Rip out qubes-rpc-multiplexer

agent/qrexec-agent-data.c

@@ -138,34 +138,52 @@
 
 static int handle_just_exec(struct qrexec_parsed_command *cmd)
 {
-    int fdn, pid;
+    int fdn, pid, log_fd;
 
     if (cmd == NULL)
         return QREXEC_EXIT_PROBLEM;
 
+    char file_path[QUBES_SOCKADDR_UN_MAX_PATH_LEN];
+    struct buffer buf = { .data = file_path, .buflen = (int)sizeof(file_path) };
+    struct buffer stdin_buffer;
+    buffer_init(&stdin_buffer);
     if (cmd->service_descriptor) {
         int socket_fd;
         struct buffer stdin_buffer;
         buffer_init(&stdin_buffer);
-        int status = find_qrexec_service(cmd, &socket_fd, &stdin_buffer);
+        int status = find_qrexec_service(cmd, &socket_fd, &stdin_buffer, &buf);
         if (status == -1)
             return QREXEC_EXIT_SERVICE_NOT_FOUND;
         if (status != 0)
             return QREXEC_EXIT_PROBLEM;
         if (socket_fd != -1)
-            return write_all(socket_fd, stdin_buffer.data, stdin_buffer.buflen) ? 0 : QREXEC_EXIT_PROBLEM;
+            return write_all(socket_fd, stdin_buffer.data, stdin_buffer.buflen) ?
+                0 : QREXEC_EXIT_PROBLEM;
+    } else {
+        buf.data = NULL;
     }
     switch (pid = fork()) {
         case -1:
             PERROR("fork");
             return QREXEC_EXIT_PROBLEM;
         case 0:
             fdn = open("/dev/null", O_RDWR);
-            fix_fds(fdn, fdn, fdn);
-            do_exec(cmd->command, cmd->username);
+            if (fdn < 0) {
+                LOG(ERROR, "open /dev/null failed");
+                _exit(QREXEC_EXIT_PROBLEM);
+            }
+            int other_pid;
+            log_fd = cmd->service_descriptor ? open_logger(cmd, &other_pid) : fdn;
+            if (log_fd < 0)
+                _exit(QREXEC_EXIT_PROBLEM);
+            fix_fds(fdn, fdn, log_fd);
+            do_exec(buf.data, cmd->command, cmd->username);
         default:;
     }
-    LOG(INFO, "executed (nowait): %s (pid %d)", cmd->command, pid);
+    if (buf.data)
+        LOG(INFO, "executed (nowait): %s %s (pid %d)", buf.data, cmd->command, pid);
+    else
+        LOG(INFO, "executed (nowait): %s (pid %d)", cmd->command, pid);
     return 0;
 }
 
@@ -261,6 +279,7 @@
             return 0;
     }
 
+    int logger_pid = 0;
     req.vchan = data_vchan;
     req.stdin_buf = &stdin_buf;
 
@@ -280,6 +299,8 @@
 
     req.prefix_data.data = NULL;
     req.prefix_data.len = 0;
+    if (cmd->service_descriptor != NULL)
+        req.logger_fd = open_logger(cmd, &logger_pid);
 
     exit_code = qrexec_process_io(&req, cmd);
 

agent/qrexec-agent.c

@@ -137,7 +137,7 @@
  * If dom0 sends overly long cmd, it will probably crash qrexec-agent (unless
  * process can allocate up to 4GB on both stack and heap), sorry.
  */
-_Noreturn void do_exec(const char *cmd, const char *user)
+_Noreturn void do_exec(const char *prog, const char *cmd, const char *user)
 {
 #ifdef HAVE_PAM
     int retval, status;
@@ -172,7 +172,8 @@
             exit(1);
         }
         /* call QUBESRPC if requested */
-        exec_qubes_rpc_if_requested(cmd, environ);
+        if (prog)
+            exec_qubes_rpc(prog, cmd, environ);
 
         /* otherwise exec shell */
         execl("/bin/sh", "sh", "-c", cmd, NULL);
@@ -279,7 +280,8 @@
                 warn("chdir(%s)", pw->pw_dir);
 
             /* call QUBESRPC if requested */
-            exec_qubes_rpc_if_requested(cmd, env);
+            if (prog)
+                exec_qubes_rpc(prog, cmd, env);
 
             /* otherwise exec shell */
             execle(pw->pw_shell, arg0, "-c", cmd, (char*)NULL, env);
@@ -317,7 +319,8 @@
     exit(1);
 #else
     /* call QUBESRPC if requested */
-    exec_qubes_rpc_if_requested(cmd, environ);
+    if (prog)
+        exec_qubes_rpc(prog, cmd, environ);
 
     /* otherwise exec shell */
     execl("/bin/su", "su", "-", user, "-c", cmd, NULL);

agent/qrexec-agent.h

@@ -29,7 +29,7 @@
 
 int handle_handshake(libvchan_t *ctrl);
 void handle_vchan_error(const char *op);
-_Noreturn void do_exec(const char *cmd, const char *user);
+_Noreturn void do_exec(const char *prog, const char *cmd, const char *user);
 /* call before fork() for service handling process (either end) */
 void prepare_child_env(void);
 

agent/qrexec-client-vm.c

@@ -43,7 +43,7 @@
     exit(1);
 }
 
-_Noreturn void do_exec(const char *cmd __attribute__((unused)), char const* user __attribute__((__unused__))) {
+_Noreturn void do_exec(const char *prog __attribute__((unused)), const char *cmd __attribute__((unused)), char const* user __attribute__((__unused__))) {
     LOG(ERROR, "BUG: do_exec function shouldn't be called!");
     abort();
 }

agent/qrexec-fork-server.c

@@ -37,15 +37,16 @@
 extern char **environ;
 const bool qrexec_is_fork_server = true;
 
-void do_exec(const char *cmd, const char *user __attribute__((unused)))
+void do_exec(const char *prog, const char *cmd, const char *user __attribute__((unused)))
 {
     char *shell;
 
     signal(SIGCHLD, SIG_DFL);
     signal(SIGPIPE, SIG_DFL);
 
     /* call QUBESRPC if requested */
-    exec_qubes_rpc_if_requested(cmd, environ);
+    if (prog != NULL)
+        exec_qubes_rpc(prog, cmd, environ);
 
     /* otherwise, pass it to shell */
     shell = getenv("SHELL");

daemon/qrexec-client.c

@@ -62,13 +62,16 @@ static void set_remote_domain(const char *src_domain_name) {
 }
 
 /* called from do_fork_exec */
-static _Noreturn void do_exec(const char *prog, const char *username __attribute__((unused)))
+static _Noreturn void do_exec(const char *prog,
+                              const char *cmdline,
+                              const char *username __attribute__((unused)))
 {
-    /* avoid calling qubes-rpc-multiplexer through shell */
-    exec_qubes_rpc_if_requested(prog, environ);
+    /* avoid calling RPC service through shell */
+    if (prog)
+        exec_qubes_rpc(prog, cmdline, environ);
 
-    /* if above haven't executed qubes-rpc-multiplexer, pass it to shell */
-    execl("/bin/bash", "bash", "-c", prog, NULL);
+    /* if above haven't executed RPC service, pass it to shell */
+    execl("/bin/bash", "bash", "-c", cmdline, NULL);
     PERROR("exec bash");
     exit(1);
 }

daemon/qrexec-daemon.c

@@ -1131,14 +1131,16 @@
 }
 
 /* called from do_fork_exec */
-static _Noreturn void do_exec(const char *prog, const char *username __attribute__((unused)))
+static _Noreturn void do_exec(const char *prog, const char *cmd, const char *username __attribute__((unused)))
 {
-    /* avoid calling qubes-rpc-multiplexer through shell */
-    exec_qubes_rpc_if_requested(prog, environ);
+    /* avoid calling RPC command through shell */
+    if (prog)
+        exec_qubes_rpc(prog, cmd, environ);
 
-    /* if above haven't executed qubes-rpc-multiplexer, pass it to shell */
-    execl("/bin/bash", "bash", "-c", prog, NULL);
+    /* if above haven't executed RPC command, pass it to shell */
+    execl("/bin/bash", "bash", "-c", cmd, NULL);
     PERROR("exec bash");
+    /* treat ENOENT as "problem" because bash should always exist */
     _exit(QREXEC_EXIT_PROBLEM);
 }
 

debian/control

@@ -19,7 +19,7 @@ Homepage: https://www.qubes-os.org
 Package: qubes-core-qrexec
 Architecture: any
 Depends:
- libqrexec-utils2 (= ${binary:Version}),
+ libqrexec-utils4 (= ${binary:Version}),
  python3-qrexec,
  ${shlibs:Depends},
  ${misc:Depends}
@@ -36,7 +36,7 @@ Description: Qubes qrexec agent
  Agent part of Qubes RPC system. A daemon responsible for starting processes as
  requested by dom0 or other VMs, according to dom0-enforced policy.
 
-Package: libqrexec-utils2
+Package: libqrexec-utils4
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}
 Breaks: qubes-utils (<< 3.1.4)
@@ -47,7 +47,7 @@ Description: Library of common functions of qrexec agent and daemon
 Package: libqrexec-utils-dev
 Architecture: any
 Section: libdevel
-Depends: libqrexec-utils2 (= ${binary:Version}), ${misc:Depends}
+Depends: libqrexec-utils4 (= ${binary:Version}), ${misc:Depends}
 Breaks: qubes-utils (<< 3.1.4)
 Replaces: qubes-utils (<< 3.1.4)
 Description: Development headers for libqrexec-utils

debian/libqrexec-utils4.install

@@ -0,0 +1 @@
+usr/lib/libqrexec-utils.so.4*

debian/libqrexec-utils4.shlibs

@@ -0,0 +1 @@
+libqrexec-utils 4 libqrexec-utils4 (>=4.2.18)

libqrexec/Makefile

@@ -10,7 +10,7 @@ CFLAGS += -I. -I../libqrexec -g -O2 -Wall -Wextra -Werror \
 
 LDFLAGS += -pie -Wl,-z,relro,-z,now -shared
 
-SO_VER=3
+SO_VER=4
 VCHANLIBS := $(shell pkg-config --libs vchan)
 LIBDIR ?= /usr/lib
 INCLUDEDIR ?= /usr/include
@@ -22,7 +22,7 @@ endif
 
 
 all: libqrexec-utils.so
-libqrexec-utils.so.$(SO_VER): unix-server.o ioall.o buffer.o exec.o txrx-vchan.o write-stdin.o replace.o remote.o process_io.o log.o toml.o vchan_timeout.o
+libqrexec-utils.so.$(SO_VER): unix-server.o ioall.o buffer.o exec.o txrx-vchan.o write-stdin.o replace.o remote.o process_io.o log.o toml.o open_logger.o vchan_timeout.o
 	$(CC) $(LDFLAGS) -Wl,-soname,$@ -o $@ $^ $(VCHANLIBS)
 
 libqrexec-utils.so: libqrexec-utils.so.$(SO_VER)

libqrexec/buffer.c

@@ -35,12 +35,12 @@
         (total_mem > BUFFER_LIMIT) || (len <= 0))
     {
         LOG(ERROR, "attempt to allocate >BUFFER_LIMIT");
-        exit(1);
+        abort();
     }
     ret = malloc((size_t)len);
     if (!ret) {
         PERROR("malloc");
-        exit(1);
+        abort();
     }
     return ret;
 }
@@ -83,11 +83,11 @@
     assert(data != NULL && "NULL data");
     if (b->buflen < 0 || b->buflen > BUFFER_LIMIT) {
         LOG(ERROR, "buffer_append buflen %d", len);
-        exit(1);
+        abort();
     }
     if (len < 0 || len > BUFFER_LIMIT) {
         LOG(ERROR, "buffer_append %d", len);
-        exit(1);
+        abort();
     }
     if (len == 0)
         return;
@@ -108,7 +108,7 @@
     char *qdata = NULL;
     if (len < 0 || len > b->buflen) {
         LOG(ERROR, "buffer_remove %d/%d", len, b->buflen);
-        exit(1);
+        abort();
     }
     newsize = b->buflen - len;
     if (newsize > 0) {