core-admin/qrexec
Marek Marczykowski 3bce6047b5 dom0/qrexec: properly process data after client terminated one way of transfer
Instead of removing client from list at EPIPE error from write, assume that
client does not wish read future data, but still can write something.
2012-08-27 00:49:45 +02:00
..
.gitignore gitignore 2011-07-10 12:47:09 +02:00
buffer.c qrexec: added comments, made identifiers more verbose 2011-05-04 12:52:54 +02:00
buffer.h qrexec* tools, initial version 2011-03-04 16:32:58 +01:00
exec.c qrexec* tools, initial version 2011-03-04 16:32:58 +01:00
glue.h qrexec: move daemon-specific code out of unix_server.c 2011-07-04 17:06:29 +02:00
Makefile vm(+dom0): major rearrage VM files in repo; merge core-*vm packages 2012-01-06 21:31:12 +01:00
qrexec_agent.c vm/qrexec: better handle the case when child process closes its stdin 2012-08-27 00:48:22 +02:00
qrexec_client_vm.c qrexec: in qrexec_client_vm, need to preserve absolute exe name before execv 2011-07-06 16:51:56 +02:00
qrexec_client.c dom0/qrexec: properly process data after client terminated one way of transfer 2012-08-27 00:49:45 +02:00
qrexec_daemon.c dom0/qrexec: properly process data after client terminated one way of transfer 2012-08-27 00:49:45 +02:00
qrexec_policy dom0/qrexec: implement standalone policy evaluation (#12 pro) 2012-08-18 22:08:26 +02:00
qrexec.h vm: support for magic QUBESRPC command 2012-06-22 22:16:08 +02:00
qubes_rpc_multiplexer dom0+vm: execute qrexec service as shell script 2012-07-14 23:03:43 +02:00
README.rpc qrexec: added qrexec/README.rpc file 2011-07-07 11:14:04 +02:00
txrx-vchan.c qrexec: Use pselect instead of select (#241) 2011-09-01 14:56:19 +02:00
unix_server.c qrexec: move daemon-specific code out of unix_server.c 2011-07-04 17:06:29 +02:00
write_stdin.c vm/qubes-rpc: move set_(non)?block to ioall.c as can be used not only in qrexec 2012-08-25 01:11:22 +02:00

	Currently (after commit 2600134e3bb781fca25fe77e464f8b875741dc83), 
qrexec_agent can request a service (specified by a "exec_index") to be 
executed on a different VM or dom0. Access control is enforced in dom0 via 
files in /etc/qubes_rpc/policy. File copy, Open in Dispvm, sync appmenus, 
upload updates to dom0 - they all have been ported to the new API.
See the quick HOWTO section on how to add a new service. Note we have
qvm-open-in-vm utility practically for free.

CHANGES

	Besides flexibility offered by /etc/qubes_rpc/policy, writing a client
is much simpler now. The workflow used to be (using "filecopy" service as
an example):
a) "filecopy_ui" process places job description in some spool directory, 
signals qrexec_agent to signal qrexec_daemon
b) qrexec_daemon executes "qrexec_client -d domain filecopy_worker ...."
and "filecopy_worker" process needed to parse spool and retrieve job 
description from there. Particularly, "filecopy_ui" had no connection to 
remote.
	Now, the flow is:
a) qrexec_client_vm process obtains 3 unix socket descriptors from 
qrexec_agent, dup stdin/out/err to them; forms "existing_process_handle" from
them
b) qrexec_client_vm signals qrexec_agent to signal qrexec_daemon, with a 
"exec_index" (so, type of service) as an argument
c) qrexec_daemon executed "qrexec_client -d domain -c existing_process_handle ...."
d) qrexec_client_vm execve filecopy_program. 

Thus, there is only one service program, and it has direct access to remote via 
stdin/stdout.

HOWTO

Let's add a new "test.Add" service, that will add two numbers. We need the
following files in the template fs:
==========================
/usr/bin/our_test_add_client:
#!/bin/sh
echo $1 $2
exec cat >&2
# more correct: exec cat >&$SAVED_FD_1, but do not scare the reader
==========================
/usr/bin/our_test_add_server:
#!/bin/sh
read arg1 arg2
echo $(($arg1+$arg2))
==========================
/etc/qubes_rpc/test.Add:
/usr/bin/our_test_add_server

Now, on the client side, we start the client via
/usr/lib/qubes/qrexec_client_vm target_vm test.Add /usr/bin/our_test_add_client 11 22

Because there is no policy yet, dom0 will ask you to create one (of cource you
can do it before the first run of our_test_add_client). So, in dom0, create (by now, 
with a file editor) the /etc/qubes_rpc/policy/test.Add file with
anyvm anyvm ask
content. The format of the /etc/qubes_rpc/policy/* files is
srcvm destvm (allow|deny|ask)[,user=user_to_run_as][,target=VM_to_redirect_to]

You can specify srcvm and destvm by name, or by one of "anyvm", "dispvm", "dom0"
reserved keywords.
Then, when you confirm the operation, you will get the result in the client vm.