Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
61b3a81e82
core-admin/qubes-rpc/qubes-notify-tools
Marek Marczykowski-Górecki 8200b15c61 NotifyTools: handle default user setting 
If the VM provides 'default-user' setting - save it to the VM settings.
2013-11-01 02:32:32 +01:00

83 lines
2.5 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/python2
import os
import re
import sys
from qubes.qubes import QubesVmCollection,QubesException,QubesHVm
from qubes.qubes import xs
def main():
source = os.getenv("QREXEC_REMOTE_DOMAIN")
if source is None:
print >> sys.stderr, 'This script must be called as qrexec service!'
exit(1)
qvm_collection = QubesVmCollection()
qvm_collection.lock_db_for_writing()
try:
qvm_collection.load()
source_vm = qvm_collection.get_vm_by_name(source)
if source_vm is None:
raise QubesException('Domain ' + source + ' does not exists (?!)')
if not isinstance(source_vm, QubesHVm):
raise QubesException('Service qubes.ToolsNotify is designed only for HVM domains')
xs_path = "/local/domain/{0}/qubes-tools".format(source_vm.get_xid())
# for now used only to check for the tools presence
untrusted_version = xs.read('', '{0}/version'.format(xs_path))
# reserved for future use
untrusted_os = xs.read('', '{0}/os'.format(xs_path))
# qrexec agent presence (0 or 1)
untrusted_qrexec = xs.read('', '{0}/qrexec'.format(xs_path))
# gui agent presence (0 or 1)
untrusted_gui = xs.read('', '{0}/gui'.format(xs_path))
# default user for qvm-run etc
untrusted_user = xs.read('', '{0}/default-user'.format(xs_path))
if untrusted_version is None:
# tools didn't advertised its features; it's strange that this
# service is called, but ignore it
return
# any suspicious string will raise exception here
version = int(untrusted_version)
# untrusted_os - ignore for now
if untrusted_qrexec is None:
qrexec = 0
else:
qrexec = int(untrusted_qrexec)
if untrusted_gui is None:
gui = 0
else:
gui = int(untrusted_gui)
if untrusted_user is not None:
if re.match(r'^[a-zA-Z0-9-]+$', untrusted_user):
user = untrusted_user
else:
user = None
# Let the tools to be able to enable *or disable* each particular component
source_vm.qrexec_installed = qrexec > 0
source_vm.guiagent_installed = gui > 0
if user:
source_vm.default_user = user
qvm_collection.save()
except Exception as e:
print >> sys.stderr, e.message
exit(1)
finally:
qvm_collection.unlock_db()
main()
Reference in New Issue View Git Blame Copy Permalink