core-admin/dom0/qubes_rpc/qubes-receive-appmenus
Marek Marczykowski 9b3a77bc1d dom0: move RPC services to separate directory (#654)
This makes more clear which code have contact with untrusted data from VM.
2012-08-16 16:56:16 +02:00

226 lines
8.1 KiB
Python
Executable File

#!/usr/bin/python
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2011 Marek Marczykowski <marmarek@mimuw.edu.pl>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
#
import subprocess
import re
import os
import sys
import fnmatch
import shutil
from optparse import OptionParser
from qubes.qubes import QubesVmCollection,QubesException
from qubes.qubes import qrexec_client_path
# fields required to be present (and verified) in retrieved desktop file
required_fields = [ "Name", "Exec" ]
#limits
appmenus_line_size = 1024
appmenus_line_count = 100000
# regexps for sanitization of retrieved values
std_re = re.compile(r"^[/a-zA-Z0-9.,&() -]*$")
fields_regexp = {
"Name": std_re,
"GenericName": std_re,
"Comment": std_re,
"Categories": re.compile(r"^[a-zA-Z0-9/.; -]*$"),
"Exec": re.compile(r"^[a-zA-Z0-9%>/:.= -]*$"),
}
def get_appmenus(xid):
global appmenus_line_count
global appmenus_line_size
untrusted_appmenulist = []
if xid == -1:
while appmenus_line_count > 0:
line = sys.stdin.readline(appmenus_line_size)
if line == "":
break;
untrusted_appmenulist.append(line.strip())
appmenus_line_count -= 1
if appmenus_line_count == 0:
raise QubesException("Line count limit exceeded")
else:
p = subprocess.Popen ([qrexec_client_path, '-d', str(xid),
'user:QUBESRPC qubes.GetAppmenus dom0'], stdout=subprocess.PIPE)
while appmenus_line_count > 0:
line = p.stdout.readline(appmenus_line_size)
if line == "":
break;
untrusted_appmenulist.append(line.strip())
appmenus_line_count -= 1
p.wait()
if p.returncode != 0:
raise QubesException("Error getting application list")
if appmenus_line_count == 0:
raise QubesException("Line count limit exceeded")
row_no = 0
appmenus = {}
line_rx = re.compile(r"([a-zA-Z0-9-.]+.desktop):([a-zA-Z0-9-]+(?:\[[a-zA-Z@_]+\])?)=(.*)")
ignore_rx = re.compile(r".*([a-zA-Z0-9-.]+.desktop):(#.*|\s+)$")
for untrusted_line in untrusted_appmenulist:
# Ignore blank lines and comments
if len(untrusted_line) == 0 or ignore_rx.match(untrusted_line):
continue
# use search instead of match to skip file path
untrusted_m = line_rx.search(untrusted_line)
if untrusted_m:
untrusted_key = untrusted_m.group(2)
untrusted_value = untrusted_m.group(3)
if fields_regexp.has_key(untrusted_key):
if fields_regexp[untrusted_key].match(untrusted_value):
# now values are sanitized
key = untrusted_key
value = untrusted_value
filename = untrusted_m.group(1)
if not appmenus.has_key(filename):
appmenus[filename] = {}
appmenus[filename][key]=value
else:
print >>sys.stderr, "Warning: ignoring key %s: %s" % (untrusted_key, untrusted_value)
# else: ignore this key
else:
print >>sys.stderr, "Warning: ignoring line: %s" % (untrusted_line);
return appmenus
def create_template(path, values):
# check if all required fields are present
for key in required_fields:
if not values.has_key(key):
print >>sys.stderr, "Warning: not creating/updating '%s' because of missing '%s' key" % (path, key)
return
desktop_file = open(path, "w")
desktop_file.write("[Desktop Entry]\n")
desktop_file.write("Version=1.0\n")
desktop_file.write("Type=Application\n")
desktop_file.write("Terminal=false\n")
desktop_file.write("X-Qubes-VmName=%VMNAME%\n")
desktop_file.write("Icon=%VMDIR%/icon.png\n")
for key in ["Name", "GenericName" ]:
if values.has_key(key):
desktop_file.write("{0}=%VMNAME%: {1}\n".format(key, values[key]))
for key in [ "Comment", "Categories" ]:
if values.has_key(key):
desktop_file.write("{0}={1}\n".format(key, values[key]))
desktop_file.write("Exec=qvm-run -q --tray -a %VMNAME% '{0}'\n".format(values['Exec']))
desktop_file.close()
def main():
env_vmname = os.environ.get("QREXEC_REMOTE_DOMAIN")
usage = "usage: %prog [options] <vm-name>\n"\
"Updates desktop file templates for given StandaloneVM or TemplateVM"
parser = OptionParser (usage)
parser.add_option ("-v", "--verbose", action="store_true", dest="verbose", default=False)
parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
help="Force to run, even with root privileges")
(options, args) = parser.parse_args ()
if (len (args) != 1) and env_vmname is None:
parser.error ("You must specify at least the VM name!")
if env_vmname:
vmname=env_vmname
else:
vmname=args[0]
if os.geteuid() == 0:
if not options.force_root:
print >> sys.stderr, "*** Running this tool as root is strongly discouraged, this will lead you in permissions problems."
print >> sys.stderr, "Retry as unprivileged user."
print >> sys.stderr, "... or use --force-root to continue anyway."
exit(1)
qvm_collection = QubesVmCollection()
qvm_collection.lock_db_for_reading()
qvm_collection.load()
qvm_collection.unlock_db()
vm = qvm_collection.get_vm_by_name(vmname)
if vm is None:
print >>sys.stderr, "ERROR: A VM with the name '{0}' does not exist in the system.".format(vmname)
exit(1)
if vm.template is not None:
print >>sys.stderr, "ERROR: To sync appmenus for template based VM, do it on template instead"
exit(1)
if not vm.is_running():
print >>sys.stderr, "ERROR: Appmenus can be retrieved only from running VM - start it first"
exit(1)
new_appmenus = {}
if env_vmname is None:
# Get appmenus from VM
xid = vm.get_xid()
assert xid > 0
new_appmenus = get_appmenus(xid)
else:
options.verbose = False
new_appmenus = get_appmenus(-1)
if len(new_appmenus) == 0:
print >>sys.stderr, "ERROR: No appmenus received, terminating"
exit(1)
if not os.path.exists(vm.appmenus_templates_dir):
os.mkdir(vm.appmenus_templates_dir)
# Create new/update existing templates
if options.verbose:
print >> sys.stderr, "--> Got {0} appmenus, storing to disk".format(str(len(new_appmenus)))
for appmenu_file in new_appmenus.keys():
if options.verbose:
if os.path.exists(vm.appmenus_templates_dir + '/' + appmenu_file):
print >> sys.stderr, "---> Updating {0}".format(appmenu_file)
else:
print >> sys.stderr, "---> Creating {0}".format(appmenu_file)
create_template(vm.appmenus_templates_dir + '/' + appmenu_file, new_appmenus[appmenu_file])
# Delete appmenus of remove applications
if options.verbose:
print >> sys.stderr, "--> Cleaning old files"
for appmenu_file in os.listdir(vm.appmenus_templates_dir):
if not fnmatch.fnmatch(appmenu_file, '*.desktop'):
continue
if not new_appmenus.has_key(appmenu_file):
if options.verbose:
print >> sys.stderr, "---> Removing {0}".format(appmenu_file)
os.unlink(vm.appmenus_templates_dir + '/' + appmenu_file)
main()