = qubes.property('name', type=str, write_once=True,
  157. clone=False,
  158. doc='User-specified name of the domain.')
  159. qid = qubes.property('qid', type=int, write_once=True,
  160. setter=_setter_qid,
  161. clone=False,
  162. doc='''Internal, persistent identificator of particular domain. Note
  163. this is different from Xen domid.''')
  164. label = qubes.property('label',
  165. setter=setter_label,
  166. doc='''Colourful label assigned to VM. This is where the colour of the
  167. padlock is set.''')
  168. def __init__(self, app, xml, features=None, devices=None, tags=None,
  169. **kwargs):
  170. # pylint: disable=redefined-outer-name
  171. self._qdb_watch_paths = set()
  172. self._qdb_connection_watch = None
  173. # self.app must be set before super().__init__, because some property
  174. # setters need working .app attribute
  175. #: mother :py:class:`qubes.Qubes` object
  176. self.app = app
  177. super(BaseVM, self).__init__(xml, **kwargs)
  178. #: dictionary of features of this qube
  179. self.features = qubes.features.Features(self, features)
  180. #: :py:class:`DeviceManager` object keeping devices that are attached to
  181. #: this domain
  182. self.devices = devices or qubes.devices.DeviceManager(self)
  183. #: user-specified tags
  184. self.tags = Tags(self, tags or ())
  185. #: logger instance for logging messages related to this VM
  186. self.log = None
  187. #: storage volumes
  188. self.volumes = {}
  189. #: storage manager
  190. self.storage = None
  191. if hasattr(self, 'name'):
  192. self.init_log()
  193. def close(self):
  194. super().close()
  195. if self._qdb_connection_watch is not None:
  196. asyncio.get_event_loop().remove_reader(
  197. self._qdb_connection_watch.watch_fd())
  198. self._qdb_connection_watch.close()
  199. del self._qdb_connection_watch
  200. del self.app
  201. del self.features
  202. del self.storage
  203. # TODO storage may have circ references, but it doesn't leak fds
  204. del self.devices
  205. del self.tags
  206. def load_extras(self):
  207. if self.xml is None:
  208. return
  209. # features
  210. for node in self.xml.xpath('./features/feature'):
  211. self.features[node.get('name')] = node.text
  212. # devices (pci, usb, ...)
  213. for parent in self.xml.xpath('./devices'):
  214. devclass = parent.get('class')
  215. for node in parent.xpath('./device'):
  216. options = {}
  217. for option in node.xpath('./option'):
  218. options[option.get('name')] = option.text
  219. try:
  220. device_assignment = qubes.devices.DeviceAssignment(
  221. self.app.domains[node.get('backend-domain')],
  222. node.get('id'),
  223. options,
  224. persistent=True
  225. )
  226. self.devices[devclass].load_persistent(device_assignment)
  227. except KeyError:
  228. msg = "{}: Cannot find backend domain '{}' " \
  229. "for device type {} '{}'".format(self.name, node.get(
  230. 'backend-domain'), devclass, node.get('id'))
  231. self.log.info(msg)
  232. continue
  233. # tags
  234. for node in self.xml.xpath('./tags/tag'):
  235. self.tags.add(node.get('name'))
  236. # SEE:1815 firewall, policy.
  237. def get_provided_assignments(self):
  238. '''List of persistent device assignments from this VM.'''
  239. assignments = []
  240. for domain in self.app.domains:
  241. if domain == self:
  242. continue
  243. for device_collection in domain.devices.values():
  244. for assignment in device_collection.persistent():
  245. if assignment.backend_domain == self:
  246. assignments.append(assignment)
  247. return assignments
  248. def init_log(self):
  249. '''Initialise logger for this domain.'''
  250. self.log = qubes.log.get_vm_logger(self.name)
  251. def __xml__(self):
  252. element = lxml.etree.Element('domain')
  253. element.set('id', 'domain-' + str(self.qid))
  254. element.set('class', self.__class__.__name__)
  255. element.append(self.xml_properties())
  256. features = lxml.etree.Element('features')
  257. for feature in self.features:
  258. node = lxml.etree.Element('feature', name=feature)
  259. node.text = self.features[feature]
  260. features.append(node)
  261. element.append(features)
  262. for devclass in self.devices:
  263. devices = lxml.etree.Element('devices')
  264. devices.set('class', devclass)
  265. for device in self.devices[devclass].assignments(persistent=True):
  266. node = lxml.etree.Element('device')
  267. node.set('backend-domain', device.backend_domain.name)
  268. node.set('id', device.ident)
  269. for key, val in device.options.items():
  270. option_node = lxml.etree.Element('option')
  271. option_node.set('name', key)
  272. option_node.text = val
  273. node.append(option_node)
  274. devices.append(node)
  275. element.append(devices)
  276. tags = lxml.etree.Element('tags')
  277. for tag in self.tags:
  278. node = lxml.etree.Element('tag', name=tag)
  279. tags.append(node)
  280. element.append(tags)
  281. return element
  282. def __repr__(self):
  283. proprepr = []
  284. for prop in self.property_list():
  285. if prop.__name__ in ('name', 'qid'):
  286. continue
  287. try:
  288. proprepr.append('{}={!s}'.format(
  289. prop.__name__, getattr(self, prop.__name__)))
  290. except AttributeError:
  291. continue
  292. return '<{} at {:#x} name={!r} qid={!r} {}>'.format(type(self).__name__,
  293. id(self), self.name, self.qid, ' '.join(proprepr))
  294. #
  295. # xml serialising methods
  296. #
  297. def create_config_file(self):
  298. '''Create libvirt's XML domain config file
  299. '''
  300. domain_config = self.app.env.select_template([
  301. 'libvirt/xen/by-name/{}.xml'.format(self.name),
  302. 'libvirt/xen-user.xml',
  303. 'libvirt/xen-dist.xml',
  304. 'libvirt/xen.xml',
  305. ]).render(vm=self)
  306. return domain_config
  307. def watch_qdb_path(self, path):
  308. '''Add a QubesDB path to be watched.
  309. Each change to the path will cause `domain-qdb-change:path` event to be
  310. fired.
  311. You can call this method for example in response to
  312. `domain-init` and `domain-load` events.
  313. '''
  314. if path not in self._qdb_watch_paths:
  315. self._qdb_watch_paths.add(path)
  316. if self._qdb_connection_watch:
  317. self._qdb_connection_watch.watch(path)
  318. def _qdb_watch_reader(self, loop):
  319. '''Callback when self._qdb_connection_watch.watch_fd() FD is
  320. readable.
  321. Read reported event (watched path change) and fire appropriate event.
  322. '''
  323. import qubesdb # pylint: disable=import-error
  324. try:
  325. path = self._qdb_connection_watch.read_watch()
  326. for watched_path in self._qdb_watch_paths:
  327. if watched_path == path or (
  328. watched_path.endswith('/') and
  329. path.startswith(watched_path)):
  330. self.fire_event('domain-qdb-change:' + watched_path,
  331. path=path)
  332. except qubesdb.DisconnectedError:
  333. loop.remove_reader(self._qdb_connection_watch.watch_fd())
  334. self._qdb_connection_watch.close()
  335. self._qdb_connection_watch = None
  336. def start_qdb_watch(self, loop=None):
  337. '''Start watching QubesDB
  338. Calling this method in appropriate time is responsibility of child
  339. class.
  340. '''
  341. # cleanup old watch connection first, if any
  342. if self._qdb_connection_watch is not None:
  343. asyncio.get_event_loop().remove_reader(
  344. self._qdb_connection_watch.watch_fd())
  345. self._qdb_connection_watch.close()
  346. import qubesdb # pylint: disable=import-error
  347. self._qdb_connection_watch = qubesdb.QubesDB(self.name)
  348. if loop is None:
  349. loop = asyncio.get_event_loop()
  350. loop.add_reader(self._qdb_connection_watch.watch_fd(),
  351. self._qdb_watch_reader, loop)
  352. for path in self._qdb_watch_paths:
  353. self._qdb_connection_watch.watch(path)
  354. @qubes.stateless_property
  355. def klass(self):
  356. '''Domain class name'''
  357. return type(self).__name__
  358. class VMProperty(qubes.property):
  359. '''Property that is referring to a VM
  360. :param type vmclass: class that returned VM is supposed to be instance of
  361. and all supported by :py:class:`property` with the exception of ``type`` \
  362. and ``setter``
  363. '''
  364. _none_value = ''
  365. def __init__(self, name, vmclass=BaseVM, allow_none=False,
  366. **kwargs):
  367. if 'type' in kwargs:
  368. raise TypeError(
  369. "'type' keyword parameter is unsupported in {}".format(
  370. self.__class__.__name__))
  371. if not issubclass(vmclass, BaseVM):
  372. raise TypeError(
  373. "'vmclass' should specify a subclass of qubes.vm.BaseVM")
  374. super(VMProperty, self).__init__(name,
  375. saver=(lambda self_, prop, value:
  376. self._none_value if value is None else value.name),
  377. **kwargs)
  378. self.vmclass = vmclass
  379. self.allow_none = allow_none
  380. def __set__(self, instance, value):
  381. if value is self.__class__.DEFAULT:
  382. self.__delete__(instance)
  383. return
  384. if value == self._none_value:
  385. value = None
  386. if value is None:
  387. if self.allow_none:
  388. super(VMProperty, self).__set__(instance, value)
  389. return
  390. raise ValueError(
  391. 'Property {!r} does not allow setting to {!r}'.format(
  392. self.__name__, value))
  393. app = instance if isinstance(instance, qubes.Qubes) else instance.app
  394. try:
  395. vm = app.domains[value]
  396. except KeyError:
  397. raise qubes.exc.QubesVMNotFoundError(value)
  398. if not isinstance(vm, self.vmclass):
  399. raise TypeError('wrong VM class: domains[{!r}] is of type {!s} '
  400. 'and not {!s}'.format(value,
  401. vm.__class__.__name__,
  402. self.vmclass.__name__))
  403. super(VMProperty, self).__set__(instance, vm)
  404. def sanitize(self, *, untrusted_newvalue):
  405. try:
  406. untrusted_vmname = untrusted_newvalue.decode('ascii')
  407. except UnicodeDecodeError:
  408. raise qubes.exc.QubesValueError
  409. if untrusted_vmname == '':
  410. # allow empty VM name for setting VMProperty value, because it's
  411. # string representation of None (see self._none_value)
  412. return untrusted_vmname
  413. validate_name(None, self, untrusted_vmname)
  414. return untrusted_vmname