Skip to content

Commit

Permalink
api/admin: report unexpected driver options in admin.pool.Add
Browse files Browse the repository at this point in the history 
Fixes QubesOS/qubes-issues#5895
  • Loading branch information
@rustybird
rustybird committed Jun 22, 2020
1 parent c4739b7 commit 8f1d59e
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 3 deletions.
7 changes: 5 additions & 2 deletions qubes/api/admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -694,8 +694,11 @@ def pool_add(self, untrusted_payload):
self.enforce(pool_name not in self.app.pools)

driver_parameters = qubes.storage.driver_parameters(self.arg)
self.enforce(
all(key in driver_parameters for key in untrusted_pool_config))
unexpected_parameters = [key for key in untrusted_pool_config
if key not in driver_parameters]
if unexpected_parameters:
raise qubes.exc.QubesException(
'unexpected driver options: ' + ' '.join(unexpected_parameters))
pool_config = untrusted_pool_config

self.fire_event_for_permission(name=pool_name,
Expand Down
2 changes: 1 addition & 1 deletion qubes/tests/api_admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -768,7 +768,7 @@ def test_160_pool_add_invalid_param(self, mock_parameters, mock_drivers):

add_pool_mock, self.app.add_pool = self.coroutine_mock()

with self.assertRaises(qubes.api.PermissionDenied):
with self.assertRaises(qubes.exc.QubesException):
self.call_mgmt_func(b'admin.pool.Add', b'dom0',
b'driver1', b'name=test-pool\nparam3=some-value\n')
self.assertEqual(mock_drivers.mock_calls, [unittest.mock.call()])
Expand Down

0 comments on commit 8f1d59e

Please sign in to comment.