Add qrexec back, use qubes-utils libraries for common code

misc/udev-block-add-change

@@ -1,61 +0,0 @@
-#!/bin/bash
-
-NAME=${DEVNAME#/dev/}
-DESC="${ID_MODEL} (${ID_FS_LABEL})"
-SIZE=$[ $(cat /sys/$DEVPATH/size) * 512 ]
-MODE=w
-XS_KEY="qubes-block-devices/$NAME"
-
-xs_remove() {
-    if [ "$QUBES_EXPOSED" == "1" ]; then
-        xenstore-rm "$XS_KEY"
-    fi
-    echo QUBES_EXPOSED=0
-}
-
-# Ignore mounted...
-if fgrep -q $DEVNAME /proc/mounts; then
-    xs_remove
-    exit 0
-fi
-# ... and used by device-mapper
-if [ -n "`ls -A /sys/$DEVPATH/holders 2> /dev/null`" ]; then
-    xs_remove
-    exit 0
-fi
-# ... and "empty" loop devices
-if [ "$MAJOR" -eq 7 -a ! -d /sys/$DEVPATH/loop ]; then
-    xs_remove
-    exit 0
-fi
-
-# Special case for CD
-if [ "$ID_TYPE" = "cd" ]; then
-    if [ "$ID_CDROM_MEDIA" != "1" ]; then
-        # Hide empty cdrom drive
-        xs_remove
-        exit 0
-    fi
-    MODE=r
-fi
-
-# Special description for loop devices
-if [ -d /sys/$DEVPATH/loop ]; then
-    DESC=$(cat /sys/$DEVPATH/loop/backing_file)
-fi
-
-# Get lock only in dom0 - there are so many block devices so it causes xenstore
-# deadlocks sometimes.
-if [ -f /etc/qubes-release ]; then
-    # Skip xenstore-write if cannot obtain lock. This can mean very early system startup
-    # stage without /run mounted (or populated). Devices will be rediscovered later
-    # by qubes-core startup script.
-    exec 9>>/var/run/qubes/block-xenstore.lock || exit 0
-    flock 9
-fi
-
-xenstore-write "$XS_KEY/desc" "$DESC" "$XS_KEY/size" "$SIZE" "$XS_KEY/mode" "$MODE"
-echo QUBES_EXPOSED=1
-
-# Make sure that block backend is loaded
-/sbin/modprobe xen-blkback 2> /dev/null || /sbin/modprobe blkbk

misc/udev-block-cleanup

@@ -1,8 +0,0 @@
-#!/bin/sh
-
-DEVID=$[ $MAJOR * 256 + $MINOR ]
-
-XS_PATH="device/vbd/$DEVID"
-
-# Double check that DEVID is not empty
-[ -n "$DEVID" ] && xenstore-rm $XS_PATH

misc/udev-block-remove

@@ -1,32 +0,0 @@
-#!/bin/sh
-
-NAME=${DEVNAME#/dev/}
-XS_KEY="qubes-block-devices/$NAME"
-xenstore-rm "$XS_KEY"
-
-# If device was connected to some VM - detach it
-# Notice: this can be run also in VM, so we cannot use xl...
-
-device_detach() {
-    xs_path=$1
-
-    xenstore-write $xs_path/online 0 $xs_path/state 5
-
-    # Wait for backend to finish dev shutdown
-    try=30
-    # -lt will break loop also when 'state' will be empty
-    while [ "`xenstore-read $xs_path/state 2> /dev/null`" -lt 6 ]; do
-        try=$[ $try - 1 ]
-        [ "$try" -le 0 ] && break
-        sleep 0.1
-    done
-    xenstore-rm $xs_path
-}
-
-for XS_DEV_PATH in `xenstore-ls -f backend/vbd | grep 'backend/vbd/[0-9]*/[0-9]* ' | cut -f 1 -d ' '`; do
-    CUR_DEVICE=`xenstore-read "$XS_DEV_PATH/params"`
-    if [ "$CUR_DEVICE" == "$DEVNAME" ]; then
-        device_detach "$XS_DEV_PATH"
-        exit 0
-    fi
-done

misc/udev-qubes-block.rules

@@ -1,20 +0,0 @@
-# Expose all (except xen-frontend) block devices via xenstore
-
-# Only block devices are interesting
-SUBSYSTEM!="block", GOTO="qubes_block_end"
-
-# Skip xen-blkfront devices
-ENV{MAJOR}=="202", GOTO="qubes_block_end"
-
-# Skip device-mapper devices
-ENV{MAJOR}=="253", GOTO="qubes_block_end"
-
-IMPORT{db}="QUBES_EXPOSED"
-ACTION=="add", IMPORT{program}="/usr/lib/qubes/udev-block-add-change"
-ACTION=="change", IMPORT{program}="/usr/lib/qubes/udev-block-add-change"
-ACTION=="remove", RUN+="/usr/lib/qubes/udev-block-remove"
-
-LABEL="qubes_block_end"
-
-# Cleanup disconnected frontend from xenstore
-ACTION=="remove", SUBSYSTEM=="block", ENV{MAJOR}=="202", RUN+="/usr/lib/qubes/udev-block-cleanup"

misc/udev-qubes-usb.rules

@@ -1,10 +0,0 @@
-# Expose all USB devices (except block) via xenstore
-
-# Handle only USB devices
-SUBSYSTEM!="usb", GOTO="qubes_usb_end"
-
-ACTION=="add", IMPORT{program}="/usr/lib/qubes/udev-usb-add-change"
-ACTION=="change", IMPORT{program}="/usr/lib/qubes/udev-usb-add-change"
-ACTION=="remove", RUN+="/usr/lib/qubes/udev-usb-remove"
-
-LABEL="qubes_usb_end"

misc/udev-usb-add-change

@@ -1,40 +0,0 @@
-#!/bin/sh
-
-##
-## This script is invoked by udev rules whenever USB device appears or
-## changes. This happens in usbvm domain (or dom0 if USB controller
-## drivers are in dom0). The script records information about available
-## USB devices into XS directory, making it available to qvm-usb tool
-## running in dom0.
-##
-
-# FIXME: Ignore USB hubs and other wierd devices (see also in usb-remove).
-[ "`echo $TYPE | cut -f1 -d/`" = "9" ] && exit 0
-[ "$DEVTYPE" != "usb_device" ] && exit 0
-
-# xenstore doesn't allow dot in key name
-XSNAME=`basename ${DEVPATH} | tr . _`
-
-# FIXME: For some devices (my Cherry keyboard) ID_SERIAL does not
-# contain proper human-readable name, should find better method to
-# build devide description.
-#DESC=`python -c "dev='%d-%d' % (int('${BUSNUM}'.lstrip('0')), (int('${DEVNUM}'.lstrip('0'))-1)); from xen.util import vusb_util; print vusb_util.get_usbdevice_info(dev);"`
-DESC="${ID_VENDOR_ID}:${ID_MODEL_ID} ${ID_SERIAL}"
-
-VERSION=`cat /sys/$DEVPATH/version`
-if [ "${VERSION}" = " 1.00" -o "${VERSION}" = " 1.10" ] ; then
-	VERSION=1
-elif [ "${VERSION}" = " 2.00" ] ; then
-	VERSION=2
-else
-	# FIXME: silently ignoring devices with unexpected USB version
-	exit 0
-fi
-
-XS_KEY="qubes-usb-devices/$XSNAME"
-
-xenstore-write "$XS_KEY/desc" "$DESC"
-xenstore-write "$XS_KEY/usb-ver" "$VERSION"
-
-# Make sure PVUSB backend driver is loaded.
-/sbin/modprobe xen-usbback 2> /dev/null || /sbin/modprobe usbbk

misc/udev-usb-remove

@@ -1,9 +0,0 @@
-#!/bin/sh
-
-# FIXME: Ignore USB hubs.
-[ "`echo $TYPE | cut -f1 -d/`" = "9" ] && exit 0
-
-NAME=`basename ${DEVPATH} | tr . _`
-XS_KEY="qubes-usb-devices/$NAME"
-
-xenstore-rm "$XS_KEY"

qrexec/Makefile

@@ -0,0 +1,25 @@
+CC=gcc
+CFLAGS+=-I. -g -Wall -pie -fPIC
+XENLIBS=-lvchan -lxenstore -lxenctrl
+LIBS=$(XENLIBS) -lqrexec-utils
+
+all: qrexec-agent qrexec-client-vm
+qrexec-daemon: qrexec-daemon.o
+	$(CC) -pie -g -o qrexec-daemon qrexec-daemon.o $(LIBS)
+qrexec-agent: qrexec-agent.o
+	$(CC) -pie -g -o qrexec-agent qrexec-agent.o $(LIBS)
+qrexec-client: qrexec-client.o
+	$(CC) -pie -g -o qrexec-client qrexec-client.o $(LIBS)
+qrexec-client-vm: qrexec-client-vm.o
+	$(CC) -pie -g -o qrexec-client-vm qrexec-client-vm.o
+clean:
+	rm -f *.o *~ qrexec-agent qrexec-client-vm
+
+install:
+	install -d $(DESTDIR)/etc/qubes-rpc
+	install -d $(DESTDIR)/usr/lib/qubes
+	install qrexec-agent $(DESTDIR)/usr/lib/qubes
+	install qrexec-client-vm $(DESTDIR)/usr/lib/qubes
+	ln -s qrexec-client-vm $(DESTDIR)/usr/lib/qubes/qrexec_client_vm
+	install qubes-rpc-multiplexer $(DESTDIR)/usr/lib/qubes
+

qrexec/qrexec-agent.c

@@ -0,0 +1,594 @@
+/*
+ * The Qubes OS Project, http://www.qubes-os.org
+ *
+ * Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ */
+
+#include <sys/select.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/wait.h>
+#include <fcntl.h>
+#include <string.h>
+#include <pwd.h>
+#include <grp.h>
+#include <sys/stat.h>
+#include "qrexec.h"
+#include "libqrexec-utils.h"
+
+enum fdtype {
+	FDTYPE_INVALID,
+	FDTYPE_STDOUT,
+	FDTYPE_STDERR
+};
+
+struct _process_fd {
+	int client_id;
+	int type;
+	int is_blocked;
+};
+struct _client_info {
+	int stdin_fd;
+	int stdout_fd;
+	int stderr_fd;
+
+	int exit_status;
+	int is_exited;
+	int pid;
+	int is_blocked;
+	int is_close_after_flush_needed;
+	struct buffer buffer;
+};
+
+int max_process_fd = -1;
+
+/* indexed by file descriptor */
+struct _process_fd process_fd[MAX_FDS];
+
+/* indexed by client id, which is descriptor number of a client in daemon */
+struct _client_info client_info[MAX_FDS];
+
+int trigger_fd;
+int passfd_socket;
+
+int meminfo_write_started = 0;
+
+void init()
+{
+	peer_server_init(REXEC_PORT);
+	umask(0);
+	mkfifo(QREXEC_AGENT_TRIGGER_PATH, 0666);
+	passfd_socket = get_server_socket(QREXEC_AGENT_FDPASS_PATH);
+	umask(077);
+	trigger_fd =
+	    open(QREXEC_AGENT_TRIGGER_PATH, O_RDONLY | O_NONBLOCK);
+}
+
+void wake_meminfo_writer() {
+	FILE *f;
+	pid_t pid;
+
+	if (meminfo_write_started)
+		/* wake meminfo-writer only once */
+		return;
+
+	f = fopen(MEMINFO_WRITER_PIDFILE, "r");
+	if (f == NULL) {
+		/* no meminfo-writer found, ignoring */
+		return;
+	}
+	if (fscanf(f, "%d", &pid) < 1) {
+		/* no meminfo-writer found, ignoring */
+		return;
+	}
+
+	fclose(f);
+	kill(pid, SIGUSR1);
+	meminfo_write_started = 1;
+}
+
+void no_colon_in_cmd()
+{
+	fprintf(stderr,
+		"cmdline is supposed to be in user:command form\n");
+	exit(1);
+}
+
+void do_exec(char *cmd)
+{
+	char buf[strlen(QUBES_RPC_MULTIPLEXER_PATH) + strlen(cmd) - strlen(QUBES_RPC_MAGIC_CMD) + 1];
+	char *realcmd = index(cmd, ':');
+	if (!realcmd)
+		no_colon_in_cmd();
+	/* mark end of username and move to command */
+	*realcmd = 0;
+	realcmd++;
+	/* ignore "nogui:" prefix in linux agent */
+	if (strncmp(realcmd, "nogui:", 6) == 0)
+		realcmd+=6;
+	/* replace magic RPC cmd with RPC multiplexer path */
+	if (strncmp(realcmd, QUBES_RPC_MAGIC_CMD " ", strlen(QUBES_RPC_MAGIC_CMD)+1)==0) {
+		strcpy(buf, QUBES_RPC_MULTIPLEXER_PATH);
+		strcpy(buf + strlen(QUBES_RPC_MULTIPLEXER_PATH), realcmd + strlen(QUBES_RPC_MAGIC_CMD));
+		realcmd = buf;
+	}
+	signal(SIGCHLD, SIG_DFL);
+	signal(SIGPIPE, SIG_DFL);
+
+	execl("/bin/su", "su", "-", cmd, "-c", realcmd, NULL);
+	perror("execl");
+	exit(1);
+}
+
+void handle_just_exec(int client_id, int len)
+{
+	char buf[len];
+	int fdn, pid;
+
+	read_all_vchan_ext(buf, len);
+	switch (pid = fork()) {
+	case -1:
+		perror("fork");
+		exit(1);
+	case 0:
+		fdn = open("/dev/null", O_RDWR);
+		fix_fds(fdn, fdn, fdn);
+		do_exec(buf);
+		perror("execl");
+		exit(1);
+	default:;
+	}
+	fprintf(stderr, "executed (nowait) %s pid %d\n", buf, pid);
+}
+
+void create_info_about_client(int client_id, int pid, int stdin_fd,
+			      int stdout_fd, int stderr_fd)
+{
+	process_fd[stdout_fd].client_id = client_id;
+	process_fd[stdout_fd].type = FDTYPE_STDOUT;
+	process_fd[stdout_fd].is_blocked = 0;
+	process_fd[stderr_fd].client_id = client_id;
+	process_fd[stderr_fd].type = FDTYPE_STDERR;
+	process_fd[stderr_fd].is_blocked = 0;
+
+	if (stderr_fd > max_process_fd)
+		max_process_fd = stderr_fd;
+	if (stdout_fd > max_process_fd)
+		max_process_fd = stdout_fd;
+
+	set_nonblock(stdin_fd);
+
+	client_info[client_id].stdin_fd = stdin_fd;
+	client_info[client_id].stdout_fd = stdout_fd;
+	client_info[client_id].stderr_fd = stderr_fd;
+	client_info[client_id].exit_status = 0;
+	client_info[client_id].is_exited = 0;
+	client_info[client_id].pid = pid;
+	client_info[client_id].is_blocked = 0;
+	client_info[client_id].is_close_after_flush_needed = 0;
+	buffer_init(&client_info[client_id].buffer);
+}
+
+void handle_exec(int client_id, int len)
+{
+	char buf[len];
+	int pid, stdin_fd, stdout_fd, stderr_fd;
+
+	read_all_vchan_ext(buf, len);
+
+	do_fork_exec(buf, &pid, &stdin_fd, &stdout_fd, &stderr_fd);
+
+	create_info_about_client(client_id, pid, stdin_fd, stdout_fd,
+				 stderr_fd);
+
+	fprintf(stderr, "executed %s pid %d\n", buf, pid);
+
+}
+
+void handle_connect_existing(int client_id, int len)
+{
+	int stdin_fd, stdout_fd, stderr_fd;
+	char buf[len];
+	read_all_vchan_ext(buf, len);
+	sscanf(buf, "%d %d %d", &stdin_fd, &stdout_fd, &stderr_fd);
+	create_info_about_client(client_id, -1, stdin_fd, stdout_fd,
+				 stderr_fd);
+	client_info[client_id].is_exited = 1;	//do not wait for SIGCHLD
+}
+
+void update_max_process_fd()
+{
+	int i;
+	for (i = max_process_fd;
+	     process_fd[i].type == FDTYPE_INVALID && i >= 0; i--);
+	max_process_fd = i;
+}
+
+void send_exit_code(int client_id, int status)
+{
+	struct server_header s_hdr;
+	s_hdr.type = MSG_AGENT_TO_SERVER_EXIT_CODE;
+	s_hdr.client_id = client_id;
+	s_hdr.len = sizeof status;
+	write_all_vchan_ext(&s_hdr, sizeof s_hdr);
+	write_all_vchan_ext(&status, sizeof(status));
+	fprintf(stderr, "send exit code %d for client_id %d pid %d\n",
+		status, client_id, client_info[client_id].pid);
+}
+
+
+// erase process data structures, possibly forced by remote
+void remove_process(int client_id, int status)
+{
+	int i;
+	if (!client_info[client_id].pid)
+		return;
+	if (client_info[client_id].stdin_fd >= 0)
+		fork_and_flush_stdin(client_info[client_id].stdin_fd,
+				&client_info[client_id].buffer);
+#if 0
+//      let's let it die by itself, possibly after it has received buffered stdin
+	kill(client_info[client_id].pid, SIGKILL);
+#endif
+	if (status != -1)
+		send_exit_code(client_id, status);
+
+
+	close(client_info[client_id].stdin_fd);
+	client_info[client_id].pid = 0;
+	client_info[client_id].stdin_fd = -1;
+	client_info[client_id].is_blocked = 0;
+	buffer_free(&client_info[client_id].buffer);
+
+	for (i = 0; i <= max_process_fd; i++)
+		if (process_fd[i].type != FDTYPE_INVALID
+		    && process_fd[i].client_id == client_id) {
+			process_fd[i].type = FDTYPE_INVALID;
+			process_fd[i].client_id = -1;
+			process_fd[i].is_blocked = 0;
+			close(i);
+		}
+	update_max_process_fd();
+}
+
+// remove process not immediately after it has exited, but after its stdout and stderr has been drained
+// previous method implemented in flush_out_err was broken - it cannot work when peer signalled it is blocked
+void possibly_remove_process(int client_id)
+{
+	if (client_info[client_id].stdout_fd == -1 &&
+	    client_info[client_id].stderr_fd == -1 &&
+	    client_info[client_id].is_exited)
+		remove_process(client_id,
+			       client_info[client_id].exit_status);
+}
+
+
+void handle_input(int client_id, int len)
+{
+	char buf[len];
+
+	read_all_vchan_ext(buf, len);
+	if (!client_info[client_id].pid || client_info[client_id].stdin_fd == -1)
+		return;
+
+	if (len == 0) {
+		if (client_info[client_id].is_blocked)
+			client_info[client_id].is_close_after_flush_needed
+			    = 1;
+		else {
+			close(client_info[client_id].stdin_fd);
+			client_info[client_id].stdin_fd = -1;
+		}
+		return;
+	}
+
+	switch (write_stdin
+		(client_info[client_id].stdin_fd, client_id, buf, len,
+		 &client_info[client_id].buffer)) {
+	case WRITE_STDIN_OK:
+		break;
+	case WRITE_STDIN_BUFFERED:
+		client_info[client_id].is_blocked = 1;
+		break;
+	case WRITE_STDIN_ERROR:
+		// do not remove process, as it still can write data to stdout
+		close(client_info[client_id].stdin_fd);
+		client_info[client_id].stdin_fd = -1;
+		client_info[client_id].is_blocked = 0;
+		break;
+	default:
+		fprintf(stderr, "unknown write_stdin?\n");
+		exit(1);
+	}
+
+}
+
+void set_blocked_outerr(int client_id, int val)
+{
+	process_fd[client_info[client_id].stdout_fd].is_blocked = val;
+	process_fd[client_info[client_id].stderr_fd].is_blocked = val;
+}
+
+void handle_server_data()
+{
+	struct server_header s_hdr;
+	read_all_vchan_ext(&s_hdr, sizeof s_hdr);
+
+//      fprintf(stderr, "got %x %x %x\n", s_hdr.type, s_hdr.client_id,
+//              s_hdr.len);
+
+	switch (s_hdr.type) {
+	case MSG_XON:
+		set_blocked_outerr(s_hdr.client_id, 0);
+		break;
+	case MSG_XOFF:
+		set_blocked_outerr(s_hdr.client_id, 1);
+		break;
+	case MSG_SERVER_TO_AGENT_CONNECT_EXISTING:
+		handle_connect_existing(s_hdr.client_id, s_hdr.len);
+		break;
+	case MSG_SERVER_TO_AGENT_EXEC_CMDLINE:
+		wake_meminfo_writer();
+		handle_exec(s_hdr.client_id, s_hdr.len);
+		break;
+	case MSG_SERVER_TO_AGENT_JUST_EXEC:
+		wake_meminfo_writer();
+		handle_just_exec(s_hdr.client_id, s_hdr.len);
+		break;
+	case MSG_SERVER_TO_AGENT_INPUT:
+		handle_input(s_hdr.client_id, s_hdr.len);
+		break;
+	case MSG_SERVER_TO_AGENT_CLIENT_END:
+		remove_process(s_hdr.client_id, -1);
+		break;
+	default:
+		fprintf(stderr, "msg type from daemon is %d ?\n",
+			s_hdr.type);
+		exit(1);
+	}
+}
+
+void handle_process_data(int fd)
+{
+	struct server_header s_hdr;
+	char buf[MAX_DATA_CHUNK];
+	int ret;
+	int len;
+
+	len = buffer_space_vchan_ext();
+	if (len <= sizeof s_hdr)
+		return;
+
+	ret = read(fd, buf, len - sizeof s_hdr);
+	s_hdr.client_id = process_fd[fd].client_id;
+
+	if (process_fd[fd].type == FDTYPE_STDOUT)
+		s_hdr.type = MSG_AGENT_TO_SERVER_STDOUT;
+	else if (process_fd[fd].type == FDTYPE_STDERR)
+		s_hdr.type = MSG_AGENT_TO_SERVER_STDERR;
+	else {
+		fprintf(stderr, "fd=%d, client_id=%d, type=%d ?\n", fd,
+			process_fd[fd].client_id, process_fd[fd].type);
+		exit(1);
+	}
+	s_hdr.len = ret;
+	if (ret >= 0) {
+		write_all_vchan_ext(&s_hdr, sizeof s_hdr);
+		write_all_vchan_ext(buf, ret);
+	}
+	if (ret == 0) {
+		int client_id = process_fd[fd].client_id;
+		if (process_fd[fd].type == FDTYPE_STDOUT)
+			client_info[client_id].stdout_fd = -1;
+		else
+			client_info[client_id].stderr_fd = -1;
+
+		process_fd[fd].type = FDTYPE_INVALID;
+		process_fd[fd].client_id = -1;
+		process_fd[fd].is_blocked = 0;
+		close(fd);
+		update_max_process_fd();
+		possibly_remove_process(client_id);
+	}
+	if (ret < 0)
+		remove_process(process_fd[fd].client_id, 127);
+}
+
+volatile int child_exited;
+
+void sigchld_handler(int x)
+{
+	child_exited = 1;
+	signal(SIGCHLD, sigchld_handler);
+}
+
+int find_info(int pid)
+{
+	int i;
+	for (i = 0; i < MAX_FDS; i++)
+		if (client_info[i].pid == pid)
+			return i;
+	return -1;
+}
+
+
+void handle_process_data_all(fd_set * select_fds)
+{
+	int i;
+	for (i = 0; i <= max_process_fd; i++)
+		if (process_fd[i].type != FDTYPE_INVALID
+		    && FD_ISSET(i, select_fds))
+			handle_process_data(i);
+}
+
+void reap_children()
+{
+	int status;
+	int pid;
+	int client_id;
+	while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
+		client_id = find_info(pid);
+		if (client_id < 0)
+			continue;
+		client_info[client_id].is_exited = 1;
+		client_info[client_id].exit_status = status;
+		possibly_remove_process(client_id);
+	}
+	child_exited = 0;
+}
+
+int fill_fds_for_select(fd_set * rdset, fd_set * wrset)
+{
+	int max = -1;
+	int fd, i;
+	FD_ZERO(rdset);
+	FD_ZERO(wrset);
+
+	for (i = 0; i <= max_process_fd; i++)
+		if (process_fd[i].type != FDTYPE_INVALID
+		    && !process_fd[i].is_blocked) {
+			FD_SET(i, rdset);
+			max = i;
+		}
+
+	FD_SET(trigger_fd, rdset);
+	if (trigger_fd > max)
+		max = trigger_fd;
+	FD_SET(passfd_socket, rdset);
+	if (passfd_socket > max)
+		max = passfd_socket;
+
+	for (i = 0; i < MAX_FDS; i++)
+		if (client_info[i].pid && client_info[i].is_blocked) {
+			fd = client_info[i].stdin_fd;
+			FD_SET(fd, wrset);
+			if (fd > max)
+				max = fd;
+		}
+	return max;
+}
+
+void flush_client_data_agent(int client_id)
+{
+	struct _client_info *info = &client_info[client_id];
+	switch (flush_client_data
+		(info->stdin_fd, client_id, &info->buffer)) {
+	case WRITE_STDIN_OK:
+		info->is_blocked = 0;
+		if (info->is_close_after_flush_needed) {
+			close(info->stdin_fd);
+			info->stdin_fd = -1;
+			info->is_close_after_flush_needed = 0;
+		}
+		break;
+	case WRITE_STDIN_ERROR:
+		// do not remove process, as it still can write data to stdout
+		info->is_blocked = 0;
+		close(info->stdin_fd);
+		info->stdin_fd = -1;
+		info->is_close_after_flush_needed = 0;
+		break;
+	case WRITE_STDIN_BUFFERED:
+		break;
+	default:
+		fprintf(stderr, "unknown flush_client_data?\n");
+		exit(1);
+	}
+}
+
+void handle_new_passfd()
+{
+	int fd = do_accept(passfd_socket);
+	if (fd >= MAX_FDS) {
+		fprintf(stderr, "too many clients ?\n");
+		exit(1);
+	}
+	// let client know what fd has been allocated
+	write(fd, &fd, sizeof(fd));
+}
+
+
+void handle_trigger_io()
+{
+	struct server_header s_hdr;
+	struct trigger_connect_params params;
+	int ret;
+
+	s_hdr.client_id = 0;
+	s_hdr.len = 0;
+	ret = read(trigger_fd, &params, sizeof(params));
+	if (ret == sizeof(params)) {
+		s_hdr.type = MSG_AGENT_TO_SERVER_TRIGGER_CONNECT_EXISTING;
+		write_all_vchan_ext(&s_hdr, sizeof s_hdr);
+		write_all_vchan_ext(&params, sizeof params);
+	}
+// trigger_fd is nonblock - so no need to reopen
+// not really, need to reopen at EOF
+	if (ret <= 0) {
+		close(trigger_fd);
+		trigger_fd =
+		    open(QREXEC_AGENT_TRIGGER_PATH, O_RDONLY | O_NONBLOCK);
+	}
+}
+
+int main()
+{
+	fd_set rdset, wrset;
+	int max;
+	int i;
+	sigset_t chld_set;
+
+	init();
+	signal(SIGCHLD, sigchld_handler);
+	signal(SIGPIPE, SIG_IGN);
+	sigemptyset(&chld_set);
+	sigaddset(&chld_set, SIGCHLD);
+
+
+	for (;;) {
+		sigprocmask(SIG_BLOCK, &chld_set, NULL);
+		if (child_exited)
+			reap_children();
+		max = fill_fds_for_select(&rdset, &wrset);
+		if (buffer_space_vchan_ext() <=
+		    sizeof(struct server_header))
+			FD_ZERO(&rdset);
+
+		wait_for_vchan_or_argfd(max, &rdset, &wrset);
+		sigprocmask(SIG_UNBLOCK, &chld_set, NULL);
+
+		if (FD_ISSET(passfd_socket, &rdset))
+			handle_new_passfd();
+
+		while (read_ready_vchan_ext())
+			handle_server_data();
+
+		if (FD_ISSET(trigger_fd, &rdset))
+			handle_trigger_io();
+
+		handle_process_data_all(&rdset);
+		for (i = 0; i <= MAX_FDS; i++)
+			if (client_info[i].pid
+			    && client_info[i].is_blocked
+			    && FD_ISSET(client_info[i].stdin_fd, &wrset))
+				flush_client_data_agent(i);
+	}
+}

qrexec/qrexec-client-vm.c

@@ -0,0 +1,109 @@
+/*
+ * The Qubes OS Project, http://www.qubes-os.org
+ *
+ * Copyright (C) 2010  Rafal Wojtczuk  <rafal@invisiblethingslab.com>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ */
+#define _GNU_SOURCE
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include "qrexec.h"
+int connect_unix_socket()
+{
+	int s, len;
+	struct sockaddr_un remote;
+
+	if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
+		perror("socket");
+		return -1;
+	}
+
+	remote.sun_family = AF_UNIX;
+	strncpy(remote.sun_path, QREXEC_AGENT_FDPASS_PATH,
+		sizeof(remote.sun_path));
+	len = strlen(remote.sun_path) + sizeof(remote.sun_family);
+	if (connect(s, (struct sockaddr *) &remote, len) == -1) {
+		perror("connect");
+		exit(1);
+	}
+	return s;
+}
+
+char *get_program_name(char *prog)
+{
+	char *basename = rindex(prog, '/');
+	if (basename)
+		return basename + 1;
+	else
+		return prog;
+}
+
+int main(int argc, char **argv)
+{
+	int trigger_fd;
+	struct trigger_connect_params params;
+	int local_fd[3], remote_fd[3];
+	int i;
+	char *abs_exec_path;
+
+	if (argc < 4) {
+		fprintf(stderr,
+			"usage: %s target_vmname program_ident local_program [local program arguments]\n",
+			argv[0]);
+		exit(1);
+	}
+
+	trigger_fd = open(QREXEC_AGENT_TRIGGER_PATH, O_WRONLY);
+	if (trigger_fd < 0) {
+		perror("open " QREXEC_AGENT_TRIGGER_PATH);
+		exit(1);
+	}
+
+	for (i = 0; i < 3; i++) {
+		local_fd[i] = connect_unix_socket();
+		read(local_fd[i], &remote_fd[i], sizeof(remote_fd[i]));
+		if (i != 2 || getenv("PASS_LOCAL_STDERR")) {
+			char *env;
+			asprintf(&env, "SAVED_FD_%d=%d", i, dup(i));
+			putenv(env);
+			dup2(local_fd[i], i);
+			close(local_fd[i]);
+		}
+	}
+
+	memset(&params, 0, sizeof(params));
+	strncpy(params.exec_index, argv[2], sizeof(params.exec_index));
+	strncpy(params.target_vmname, argv[1],
+		sizeof(params.target_vmname));
+	snprintf(params.process_fds.ident,
+		 sizeof(params.process_fds.ident), "%d %d %d",
+		 remote_fd[0], remote_fd[1], remote_fd[2]);
+
+	write(trigger_fd, &params, sizeof(params));
+	close(trigger_fd);
+
+	abs_exec_path = strdup(argv[3]);
+	argv[3] = get_program_name(argv[3]);
+	execv(abs_exec_path, argv + 3);
+	perror("execv");
+	return 1;
+}

qrexec/qubes-rpc-multiplexer

@@ -0,0 +1,24 @@
+#!/bin/sh
+QUBES_RPC=/etc/qubes-rpc
+# XXX: Backward compatibility
+DEPRECATED_QUBES_RPC=/etc/qubes_rpc
+if ! [ $# = 2 ] ; then
+	echo $0: bad argument count >&2
+	exit 1
+fi
+export QREXEC_REMOTE_DOMAIN="$2"
+CFG_FILE=$QUBES_RPC/"$1"
+if [ -s "$CFG_FILE" ] ; then
+	exec /bin/sh "$CFG_FILE"
+	echo "$0: failed to execute handler for" "$1" >&2
+	exit 1
+fi
+CFG_FILE=$DEPRECATED_QUBES_RPC/"$1"
+if [ -s "$CFG_FILE" ] ; then
+    echo "$0: RPC service '$1' uses deprecated directory, please move to $QUBES_RPC" >&2
+	exec /bin/sh "$CFG_FILE"
+	echo "$0: failed to execute handler for" "$1" >&2
+	exit 1
+fi
+echo "$0: nonexistent or empty" "$CFG_FILE" file >&2
+exit 1

qubes-rpc/Makefile

@@ -5,10 +5,10 @@ vm-file-editor: vm-file-editor.o ioall.o
 	$(CC) -pie -g -o $@ $^
 qopen-in-vm: qopen-in-vm.o ioall.o gui-fatal.o
 	$(CC) -pie -g -o $@ $^
-qfile-agent: qfile-agent.o ioall.o gui-fatal.o copy-file.o crc32.o
-	$(CC) -pie -g -o $@ $^
-qfile-unpacker: qfile-unpacker.o ioall.o gui-fatal.o copy-file.o unpack.o crc32.o
-	$(CC) -pie -g -o $@ $^
+qfile-agent: qfile-agent.o gui-fatal.o
+	$(CC) -pie -g -o $@ $^ -lqubes-rpc-filecopy
+qfile-unpacker: qfile-unpacker.o gui-fatal.o
+	$(CC) -pie -g -o $@ $^ -lqubes-rpc-filecopy
 
 clean:
 	rm -f qopen-in-vm qfile-agent qfile-unpacker vm-file-editor *.o *~

qubes-rpc/copy-file.c

@@ -1,44 +0,0 @@
-#include <unistd.h>
-#include <ioall.h>
-#include "filecopy.h"
-#include "crc32.h"
-
-extern void notify_progress(int, int);
-
-int copy_file(int outfd, int infd, long long size, unsigned long *crc32)
-{
-	char buf[4096];
-	long long written = 0;
-	int ret;
-	int count;
-	while (written < size) {
-		if (size - written > sizeof(buf))
-			count = sizeof buf;
-		else
-			count = size - written;
-		ret = read(infd, buf, count);
-		if (!ret)
-			return COPY_FILE_READ_EOF;
-		if (ret < 0)
-			return COPY_FILE_READ_ERROR;
-		/* acumulate crc32 if requested */
-		if (crc32)
-			*crc32 = Crc32_ComputeBuf(*crc32, buf, ret);
-		if (!write_all(outfd, buf, ret))
-			return COPY_FILE_WRITE_ERROR;
-		notify_progress(ret, 0);
-		written += ret;
-	}
-	return COPY_FILE_OK;
-}
-
-char * copy_file_status_to_str(int status)
-{
-	switch (status) {
-		case COPY_FILE_OK: return "OK";
-		case COPY_FILE_READ_EOF: return "Unexpected end of data while reading";
-		case COPY_FILE_READ_ERROR: return "Error reading";
-		case COPY_FILE_WRITE_ERROR: return "Error writing";
-		default: return "????????";
-	}
-} 

qubes-rpc/crc32.c

@@ -1,146 +0,0 @@
-/*----------------------------------------------------------------------------*\
- *  CRC-32 version 2.0.0 by Craig Bruce, 2006-04-29.
- *
- *  This program generates the CRC-32 values for the files named in the
- *  command-line arguments.  These are the same CRC-32 values used by GZIP,
- *  PKZIP, and ZMODEM.  The Crc32_ComputeBuf() can also be detached and
- *  used independently.
- *
- *  THIS PROGRAM IS PUBLIC-DOMAIN SOFTWARE.
- *
- *  Based on the byte-oriented implementation "File Verification Using CRC"
- *  by Mark R. Nelson in Dr. Dobb's Journal, May 1992, pp. 64-67.
- *
- *  v1.0.0: original release.
- *  v1.0.1: fixed printf formats.
- *  v1.0.2: fixed something else.
- *  v1.0.3: replaced CRC constant table by generator function.
- *  v1.0.4: reformatted code, made ANSI C.  1994-12-05.
- *  v2.0.0: rewrote to use memory buffer & static table, 2006-04-29.
-\*----------------------------------------------------------------------------*/
-
-#include <stdio.h>
-#include <stdlib.h>
-
-/*----------------------------------------------------------------------------*\
- *  Local functions
-\*----------------------------------------------------------------------------*/
-
-unsigned long Crc32_ComputeBuf( unsigned long inCrc32, const void *buf,
-                                       size_t bufLen );
-
-/*----------------------------------------------------------------------------*\
- *  NAME:
- *     Crc32_ComputeFile() - compute CRC-32 value for a file
- *  DESCRIPTION:
- *     Computes the CRC-32 value for an opened file.
- *  ARGUMENTS:
- *     file - file pointer
- *     outCrc32 - (out) result CRC-32 value
- *  RETURNS:
- *     err - 0 on success or -1 on error
- *  ERRORS:
- *     - file errors
-\*----------------------------------------------------------------------------*/
-
-int Crc32_ComputeFile( FILE *file, unsigned long *outCrc32 )
-{
-#   define CRC_BUFFER_SIZE  8192
-    unsigned char buf[CRC_BUFFER_SIZE];
-    size_t bufLen;
-
-    /** accumulate crc32 from file **/
-    *outCrc32 = 0;
-    while (1) {
-        bufLen = fread( buf, 1, CRC_BUFFER_SIZE, file );
-        if (bufLen == 0) {
-            if (ferror(file)) {
-                fprintf( stderr, "error reading file\n" );
-                goto ERR_EXIT;
-            }
-            break;
-        }
-        *outCrc32 = Crc32_ComputeBuf( *outCrc32, buf, bufLen );
-    }
-    return( 0 );
-
-    /** error exit **/
-ERR_EXIT:
-    return( -1 );
-}
-
-/*----------------------------------------------------------------------------*\
- *  NAME:
- *     Crc32_ComputeBuf() - computes the CRC-32 value of a memory buffer
- *  DESCRIPTION:
- *     Computes or accumulates the CRC-32 value for a memory buffer.
- *     The 'inCrc32' gives a previously accumulated CRC-32 value to allow
- *     a CRC to be generated for multiple sequential buffer-fuls of data.
- *     The 'inCrc32' for the first buffer must be zero.
- *  ARGUMENTS:
- *     inCrc32 - accumulated CRC-32 value, must be 0 on first call
- *     buf     - buffer to compute CRC-32 value for
- *     bufLen  - number of bytes in buffer
- *  RETURNS:
- *     crc32 - computed CRC-32 value
- *  ERRORS:
- *     (no errors are possible)
-\*----------------------------------------------------------------------------*/
-
-unsigned long Crc32_ComputeBuf( unsigned long inCrc32, const void *buf,
-                                       size_t bufLen )
-{
-    static const unsigned long crcTable[256] = {
-   0x00000000,0x77073096,0xEE0E612C,0x990951BA,0x076DC419,0x706AF48F,0xE963A535,
-   0x9E6495A3,0x0EDB8832,0x79DCB8A4,0xE0D5E91E,0x97D2D988,0x09B64C2B,0x7EB17CBD,
-   0xE7B82D07,0x90BF1D91,0x1DB71064,0x6AB020F2,0xF3B97148,0x84BE41DE,0x1ADAD47D,
-   0x6DDDE4EB,0xF4D4B551,0x83D385C7,0x136C9856,0x646BA8C0,0xFD62F97A,0x8A65C9EC,
-   0x14015C4F,0x63066CD9,0xFA0F3D63,0x8D080DF5,0x3B6E20C8,0x4C69105E,0xD56041E4,
-   0xA2677172,0x3C03E4D1,0x4B04D447,0xD20D85FD,0xA50AB56B,0x35B5A8FA,0x42B2986C,
-   0xDBBBC9D6,0xACBCF940,0x32D86CE3,0x45DF5C75,0xDCD60DCF,0xABD13D59,0x26D930AC,
-   0x51DE003A,0xC8D75180,0xBFD06116,0x21B4F4B5,0x56B3C423,0xCFBA9599,0xB8BDA50F,
-   0x2802B89E,0x5F058808,0xC60CD9B2,0xB10BE924,0x2F6F7C87,0x58684C11,0xC1611DAB,
-   0xB6662D3D,0x76DC4190,0x01DB7106,0x98D220BC,0xEFD5102A,0x71B18589,0x06B6B51F,
-   0x9FBFE4A5,0xE8B8D433,0x7807C9A2,0x0F00F934,0x9609A88E,0xE10E9818,0x7F6A0DBB,
-   0x086D3D2D,0x91646C97,0xE6635C01,0x6B6B51F4,0x1C6C6162,0x856530D8,0xF262004E,
-   0x6C0695ED,0x1B01A57B,0x8208F4C1,0xF50FC457,0x65B0D9C6,0x12B7E950,0x8BBEB8EA,
-   0xFCB9887C,0x62DD1DDF,0x15DA2D49,0x8CD37CF3,0xFBD44C65,0x4DB26158,0x3AB551CE,
-   0xA3BC0074,0xD4BB30E2,0x4ADFA541,0x3DD895D7,0xA4D1C46D,0xD3D6F4FB,0x4369E96A,
-   0x346ED9FC,0xAD678846,0xDA60B8D0,0x44042D73,0x33031DE5,0xAA0A4C5F,0xDD0D7CC9,
-   0x5005713C,0x270241AA,0xBE0B1010,0xC90C2086,0x5768B525,0x206F85B3,0xB966D409,
-   0xCE61E49F,0x5EDEF90E,0x29D9C998,0xB0D09822,0xC7D7A8B4,0x59B33D17,0x2EB40D81,
-   0xB7BD5C3B,0xC0BA6CAD,0xEDB88320,0x9ABFB3B6,0x03B6E20C,0x74B1D29A,0xEAD54739,
-   0x9DD277AF,0x04DB2615,0x73DC1683,0xE3630B12,0x94643B84,0x0D6D6A3E,0x7A6A5AA8,
-   0xE40ECF0B,0x9309FF9D,0x0A00AE27,0x7D079EB1,0xF00F9344,0x8708A3D2,0x1E01F268,
-   0x6906C2FE,0xF762575D,0x806567CB,0x196C3671,0x6E6B06E7,0xFED41B76,0x89D32BE0,
-   0x10DA7A5A,0x67DD4ACC,0xF9B9DF6F,0x8EBEEFF9,0x17B7BE43,0x60B08ED5,0xD6D6A3E8,
-   0xA1D1937E,0x38D8C2C4,0x4FDFF252,0xD1BB67F1,0xA6BC5767,0x3FB506DD,0x48B2364B,
-   0xD80D2BDA,0xAF0A1B4C,0x36034AF6,0x41047A60,0xDF60EFC3,0xA867DF55,0x316E8EEF,
-   0x4669BE79,0xCB61B38C,0xBC66831A,0x256FD2A0,0x5268E236,0xCC0C7795,0xBB0B4703,
-   0x220216B9,0x5505262F,0xC5BA3BBE,0xB2BD0B28,0x2BB45A92,0x5CB36A04,0xC2D7FFA7,
-   0xB5D0CF31,0x2CD99E8B,0x5BDEAE1D,0x9B64C2B0,0xEC63F226,0x756AA39C,0x026D930A,
-   0x9C0906A9,0xEB0E363F,0x72076785,0x05005713,0x95BF4A82,0xE2B87A14,0x7BB12BAE,
-   0x0CB61B38,0x92D28E9B,0xE5D5BE0D,0x7CDCEFB7,0x0BDBDF21,0x86D3D2D4,0xF1D4E242,
-   0x68DDB3F8,0x1FDA836E,0x81BE16CD,0xF6B9265B,0x6FB077E1,0x18B74777,0x88085AE6,
-   0xFF0F6A70,0x66063BCA,0x11010B5C,0x8F659EFF,0xF862AE69,0x616BFFD3,0x166CCF45,
-   0xA00AE278,0xD70DD2EE,0x4E048354,0x3903B3C2,0xA7672661,0xD06016F7,0x4969474D,
-   0x3E6E77DB,0xAED16A4A,0xD9D65ADC,0x40DF0B66,0x37D83BF0,0xA9BCAE53,0xDEBB9EC5,
-   0x47B2CF7F,0x30B5FFE9,0xBDBDF21C,0xCABAC28A,0x53B39330,0x24B4A3A6,0xBAD03605,
-   0xCDD70693,0x54DE5729,0x23D967BF,0xB3667A2E,0xC4614AB8,0x5D681B02,0x2A6F2B94,
-   0xB40BBE37,0xC30C8EA1,0x5A05DF1B,0x2D02EF8D };
-    unsigned long crc32;
-    unsigned char *byteBuf;
-    size_t i;
-
-    /** accumulate crc32 for buffer **/
-    crc32 = inCrc32 ^ 0xFFFFFFFF;
-    byteBuf = (unsigned char*) buf;
-    for (i=0; i < bufLen; i++) {
-        crc32 = (crc32 >> 8) ^ crcTable[ (crc32 ^ byteBuf[i]) & 0xFF ];
-    }
-    return( crc32 ^ 0xFFFFFFFF );
-}
-
-/*----------------------------------------------------------------------------*\
- *  END OF MODULE: crc32.c
-\*----------------------------------------------------------------------------*/

qubes-rpc/crc32.h

@@ -1,7 +0,0 @@
-#ifndef _CRC32_H
-#define _CRC32_H
-
-extern unsigned long Crc32_ComputeBuf( unsigned long inCrc32, const void *buf,
-        size_t bufLen );
-
-#endif /* _CRC32_H */

qubes-rpc/filecopy.h

@@ -1,32 +0,0 @@
-#define FILECOPY_SPOOL "/home/user/.filecopyspool"
-#define FILECOPY_VMNAME_SIZE 32
-#define PROGRESS_NOTIFY_DELTA (15*1000*1000)
-#define MAX_PATH_LENGTH 16384
-
-#define LEGAL_EOF 31415926
-
-struct file_header {
-	unsigned int namelen;
-	unsigned int mode;
-	unsigned long long filelen;
-	unsigned int atime;
-	unsigned int atime_nsec;
-	unsigned int mtime;
-	unsigned int mtime_nsec;
-};
-
-struct result_header {
-	unsigned int error_code;
-	unsigned long crc32;
-};
-
-enum {
-	COPY_FILE_OK,
-	COPY_FILE_READ_EOF,
-	COPY_FILE_READ_ERROR,
-	COPY_FILE_WRITE_ERROR
-};
-
-int copy_file(int outfd, int infd, long long size, unsigned long *crc32);
-char *copy_file_status_to_str(int status);
-void set_size_limit(long long new_bytes_limit, long long new_files_limit);

qubes-rpc/qfile-agent.c

@@ -7,12 +7,10 @@
 #include <fcntl.h>
 #include <malloc.h>
 #include <stdlib.h>
-#include <ioall.h>
 #include <unistd.h>
 #include <errno.h>
 #include <gui-fatal.h>
-#include "filecopy.h"
-#include "crc32.h"
+#include <libqubes-rpc-filecopy.h>
 
 enum {
 	PROGRESS_FLAG_NORMAL,

qubes-rpc/qfile-unpacker.c

@@ -1,5 +1,4 @@
 #define _GNU_SOURCE
-#include <ioall.h>
 #include <grp.h>
 #include <unistd.h>
 #include <stdio.h>
@@ -11,7 +10,7 @@
 #include <sys/fsuid.h>
 #include <gui-fatal.h>
 #include <errno.h>
-#include "filecopy.h"
+#include <libqubes-rpc-filecopy.h>
 #define INCOMING_DIR_ROOT "/home/user/QubesIncoming"
 int prepare_creds_return_uid(char *username)
 {
@@ -29,7 +28,10 @@ int prepare_creds_return_uid(char *username)
 	return pwd->pw_uid;
 }
 
-extern int do_unpack(void);
+
+void notify_progress(int p1, int p2)
+{
+	}
 
 int main(int argc, char ** argv)
 {

qubes-rpc/unpack.c

@@ -1,161 +0,0 @@
-#define _GNU_SOURCE /* For O_NOFOLLOW. */
-#include <errno.h>
-#include <ioall.h>
-#include <fcntl.h>
-#include <sys/time.h>
-#include <sys/stat.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <stdio.h>
-#include "filecopy.h"
-#include "crc32.h"
-
-char untrusted_namebuf[MAX_PATH_LENGTH];
-long long bytes_limit = 0;
-long long files_limit = 0;
-long long total_bytes = 0;
-long long total_files = 0;
-
-void notify_progress(int p1, int p2)
-{
-}
-
-void set_size_limit(long long new_bytes_limit, long long new_files_limit)
-{
-	bytes_limit = new_bytes_limit;
-	files_limit = new_files_limit;
-}
-
-unsigned long crc32_sum = 0;
-int read_all_with_crc(int fd, void *buf, int size) {
-	int ret;
-	ret = read_all(fd, buf, size);
-	if (ret)
-		crc32_sum = Crc32_ComputeBuf(crc32_sum, buf, size);
-	return ret;
-}
-
-void send_status_and_crc(int code) {
-	struct result_header hdr;
-	int saved_errno;
-
-	saved_errno = errno;
-	hdr.error_code = code;
-	hdr.crc32 = crc32_sum;
-	if (!write_all(1, &hdr, sizeof(hdr)))
-		perror("write status");
-	errno = saved_errno;
-}
-
-void do_exit(int code)
-{
-	close(0);
-	send_status_and_crc(code);
-	exit(code);
-}
-
-void fix_times_and_perms(struct file_header *untrusted_hdr,
-			 char *untrusted_name)
-{
-	struct timeval times[2] =
-	    { {untrusted_hdr->atime, untrusted_hdr->atime_nsec / 1000},
-	    {untrusted_hdr->mtime,
-	     untrusted_hdr->mtime_nsec / 1000}
-	};
-	if (chmod(untrusted_name, untrusted_hdr->mode & 07777))	/* safe because of chroot */
-		do_exit(errno);
-	if (utimes(untrusted_name, times))	/* as above */
-		do_exit(errno);
-}
-
-
-
-void process_one_file_reg(struct file_header *untrusted_hdr,
-			  char *untrusted_name)
-{
-	int ret;
-	int fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0700);	/* safe because of chroot */
-	if (fdout < 0)
-		do_exit(errno);
-	total_bytes += untrusted_hdr->filelen;
-	if (bytes_limit && total_bytes > bytes_limit)
-		do_exit(EDQUOT);
-	ret = copy_file(fdout, 0, untrusted_hdr->filelen, &crc32_sum);
-	if (ret != COPY_FILE_OK) {
-		if (ret == COPY_FILE_READ_EOF
-		    || ret == COPY_FILE_READ_ERROR)
-			do_exit(LEGAL_EOF);	// hopefully remote will produce error message
-		else
-			do_exit(errno);
-	}
-	close(fdout);
-	fix_times_and_perms(untrusted_hdr, untrusted_name);
-}
-
-
-void process_one_file_dir(struct file_header *untrusted_hdr,
-			  char *untrusted_name)
-{
-// fix perms only when the directory is sent for the second time
-// it allows to transfer r.x directory contents, as we create it rwx initially
-	if (!mkdir(untrusted_name, 0700))	/* safe because of chroot */
-		return;
-	if (errno != EEXIST)
-		do_exit(errno);
-	fix_times_and_perms(untrusted_hdr, untrusted_name);
-}
-
-void process_one_file_link(struct file_header *untrusted_hdr,
-			   char *untrusted_name)
-{
-	char untrusted_content[MAX_PATH_LENGTH];
-	unsigned int filelen;
-	if (untrusted_hdr->filelen > MAX_PATH_LENGTH - 1)
-		do_exit(ENAMETOOLONG);
-	filelen = untrusted_hdr->filelen;	/* sanitized above */
-	if (!read_all_with_crc(0, untrusted_content, filelen))
-		do_exit(LEGAL_EOF);	// hopefully remote has produced error message
-	untrusted_content[filelen] = 0;
-	if (symlink(untrusted_content, untrusted_name))	/* safe because of chroot */
-		do_exit(errno);
-
-}
-
-void process_one_file(struct file_header *untrusted_hdr)
-{
-	unsigned int namelen;
-	if (untrusted_hdr->namelen > MAX_PATH_LENGTH - 1)
-		do_exit(ENAMETOOLONG);
-	namelen = untrusted_hdr->namelen;	/* sanitized above */
-	if (!read_all_with_crc(0, untrusted_namebuf, namelen))
-		do_exit(LEGAL_EOF);	// hopefully remote has produced error message
-	untrusted_namebuf[namelen] = 0;
-	if (S_ISREG(untrusted_hdr->mode))
-		process_one_file_reg(untrusted_hdr, untrusted_namebuf);
-	else if (S_ISLNK(untrusted_hdr->mode))
-		process_one_file_link(untrusted_hdr, untrusted_namebuf);
-	else if (S_ISDIR(untrusted_hdr->mode))
-		process_one_file_dir(untrusted_hdr, untrusted_namebuf);
-	else
-		do_exit(EINVAL);
-}
-
-int do_unpack()
-{
-	struct file_header untrusted_hdr;
-	/* initialize checksum */
-	crc32_sum = 0;
-	while (read_all_with_crc(0, &untrusted_hdr, sizeof untrusted_hdr)) {
-		/* check for end of transfer marker */
-		if (untrusted_hdr.namelen == 0) {
-			errno = 0;
-			break;
-		}
-		process_one_file(&untrusted_hdr);
-		total_files++;
-		if (files_limit && total_files > files_limit)
-			do_exit(EDQUOT);
-	}
-	send_status_and_crc(errno);
-	return errno;
-}

rpm_spec/core-vm.spec

@@ -24,7 +24,7 @@
 
 Name:		qubes-core-vm
 Version:	%{version}
-Release:	1%{dist}
+Release:	1.1%{dist}
 Summary:	The Qubes core files for VM
 
 Group:		Qubes
@@ -47,7 +47,7 @@ Requires:   ntpdate
 Requires:   net-tools
 Requires:   nautilus-actions
 Requires:   qubes-core-vm-kernel-placeholder
-Requires:   qubes-qrexec-vm
+Requires:   qubes-utils
 Provides:   qubes-core-vm
 Obsoletes:  qubes-core-commonvm
 Obsoletes:  qubes-core-appvm
@@ -55,6 +55,7 @@ Obsoletes:  qubes-core-netvm
 Obsoletes:  qubes-core-proxyvm
 Obsoletes:  qubes-upgrade-vm < 2.0
 BuildRequires: xen-devel
+BuildRequires: qubes-utils-devel
 
 %define _builddir %(pwd)
 
@@ -71,7 +72,7 @@ ln -sf . %{name}-%{version}
 %setup -T -D
 
 %build
-for dir in qubes-rpc misc; do
+for dir in qubes-rpc qrexec misc; do
   (cd $dir; make)
 done
 
@@ -121,12 +122,8 @@ install -m 644 misc/RPM-GPG-KEY-qubes* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/
 install -D misc/xenstore-watch $RPM_BUILD_ROOT/usr/bin/xenstore-watch-qubes
 install -d $RPM_BUILD_ROOT/etc/udev/rules.d
 install -m 0644 misc/udev-qubes-misc.rules $RPM_BUILD_ROOT/etc/udev/rules.d/50-qubes-misc.rules
-install -m 0644 misc/udev-qubes-block.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes-block.rules
-install -m 0644 misc/udev-qubes-usb.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes-usb.rules
 install -d $RPM_BUILD_ROOT/usr/lib/qubes/
 install misc/qubes-download-dom0-updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/
-install misc/udev-block-* $RPM_BUILD_ROOT/usr/lib/qubes/
-install misc/udev-usb-* $RPM_BUILD_ROOT/usr/lib/qubes/
 install misc/vusb-ctl.py $RPM_BUILD_ROOT/usr/lib/qubes/
 install misc/qubes-trigger-sync-appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/
 install -D -m 0644 misc/qubes-trigger-sync-appmenus.action $RPM_BUILD_ROOT/etc/yum/post-actions/qubes-trigger-sync-appmenus.action
@@ -134,6 +131,8 @@ install -D misc/polkit-1-qubes-allow-all.pkla $RPM_BUILD_ROOT/etc/polkit-1/local
 install -D misc/polkit-1-qubes-allow-all.rules $RPM_BUILD_ROOT/etc/polkit-1/rules.d/00-qubes-allow-all.rules
 mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
 
+(cd qrexec; make install DESTDIR=$RPM_BUILD_ROOT)
+
 if [ -r misc/dispvm-dotfiles.%{dist}.tbz ]; then
     install misc/dispvm-dotfiles.%{dist}.tbz $RPM_BUILD_ROOT/etc/dispvm-dotfiles.tbz
 else
@@ -377,6 +376,7 @@ rm -f %{name}-%{version}
 /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes*
 /etc/polkit-1/localauthority/50-local.d/qubes-allow-all.pkla
 /etc/polkit-1/rules.d/00-qubes-allow-all.rules
+%dir /etc/qubes-rpc
 /etc/qubes-rpc/qubes.Filecopy
 /etc/qubes-rpc/qubes.OpenInVM
 /etc/qubes-rpc/qubes.GetAppmenus
@@ -393,9 +393,7 @@ rm -f %{name}-%{version}
 %config(noreplace) /etc/tinyproxy/filter-qubes-yum
 %config(noreplace) /etc/tinyproxy/tinyproxy-qubes-yum.conf
 /etc/udev/rules.d/50-qubes-misc.rules
-/etc/udev/rules.d/99-qubes-block.rules
 /etc/udev/rules.d/99-qubes-network.rules
-/etc/udev/rules.d/99-qubes-usb.rules
 /etc/xdg/nautilus-actions/nautilus-actions.conf
 /etc/xen/scripts/vif-route-qubes
 %config(noreplace) /etc/yum.conf.d/qubes-proxy.conf
@@ -410,17 +408,16 @@ rm -f %{name}-%{version}
 /usr/bin/qvm-mru-entry
 /usr/bin/xenstore-watch-qubes
 %dir /usr/lib/qubes
-/usr/lib/qubes/udev-block-add-change
-/usr/lib/qubes/udev-block-cleanup
-/usr/lib/qubes/udev-block-remove
-/usr/lib/qubes/udev-usb-add-change
-/usr/lib/qubes/udev-usb-remove
 /usr/lib/qubes/vusb-ctl.py*
 /usr/lib/qubes/dispvm-prerun.sh
 /usr/lib/qubes/sync-ntp-clock
 /usr/lib/qubes/prepare-suspend
 /usr/lib/qubes/meminfo-writer
 /usr/lib/qubes/network-manager-prepare-conf-dir
+/usr/lib/qubes/qrexec-agent
+/usr/lib/qubes/qrexec-client-vm
+/usr/lib/qubes/qrexec_client_vm
+/usr/lib/qubes/qubes-rpc-multiplexer
 /usr/lib/qubes/qfile-agent
 %attr(4755,root,root) /usr/lib/qubes/qfile-unpacker
 /usr/lib/qubes/qopen-in-vm
@@ -464,6 +461,7 @@ The Qubes core startup configuration for SysV init (or upstart).
 /etc/init.d/qubes-firewall
 /etc/init.d/qubes-netwatcher
 /etc/init.d/qubes-yum-proxy
+/etc/init.d/qubes-qrexec-agent
 
 %post sysvinit
 
@@ -499,6 +497,8 @@ chkconfig --add qubes-netwatcher || echo "WARNING: Cannot add service qubes-netw
 chkconfig qubes-netwatcher on || echo "WARNING: Cannot enable service qubes-netwatcher!"
 chkconfig --add qubes-yum-proxy || echo "WARNING: Cannot add service qubes-yum-proxy!"
 chkconfig qubes-yum-proxy on || echo "WARNING: Cannot enable service qubes-yum-proxy!"
+chkconfig --add qubes-qrexec-agent || echo "WARNING: Cannot add service qubes-qrexec-agent!"
+chkconfig qubes-qrexec-agent on || echo "WARNING: Cannot enable service qubes-qrexec-agent!"
 
 # TODO: make this not display the silly message about security context...
 sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab
@@ -512,6 +512,7 @@ if [ "$1" = 0 ] ; then
     chkconfig qubes-firewall off
     chkconfig qubes-netwatcher off
     chkconfig qubes-yum-proxy off
+    chkconfig qubes-qrexec-agent off
 fi
 
 %package systemd
@@ -541,6 +542,7 @@ The Qubes core startup configuration for SystemD init.
 /lib/systemd/system/qubes-update-check.service
 /lib/systemd/system/qubes-update-check.timer
 /lib/systemd/system/qubes-yum-proxy.service
+/lib/systemd/system/qubes-qrexec-agent.service
 %dir /usr/lib/qubes/init
 /usr/lib/qubes/init/prepare-dvm.sh
 /usr/lib/qubes/init/network-proxy-setup.sh
@@ -557,7 +559,7 @@ The Qubes core startup configuration for SystemD init.
 
 %post systemd
 
-for srv in qubes-dvm qubes-meminfo-writer qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-yum-proxy; do
+for srv in qubes-dvm qubes-meminfo-writer qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-yum-proxy qubes-qrexec-agent; do
     /bin/systemctl enable $srv.service 2> /dev/null
 done
 
@@ -615,6 +617,6 @@ if [ "$1" != 0 ] ; then
     exit 0
 fi
 
-for srv in qubes-dvm qubes-meminfo-writer qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network; do
+for srv in qubes-dvm qubes-meminfo-writer qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-qrexec-agenT; DO
     /bin/systemctl disable $srv.service
 do

vm-init.d/qubes-qrexec-agent

@@ -0,0 +1,39 @@
+#!/bin/sh
+#
+# chkconfig: 345 90 90
+# description: Executes Qubes core scripts at VM boot
+#
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+start()
+{
+	echo -n $"Starting Qubes RPC agent:"
+
+	/usr/lib/qubes/qrexec-agent 2>/var/log/qubes/qrexec-agent.log &
+
+	success
+	echo ""
+
+	return 0
+}
+
+stop()
+{
+    killproc qrexec-agent
+}
+
+case "$1" in
+  start)
+	start
+	;;
+  stop)
+	stop
+	;;
+  *)
+	echo $"Usage: $0 {start|stop}"
+	exit 3
+	;;
+esac
+
+exit $RETVAL

vm-systemd/qubes-qrexec-agent.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Qubes remote exec agent
+After=qubes-dvm.service
+
+[Service]
+ExecStart=/usr/lib/qubes/qrexec-agent
+StandardOutput=syslog
+
+[Install]
+WantedBy=multi-user.target