diff --git a/misc/udev-block-add-change b/misc/udev-block-add-change deleted file mode 100755 index 7b65a2d..0000000 --- a/misc/udev-block-add-change +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/bash - -NAME=${DEVNAME#/dev/} -DESC="${ID_MODEL} (${ID_FS_LABEL})" -SIZE=$[ $(cat /sys/$DEVPATH/size) * 512 ] -MODE=w -XS_KEY="qubes-block-devices/$NAME" - -xs_remove() { - if [ "$QUBES_EXPOSED" == "1" ]; then - xenstore-rm "$XS_KEY" - fi - echo QUBES_EXPOSED=0 -} - -# Ignore mounted... -if fgrep -q $DEVNAME /proc/mounts; then - xs_remove - exit 0 -fi -# ... and used by device-mapper -if [ -n "`ls -A /sys/$DEVPATH/holders 2> /dev/null`" ]; then - xs_remove - exit 0 -fi -# ... and "empty" loop devices -if [ "$MAJOR" -eq 7 -a ! -d /sys/$DEVPATH/loop ]; then - xs_remove - exit 0 -fi - -# Special case for CD -if [ "$ID_TYPE" = "cd" ]; then - if [ "$ID_CDROM_MEDIA" != "1" ]; then - # Hide empty cdrom drive - xs_remove - exit 0 - fi - MODE=r -fi - -# Special description for loop devices -if [ -d /sys/$DEVPATH/loop ]; then - DESC=$(cat /sys/$DEVPATH/loop/backing_file) -fi - -# Get lock only in dom0 - there are so many block devices so it causes xenstore -# deadlocks sometimes. -if [ -f /etc/qubes-release ]; then - # Skip xenstore-write if cannot obtain lock. This can mean very early system startup - # stage without /run mounted (or populated). Devices will be rediscovered later - # by qubes-core startup script. - exec 9>>/var/run/qubes/block-xenstore.lock || exit 0 - flock 9 -fi - -xenstore-write "$XS_KEY/desc" "$DESC" "$XS_KEY/size" "$SIZE" "$XS_KEY/mode" "$MODE" -echo QUBES_EXPOSED=1 - -# Make sure that block backend is loaded -/sbin/modprobe xen-blkback 2> /dev/null || /sbin/modprobe blkbk diff --git a/misc/udev-block-cleanup b/misc/udev-block-cleanup deleted file mode 100755 index bc4535f..0000000 --- a/misc/udev-block-cleanup +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -DEVID=$[ $MAJOR * 256 + $MINOR ] - -XS_PATH="device/vbd/$DEVID" - -# Double check that DEVID is not empty -[ -n "$DEVID" ] && xenstore-rm $XS_PATH diff --git a/misc/udev-block-remove b/misc/udev-block-remove deleted file mode 100755 index 21502c3..0000000 --- a/misc/udev-block-remove +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -NAME=${DEVNAME#/dev/} -XS_KEY="qubes-block-devices/$NAME" -xenstore-rm "$XS_KEY" - -# If device was connected to some VM - detach it -# Notice: this can be run also in VM, so we cannot use xl... - -device_detach() { - xs_path=$1 - - xenstore-write $xs_path/online 0 $xs_path/state 5 - - # Wait for backend to finish dev shutdown - try=30 - # -lt will break loop also when 'state' will be empty - while [ "`xenstore-read $xs_path/state 2> /dev/null`" -lt 6 ]; do - try=$[ $try - 1 ] - [ "$try" -le 0 ] && break - sleep 0.1 - done - xenstore-rm $xs_path -} - -for XS_DEV_PATH in `xenstore-ls -f backend/vbd | grep 'backend/vbd/[0-9]*/[0-9]* ' | cut -f 1 -d ' '`; do - CUR_DEVICE=`xenstore-read "$XS_DEV_PATH/params"` - if [ "$CUR_DEVICE" == "$DEVNAME" ]; then - device_detach "$XS_DEV_PATH" - exit 0 - fi -done diff --git a/misc/udev-qubes-block.rules b/misc/udev-qubes-block.rules deleted file mode 100644 index 364f5b2..0000000 --- a/misc/udev-qubes-block.rules +++ /dev/null @@ -1,20 +0,0 @@ -# Expose all (except xen-frontend) block devices via xenstore - -# Only block devices are interesting -SUBSYSTEM!="block", GOTO="qubes_block_end" - -# Skip xen-blkfront devices -ENV{MAJOR}=="202", GOTO="qubes_block_end" - -# Skip device-mapper devices -ENV{MAJOR}=="253", GOTO="qubes_block_end" - -IMPORT{db}="QUBES_EXPOSED" -ACTION=="add", IMPORT{program}="/usr/lib/qubes/udev-block-add-change" -ACTION=="change", IMPORT{program}="/usr/lib/qubes/udev-block-add-change" -ACTION=="remove", RUN+="/usr/lib/qubes/udev-block-remove" - -LABEL="qubes_block_end" - -# Cleanup disconnected frontend from xenstore -ACTION=="remove", SUBSYSTEM=="block", ENV{MAJOR}=="202", RUN+="/usr/lib/qubes/udev-block-cleanup" diff --git a/misc/udev-qubes-usb.rules b/misc/udev-qubes-usb.rules deleted file mode 100644 index e5e24a0..0000000 --- a/misc/udev-qubes-usb.rules +++ /dev/null @@ -1,10 +0,0 @@ -# Expose all USB devices (except block) via xenstore - -# Handle only USB devices -SUBSYSTEM!="usb", GOTO="qubes_usb_end" - -ACTION=="add", IMPORT{program}="/usr/lib/qubes/udev-usb-add-change" -ACTION=="change", IMPORT{program}="/usr/lib/qubes/udev-usb-add-change" -ACTION=="remove", RUN+="/usr/lib/qubes/udev-usb-remove" - -LABEL="qubes_usb_end" diff --git a/misc/udev-usb-add-change b/misc/udev-usb-add-change deleted file mode 100755 index 9e93cbe..0000000 --- a/misc/udev-usb-add-change +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh - -## -## This script is invoked by udev rules whenever USB device appears or -## changes. This happens in usbvm domain (or dom0 if USB controller -## drivers are in dom0). The script records information about available -## USB devices into XS directory, making it available to qvm-usb tool -## running in dom0. -## - -# FIXME: Ignore USB hubs and other wierd devices (see also in usb-remove). -[ "`echo $TYPE | cut -f1 -d/`" = "9" ] && exit 0 -[ "$DEVTYPE" != "usb_device" ] && exit 0 - -# xenstore doesn't allow dot in key name -XSNAME=`basename ${DEVPATH} | tr . _` - -# FIXME: For some devices (my Cherry keyboard) ID_SERIAL does not -# contain proper human-readable name, should find better method to -# build devide description. -#DESC=`python -c "dev='%d-%d' % (int('${BUSNUM}'.lstrip('0')), (int('${DEVNUM}'.lstrip('0'))-1)); from xen.util import vusb_util; print vusb_util.get_usbdevice_info(dev);"` -DESC="${ID_VENDOR_ID}:${ID_MODEL_ID} ${ID_SERIAL}" - -VERSION=`cat /sys/$DEVPATH/version` -if [ "${VERSION}" = " 1.00" -o "${VERSION}" = " 1.10" ] ; then - VERSION=1 -elif [ "${VERSION}" = " 2.00" ] ; then - VERSION=2 -else - # FIXME: silently ignoring devices with unexpected USB version - exit 0 -fi - -XS_KEY="qubes-usb-devices/$XSNAME" - -xenstore-write "$XS_KEY/desc" "$DESC" -xenstore-write "$XS_KEY/usb-ver" "$VERSION" - -# Make sure PVUSB backend driver is loaded. -/sbin/modprobe xen-usbback 2> /dev/null || /sbin/modprobe usbbk diff --git a/misc/udev-usb-remove b/misc/udev-usb-remove deleted file mode 100755 index aa562fa..0000000 --- a/misc/udev-usb-remove +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -# FIXME: Ignore USB hubs. -[ "`echo $TYPE | cut -f1 -d/`" = "9" ] && exit 0 - -NAME=`basename ${DEVPATH} | tr . _` -XS_KEY="qubes-usb-devices/$NAME" - -xenstore-rm "$XS_KEY" diff --git a/qrexec/Makefile b/qrexec/Makefile new file mode 100644 index 0000000..f0040f2 --- /dev/null +++ b/qrexec/Makefile @@ -0,0 +1,25 @@ +CC=gcc +CFLAGS+=-I. -g -Wall -pie -fPIC +XENLIBS=-lvchan -lxenstore -lxenctrl +LIBS=$(XENLIBS) -lqrexec-utils + +all: qrexec-agent qrexec-client-vm +qrexec-daemon: qrexec-daemon.o + $(CC) -pie -g -o qrexec-daemon qrexec-daemon.o $(LIBS) +qrexec-agent: qrexec-agent.o + $(CC) -pie -g -o qrexec-agent qrexec-agent.o $(LIBS) +qrexec-client: qrexec-client.o + $(CC) -pie -g -o qrexec-client qrexec-client.o $(LIBS) +qrexec-client-vm: qrexec-client-vm.o + $(CC) -pie -g -o qrexec-client-vm qrexec-client-vm.o +clean: + rm -f *.o *~ qrexec-agent qrexec-client-vm + +install: + install -d $(DESTDIR)/etc/qubes-rpc + install -d $(DESTDIR)/usr/lib/qubes + install qrexec-agent $(DESTDIR)/usr/lib/qubes + install qrexec-client-vm $(DESTDIR)/usr/lib/qubes + ln -s qrexec-client-vm $(DESTDIR)/usr/lib/qubes/qrexec_client_vm + install qubes-rpc-multiplexer $(DESTDIR)/usr/lib/qubes + diff --git a/qrexec/qrexec-agent.c b/qrexec/qrexec-agent.c new file mode 100644 index 0000000..1e833d9 --- /dev/null +++ b/qrexec/qrexec-agent.c @@ -0,0 +1,594 @@ +/* + * The Qubes OS Project, http://www.qubes-os.org + * + * Copyright (C) 2010 Rafal Wojtczuk + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "qrexec.h" +#include "libqrexec-utils.h" + +enum fdtype { + FDTYPE_INVALID, + FDTYPE_STDOUT, + FDTYPE_STDERR +}; + +struct _process_fd { + int client_id; + int type; + int is_blocked; +}; +struct _client_info { + int stdin_fd; + int stdout_fd; + int stderr_fd; + + int exit_status; + int is_exited; + int pid; + int is_blocked; + int is_close_after_flush_needed; + struct buffer buffer; +}; + +int max_process_fd = -1; + +/* indexed by file descriptor */ +struct _process_fd process_fd[MAX_FDS]; + +/* indexed by client id, which is descriptor number of a client in daemon */ +struct _client_info client_info[MAX_FDS]; + +int trigger_fd; +int passfd_socket; + +int meminfo_write_started = 0; + +void init() +{ + peer_server_init(REXEC_PORT); + umask(0); + mkfifo(QREXEC_AGENT_TRIGGER_PATH, 0666); + passfd_socket = get_server_socket(QREXEC_AGENT_FDPASS_PATH); + umask(077); + trigger_fd = + open(QREXEC_AGENT_TRIGGER_PATH, O_RDONLY | O_NONBLOCK); +} + +void wake_meminfo_writer() { + FILE *f; + pid_t pid; + + if (meminfo_write_started) + /* wake meminfo-writer only once */ + return; + + f = fopen(MEMINFO_WRITER_PIDFILE, "r"); + if (f == NULL) { + /* no meminfo-writer found, ignoring */ + return; + } + if (fscanf(f, "%d", &pid) < 1) { + /* no meminfo-writer found, ignoring */ + return; + } + + fclose(f); + kill(pid, SIGUSR1); + meminfo_write_started = 1; +} + +void no_colon_in_cmd() +{ + fprintf(stderr, + "cmdline is supposed to be in user:command form\n"); + exit(1); +} + +void do_exec(char *cmd) +{ + char buf[strlen(QUBES_RPC_MULTIPLEXER_PATH) + strlen(cmd) - strlen(QUBES_RPC_MAGIC_CMD) + 1]; + char *realcmd = index(cmd, ':'); + if (!realcmd) + no_colon_in_cmd(); + /* mark end of username and move to command */ + *realcmd = 0; + realcmd++; + /* ignore "nogui:" prefix in linux agent */ + if (strncmp(realcmd, "nogui:", 6) == 0) + realcmd+=6; + /* replace magic RPC cmd with RPC multiplexer path */ + if (strncmp(realcmd, QUBES_RPC_MAGIC_CMD " ", strlen(QUBES_RPC_MAGIC_CMD)+1)==0) { + strcpy(buf, QUBES_RPC_MULTIPLEXER_PATH); + strcpy(buf + strlen(QUBES_RPC_MULTIPLEXER_PATH), realcmd + strlen(QUBES_RPC_MAGIC_CMD)); + realcmd = buf; + } + signal(SIGCHLD, SIG_DFL); + signal(SIGPIPE, SIG_DFL); + + execl("/bin/su", "su", "-", cmd, "-c", realcmd, NULL); + perror("execl"); + exit(1); +} + +void handle_just_exec(int client_id, int len) +{ + char buf[len]; + int fdn, pid; + + read_all_vchan_ext(buf, len); + switch (pid = fork()) { + case -1: + perror("fork"); + exit(1); + case 0: + fdn = open("/dev/null", O_RDWR); + fix_fds(fdn, fdn, fdn); + do_exec(buf); + perror("execl"); + exit(1); + default:; + } + fprintf(stderr, "executed (nowait) %s pid %d\n", buf, pid); +} + +void create_info_about_client(int client_id, int pid, int stdin_fd, + int stdout_fd, int stderr_fd) +{ + process_fd[stdout_fd].client_id = client_id; + process_fd[stdout_fd].type = FDTYPE_STDOUT; + process_fd[stdout_fd].is_blocked = 0; + process_fd[stderr_fd].client_id = client_id; + process_fd[stderr_fd].type = FDTYPE_STDERR; + process_fd[stderr_fd].is_blocked = 0; + + if (stderr_fd > max_process_fd) + max_process_fd = stderr_fd; + if (stdout_fd > max_process_fd) + max_process_fd = stdout_fd; + + set_nonblock(stdin_fd); + + client_info[client_id].stdin_fd = stdin_fd; + client_info[client_id].stdout_fd = stdout_fd; + client_info[client_id].stderr_fd = stderr_fd; + client_info[client_id].exit_status = 0; + client_info[client_id].is_exited = 0; + client_info[client_id].pid = pid; + client_info[client_id].is_blocked = 0; + client_info[client_id].is_close_after_flush_needed = 0; + buffer_init(&client_info[client_id].buffer); +} + +void handle_exec(int client_id, int len) +{ + char buf[len]; + int pid, stdin_fd, stdout_fd, stderr_fd; + + read_all_vchan_ext(buf, len); + + do_fork_exec(buf, &pid, &stdin_fd, &stdout_fd, &stderr_fd); + + create_info_about_client(client_id, pid, stdin_fd, stdout_fd, + stderr_fd); + + fprintf(stderr, "executed %s pid %d\n", buf, pid); + +} + +void handle_connect_existing(int client_id, int len) +{ + int stdin_fd, stdout_fd, stderr_fd; + char buf[len]; + read_all_vchan_ext(buf, len); + sscanf(buf, "%d %d %d", &stdin_fd, &stdout_fd, &stderr_fd); + create_info_about_client(client_id, -1, stdin_fd, stdout_fd, + stderr_fd); + client_info[client_id].is_exited = 1; //do not wait for SIGCHLD +} + +void update_max_process_fd() +{ + int i; + for (i = max_process_fd; + process_fd[i].type == FDTYPE_INVALID && i >= 0; i--); + max_process_fd = i; +} + +void send_exit_code(int client_id, int status) +{ + struct server_header s_hdr; + s_hdr.type = MSG_AGENT_TO_SERVER_EXIT_CODE; + s_hdr.client_id = client_id; + s_hdr.len = sizeof status; + write_all_vchan_ext(&s_hdr, sizeof s_hdr); + write_all_vchan_ext(&status, sizeof(status)); + fprintf(stderr, "send exit code %d for client_id %d pid %d\n", + status, client_id, client_info[client_id].pid); +} + + +// erase process data structures, possibly forced by remote +void remove_process(int client_id, int status) +{ + int i; + if (!client_info[client_id].pid) + return; + if (client_info[client_id].stdin_fd >= 0) + fork_and_flush_stdin(client_info[client_id].stdin_fd, + &client_info[client_id].buffer); +#if 0 +// let's let it die by itself, possibly after it has received buffered stdin + kill(client_info[client_id].pid, SIGKILL); +#endif + if (status != -1) + send_exit_code(client_id, status); + + + close(client_info[client_id].stdin_fd); + client_info[client_id].pid = 0; + client_info[client_id].stdin_fd = -1; + client_info[client_id].is_blocked = 0; + buffer_free(&client_info[client_id].buffer); + + for (i = 0; i <= max_process_fd; i++) + if (process_fd[i].type != FDTYPE_INVALID + && process_fd[i].client_id == client_id) { + process_fd[i].type = FDTYPE_INVALID; + process_fd[i].client_id = -1; + process_fd[i].is_blocked = 0; + close(i); + } + update_max_process_fd(); +} + +// remove process not immediately after it has exited, but after its stdout and stderr has been drained +// previous method implemented in flush_out_err was broken - it cannot work when peer signalled it is blocked +void possibly_remove_process(int client_id) +{ + if (client_info[client_id].stdout_fd == -1 && + client_info[client_id].stderr_fd == -1 && + client_info[client_id].is_exited) + remove_process(client_id, + client_info[client_id].exit_status); +} + + +void handle_input(int client_id, int len) +{ + char buf[len]; + + read_all_vchan_ext(buf, len); + if (!client_info[client_id].pid || client_info[client_id].stdin_fd == -1) + return; + + if (len == 0) { + if (client_info[client_id].is_blocked) + client_info[client_id].is_close_after_flush_needed + = 1; + else { + close(client_info[client_id].stdin_fd); + client_info[client_id].stdin_fd = -1; + } + return; + } + + switch (write_stdin + (client_info[client_id].stdin_fd, client_id, buf, len, + &client_info[client_id].buffer)) { + case WRITE_STDIN_OK: + break; + case WRITE_STDIN_BUFFERED: + client_info[client_id].is_blocked = 1; + break; + case WRITE_STDIN_ERROR: + // do not remove process, as it still can write data to stdout + close(client_info[client_id].stdin_fd); + client_info[client_id].stdin_fd = -1; + client_info[client_id].is_blocked = 0; + break; + default: + fprintf(stderr, "unknown write_stdin?\n"); + exit(1); + } + +} + +void set_blocked_outerr(int client_id, int val) +{ + process_fd[client_info[client_id].stdout_fd].is_blocked = val; + process_fd[client_info[client_id].stderr_fd].is_blocked = val; +} + +void handle_server_data() +{ + struct server_header s_hdr; + read_all_vchan_ext(&s_hdr, sizeof s_hdr); + +// fprintf(stderr, "got %x %x %x\n", s_hdr.type, s_hdr.client_id, +// s_hdr.len); + + switch (s_hdr.type) { + case MSG_XON: + set_blocked_outerr(s_hdr.client_id, 0); + break; + case MSG_XOFF: + set_blocked_outerr(s_hdr.client_id, 1); + break; + case MSG_SERVER_TO_AGENT_CONNECT_EXISTING: + handle_connect_existing(s_hdr.client_id, s_hdr.len); + break; + case MSG_SERVER_TO_AGENT_EXEC_CMDLINE: + wake_meminfo_writer(); + handle_exec(s_hdr.client_id, s_hdr.len); + break; + case MSG_SERVER_TO_AGENT_JUST_EXEC: + wake_meminfo_writer(); + handle_just_exec(s_hdr.client_id, s_hdr.len); + break; + case MSG_SERVER_TO_AGENT_INPUT: + handle_input(s_hdr.client_id, s_hdr.len); + break; + case MSG_SERVER_TO_AGENT_CLIENT_END: + remove_process(s_hdr.client_id, -1); + break; + default: + fprintf(stderr, "msg type from daemon is %d ?\n", + s_hdr.type); + exit(1); + } +} + +void handle_process_data(int fd) +{ + struct server_header s_hdr; + char buf[MAX_DATA_CHUNK]; + int ret; + int len; + + len = buffer_space_vchan_ext(); + if (len <= sizeof s_hdr) + return; + + ret = read(fd, buf, len - sizeof s_hdr); + s_hdr.client_id = process_fd[fd].client_id; + + if (process_fd[fd].type == FDTYPE_STDOUT) + s_hdr.type = MSG_AGENT_TO_SERVER_STDOUT; + else if (process_fd[fd].type == FDTYPE_STDERR) + s_hdr.type = MSG_AGENT_TO_SERVER_STDERR; + else { + fprintf(stderr, "fd=%d, client_id=%d, type=%d ?\n", fd, + process_fd[fd].client_id, process_fd[fd].type); + exit(1); + } + s_hdr.len = ret; + if (ret >= 0) { + write_all_vchan_ext(&s_hdr, sizeof s_hdr); + write_all_vchan_ext(buf, ret); + } + if (ret == 0) { + int client_id = process_fd[fd].client_id; + if (process_fd[fd].type == FDTYPE_STDOUT) + client_info[client_id].stdout_fd = -1; + else + client_info[client_id].stderr_fd = -1; + + process_fd[fd].type = FDTYPE_INVALID; + process_fd[fd].client_id = -1; + process_fd[fd].is_blocked = 0; + close(fd); + update_max_process_fd(); + possibly_remove_process(client_id); + } + if (ret < 0) + remove_process(process_fd[fd].client_id, 127); +} + +volatile int child_exited; + +void sigchld_handler(int x) +{ + child_exited = 1; + signal(SIGCHLD, sigchld_handler); +} + +int find_info(int pid) +{ + int i; + for (i = 0; i < MAX_FDS; i++) + if (client_info[i].pid == pid) + return i; + return -1; +} + + +void handle_process_data_all(fd_set * select_fds) +{ + int i; + for (i = 0; i <= max_process_fd; i++) + if (process_fd[i].type != FDTYPE_INVALID + && FD_ISSET(i, select_fds)) + handle_process_data(i); +} + +void reap_children() +{ + int status; + int pid; + int client_id; + while ((pid = waitpid(-1, &status, WNOHANG)) > 0) { + client_id = find_info(pid); + if (client_id < 0) + continue; + client_info[client_id].is_exited = 1; + client_info[client_id].exit_status = status; + possibly_remove_process(client_id); + } + child_exited = 0; +} + +int fill_fds_for_select(fd_set * rdset, fd_set * wrset) +{ + int max = -1; + int fd, i; + FD_ZERO(rdset); + FD_ZERO(wrset); + + for (i = 0; i <= max_process_fd; i++) + if (process_fd[i].type != FDTYPE_INVALID + && !process_fd[i].is_blocked) { + FD_SET(i, rdset); + max = i; + } + + FD_SET(trigger_fd, rdset); + if (trigger_fd > max) + max = trigger_fd; + FD_SET(passfd_socket, rdset); + if (passfd_socket > max) + max = passfd_socket; + + for (i = 0; i < MAX_FDS; i++) + if (client_info[i].pid && client_info[i].is_blocked) { + fd = client_info[i].stdin_fd; + FD_SET(fd, wrset); + if (fd > max) + max = fd; + } + return max; +} + +void flush_client_data_agent(int client_id) +{ + struct _client_info *info = &client_info[client_id]; + switch (flush_client_data + (info->stdin_fd, client_id, &info->buffer)) { + case WRITE_STDIN_OK: + info->is_blocked = 0; + if (info->is_close_after_flush_needed) { + close(info->stdin_fd); + info->stdin_fd = -1; + info->is_close_after_flush_needed = 0; + } + break; + case WRITE_STDIN_ERROR: + // do not remove process, as it still can write data to stdout + info->is_blocked = 0; + close(info->stdin_fd); + info->stdin_fd = -1; + info->is_close_after_flush_needed = 0; + break; + case WRITE_STDIN_BUFFERED: + break; + default: + fprintf(stderr, "unknown flush_client_data?\n"); + exit(1); + } +} + +void handle_new_passfd() +{ + int fd = do_accept(passfd_socket); + if (fd >= MAX_FDS) { + fprintf(stderr, "too many clients ?\n"); + exit(1); + } + // let client know what fd has been allocated + write(fd, &fd, sizeof(fd)); +} + + +void handle_trigger_io() +{ + struct server_header s_hdr; + struct trigger_connect_params params; + int ret; + + s_hdr.client_id = 0; + s_hdr.len = 0; + ret = read(trigger_fd, ¶ms, sizeof(params)); + if (ret == sizeof(params)) { + s_hdr.type = MSG_AGENT_TO_SERVER_TRIGGER_CONNECT_EXISTING; + write_all_vchan_ext(&s_hdr, sizeof s_hdr); + write_all_vchan_ext(¶ms, sizeof params); + } +// trigger_fd is nonblock - so no need to reopen +// not really, need to reopen at EOF + if (ret <= 0) { + close(trigger_fd); + trigger_fd = + open(QREXEC_AGENT_TRIGGER_PATH, O_RDONLY | O_NONBLOCK); + } +} + +int main() +{ + fd_set rdset, wrset; + int max; + int i; + sigset_t chld_set; + + init(); + signal(SIGCHLD, sigchld_handler); + signal(SIGPIPE, SIG_IGN); + sigemptyset(&chld_set); + sigaddset(&chld_set, SIGCHLD); + + + for (;;) { + sigprocmask(SIG_BLOCK, &chld_set, NULL); + if (child_exited) + reap_children(); + max = fill_fds_for_select(&rdset, &wrset); + if (buffer_space_vchan_ext() <= + sizeof(struct server_header)) + FD_ZERO(&rdset); + + wait_for_vchan_or_argfd(max, &rdset, &wrset); + sigprocmask(SIG_UNBLOCK, &chld_set, NULL); + + if (FD_ISSET(passfd_socket, &rdset)) + handle_new_passfd(); + + while (read_ready_vchan_ext()) + handle_server_data(); + + if (FD_ISSET(trigger_fd, &rdset)) + handle_trigger_io(); + + handle_process_data_all(&rdset); + for (i = 0; i <= MAX_FDS; i++) + if (client_info[i].pid + && client_info[i].is_blocked + && FD_ISSET(client_info[i].stdin_fd, &wrset)) + flush_client_data_agent(i); + } +} diff --git a/qrexec/qrexec-client-vm.c b/qrexec/qrexec-client-vm.c new file mode 100644 index 0000000..755f6df --- /dev/null +++ b/qrexec/qrexec-client-vm.c @@ -0,0 +1,109 @@ +/* + * The Qubes OS Project, http://www.qubes-os.org + * + * Copyright (C) 2010 Rafal Wojtczuk + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + */ +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include "qrexec.h" +int connect_unix_socket() +{ + int s, len; + struct sockaddr_un remote; + + if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { + perror("socket"); + return -1; + } + + remote.sun_family = AF_UNIX; + strncpy(remote.sun_path, QREXEC_AGENT_FDPASS_PATH, + sizeof(remote.sun_path)); + len = strlen(remote.sun_path) + sizeof(remote.sun_family); + if (connect(s, (struct sockaddr *) &remote, len) == -1) { + perror("connect"); + exit(1); + } + return s; +} + +char *get_program_name(char *prog) +{ + char *basename = rindex(prog, '/'); + if (basename) + return basename + 1; + else + return prog; +} + +int main(int argc, char **argv) +{ + int trigger_fd; + struct trigger_connect_params params; + int local_fd[3], remote_fd[3]; + int i; + char *abs_exec_path; + + if (argc < 4) { + fprintf(stderr, + "usage: %s target_vmname program_ident local_program [local program arguments]\n", + argv[0]); + exit(1); + } + + trigger_fd = open(QREXEC_AGENT_TRIGGER_PATH, O_WRONLY); + if (trigger_fd < 0) { + perror("open " QREXEC_AGENT_TRIGGER_PATH); + exit(1); + } + + for (i = 0; i < 3; i++) { + local_fd[i] = connect_unix_socket(); + read(local_fd[i], &remote_fd[i], sizeof(remote_fd[i])); + if (i != 2 || getenv("PASS_LOCAL_STDERR")) { + char *env; + asprintf(&env, "SAVED_FD_%d=%d", i, dup(i)); + putenv(env); + dup2(local_fd[i], i); + close(local_fd[i]); + } + } + + memset(¶ms, 0, sizeof(params)); + strncpy(params.exec_index, argv[2], sizeof(params.exec_index)); + strncpy(params.target_vmname, argv[1], + sizeof(params.target_vmname)); + snprintf(params.process_fds.ident, + sizeof(params.process_fds.ident), "%d %d %d", + remote_fd[0], remote_fd[1], remote_fd[2]); + + write(trigger_fd, ¶ms, sizeof(params)); + close(trigger_fd); + + abs_exec_path = strdup(argv[3]); + argv[3] = get_program_name(argv[3]); + execv(abs_exec_path, argv + 3); + perror("execv"); + return 1; +} diff --git a/qrexec/qubes-rpc-multiplexer b/qrexec/qubes-rpc-multiplexer new file mode 100755 index 0000000..2818de5 --- /dev/null +++ b/qrexec/qubes-rpc-multiplexer @@ -0,0 +1,24 @@ +#!/bin/sh +QUBES_RPC=/etc/qubes-rpc +# XXX: Backward compatibility +DEPRECATED_QUBES_RPC=/etc/qubes_rpc +if ! [ $# = 2 ] ; then + echo $0: bad argument count >&2 + exit 1 +fi +export QREXEC_REMOTE_DOMAIN="$2" +CFG_FILE=$QUBES_RPC/"$1" +if [ -s "$CFG_FILE" ] ; then + exec /bin/sh "$CFG_FILE" + echo "$0: failed to execute handler for" "$1" >&2 + exit 1 +fi +CFG_FILE=$DEPRECATED_QUBES_RPC/"$1" +if [ -s "$CFG_FILE" ] ; then + echo "$0: RPC service '$1' uses deprecated directory, please move to $QUBES_RPC" >&2 + exec /bin/sh "$CFG_FILE" + echo "$0: failed to execute handler for" "$1" >&2 + exit 1 +fi +echo "$0: nonexistent or empty" "$CFG_FILE" file >&2 +exit 1 diff --git a/qubes-rpc/Makefile b/qubes-rpc/Makefile index 235c22c..4f153b2 100644 --- a/qubes-rpc/Makefile +++ b/qubes-rpc/Makefile @@ -5,10 +5,10 @@ vm-file-editor: vm-file-editor.o ioall.o $(CC) -pie -g -o $@ $^ qopen-in-vm: qopen-in-vm.o ioall.o gui-fatal.o $(CC) -pie -g -o $@ $^ -qfile-agent: qfile-agent.o ioall.o gui-fatal.o copy-file.o crc32.o - $(CC) -pie -g -o $@ $^ -qfile-unpacker: qfile-unpacker.o ioall.o gui-fatal.o copy-file.o unpack.o crc32.o - $(CC) -pie -g -o $@ $^ +qfile-agent: qfile-agent.o gui-fatal.o + $(CC) -pie -g -o $@ $^ -lqubes-rpc-filecopy +qfile-unpacker: qfile-unpacker.o gui-fatal.o + $(CC) -pie -g -o $@ $^ -lqubes-rpc-filecopy clean: rm -f qopen-in-vm qfile-agent qfile-unpacker vm-file-editor *.o *~ diff --git a/qubes-rpc/copy-file.c b/qubes-rpc/copy-file.c deleted file mode 100644 index d58a14c..0000000 --- a/qubes-rpc/copy-file.c +++ /dev/null @@ -1,44 +0,0 @@ -#include -#include -#include "filecopy.h" -#include "crc32.h" - -extern void notify_progress(int, int); - -int copy_file(int outfd, int infd, long long size, unsigned long *crc32) -{ - char buf[4096]; - long long written = 0; - int ret; - int count; - while (written < size) { - if (size - written > sizeof(buf)) - count = sizeof buf; - else - count = size - written; - ret = read(infd, buf, count); - if (!ret) - return COPY_FILE_READ_EOF; - if (ret < 0) - return COPY_FILE_READ_ERROR; - /* acumulate crc32 if requested */ - if (crc32) - *crc32 = Crc32_ComputeBuf(*crc32, buf, ret); - if (!write_all(outfd, buf, ret)) - return COPY_FILE_WRITE_ERROR; - notify_progress(ret, 0); - written += ret; - } - return COPY_FILE_OK; -} - -char * copy_file_status_to_str(int status) -{ - switch (status) { - case COPY_FILE_OK: return "OK"; - case COPY_FILE_READ_EOF: return "Unexpected end of data while reading"; - case COPY_FILE_READ_ERROR: return "Error reading"; - case COPY_FILE_WRITE_ERROR: return "Error writing"; - default: return "????????"; - } -} diff --git a/qubes-rpc/crc32.c b/qubes-rpc/crc32.c deleted file mode 100644 index 88b0627..0000000 --- a/qubes-rpc/crc32.c +++ /dev/null @@ -1,146 +0,0 @@ -/*----------------------------------------------------------------------------*\ - * CRC-32 version 2.0.0 by Craig Bruce, 2006-04-29. - * - * This program generates the CRC-32 values for the files named in the - * command-line arguments. These are the same CRC-32 values used by GZIP, - * PKZIP, and ZMODEM. The Crc32_ComputeBuf() can also be detached and - * used independently. - * - * THIS PROGRAM IS PUBLIC-DOMAIN SOFTWARE. - * - * Based on the byte-oriented implementation "File Verification Using CRC" - * by Mark R. Nelson in Dr. Dobb's Journal, May 1992, pp. 64-67. - * - * v1.0.0: original release. - * v1.0.1: fixed printf formats. - * v1.0.2: fixed something else. - * v1.0.3: replaced CRC constant table by generator function. - * v1.0.4: reformatted code, made ANSI C. 1994-12-05. - * v2.0.0: rewrote to use memory buffer & static table, 2006-04-29. -\*----------------------------------------------------------------------------*/ - -#include -#include - -/*----------------------------------------------------------------------------*\ - * Local functions -\*----------------------------------------------------------------------------*/ - -unsigned long Crc32_ComputeBuf( unsigned long inCrc32, const void *buf, - size_t bufLen ); - -/*----------------------------------------------------------------------------*\ - * NAME: - * Crc32_ComputeFile() - compute CRC-32 value for a file - * DESCRIPTION: - * Computes the CRC-32 value for an opened file. - * ARGUMENTS: - * file - file pointer - * outCrc32 - (out) result CRC-32 value - * RETURNS: - * err - 0 on success or -1 on error - * ERRORS: - * - file errors -\*----------------------------------------------------------------------------*/ - -int Crc32_ComputeFile( FILE *file, unsigned long *outCrc32 ) -{ -# define CRC_BUFFER_SIZE 8192 - unsigned char buf[CRC_BUFFER_SIZE]; - size_t bufLen; - - /** accumulate crc32 from file **/ - *outCrc32 = 0; - while (1) { - bufLen = fread( buf, 1, CRC_BUFFER_SIZE, file ); - if (bufLen == 0) { - if (ferror(file)) { - fprintf( stderr, "error reading file\n" ); - goto ERR_EXIT; - } - break; - } - *outCrc32 = Crc32_ComputeBuf( *outCrc32, buf, bufLen ); - } - return( 0 ); - - /** error exit **/ -ERR_EXIT: - return( -1 ); -} - -/*----------------------------------------------------------------------------*\ - * NAME: - * Crc32_ComputeBuf() - computes the CRC-32 value of a memory buffer - * DESCRIPTION: - * Computes or accumulates the CRC-32 value for a memory buffer. - * The 'inCrc32' gives a previously accumulated CRC-32 value to allow - * a CRC to be generated for multiple sequential buffer-fuls of data. - * The 'inCrc32' for the first buffer must be zero. - * ARGUMENTS: - * inCrc32 - accumulated CRC-32 value, must be 0 on first call - * buf - buffer to compute CRC-32 value for - * bufLen - number of bytes in buffer - * RETURNS: - * crc32 - computed CRC-32 value - * ERRORS: - * (no errors are possible) -\*----------------------------------------------------------------------------*/ - -unsigned long Crc32_ComputeBuf( unsigned long inCrc32, const void *buf, - size_t bufLen ) -{ - static const unsigned long crcTable[256] = { - 0x00000000,0x77073096,0xEE0E612C,0x990951BA,0x076DC419,0x706AF48F,0xE963A535, - 0x9E6495A3,0x0EDB8832,0x79DCB8A4,0xE0D5E91E,0x97D2D988,0x09B64C2B,0x7EB17CBD, - 0xE7B82D07,0x90BF1D91,0x1DB71064,0x6AB020F2,0xF3B97148,0x84BE41DE,0x1ADAD47D, - 0x6DDDE4EB,0xF4D4B551,0x83D385C7,0x136C9856,0x646BA8C0,0xFD62F97A,0x8A65C9EC, - 0x14015C4F,0x63066CD9,0xFA0F3D63,0x8D080DF5,0x3B6E20C8,0x4C69105E,0xD56041E4, - 0xA2677172,0x3C03E4D1,0x4B04D447,0xD20D85FD,0xA50AB56B,0x35B5A8FA,0x42B2986C, - 0xDBBBC9D6,0xACBCF940,0x32D86CE3,0x45DF5C75,0xDCD60DCF,0xABD13D59,0x26D930AC, - 0x51DE003A,0xC8D75180,0xBFD06116,0x21B4F4B5,0x56B3C423,0xCFBA9599,0xB8BDA50F, - 0x2802B89E,0x5F058808,0xC60CD9B2,0xB10BE924,0x2F6F7C87,0x58684C11,0xC1611DAB, - 0xB6662D3D,0x76DC4190,0x01DB7106,0x98D220BC,0xEFD5102A,0x71B18589,0x06B6B51F, - 0x9FBFE4A5,0xE8B8D433,0x7807C9A2,0x0F00F934,0x9609A88E,0xE10E9818,0x7F6A0DBB, - 0x086D3D2D,0x91646C97,0xE6635C01,0x6B6B51F4,0x1C6C6162,0x856530D8,0xF262004E, - 0x6C0695ED,0x1B01A57B,0x8208F4C1,0xF50FC457,0x65B0D9C6,0x12B7E950,0x8BBEB8EA, - 0xFCB9887C,0x62DD1DDF,0x15DA2D49,0x8CD37CF3,0xFBD44C65,0x4DB26158,0x3AB551CE, - 0xA3BC0074,0xD4BB30E2,0x4ADFA541,0x3DD895D7,0xA4D1C46D,0xD3D6F4FB,0x4369E96A, - 0x346ED9FC,0xAD678846,0xDA60B8D0,0x44042D73,0x33031DE5,0xAA0A4C5F,0xDD0D7CC9, - 0x5005713C,0x270241AA,0xBE0B1010,0xC90C2086,0x5768B525,0x206F85B3,0xB966D409, - 0xCE61E49F,0x5EDEF90E,0x29D9C998,0xB0D09822,0xC7D7A8B4,0x59B33D17,0x2EB40D81, - 0xB7BD5C3B,0xC0BA6CAD,0xEDB88320,0x9ABFB3B6,0x03B6E20C,0x74B1D29A,0xEAD54739, - 0x9DD277AF,0x04DB2615,0x73DC1683,0xE3630B12,0x94643B84,0x0D6D6A3E,0x7A6A5AA8, - 0xE40ECF0B,0x9309FF9D,0x0A00AE27,0x7D079EB1,0xF00F9344,0x8708A3D2,0x1E01F268, - 0x6906C2FE,0xF762575D,0x806567CB,0x196C3671,0x6E6B06E7,0xFED41B76,0x89D32BE0, - 0x10DA7A5A,0x67DD4ACC,0xF9B9DF6F,0x8EBEEFF9,0x17B7BE43,0x60B08ED5,0xD6D6A3E8, - 0xA1D1937E,0x38D8C2C4,0x4FDFF252,0xD1BB67F1,0xA6BC5767,0x3FB506DD,0x48B2364B, - 0xD80D2BDA,0xAF0A1B4C,0x36034AF6,0x41047A60,0xDF60EFC3,0xA867DF55,0x316E8EEF, - 0x4669BE79,0xCB61B38C,0xBC66831A,0x256FD2A0,0x5268E236,0xCC0C7795,0xBB0B4703, - 0x220216B9,0x5505262F,0xC5BA3BBE,0xB2BD0B28,0x2BB45A92,0x5CB36A04,0xC2D7FFA7, - 0xB5D0CF31,0x2CD99E8B,0x5BDEAE1D,0x9B64C2B0,0xEC63F226,0x756AA39C,0x026D930A, - 0x9C0906A9,0xEB0E363F,0x72076785,0x05005713,0x95BF4A82,0xE2B87A14,0x7BB12BAE, - 0x0CB61B38,0x92D28E9B,0xE5D5BE0D,0x7CDCEFB7,0x0BDBDF21,0x86D3D2D4,0xF1D4E242, - 0x68DDB3F8,0x1FDA836E,0x81BE16CD,0xF6B9265B,0x6FB077E1,0x18B74777,0x88085AE6, - 0xFF0F6A70,0x66063BCA,0x11010B5C,0x8F659EFF,0xF862AE69,0x616BFFD3,0x166CCF45, - 0xA00AE278,0xD70DD2EE,0x4E048354,0x3903B3C2,0xA7672661,0xD06016F7,0x4969474D, - 0x3E6E77DB,0xAED16A4A,0xD9D65ADC,0x40DF0B66,0x37D83BF0,0xA9BCAE53,0xDEBB9EC5, - 0x47B2CF7F,0x30B5FFE9,0xBDBDF21C,0xCABAC28A,0x53B39330,0x24B4A3A6,0xBAD03605, - 0xCDD70693,0x54DE5729,0x23D967BF,0xB3667A2E,0xC4614AB8,0x5D681B02,0x2A6F2B94, - 0xB40BBE37,0xC30C8EA1,0x5A05DF1B,0x2D02EF8D }; - unsigned long crc32; - unsigned char *byteBuf; - size_t i; - - /** accumulate crc32 for buffer **/ - crc32 = inCrc32 ^ 0xFFFFFFFF; - byteBuf = (unsigned char*) buf; - for (i=0; i < bufLen; i++) { - crc32 = (crc32 >> 8) ^ crcTable[ (crc32 ^ byteBuf[i]) & 0xFF ]; - } - return( crc32 ^ 0xFFFFFFFF ); -} - -/*----------------------------------------------------------------------------*\ - * END OF MODULE: crc32.c -\*----------------------------------------------------------------------------*/ diff --git a/qubes-rpc/crc32.h b/qubes-rpc/crc32.h deleted file mode 100644 index 0aa1846..0000000 --- a/qubes-rpc/crc32.h +++ /dev/null @@ -1,7 +0,0 @@ -#ifndef _CRC32_H -#define _CRC32_H - -extern unsigned long Crc32_ComputeBuf( unsigned long inCrc32, const void *buf, - size_t bufLen ); - -#endif /* _CRC32_H */ diff --git a/qubes-rpc/filecopy.h b/qubes-rpc/filecopy.h deleted file mode 100644 index c51d68e..0000000 --- a/qubes-rpc/filecopy.h +++ /dev/null @@ -1,32 +0,0 @@ -#define FILECOPY_SPOOL "/home/user/.filecopyspool" -#define FILECOPY_VMNAME_SIZE 32 -#define PROGRESS_NOTIFY_DELTA (15*1000*1000) -#define MAX_PATH_LENGTH 16384 - -#define LEGAL_EOF 31415926 - -struct file_header { - unsigned int namelen; - unsigned int mode; - unsigned long long filelen; - unsigned int atime; - unsigned int atime_nsec; - unsigned int mtime; - unsigned int mtime_nsec; -}; - -struct result_header { - unsigned int error_code; - unsigned long crc32; -}; - -enum { - COPY_FILE_OK, - COPY_FILE_READ_EOF, - COPY_FILE_READ_ERROR, - COPY_FILE_WRITE_ERROR -}; - -int copy_file(int outfd, int infd, long long size, unsigned long *crc32); -char *copy_file_status_to_str(int status); -void set_size_limit(long long new_bytes_limit, long long new_files_limit); diff --git a/qubes-rpc/qfile-agent.c b/qubes-rpc/qfile-agent.c index 1d6bcdd..51a7337 100644 --- a/qubes-rpc/qfile-agent.c +++ b/qubes-rpc/qfile-agent.c @@ -7,12 +7,10 @@ #include #include #include -#include #include #include #include -#include "filecopy.h" -#include "crc32.h" +#include enum { PROGRESS_FLAG_NORMAL, diff --git a/qubes-rpc/qfile-unpacker.c b/qubes-rpc/qfile-unpacker.c index abdc9f2..1286d27 100644 --- a/qubes-rpc/qfile-unpacker.c +++ b/qubes-rpc/qfile-unpacker.c @@ -1,5 +1,4 @@ #define _GNU_SOURCE -#include #include #include #include @@ -11,7 +10,7 @@ #include #include #include -#include "filecopy.h" +#include #define INCOMING_DIR_ROOT "/home/user/QubesIncoming" int prepare_creds_return_uid(char *username) { @@ -29,7 +28,10 @@ int prepare_creds_return_uid(char *username) return pwd->pw_uid; } -extern int do_unpack(void); + +void notify_progress(int p1, int p2) +{ + } int main(int argc, char ** argv) { diff --git a/qubes-rpc/unpack.c b/qubes-rpc/unpack.c deleted file mode 100644 index 9c018fa..0000000 --- a/qubes-rpc/unpack.c +++ /dev/null @@ -1,161 +0,0 @@ -#define _GNU_SOURCE /* For O_NOFOLLOW. */ -#include -#include -#include -#include -#include -#include -#include -#include -#include "filecopy.h" -#include "crc32.h" - -char untrusted_namebuf[MAX_PATH_LENGTH]; -long long bytes_limit = 0; -long long files_limit = 0; -long long total_bytes = 0; -long long total_files = 0; - -void notify_progress(int p1, int p2) -{ -} - -void set_size_limit(long long new_bytes_limit, long long new_files_limit) -{ - bytes_limit = new_bytes_limit; - files_limit = new_files_limit; -} - -unsigned long crc32_sum = 0; -int read_all_with_crc(int fd, void *buf, int size) { - int ret; - ret = read_all(fd, buf, size); - if (ret) - crc32_sum = Crc32_ComputeBuf(crc32_sum, buf, size); - return ret; -} - -void send_status_and_crc(int code) { - struct result_header hdr; - int saved_errno; - - saved_errno = errno; - hdr.error_code = code; - hdr.crc32 = crc32_sum; - if (!write_all(1, &hdr, sizeof(hdr))) - perror("write status"); - errno = saved_errno; -} - -void do_exit(int code) -{ - close(0); - send_status_and_crc(code); - exit(code); -} - -void fix_times_and_perms(struct file_header *untrusted_hdr, - char *untrusted_name) -{ - struct timeval times[2] = - { {untrusted_hdr->atime, untrusted_hdr->atime_nsec / 1000}, - {untrusted_hdr->mtime, - untrusted_hdr->mtime_nsec / 1000} - }; - if (chmod(untrusted_name, untrusted_hdr->mode & 07777)) /* safe because of chroot */ - do_exit(errno); - if (utimes(untrusted_name, times)) /* as above */ - do_exit(errno); -} - - - -void process_one_file_reg(struct file_header *untrusted_hdr, - char *untrusted_name) -{ - int ret; - int fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0700); /* safe because of chroot */ - if (fdout < 0) - do_exit(errno); - total_bytes += untrusted_hdr->filelen; - if (bytes_limit && total_bytes > bytes_limit) - do_exit(EDQUOT); - ret = copy_file(fdout, 0, untrusted_hdr->filelen, &crc32_sum); - if (ret != COPY_FILE_OK) { - if (ret == COPY_FILE_READ_EOF - || ret == COPY_FILE_READ_ERROR) - do_exit(LEGAL_EOF); // hopefully remote will produce error message - else - do_exit(errno); - } - close(fdout); - fix_times_and_perms(untrusted_hdr, untrusted_name); -} - - -void process_one_file_dir(struct file_header *untrusted_hdr, - char *untrusted_name) -{ -// fix perms only when the directory is sent for the second time -// it allows to transfer r.x directory contents, as we create it rwx initially - if (!mkdir(untrusted_name, 0700)) /* safe because of chroot */ - return; - if (errno != EEXIST) - do_exit(errno); - fix_times_and_perms(untrusted_hdr, untrusted_name); -} - -void process_one_file_link(struct file_header *untrusted_hdr, - char *untrusted_name) -{ - char untrusted_content[MAX_PATH_LENGTH]; - unsigned int filelen; - if (untrusted_hdr->filelen > MAX_PATH_LENGTH - 1) - do_exit(ENAMETOOLONG); - filelen = untrusted_hdr->filelen; /* sanitized above */ - if (!read_all_with_crc(0, untrusted_content, filelen)) - do_exit(LEGAL_EOF); // hopefully remote has produced error message - untrusted_content[filelen] = 0; - if (symlink(untrusted_content, untrusted_name)) /* safe because of chroot */ - do_exit(errno); - -} - -void process_one_file(struct file_header *untrusted_hdr) -{ - unsigned int namelen; - if (untrusted_hdr->namelen > MAX_PATH_LENGTH - 1) - do_exit(ENAMETOOLONG); - namelen = untrusted_hdr->namelen; /* sanitized above */ - if (!read_all_with_crc(0, untrusted_namebuf, namelen)) - do_exit(LEGAL_EOF); // hopefully remote has produced error message - untrusted_namebuf[namelen] = 0; - if (S_ISREG(untrusted_hdr->mode)) - process_one_file_reg(untrusted_hdr, untrusted_namebuf); - else if (S_ISLNK(untrusted_hdr->mode)) - process_one_file_link(untrusted_hdr, untrusted_namebuf); - else if (S_ISDIR(untrusted_hdr->mode)) - process_one_file_dir(untrusted_hdr, untrusted_namebuf); - else - do_exit(EINVAL); -} - -int do_unpack() -{ - struct file_header untrusted_hdr; - /* initialize checksum */ - crc32_sum = 0; - while (read_all_with_crc(0, &untrusted_hdr, sizeof untrusted_hdr)) { - /* check for end of transfer marker */ - if (untrusted_hdr.namelen == 0) { - errno = 0; - break; - } - process_one_file(&untrusted_hdr); - total_files++; - if (files_limit && total_files > files_limit) - do_exit(EDQUOT); - } - send_status_and_crc(errno); - return errno; -} diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index e8137fb..1aa2611 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -24,7 +24,7 @@ Name: qubes-core-vm Version: %{version} -Release: 1%{dist} +Release: 1.1%{dist} Summary: The Qubes core files for VM Group: Qubes @@ -47,7 +47,7 @@ Requires: ntpdate Requires: net-tools Requires: nautilus-actions Requires: qubes-core-vm-kernel-placeholder -Requires: qubes-qrexec-vm +Requires: qubes-utils Provides: qubes-core-vm Obsoletes: qubes-core-commonvm Obsoletes: qubes-core-appvm @@ -55,6 +55,7 @@ Obsoletes: qubes-core-netvm Obsoletes: qubes-core-proxyvm Obsoletes: qubes-upgrade-vm < 2.0 BuildRequires: xen-devel +BuildRequires: qubes-utils-devel %define _builddir %(pwd) @@ -71,7 +72,7 @@ ln -sf . %{name}-%{version} %setup -T -D %build -for dir in qubes-rpc misc; do +for dir in qubes-rpc qrexec misc; do (cd $dir; make) done @@ -121,12 +122,8 @@ install -m 644 misc/RPM-GPG-KEY-qubes* $RPM_BUILD_ROOT/etc/pki/rpm-gpg/ install -D misc/xenstore-watch $RPM_BUILD_ROOT/usr/bin/xenstore-watch-qubes install -d $RPM_BUILD_ROOT/etc/udev/rules.d install -m 0644 misc/udev-qubes-misc.rules $RPM_BUILD_ROOT/etc/udev/rules.d/50-qubes-misc.rules -install -m 0644 misc/udev-qubes-block.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes-block.rules -install -m 0644 misc/udev-qubes-usb.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes-usb.rules install -d $RPM_BUILD_ROOT/usr/lib/qubes/ install misc/qubes-download-dom0-updates.sh $RPM_BUILD_ROOT/usr/lib/qubes/ -install misc/udev-block-* $RPM_BUILD_ROOT/usr/lib/qubes/ -install misc/udev-usb-* $RPM_BUILD_ROOT/usr/lib/qubes/ install misc/vusb-ctl.py $RPM_BUILD_ROOT/usr/lib/qubes/ install misc/qubes-trigger-sync-appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/ install -D -m 0644 misc/qubes-trigger-sync-appmenus.action $RPM_BUILD_ROOT/etc/yum/post-actions/qubes-trigger-sync-appmenus.action @@ -134,6 +131,8 @@ install -D misc/polkit-1-qubes-allow-all.pkla $RPM_BUILD_ROOT/etc/polkit-1/local install -D misc/polkit-1-qubes-allow-all.rules $RPM_BUILD_ROOT/etc/polkit-1/rules.d/00-qubes-allow-all.rules mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes +(cd qrexec; make install DESTDIR=$RPM_BUILD_ROOT) + if [ -r misc/dispvm-dotfiles.%{dist}.tbz ]; then install misc/dispvm-dotfiles.%{dist}.tbz $RPM_BUILD_ROOT/etc/dispvm-dotfiles.tbz else @@ -377,6 +376,7 @@ rm -f %{name}-%{version} /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes* /etc/polkit-1/localauthority/50-local.d/qubes-allow-all.pkla /etc/polkit-1/rules.d/00-qubes-allow-all.rules +%dir /etc/qubes-rpc /etc/qubes-rpc/qubes.Filecopy /etc/qubes-rpc/qubes.OpenInVM /etc/qubes-rpc/qubes.GetAppmenus @@ -393,9 +393,7 @@ rm -f %{name}-%{version} %config(noreplace) /etc/tinyproxy/filter-qubes-yum %config(noreplace) /etc/tinyproxy/tinyproxy-qubes-yum.conf /etc/udev/rules.d/50-qubes-misc.rules -/etc/udev/rules.d/99-qubes-block.rules /etc/udev/rules.d/99-qubes-network.rules -/etc/udev/rules.d/99-qubes-usb.rules /etc/xdg/nautilus-actions/nautilus-actions.conf /etc/xen/scripts/vif-route-qubes %config(noreplace) /etc/yum.conf.d/qubes-proxy.conf @@ -410,17 +408,16 @@ rm -f %{name}-%{version} /usr/bin/qvm-mru-entry /usr/bin/xenstore-watch-qubes %dir /usr/lib/qubes -/usr/lib/qubes/udev-block-add-change -/usr/lib/qubes/udev-block-cleanup -/usr/lib/qubes/udev-block-remove -/usr/lib/qubes/udev-usb-add-change -/usr/lib/qubes/udev-usb-remove /usr/lib/qubes/vusb-ctl.py* /usr/lib/qubes/dispvm-prerun.sh /usr/lib/qubes/sync-ntp-clock /usr/lib/qubes/prepare-suspend /usr/lib/qubes/meminfo-writer /usr/lib/qubes/network-manager-prepare-conf-dir +/usr/lib/qubes/qrexec-agent +/usr/lib/qubes/qrexec-client-vm +/usr/lib/qubes/qrexec_client_vm +/usr/lib/qubes/qubes-rpc-multiplexer /usr/lib/qubes/qfile-agent %attr(4755,root,root) /usr/lib/qubes/qfile-unpacker /usr/lib/qubes/qopen-in-vm @@ -464,6 +461,7 @@ The Qubes core startup configuration for SysV init (or upstart). /etc/init.d/qubes-firewall /etc/init.d/qubes-netwatcher /etc/init.d/qubes-yum-proxy +/etc/init.d/qubes-qrexec-agent %post sysvinit @@ -499,6 +497,8 @@ chkconfig --add qubes-netwatcher || echo "WARNING: Cannot add service qubes-netw chkconfig qubes-netwatcher on || echo "WARNING: Cannot enable service qubes-netwatcher!" chkconfig --add qubes-yum-proxy || echo "WARNING: Cannot add service qubes-yum-proxy!" chkconfig qubes-yum-proxy on || echo "WARNING: Cannot enable service qubes-yum-proxy!" +chkconfig --add qubes-qrexec-agent || echo "WARNING: Cannot add service qubes-qrexec-agent!" +chkconfig qubes-qrexec-agent on || echo "WARNING: Cannot enable service qubes-qrexec-agent!" # TODO: make this not display the silly message about security context... sed -i s/^id:.:initdefault:/id:3:initdefault:/ /etc/inittab @@ -512,6 +512,7 @@ if [ "$1" = 0 ] ; then chkconfig qubes-firewall off chkconfig qubes-netwatcher off chkconfig qubes-yum-proxy off + chkconfig qubes-qrexec-agent off fi %package systemd @@ -541,6 +542,7 @@ The Qubes core startup configuration for SystemD init. /lib/systemd/system/qubes-update-check.service /lib/systemd/system/qubes-update-check.timer /lib/systemd/system/qubes-yum-proxy.service +/lib/systemd/system/qubes-qrexec-agent.service %dir /usr/lib/qubes/init /usr/lib/qubes/init/prepare-dvm.sh /usr/lib/qubes/init/network-proxy-setup.sh @@ -557,7 +559,7 @@ The Qubes core startup configuration for SystemD init. %post systemd -for srv in qubes-dvm qubes-meminfo-writer qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-yum-proxy; do +for srv in qubes-dvm qubes-meminfo-writer qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-firewall qubes-yum-proxy qubes-qrexec-agent; do /bin/systemctl enable $srv.service 2> /dev/null done @@ -615,6 +617,6 @@ if [ "$1" != 0 ] ; then exit 0 fi -for srv in qubes-dvm qubes-meminfo-writer qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network; do +for srv in qubes-dvm qubes-meminfo-writer qubes-sysinit qubes-misc-post qubes-netwatcher qubes-network qubes-qrexec-agenT; DO /bin/systemctl disable $srv.service do diff --git a/vm-init.d/qubes-qrexec-agent b/vm-init.d/qubes-qrexec-agent new file mode 100755 index 0000000..70923ec --- /dev/null +++ b/vm-init.d/qubes-qrexec-agent @@ -0,0 +1,39 @@ +#!/bin/sh +# +# chkconfig: 345 90 90 +# description: Executes Qubes core scripts at VM boot +# +# Source function library. +. /etc/rc.d/init.d/functions + +start() +{ + echo -n $"Starting Qubes RPC agent:" + + /usr/lib/qubes/qrexec-agent 2>/var/log/qubes/qrexec-agent.log & + + success + echo "" + + return 0 +} + +stop() +{ + killproc qrexec-agent +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + *) + echo $"Usage: $0 {start|stop}" + exit 3 + ;; +esac + +exit $RETVAL diff --git a/vm-systemd/qubes-qrexec-agent.service b/vm-systemd/qubes-qrexec-agent.service new file mode 100644 index 0000000..483e694 --- /dev/null +++ b/vm-systemd/qubes-qrexec-agent.service @@ -0,0 +1,10 @@ +[Unit] +Description=Qubes remote exec agent +After=qubes-dvm.service + +[Service] +ExecStart=/usr/lib/qubes/qrexec-agent +StandardOutput=syslog + +[Install] +WantedBy=multi-user.target