Support not passing metadata to socket-based services

This makes it easier to implement socket-based services that do not require the metadata. This avoids having to use a slow executable-based service or write a custom wrapper. Fixes: QubesOS/qubes-issues#9036
DemiMarie · Mar 23, 2024 · fb9033b · fb9033b
1 parent 8119b12
commit fb9033b
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 8 deletions.
diff --git a/libqrexec/exec.c b/libqrexec/exec.c
@@ -269,7 +269,8 @@ static int load_service_config_raw(struct qrexec_parsed_command *cmd,
                         config_full_path, sizeof(config_full_path), NULL);
     if (ret < 0)
         return 0;
-    return qubes_toml_config_parse(config_full_path, &cmd->wait_for_session, user);
+    return qubes_toml_config_parse(config_full_path, &cmd->wait_for_session, user,
+                                   &cmd->send_service_descriptor);
 }
 
 int load_service_config_v2(struct qrexec_parsed_command *cmd) {
@@ -304,6 +305,7 @@ struct qrexec_parsed_command *parse_qubes_rpc_command(
     }
 
     memset(cmd, 0, sizeof(*cmd));
+    cmd->send_service_descriptor = true;
     cmd->cmdline = cmdline;
 
     if (strip_username) {
@@ -489,9 +491,11 @@ static int execute_qrexec_service(
         *pid = 0;
         set_nonblock(s);
 
-        /* send part after "QUBESRPC ", including trailing NUL */
-        const char *desc = cmd->command + RPC_REQUEST_COMMAND_LEN + 1;
-        buffer_append(stdin_buffer, desc, strlen(desc) + 1);
+        if (cmd->send_service_descriptor) {
+            /* send part after "QUBESRPC ", including trailing NUL */
+            const char *desc = cmd->command + RPC_REQUEST_COMMAND_LEN + 1;
+            buffer_append(stdin_buffer, desc, strlen(desc) + 1);
+        }
         return 0;
     }
 

diff --git a/libqrexec/libqrexec-utils.h b/libqrexec/libqrexec-utils.h
@@ -79,6 +79,9 @@ struct qrexec_parsed_command {
 
     /* Should a session be waited for? */
     bool wait_for_session;
+
+    /* For socket-based services: Should the service descriptor be sent? */
+    bool send_service_descriptor;
 };
 
 /* Parse a command, return NULL on failure. Uses cmd->cmdline
@@ -97,8 +100,7 @@ void destroy_qrexec_parsed_command(struct qrexec_parsed_command *cmd);
  * Deprecated, use load_service_config_v2() instead.
  */
 int load_service_config(struct qrexec_parsed_command *cmd_name,
-                        int *wait_for_session, char **user)
-    __attribute__((deprecated("use load_service_config_v2() instead")));
+                        int *wait_for_session, char **user);
 int load_service_config_v2(struct qrexec_parsed_command *cmd);
 
 typedef void (do_exec_t)(const char *cmdline, const char *user);

diff --git a/libqrexec/private.h b/libqrexec/private.h
@@ -1,2 +1,2 @@
 #include <stdbool.h>
-int qubes_toml_config_parse(const char *config_full_path, bool *wait_for_session, char **user);
+int qubes_toml_config_parse(const char *config_full_path, bool *wait_for_session, char **user, bool *skip_service_descriptor);
diff --git a/libqrexec/toml.c b/libqrexec/toml.c
@@ -171,7 +171,7 @@ static void toml_value_free(union toml_data *value, enum toml_type ty) {
     }
 }
 
-int qubes_toml_config_parse(const char *config_full_path, bool *wait_for_session, char **user)
+int qubes_toml_config_parse(const char *config_full_path, bool *wait_for_session, char **user, bool *send_service_descriptor)
 {
     int result = -1; /* assume problem */
     FILE *config_file = fopen(config_full_path, "re");
@@ -186,7 +186,9 @@ int qubes_toml_config_parse(const char *config_full_path, bool *wait_for_session
     ssize_t signed_linelen;
     bool seen_wait_for_session = false;
     bool seen_user = false;
+    bool seen_skip_service_descriptor = false;
     *wait_for_session = 0;
+    *send_service_descriptor = true;
 #define CHECK_DUP_KEY(v) do {                                               \
     if (toml_check_dup_key(&(v), config_full_path, lineno, current_line)) { \
         toml_value_free(&value, ty);                                        \
@@ -286,6 +288,10 @@ int qubes_toml_config_parse(const char *config_full_path, bool *wait_for_session
                 CHECK_TYPE(TOML_TYPE_BOOL, "wait-for-session");
                 *wait_for_session = value.boolean;
             }
+        } else if (strcmp(current_line, "skip-service-descriptor") == 0) {
+            CHECK_DUP_KEY(seen_skip_service_descriptor);
+            CHECK_TYPE(TOML_TYPE_BOOL, "skip-service-descriptor");
+            *send_service_descriptor = !value.boolean;
         } else if (strcmp(current_line, "force-user") == 0) {
             CHECK_DUP_KEY(seen_user);
             CHECK_TYPE(TOML_TYPE_STRING, "user name or user ID");