12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667 |
- #
- # The Qubes OS Project, https://www.qubes-os.org/
- #
- # Copyright (C) 2017 Wojtek Porczyk <woju@invisiblethingslab.com>
- #
- # This library is free software; you can redistribute it and/or
- # modify it under the terms of the GNU Lesser General Public
- # License as published by the Free Software Foundation; either
- # version 2.1 of the License, or (at your option) any later version.
- #
- # This library is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- # Lesser General Public License for more details.
- #
- # You should have received a copy of the GNU Lesser General Public
- # License along with this library; if not, see <https://www.gnu.org/licenses/>.
- #
- '''
- Qubes OS Management API
- '''
- import asyncio
- import functools
- import itertools
- import os
- import string
- import subprocess
- import libvirt
- import lxml.etree
- import pkg_resources
- import yaml
- import qubes.api
- import qubes.backup
- import qubes.config
- import qubes.devices
- import qubes.firewall
- import qubes.storage
- import qubes.utils
- import qubes.vm
- import qubes.vm.adminvm
- import qubes.vm.qubesvm
- class QubesMgmtEventsDispatcher:
- def __init__(self, filters, send_event):
- self.filters = filters
- self.send_event = send_event
- def vm_handler(self, subject, event, **kwargs):
- # do not send internal events
- if event.startswith('admin-permission:'):
- return
- if event.startswith('device-get:'):
- return
- if event.startswith('device-list:'):
- return
- if event.startswith('device-list-attached:'):
- return
- if event in ('domain-is-fully-usable',):
- return
- if not list(qubes.api.apply_filters([(subject, event, kwargs)],
- self.filters)):
- return
- self.send_event(subject, event, **kwargs)
- def app_handler(self, subject, event, **kwargs):
- if not list(qubes.api.apply_filters([(subject, event, kwargs)],
- self.filters)):
- return
- self.send_event(subject, event, **kwargs)
- def on_domain_add(self, subject, event, vm):
- # pylint: disable=unused-argument
- vm.add_handler('*', self.vm_handler)
- def on_domain_delete(self, subject, event, vm):
- # pylint: disable=unused-argument
- vm.remove_handler('*', self.vm_handler)
- class QubesAdminAPI(qubes.api.AbstractQubesAPI):
- """Implementation of Qubes Management API calls
- This class contains all the methods available in the main API.
- .. seealso::
- https://www.qubes-os.org/doc/mgmt1/
- """
- SOCKNAME = '/var/run/qubesd.sock'
- @qubes.api.method('admin.vmclass.List', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def vmclass_list(self):
- """List all VM classes"""
- self.enforce(not self.arg)
- self.enforce(self.dest.name == 'dom0')
- entrypoints = self.fire_event_for_filter(
- pkg_resources.iter_entry_points(qubes.vm.VM_ENTRY_POINT))
- return ''.join('{}\n'.format(ep.name)
- for ep in entrypoints)
- @qubes.api.method('admin.vm.List', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def vm_list(self):
- """List all the domains"""
- self.enforce(not self.arg)
- if self.dest.name == 'dom0':
- domains = self.fire_event_for_filter(self.app.domains)
- else:
- domains = self.fire_event_for_filter([self.dest])
- return ''.join('{} class={} state={}\n'.format(
- vm.name,
- vm.__class__.__name__,
- vm.get_power_state())
- for vm in sorted(domains))
- @qubes.api.method('admin.vm.property.List', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_property_list(self):
- """List all properties on a qube"""
- return self._property_list(self.dest)
- @qubes.api.method('admin.property.List', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def property_list(self):
- """List all global properties"""
- self.enforce(self.dest.name == 'dom0')
- return self._property_list(self.app)
- def _property_list(self, dest):
- self.enforce(not self.arg)
- properties = self.fire_event_for_filter(dest.property_list())
- return ''.join('{}\n'.format(prop.__name__) for prop in properties)
- @qubes.api.method('admin.vm.property.Get', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_property_get(self):
- """Get a value of one property"""
- return self._property_get(self.dest)
- @qubes.api.method('admin.property.Get', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def property_get(self):
- """Get a value of one global property"""
- self.enforce(self.dest.name == 'dom0')
- return self._property_get(self.app)
- def _property_get(self, dest):
- if self.arg not in dest.property_list():
- raise qubes.exc.QubesNoSuchPropertyError(dest, self.arg)
- self.fire_event_for_permission()
- return self._serialize_property(dest, self.arg)
- @staticmethod
- def _serialize_property(dest, prop):
- property_def = dest.property_get_def(prop)
- # explicit list to be sure that it matches protocol spec
- if isinstance(property_def, qubes.vm.VMProperty):
- property_type = 'vm'
- elif property_def.type is int:
- property_type = 'int'
- elif property_def.type is bool:
- property_type = 'bool'
- elif prop == 'label':
- property_type = 'label'
- else:
- property_type = 'str'
- try:
- value = getattr(dest, str(prop))
- except AttributeError:
- return 'default=True type={} '.format(property_type)
- else:
- return 'default={} type={} {}'.format(
- str(dest.property_is_default(prop)),
- property_type,
- str(value) if value is not None else '')
- @qubes.api.method('admin.vm.property.GetAll', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_property_get_all(self):
- """Get values of all VM properties"""
- return self._property_get_all(self.dest)
- @qubes.api.method('admin.property.GetAll', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def property_get_all(self):
- """Get value all global properties"""
- self.enforce(self.dest.name == 'dom0')
- return self._property_get_all(self.app)
- def _property_get_all(self, dest):
- self.enforce(not self.arg)
- properties = dest.property_list()
- properties = self.fire_event_for_filter(properties)
- return ''.join(
- '{} {}\n'.format(str(prop),
- self._serialize_property(dest, prop).
- replace('\\', '\\\\').replace('\n', '\\n'))
- for prop in sorted(properties))
- @qubes.api.method('admin.vm.property.GetDefault', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_property_get_default(self):
- """Get a value of one property"""
- return self._property_get_default(self.dest)
- @qubes.api.method('admin.property.GetDefault', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def property_get_default(self):
- """Get a value of one global property"""
- self.enforce(self.dest.name == 'dom0')
- return self._property_get_default(self.app)
- def _property_get_default(self, dest):
- if self.arg not in dest.property_list():
- raise qubes.exc.QubesNoSuchPropertyError(dest, self.arg)
- self.fire_event_for_permission()
- property_def = dest.property_get_def(self.arg)
- # explicit list to be sure that it matches protocol spec
- if isinstance(property_def, qubes.vm.VMProperty):
- property_type = 'vm'
- elif property_def.type is int:
- property_type = 'int'
- elif property_def.type is bool:
- property_type = 'bool'
- elif self.arg == 'label':
- property_type = 'label'
- else:
- property_type = 'str'
- try:
- value = property_def.get_default(dest)
- except AttributeError:
- return None
- else:
- return 'type={} {}'.format(
- property_type,
- str(value) if value is not None else '')
- @qubes.api.method('admin.vm.property.Set',
- scope='local', write=True)
- @asyncio.coroutine
- def vm_property_set(self, untrusted_payload):
- """Set property value"""
- return self._property_set(self.dest,
- untrusted_payload=untrusted_payload)
- @qubes.api.method('admin.property.Set',
- scope='global', write=True)
- @asyncio.coroutine
- def property_set(self, untrusted_payload):
- """Set property value"""
- self.enforce(self.dest.name == 'dom0')
- return self._property_set(self.app,
- untrusted_payload=untrusted_payload)
- def _property_set(self, dest, untrusted_payload):
- if self.arg not in dest.property_list():
- raise qubes.exc.QubesNoSuchPropertyError(dest, self.arg)
- property_def = dest.property_get_def(self.arg)
- newvalue = property_def.sanitize(untrusted_newvalue=untrusted_payload)
- self.fire_event_for_permission(newvalue=newvalue)
- setattr(dest, self.arg, newvalue)
- self.app.save()
- @qubes.api.method('admin.vm.property.Help', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_property_help(self):
- """Get help for one property"""
- return self._property_help(self.dest)
- @qubes.api.method('admin.property.Help', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def property_help(self):
- """Get help for one property"""
- self.enforce(self.dest.name == 'dom0')
- return self._property_help(self.app)
- def _property_help(self, dest):
- if self.arg not in dest.property_list():
- raise qubes.exc.QubesNoSuchPropertyError(dest, self.arg)
- self.fire_event_for_permission()
- try:
- doc = dest.property_get_def(self.arg).__doc__
- except AttributeError:
- return ''
- return qubes.utils.format_doc(doc)
- @qubes.api.method('admin.vm.property.Reset', no_payload=True,
- scope='local', write=True)
- @asyncio.coroutine
- def vm_property_reset(self):
- """Reset a property to a default value"""
- return self._property_reset(self.dest)
- @qubes.api.method('admin.property.Reset', no_payload=True,
- scope='global', write=True)
- @asyncio.coroutine
- def property_reset(self):
- """Reset a property to a default value"""
- self.enforce(self.dest.name == 'dom0')
- return self._property_reset(self.app)
- def _property_reset(self, dest):
- if self.arg not in dest.property_list():
- raise qubes.exc.QubesNoSuchPropertyError(dest, self.arg)
- self.fire_event_for_permission()
- delattr(dest, self.arg)
- self.app.save()
- @qubes.api.method('admin.vm.volume.List', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_volume_list(self):
- self.enforce(not self.arg)
- volume_names = self.fire_event_for_filter(self.dest.volumes.keys())
- return ''.join('{}\n'.format(name) for name in volume_names)
- @qubes.api.method('admin.vm.volume.Info', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_volume_info(self):
- self.enforce(self.arg in self.dest.volumes.keys())
- self.fire_event_for_permission()
- volume = self.dest.volumes[self.arg]
- # properties defined in API
- volume_properties = [
- 'pool', 'vid', 'size', 'usage', 'rw', 'source', 'path',
- 'save_on_stop', 'snap_on_start', 'revisions_to_keep']
- def _serialize(value):
- if callable(value):
- value = value()
- if value is None:
- value = ''
- return str(value)
- info = ''.join('{}={}\n'.format(key, _serialize(getattr(volume, key)))
- for key in volume_properties)
- try:
- info += 'is_outdated={}\n'.format(volume.is_outdated())
- except NotImplementedError:
- pass
- return info
- @qubes.api.method('admin.vm.volume.ListSnapshots', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_volume_listsnapshots(self):
- self.enforce(self.arg in self.dest.volumes.keys())
- volume = self.dest.volumes[self.arg]
- id_to_timestamp = volume.revisions
- revisions = sorted(id_to_timestamp, key=id_to_timestamp.__getitem__)
- revisions = self.fire_event_for_filter(revisions)
- return ''.join('{}\n'.format(revision) for revision in revisions)
- @qubes.api.method('admin.vm.volume.Revert',
- scope='local', write=True)
- @asyncio.coroutine
- def vm_volume_revert(self, untrusted_payload):
- self.enforce(self.arg in self.dest.volumes.keys())
- untrusted_revision = untrusted_payload.decode('ascii').strip()
- del untrusted_payload
- volume = self.dest.volumes[self.arg]
- snapshots = volume.revisions
- self.enforce(untrusted_revision in snapshots)
- revision = untrusted_revision
- self.fire_event_for_permission(volume=volume, revision=revision)
- yield from qubes.utils.coro_maybe(volume.revert(revision))
- self.app.save()
- # write=True because this allow to clone VM - and most likely modify that
- # one - still having the same data
- @qubes.api.method('admin.vm.volume.CloneFrom', no_payload=True,
- scope='local', write=True)
- @asyncio.coroutine
- def vm_volume_clone_from(self):
- self.enforce(self.arg in self.dest.volumes.keys())
- volume = self.dest.volumes[self.arg]
- self.fire_event_for_permission(volume=volume)
- token = qubes.utils.random_string(32)
- # save token on self.app, as self is not persistent
- if not hasattr(self.app, 'api_admin_pending_clone'):
- self.app.api_admin_pending_clone = {}
- # don't handle collisions any better - if someone is so much out of
- # luck, can try again anyway
- self.enforce(token not in self.app.api_admin_pending_clone)
- self.app.api_admin_pending_clone[token] = volume
- return token
- @qubes.api.method('admin.vm.volume.CloneTo',
- scope='local', write=True)
- @asyncio.coroutine
- def vm_volume_clone_to(self, untrusted_payload):
- self.enforce(self.arg in self.dest.volumes.keys())
- untrusted_token = untrusted_payload.decode('ascii').strip()
- del untrusted_payload
- self.enforce(
- untrusted_token in getattr(self.app, 'api_admin_pending_clone', {}))
- token = untrusted_token
- del untrusted_token
- src_volume = self.app.api_admin_pending_clone[token]
- del self.app.api_admin_pending_clone[token]
- # make sure the volume still exists, but invalidate token anyway
- self.enforce(str(src_volume.pool) in self.app.pools)
- self.enforce(src_volume in self.app.pools[str(src_volume.pool)].volumes)
- dst_volume = self.dest.volumes[self.arg]
- self.fire_event_for_permission(src_volume=src_volume,
- dst_volume=dst_volume)
- self.dest.volumes[self.arg] = yield from qubes.utils.coro_maybe(
- dst_volume.import_volume(src_volume))
- self.app.save()
- @qubes.api.method('admin.vm.volume.Resize',
- scope='local', write=True)
- @asyncio.coroutine
- def vm_volume_resize(self, untrusted_payload):
- self.enforce(self.arg in self.dest.volumes.keys())
- untrusted_size = untrusted_payload.decode('ascii').strip()
- del untrusted_payload
- self.enforce(untrusted_size.isdigit()) # only digits, forbid '-' too
- self.enforce(len(untrusted_size) <= 20) # limit to about 2^64
- size = int(untrusted_size)
- self.fire_event_for_permission(size=size)
- try:
- yield from self.dest.storage.resize(self.arg, size)
- finally: # even if calling qubes.ResizeDisk inside the VM failed
- self.app.save()
- @qubes.api.method('admin.vm.volume.Set.revisions_to_keep',
- scope='local', write=True)
- @asyncio.coroutine
- def vm_volume_set_revisions_to_keep(self, untrusted_payload):
- self.enforce(self.arg in self.dest.volumes.keys())
- try:
- untrusted_value = int(untrusted_payload.decode('ascii'))
- except (UnicodeDecodeError, ValueError):
- raise qubes.api.ProtocolError('Invalid value')
- del untrusted_payload
- self.enforce(untrusted_value >= 0)
- newvalue = untrusted_value
- del untrusted_value
- self.fire_event_for_permission(newvalue=newvalue)
- self.dest.volumes[self.arg].revisions_to_keep = newvalue
- self.app.save()
- @qubes.api.method('admin.vm.volume.Set.rw',
- scope='local', write=True)
- @asyncio.coroutine
- def vm_volume_set_rw(self, untrusted_payload):
- self.enforce(self.arg in self.dest.volumes.keys())
- try:
- newvalue = qubes.property.bool(None, None,
- untrusted_payload.decode('ascii'))
- except (UnicodeDecodeError, ValueError):
- raise qubes.api.ProtocolError('Invalid value')
- del untrusted_payload
- self.fire_event_for_permission(newvalue=newvalue)
- if not self.dest.is_halted():
- raise qubes.exc.QubesVMNotHaltedError(self.dest)
- self.dest.volumes[self.arg].rw = newvalue
- self.app.save()
- @qubes.api.method('admin.vm.tag.List', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_tag_list(self):
- self.enforce(not self.arg)
- tags = self.dest.tags
- tags = self.fire_event_for_filter(tags)
- return ''.join('{}\n'.format(tag) for tag in sorted(tags))
- @qubes.api.method('admin.vm.tag.Get', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_tag_get(self):
- qubes.vm.Tags.validate_tag(self.arg)
- self.fire_event_for_permission()
- return '1' if self.arg in self.dest.tags else '0'
- @qubes.api.method('admin.vm.tag.Set', no_payload=True,
- scope='local', write=True)
- @asyncio.coroutine
- def vm_tag_set(self):
- qubes.vm.Tags.validate_tag(self.arg)
- self.fire_event_for_permission()
- self.dest.tags.add(self.arg)
- self.app.save()
- @qubes.api.method('admin.vm.tag.Remove', no_payload=True,
- scope='local', write=True)
- @asyncio.coroutine
- def vm_tag_remove(self):
- qubes.vm.Tags.validate_tag(self.arg)
- self.fire_event_for_permission()
- try:
- self.dest.tags.remove(self.arg)
- except KeyError:
- raise qubes.exc.QubesTagNotFoundError(self.dest, self.arg)
- self.app.save()
- @qubes.api.method('admin.vm.Console', no_payload=True,
- scope='local', write=True)
- @asyncio.coroutine
- def vm_console(self):
- self.enforce(not self.arg)
- self.fire_event_for_permission()
- if not self.dest.is_running():
- raise qubes.exc.QubesVMNotRunningError(self.dest)
- xml_desc = lxml.etree.fromstring(self.dest.libvirt_domain.XMLDesc())
- ttypath = xml_desc.xpath('string(/domain/devices/console/@tty)')
- # this value is returned to /etc/qubes-rpc/admin.vm.Console script,
- # which will call socat on it
- return ttypath
- @qubes.api.method('admin.pool.List', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def pool_list(self):
- self.enforce(not self.arg)
- self.enforce(self.dest.name == 'dom0')
- pools = self.fire_event_for_filter(self.app.pools)
- return ''.join('{}\n'.format(pool) for pool in pools)
- @qubes.api.method('admin.pool.ListDrivers', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def pool_listdrivers(self):
- self.enforce(self.dest.name == 'dom0')
- self.enforce(not self.arg)
- drivers = self.fire_event_for_filter(qubes.storage.pool_drivers())
- return ''.join('{} {}\n'.format(
- driver,
- ' '.join(qubes.storage.driver_parameters(driver)))
- for driver in drivers)
- @qubes.api.method('admin.pool.Info', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def pool_info(self):
- self.enforce(self.dest.name == 'dom0')
- self.enforce(self.arg in self.app.pools.keys())
- pool = self.app.pools[self.arg]
- self.fire_event_for_permission(pool=pool)
- other_info = ''
- # Deprecated: remove this when all tools using this call are updated
- pool_size = pool.size
- if pool_size is not None:
- other_info += 'size={}\n'.format(pool_size)
- pool_usage = pool.usage
- if pool_usage is not None:
- other_info += 'usage={}\n'.format(pool_usage)
- try:
- included_in = pool.included_in(self.app)
- if included_in:
- other_info += 'included_in={}\n'.format(str(included_in))
- except NotImplementedError:
- pass
- return ''.join('{}={}\n'.format(prop, val)
- for prop, val in sorted(pool.config.items())) + \
- other_info
- @qubes.api.method('admin.pool.UsageDetails', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def pool_usage(self):
- self.enforce(self.dest.name == 'dom0')
- self.enforce(self.arg in self.app.pools.keys())
- pool = self.app.pools[self.arg]
- self.fire_event_for_permission(pool=pool)
- usage = ''
- pool_details = pool.usage_details
- for name in sorted(pool_details):
- usage += '{}={}\n'.format(name, pool_details[name])
- return usage
- @qubes.api.method('admin.pool.Add',
- scope='global', write=True)
- @asyncio.coroutine
- def pool_add(self, untrusted_payload):
- self.enforce(self.dest.name == 'dom0')
- drivers = qubes.storage.pool_drivers()
- self.enforce(self.arg in drivers)
- untrusted_pool_config = untrusted_payload.decode('ascii').splitlines()
- del untrusted_payload
- self.enforce(all(('=' in line) for line in untrusted_pool_config))
- # pairs of (option, value)
- untrusted_pool_config = [line.split('=', 1)
- for line in untrusted_pool_config]
- # reject duplicated options
- self.enforce(
- len(set(x[0] for x in untrusted_pool_config)) ==
- len([x[0] for x in untrusted_pool_config]))
- # and convert to dict
- untrusted_pool_config = dict(untrusted_pool_config)
- self.enforce('name' in untrusted_pool_config)
- untrusted_pool_name = untrusted_pool_config.pop('name')
- allowed_chars = string.ascii_letters + string.digits + '-_.'
- self.enforce(all(c in allowed_chars for c in untrusted_pool_name))
- pool_name = untrusted_pool_name
- self.enforce(pool_name not in self.app.pools)
- driver_parameters = qubes.storage.driver_parameters(self.arg)
- unexpected_parameters = [key for key in untrusted_pool_config
- if key not in driver_parameters]
- if unexpected_parameters:
- raise qubes.exc.QubesException(
- 'unexpected driver options: ' + ' '.join(unexpected_parameters))
- pool_config = untrusted_pool_config
- self.fire_event_for_permission(name=pool_name,
- pool_config=pool_config)
- yield from self.app.add_pool(name=pool_name, driver=self.arg,
- **pool_config)
- self.app.save()
- @qubes.api.method('admin.pool.Remove', no_payload=True,
- scope='global', write=True)
- @asyncio.coroutine
- def pool_remove(self):
- self.enforce(self.dest.name == 'dom0')
- self.enforce(self.arg in self.app.pools.keys())
- self.fire_event_for_permission()
- yield from self.app.remove_pool(self.arg)
- self.app.save()
- @qubes.api.method('admin.pool.volume.List', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def pool_volume_list(self):
- self.enforce(self.dest.name == 'dom0')
- self.enforce(self.arg in self.app.pools.keys())
- pool = self.app.pools[self.arg]
- volume_names = self.fire_event_for_filter(pool.volumes.keys())
- return ''.join('{}\n'.format(name) for name in volume_names)
- @qubes.api.method('admin.pool.Set.revisions_to_keep',
- scope='global', write=True)
- @asyncio.coroutine
- def pool_set_revisions_to_keep(self, untrusted_payload):
- self.enforce(self.dest.name == 'dom0')
- self.enforce(self.arg in self.app.pools.keys())
- pool = self.app.pools[self.arg]
- try:
- untrusted_value = int(untrusted_payload.decode('ascii'))
- except (UnicodeDecodeError, ValueError):
- raise qubes.api.ProtocolError('Invalid value')
- del untrusted_payload
- self.enforce(untrusted_value >= 0)
- newvalue = untrusted_value
- del untrusted_value
- self.fire_event_for_permission(newvalue=newvalue)
- pool.revisions_to_keep = newvalue
- self.app.save()
- @qubes.api.method('admin.label.List', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def label_list(self):
- self.enforce(self.dest.name == 'dom0')
- self.enforce(not self.arg)
- labels = self.fire_event_for_filter(self.app.labels.values())
- return ''.join('{}\n'.format(label.name) for label in labels)
- @qubes.api.method('admin.label.Get', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def label_get(self):
- self.enforce(self.dest.name == 'dom0')
- try:
- label = self.app.get_label(self.arg)
- except KeyError:
- raise qubes.exc.QubesValueError
- self.fire_event_for_permission(label=label)
- return label.color
- @qubes.api.method('admin.label.Index', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def label_index(self):
- self.enforce(self.dest.name == 'dom0')
- try:
- label = self.app.get_label(self.arg)
- except KeyError:
- raise qubes.exc.QubesValueError
- self.fire_event_for_permission(label=label)
- return str(label.index)
- @qubes.api.method('admin.label.Create',
- scope='global', write=True)
- @asyncio.coroutine
- def label_create(self, untrusted_payload):
- self.enforce(self.dest.name == 'dom0')
- # don't confuse label name with label index
- self.enforce(not self.arg.isdigit())
- allowed_chars = string.ascii_letters + string.digits + '-_.'
- self.enforce(all(c in allowed_chars for c in self.arg))
- try:
- self.app.get_label(self.arg)
- except KeyError:
- # ok, no such label yet
- pass
- else:
- raise qubes.exc.QubesValueError('label already exists')
- untrusted_payload = untrusted_payload.decode('ascii').strip()
- self.enforce(len(untrusted_payload) == 8)
- self.enforce(untrusted_payload.startswith('0x'))
- # besides prefix, only hex digits are allowed
- self.enforce(all(x in string.hexdigits for x in untrusted_payload[2:]))
- # SEE: #2732
- color = untrusted_payload
- self.fire_event_for_permission(color=color)
- # allocate new index, but make sure it's outside of default labels set
- new_index = max(
- qubes.config.max_default_label, *self.app.labels.keys()) + 1
- label = qubes.Label(new_index, color, self.arg)
- self.app.labels[new_index] = label
- self.app.save()
- @qubes.api.method('admin.label.Remove', no_payload=True,
- scope='global', write=True)
- @asyncio.coroutine
- def label_remove(self):
- self.enforce(self.dest.name == 'dom0')
- try:
- label = self.app.get_label(self.arg)
- except KeyError:
- raise qubes.exc.QubesValueError
- # don't allow removing default labels
- self.enforce(label.index > qubes.config.max_default_label)
- # FIXME: this should be in app.add_label()
- for vm in self.app.domains:
- if vm.label == label:
- raise qubes.exc.QubesException('label still in use')
- self.fire_event_for_permission(label=label)
- del self.app.labels[label.index]
- self.app.save()
- @qubes.api.method('admin.vm.Start', no_payload=True,
- scope='local', execute=True)
- @asyncio.coroutine
- def vm_start(self):
- self.enforce(not self.arg)
- self.fire_event_for_permission()
- try:
- yield from self.dest.start()
- except libvirt.libvirtError as e:
- # change to QubesException, so will be reported to the user
- raise qubes.exc.QubesException('Start failed: ' + str(e) +
- ', see /var/log/libvirt/libxl/libxl-driver.log for details')
- @qubes.api.method('admin.vm.Shutdown', no_payload=True,
- scope='local', execute=True)
- @asyncio.coroutine
- def vm_shutdown(self):
- force = (self.arg == 'force')
- self.fire_event_for_permission(force=force)
- yield from self.dest.shutdown(force=force)
- @qubes.api.method('admin.vm.Pause', no_payload=True,
- scope='local', execute=True)
- @asyncio.coroutine
- def vm_pause(self):
- self.enforce(not self.arg)
- self.fire_event_for_permission()
- yield from self.dest.pause()
- @qubes.api.method('admin.vm.Unpause', no_payload=True,
- scope='local', execute=True)
- @asyncio.coroutine
- def vm_unpause(self):
- self.enforce(not self.arg)
- self.fire_event_for_permission()
- yield from self.dest.unpause()
- @qubes.api.method('admin.vm.Kill', no_payload=True,
- scope='local', execute=True)
- @asyncio.coroutine
- def vm_kill(self):
- self.enforce(not self.arg)
- self.fire_event_for_permission()
- yield from self.dest.kill()
- @qubes.api.method('admin.Events', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def events(self):
- self.enforce(not self.arg)
- # run until client connection is terminated
- self.cancellable = True
- wait_for_cancel = asyncio.get_event_loop().create_future()
- # cache event filters, to not call an event each time an event arrives
- event_filters = self.fire_event_for_permission()
- dispatcher = QubesMgmtEventsDispatcher(event_filters, self.send_event)
- if self.dest.name == 'dom0':
- self.app.add_handler('*', dispatcher.app_handler)
- self.app.add_handler('domain-add', dispatcher.on_domain_add)
- self.app.add_handler('domain-delete', dispatcher.on_domain_delete)
- for vm in self.app.domains:
- vm.add_handler('*', dispatcher.vm_handler)
- else:
- self.dest.add_handler('*', dispatcher.vm_handler)
- # send artificial event as a confirmation that connection is established
- self.send_event(self.app, 'connection-established')
- try:
- yield from wait_for_cancel
- except asyncio.CancelledError:
- # the above waiting was already interrupted, this is all we need
- pass
- if self.dest.name == 'dom0':
- self.app.remove_handler('*', dispatcher.app_handler)
- self.app.remove_handler('domain-add', dispatcher.on_domain_add)
- self.app.remove_handler('domain-delete',
- dispatcher.on_domain_delete)
- for vm in self.app.domains:
- vm.remove_handler('*', dispatcher.vm_handler)
- else:
- self.dest.remove_handler('*', dispatcher.vm_handler)
- @qubes.api.method('admin.vm.feature.List', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_feature_list(self):
- self.enforce(not self.arg)
- features = self.fire_event_for_filter(self.dest.features.keys())
- return ''.join('{}\n'.format(feature) for feature in features)
- @qubes.api.method('admin.vm.feature.Get', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_feature_get(self):
- # validation of self.arg done by qrexec-policy is enough
- self.fire_event_for_permission()
- try:
- value = self.dest.features[self.arg]
- except KeyError:
- raise qubes.exc.QubesFeatureNotFoundError(self.dest, self.arg)
- return value
- @qubes.api.method('admin.vm.feature.CheckWithTemplate', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_feature_checkwithtemplate(self):
- # validation of self.arg done by qrexec-policy is enough
- self.fire_event_for_permission()
- try:
- value = self.dest.features.check_with_template(self.arg)
- except KeyError:
- raise qubes.exc.QubesFeatureNotFoundError(self.dest, self.arg)
- return value
- @qubes.api.method('admin.vm.feature.CheckWithNetvm', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_feature_checkwithnetvm(self):
- # validation of self.arg done by qrexec-policy is enough
- self.fire_event_for_permission()
- try:
- value = self.dest.features.check_with_netvm(self.arg)
- except KeyError:
- raise qubes.exc.QubesFeatureNotFoundError(self.dest, self.arg)
- return value
- @qubes.api.method('admin.vm.feature.CheckWithAdminVM', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_feature_checkwithadminvm(self):
- # validation of self.arg done by qrexec-policy is enough
- self.fire_event_for_permission()
- try:
- value = self.dest.features.check_with_adminvm(self.arg)
- except KeyError:
- raise qubes.exc.QubesFeatureNotFoundError(self.dest, self.arg)
- return value
- @qubes.api.method('admin.vm.feature.CheckWithTemplateAndAdminVM',
- no_payload=True, scope='local', read=True)
- @asyncio.coroutine
- def vm_feature_checkwithtpladminvm(self):
- # validation of self.arg done by qrexec-policy is enough
- self.fire_event_for_permission()
- try:
- value = self.dest.features.check_with_template_and_adminvm(self.arg)
- except KeyError:
- raise qubes.exc.QubesFeatureNotFoundError(self.dest, self.arg)
- return value
- @qubes.api.method('admin.vm.feature.Remove', no_payload=True,
- scope='local', write=True)
- @asyncio.coroutine
- def vm_feature_remove(self):
- # validation of self.arg done by qrexec-policy is enough
- self.fire_event_for_permission()
- try:
- del self.dest.features[self.arg]
- except KeyError:
- raise qubes.exc.QubesFeatureNotFoundError(self.dest, self.arg)
- self.app.save()
- @qubes.api.method('admin.vm.feature.Set',
- scope='local', write=True)
- @asyncio.coroutine
- def vm_feature_set(self, untrusted_payload):
- # validation of self.arg done by qrexec-policy is enough
- value = untrusted_payload.decode('ascii', errors='strict')
- del untrusted_payload
- self.fire_event_for_permission(value=value)
- self.dest.features[self.arg] = value
- self.app.save()
- @qubes.api.method('admin.vm.Create.{endpoint}', endpoints=(ep.name
- for ep in pkg_resources.iter_entry_points(qubes.vm.VM_ENTRY_POINT)),
- scope='global', write=True)
- @asyncio.coroutine
- def vm_create(self, endpoint, untrusted_payload=None):
- return self._vm_create(endpoint, allow_pool=False,
- untrusted_payload=untrusted_payload)
- @qubes.api.method('admin.vm.CreateInPool.{endpoint}', endpoints=(ep.name
- for ep in pkg_resources.iter_entry_points(qubes.vm.VM_ENTRY_POINT)),
- scope='global', write=True)
- @asyncio.coroutine
- def vm_create_in_pool(self, endpoint, untrusted_payload=None):
- return self._vm_create(endpoint, allow_pool=True,
- untrusted_payload=untrusted_payload)
- def _vm_create(self, vm_type, allow_pool=False, untrusted_payload=None):
- self.enforce(self.dest.name == 'dom0')
- kwargs = {}
- pool = None
- pools = {}
- # this will raise exception if none is found
- vm_class = qubes.utils.get_entry_point_one(qubes.vm.VM_ENTRY_POINT,
- vm_type)
- # if argument is given, it needs to be a valid template, and only
- # when given VM class do need a template
- if self.arg:
- if hasattr(vm_class, 'template'):
- if self.arg not in self.app.domains:
- raise qubes.api.PermissionDenied(
- 'Template {} does not exist'.format(self.arg))
- kwargs['template'] = self.app.domains[self.arg]
- else:
- raise qubes.exc.QubesValueError(
- '{} cannot be based on template'.format(vm_type))
- for untrusted_param in untrusted_payload.decode('ascii',
- errors='strict').split(' '):
- untrusted_key, untrusted_value = untrusted_param.split('=', 1)
- if untrusted_key in kwargs:
- raise qubes.api.ProtocolError('duplicated parameters')
- if untrusted_key == 'name':
- qubes.vm.validate_name(None, None, untrusted_value)
- kwargs['name'] = untrusted_value
- elif untrusted_key == 'label':
- # don't confuse label name with label index
- self.enforce(not untrusted_value.isdigit())
- allowed_chars = string.ascii_letters + string.digits + '-_.'
- self.enforce(all(c in allowed_chars for c in untrusted_value))
- try:
- kwargs['label'] = self.app.get_label(untrusted_value)
- except KeyError:
- raise qubes.exc.QubesValueError
- elif untrusted_key == 'pool' and allow_pool:
- if pool is not None:
- raise qubes.api.ProtocolError('duplicated pool parameter')
- pool = self.app.get_pool(untrusted_value)
- elif untrusted_key.startswith('pool:') and allow_pool:
- untrusted_volume = untrusted_key.split(':', 1)[1]
- # kind of ugly, but actual list of volumes is available only
- # after creating a VM
- self.enforce(untrusted_volume in [
- 'root', 'private', 'volatile', 'kernel'])
- volume = untrusted_volume
- if volume in pools:
- raise qubes.api.ProtocolError(
- 'duplicated pool:{} parameter'.format(volume))
- pools[volume] = self.app.get_pool(untrusted_value)
- else:
- raise qubes.api.ProtocolError('Invalid param name')
- del untrusted_payload
- if 'name' not in kwargs or 'label' not in kwargs:
- raise qubes.api.ProtocolError('Missing name or label')
- if pool and pools:
- raise qubes.api.ProtocolError(
- 'Only one of \'pool=\' and \'pool:volume=\' can be used')
- if kwargs['name'] in self.app.domains:
- raise qubes.exc.QubesValueError(
- 'VM {} already exists'.format(kwargs['name']))
- self.fire_event_for_permission(pool=pool, pools=pools, **kwargs)
- vm = self.app.add_new_vm(vm_class, **kwargs)
- # TODO: move this to extension (in race-free fashion)
- vm.tags.add('created-by-' + str(self.src))
- try:
- yield from vm.create_on_disk(pool=pool, pools=pools)
- except:
- del self.app.domains[vm]
- raise
- self.app.save()
- @qubes.api.method('admin.vm.CreateDisposable', no_payload=True,
- scope='global', write=True)
- @asyncio.coroutine
- def create_disposable(self):
- self.enforce(not self.arg)
- if self.dest.name == 'dom0':
- dispvm_template = self.src.default_dispvm
- else:
- dispvm_template = self.dest
- self.fire_event_for_permission(dispvm_template=dispvm_template)
- dispvm = yield from qubes.vm.dispvm.DispVM.from_appvm(dispvm_template)
- # TODO: move this to extension (in race-free fashion, better than here)
- dispvm.tags.add('disp-created-by-' + str(self.src))
- return dispvm.name
- @qubes.api.method('admin.vm.Remove', no_payload=True,
- scope='global', write=True)
- @asyncio.coroutine
- def vm_remove(self):
- self.enforce(not self.arg)
- self.fire_event_for_permission()
- with (yield from self.dest.startup_lock):
- if not self.dest.is_halted():
- raise qubes.exc.QubesVMNotHaltedError(self.dest)
- if self.dest.installed_by_rpm:
- raise qubes.exc.QubesVMInUseError(self.dest,
- "VM installed by package manager: " + self.dest.name)
- del self.app.domains[self.dest]
- try:
- yield from self.dest.remove_from_disk()
- except: # pylint: disable=bare-except
- self.app.log.exception('Error while removing VM \'%s\' files',
- self.dest.name)
- self.app.save()
- @qubes.api.method('admin.deviceclass.List', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def deviceclass_list(self):
- """List all DEVICES classes"""
- self.enforce(not self.arg)
- self.enforce(self.dest.name == 'dom0')
- entrypoints = self.fire_event_for_filter(
- pkg_resources.iter_entry_points('qubes.devices'))
- return ''.join('{}\n'.format(ep.name) for ep in entrypoints)
- @qubes.api.method('admin.vm.device.{endpoint}.Available', endpoints=(ep.name
- for ep in pkg_resources.iter_entry_points('qubes.devices')),
- no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_device_available(self, endpoint):
- devclass = endpoint
- devices = self.dest.devices[devclass].available()
- if self.arg:
- devices = [dev for dev in devices if dev.ident == self.arg]
- # no duplicated devices, but device may not exists, in which case
- # the list is empty
- self.enforce(len(devices) <= 1)
- devices = self.fire_event_for_filter(devices, devclass=devclass)
- dev_info = {}
- for dev in devices:
- non_default_attrs = set(attr for attr in dir(dev) if
- not attr.startswith('_')).difference((
- 'backend_domain', 'ident', 'frontend_domain',
- 'description', 'options', 'regex'))
- properties_txt = ' '.join(
- '{}={!s}'.format(prop, value) for prop, value
- in itertools.chain(
- ((key, getattr(dev, key)) for key in non_default_attrs),
- # keep description as the last one, according to API
- # specification
- (('description', dev.description),)
- ))
- self.enforce('\n' not in properties_txt)
- dev_info[dev.ident] = properties_txt
- return ''.join('{} {}\n'.format(ident, dev_info[ident])
- for ident in sorted(dev_info))
- @qubes.api.method('admin.vm.device.{endpoint}.List', endpoints=(ep.name
- for ep in pkg_resources.iter_entry_points('qubes.devices')),
- no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_device_list(self, endpoint):
- devclass = endpoint
- device_assignments = self.dest.devices[devclass].assignments()
- if self.arg:
- select_backend, select_ident = self.arg.split('+', 1)
- device_assignments = [dev for dev in device_assignments
- if (str(dev.backend_domain), dev.ident)
- == (select_backend, select_ident)]
- # no duplicated devices, but device may not exists, in which case
- # the list is empty
- self.enforce(len(device_assignments) <= 1)
- device_assignments = self.fire_event_for_filter(device_assignments,
- devclass=devclass)
- dev_info = {}
- for dev in device_assignments:
- properties_txt = ' '.join(
- '{}={!s}'.format(opt, value) for opt, value
- in itertools.chain(
- dev.options.items(),
- (('persistent', 'yes' if dev.persistent else 'no'),)
- ))
- self.enforce('\n' not in properties_txt)
- ident = '{!s}+{!s}'.format(dev.backend_domain, dev.ident)
- dev_info[ident] = properties_txt
- return ''.join('{} {}\n'.format(ident, dev_info[ident])
- for ident in sorted(dev_info))
- # Attach/Detach action can both modify persistent state (with
- # persistent=True) and volatile state of running VM (with persistent=False).
- # For this reason, write=True + execute=True
- @qubes.api.method('admin.vm.device.{endpoint}.Attach', endpoints=(ep.name
- for ep in pkg_resources.iter_entry_points('qubes.devices')),
- scope='local', write=True, execute=True)
- @asyncio.coroutine
- def vm_device_attach(self, endpoint, untrusted_payload):
- devclass = endpoint
- options = {}
- persistent = False
- for untrusted_option in untrusted_payload.decode('ascii').split():
- try:
- untrusted_key, untrusted_value = untrusted_option.split('=', 1)
- except ValueError:
- raise qubes.api.ProtocolError('Invalid options format')
- if untrusted_key == 'persistent':
- persistent = qubes.property.bool(None, None, untrusted_value)
- else:
- allowed_chars_key = string.digits + string.ascii_letters + '-_.'
- allowed_chars_value = allowed_chars_key + ',+:'
- if any(x not in allowed_chars_key for x in untrusted_key):
- raise qubes.api.ProtocolError(
- 'Invalid chars in option name')
- if any(x not in allowed_chars_value for x in untrusted_value):
- raise qubes.api.ProtocolError(
- 'Invalid chars in option value')
- options[untrusted_key] = untrusted_value
- # qrexec already verified that no strange characters are in self.arg
- backend_domain, ident = self.arg.split('+', 1)
- # may raise KeyError, either on domain or ident
- dev = self.app.domains[backend_domain].devices[devclass][ident]
- self.fire_event_for_permission(device=dev,
- devclass=devclass, persistent=persistent,
- options=options)
- assignment = qubes.devices.DeviceAssignment(
- dev.backend_domain, dev.ident,
- options=options, persistent=persistent)
- yield from self.dest.devices[devclass].attach(assignment)
- self.app.save()
- # Attach/Detach action can both modify persistent state (with
- # persistent=True) and volatile state of running VM (with persistent=False).
- # For this reason, write=True + execute=True
- @qubes.api.method('admin.vm.device.{endpoint}.Detach', endpoints=(ep.name
- for ep in pkg_resources.iter_entry_points('qubes.devices')),
- no_payload=True,
- scope='local', write=True, execute=True)
- @asyncio.coroutine
- def vm_device_detach(self, endpoint):
- devclass = endpoint
- # qrexec already verified that no strange characters are in self.arg
- backend_domain, ident = self.arg.split('+', 1)
- # may raise KeyError; if device isn't found, it will be UnknownDevice
- # instance - but allow it, otherwise it will be impossible to detach
- # already removed device
- dev = self.app.domains[backend_domain].devices[devclass][ident]
- self.fire_event_for_permission(device=dev,
- devclass=devclass)
- assignment = qubes.devices.DeviceAssignment(
- dev.backend_domain, dev.ident)
- yield from self.dest.devices[devclass].detach(assignment)
- self.app.save()
- # Attach/Detach action can both modify persistent state (with
- # persistent=True) and volatile state of running VM (with persistent=False).
- # For this reason, write=True + execute=True
- @qubes.api.method('admin.vm.device.{endpoint}.Set.persistent',
- endpoints=(ep.name
- for ep in pkg_resources.iter_entry_points('qubes.devices')),
- scope='local', write=True, execute=True)
- @asyncio.coroutine
- def vm_device_set_persistent(self, endpoint, untrusted_payload):
- devclass = endpoint
- self.enforce(untrusted_payload in (b'True', b'False'))
- persistent = untrusted_payload == b'True'
- del untrusted_payload
- # qrexec already verified that no strange characters are in self.arg
- backend_domain, ident = self.arg.split('+', 1)
- # device must be already attached
- matching_devices = [dev for dev
- in self.dest.devices[devclass].attached()
- if dev.backend_domain.name == backend_domain and dev.ident == ident]
- self.enforce(len(matching_devices) == 1)
- dev = matching_devices[0]
- self.fire_event_for_permission(device=dev,
- persistent=persistent)
- self.dest.devices[devclass].update_persistent(dev, persistent)
- self.app.save()
- @qubes.api.method('admin.vm.firewall.Get', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_firewall_get(self):
- self.enforce(not self.arg)
- self.fire_event_for_permission()
- return ''.join('{}\n'.format(rule.api_rule)
- for rule in self.dest.firewall.rules
- if rule.api_rule is not None)
- @qubes.api.method('admin.vm.firewall.Set',
- scope='local', write=True)
- @asyncio.coroutine
- def vm_firewall_set(self, untrusted_payload):
- self.enforce(not self.arg)
- rules = []
- for untrusted_line in untrusted_payload.decode('ascii',
- errors='strict').splitlines():
- rule = qubes.firewall.Rule.from_api_string(
- untrusted_rule=untrusted_line)
- rules.append(rule)
- self.fire_event_for_permission(rules=rules)
- self.dest.firewall.rules = rules
- self.dest.firewall.save()
- @qubes.api.method('admin.vm.firewall.Reload', no_payload=True,
- scope='local', execute=True)
- @asyncio.coroutine
- def vm_firewall_reload(self):
- self.enforce(not self.arg)
- self.fire_event_for_permission()
- self.dest.fire_event('firewall-changed')
- @asyncio.coroutine
- def _load_backup_profile(self, profile_name, skip_passphrase=False):
- """Load backup profile and return :py:class:`qubes.backup.Backup`
- instance
- :param profile_name: name of the profile
- :param skip_passphrase: do not load passphrase - only backup summary
- can be retrieved when this option is in use
- """
- profile_path = os.path.join(
- qubes.config.backup_profile_dir, profile_name + '.conf')
- with open(profile_path) as profile_file:
- profile_data = yaml.safe_load(profile_file)
- try:
- dest_vm = profile_data['destination_vm']
- dest_path = profile_data['destination_path']
- include_vms = profile_data['include']
- if include_vms is not None:
- # convert old keywords to new keywords
- include_vms = [vm.replace('$', '@') for vm in include_vms]
- exclude_vms = profile_data.get('exclude', [])
- # convert old keywords to new keywords
- exclude_vms = [vm.replace('$', '@') for vm in exclude_vms]
- compression = profile_data.get('compression', True)
- except KeyError as err:
- raise qubes.exc.QubesException(
- 'Invalid backup profile - missing {}'.format(err))
- try:
- dest_vm = self.app.domains[dest_vm]
- except KeyError:
- raise qubes.exc.QubesException(
- 'Invalid destination_vm specified in backup profile')
- if isinstance(dest_vm, qubes.vm.adminvm.AdminVM):
- dest_vm = None
- if skip_passphrase:
- passphrase = None
- elif 'passphrase_text' in profile_data:
- passphrase = profile_data['passphrase_text']
- elif 'passphrase_vm' in profile_data:
- passphrase_vm_name = profile_data['passphrase_vm']
- try:
- passphrase_vm = self.app.domains[passphrase_vm_name]
- except KeyError:
- raise qubes.exc.QubesException(
- 'Invalid backup profile - invalid passphrase_vm')
- try:
- passphrase, _ = yield from passphrase_vm.run_service_for_stdio(
- 'qubes.BackupPassphrase+' + self.arg)
- # make it foolproof against "echo passphrase" implementation
- passphrase = passphrase.strip()
- self.enforce(b'\n' not in passphrase)
- except subprocess.CalledProcessError:
- raise qubes.exc.QubesException(
- 'Failed to retrieve passphrase from \'{}\' VM'.format(
- passphrase_vm_name))
- else:
- raise qubes.exc.QubesException(
- 'Invalid backup profile - you need to '
- 'specify passphrase_text or passphrase_vm')
- # handle include
- if include_vms is None:
- vms_to_backup = None
- else:
- vms_to_backup = set(vm for vm in self.app.domains
- if any(qubes.utils.match_vm_name_with_special(vm, name)
- for name in include_vms))
- # handle exclude
- vms_to_exclude = set(vm.name for vm in self.app.domains
- if any(qubes.utils.match_vm_name_with_special(vm, name)
- for name in exclude_vms))
- kwargs = {
- 'target_vm': dest_vm,
- 'target_dir': dest_path,
- 'compressed': bool(compression),
- 'passphrase': passphrase,
- }
- if isinstance(compression, str):
- kwargs['compression_filter'] = compression
- backup = qubes.backup.Backup(self.app, vms_to_backup, vms_to_exclude,
- **kwargs)
- return backup
- def _backup_progress_callback(self, profile_name, progress):
- self.app.fire_event('backup-progress', backup_profile=profile_name,
- progress=progress)
- @qubes.api.method('admin.backup.Execute', no_payload=True,
- scope='global', read=True, execute=True)
- @asyncio.coroutine
- def backup_execute(self):
- self.enforce(self.dest.name == 'dom0')
- self.enforce(self.arg)
- self.enforce('/' not in self.arg)
- self.fire_event_for_permission()
- profile_path = os.path.join(qubes.config.backup_profile_dir,
- self.arg + '.conf')
- if not os.path.exists(profile_path):
- raise qubes.api.PermissionDenied(
- 'Backup profile {} does not exist'.format(self.arg))
- if not hasattr(self.app, 'api_admin_running_backups'):
- self.app.api_admin_running_backups = {}
- backup = yield from self._load_backup_profile(self.arg)
- backup.progress_callback = functools.partial(
- self._backup_progress_callback, self.arg)
- # forbid running the same backup operation twice at the time
- if self.arg in self.app.api_admin_running_backups:
- raise qubes.exc.BackupAlreadyRunningError()
- backup_task = asyncio.ensure_future(backup.backup_do())
- self.app.api_admin_running_backups[self.arg] = backup_task
- try:
- yield from backup_task
- except asyncio.CancelledError:
- raise qubes.exc.QubesException('Backup cancelled')
- finally:
- del self.app.api_admin_running_backups[self.arg]
- @qubes.api.method('admin.backup.Cancel', no_payload=True,
- scope='global', execute=True)
- @asyncio.coroutine
- def backup_cancel(self):
- self.enforce(self.dest.name == 'dom0')
- self.enforce(self.arg)
- self.enforce('/' not in self.arg)
- self.fire_event_for_permission()
- if not hasattr(self.app, 'api_admin_running_backups'):
- self.app.api_admin_running_backups = {}
- if self.arg not in self.app.api_admin_running_backups:
- raise qubes.exc.QubesException('Backup operation not running')
- self.app.api_admin_running_backups[self.arg].cancel()
- @qubes.api.method('admin.backup.Info', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def backup_info(self):
- self.enforce(self.dest.name == 'dom0')
- self.enforce(self.arg)
- self.enforce('/' not in self.arg)
- self.fire_event_for_permission()
- profile_path = os.path.join(qubes.config.backup_profile_dir,
- self.arg + '.conf')
- if not os.path.exists(profile_path):
- raise qubes.api.PermissionDenied(
- 'Backup profile {} does not exist'.format(self.arg))
- backup = yield from self._load_backup_profile(self.arg,
- skip_passphrase=True)
- return backup.get_backup_summary()
- def _send_stats_single(self, info_time, info, only_vm, filters,
- id_to_name_map):
- """A single iteration of sending VM stats
- :param info_time: time of previous iteration
- :param info: information retrieved in previous iteration
- :param only_vm: send information only about this VM
- :param filters: filters to apply on stats before sending
- :param id_to_name_map: ID->VM name map, may be modified
- :return: tuple(info_time, info) - new information (to be passed to
- the next iteration)
- """
- (info_time, info) = self.app.host.get_vm_stats(info_time, info,
- only_vm=only_vm)
- for vm_id, vm_info in info.items():
- if vm_id not in id_to_name_map:
- try:
- name = \
- self.app.vmm.libvirt_conn.lookupByID(vm_id).name()
- except libvirt.libvirtError as err:
- if err.get_error_code() == libvirt.VIR_ERR_NO_DOMAIN:
- # stubdomain or so
- name = None
- else:
- raise
- id_to_name_map[vm_id] = name
- else:
- name = id_to_name_map[vm_id]
- # skip VMs with unknown name
- if name is None:
- continue
- if not list(qubes.api.apply_filters([name], filters)):
- continue
- self.send_event(name, 'vm-stats',
- memory_kb=int(vm_info['memory_kb']),
- cpu_time=int(vm_info['cpu_time'] / 1000000),
- cpu_usage=int(vm_info['cpu_usage']),
- cpu_usage_raw=int(vm_info['cpu_usage_raw']))
- return info_time, info
- @qubes.api.method('admin.vm.Stats', no_payload=True,
- scope='global', read=True)
- @asyncio.coroutine
- def vm_stats(self):
- self.enforce(not self.arg)
- # run until client connection is terminated
- self.cancellable = True
- # cache event filters, to not call an event each time an event arrives
- stats_filters = self.fire_event_for_permission()
- only_vm = None
- if self.dest.name != 'dom0':
- only_vm = self.dest
- self.send_event(self.app, 'connection-established')
- info_time = None
- info = None
- id_to_name_map = {0: 'dom0'}
- try:
- while True:
- info_time, info = self._send_stats_single(info_time, info,
- only_vm, stats_filters, id_to_name_map)
- yield from asyncio.sleep(self.app.stats_interval)
- except asyncio.CancelledError:
- # valid method to terminate this loop
- pass
- @qubes.api.method('admin.vm.CurrentState', no_payload=True,
- scope='local', read=True)
- @asyncio.coroutine
- def vm_current_state(self):
- self.enforce(not self.arg)
- self.fire_event_for_permission()
- state = {
- 'mem': self.dest.get_mem(),
- 'mem_static_max': self.dest.get_mem_static_max(),
- 'cputime': self.dest.get_cputime(),
- 'power_state': self.dest.get_power_state(),
- }
- return ' '.join('{}={}'.format(k, v) for k, v in state.items())
|