Forbide skip-service-descriptor=true with explicit username

This combination will not work.

Author: DemiMarie

libqrexec/exec.c

@@ -348,6 +348,11 @@ int load_service_config_v2(struct qrexec_parsed_command *cmd) {
     char *tmp_user = NULL;
     int res = load_service_config_raw(cmd, &tmp_user);
     if (res >= 0 && tmp_user != NULL) {
+        if (!cmd->send_service_descriptor) {
+            LOG(ERROR, "service %s: Cannot set explicit username if "
+                "skip-service-descriptor=true", cmd->service_descriptor);
+            return -1;
+        }
         free(cmd->username);
         cmd->username = tmp_user;
     }

qrexec/tests/socket/agent.py

@@ -682,6 +682,34 @@ def test_socket_null_argument_finds_service_for_empty_argument(self):
         )
         self.check_dom0(dom0)
 
+    def test_connect_socket_no_metadata_user(self):
+        socket_path = os.path.join(
+            self.tempdir, "rpc", "qubes.SocketService+arg2"
+        )
+        user = getpass.getuser()
+        with open(
+            os.path.join(self.tempdir, "rpc-config", "qubes.SocketService+arg2"), "w"
+        ) as f:
+            f.write(f"""\
+skip-service-descriptor = true
+force-user = '{user}'
+""")
+        server = qrexec.socket_server(socket_path)
+        self.addCleanup(server.close)
+
+        target, dom0 = self.execute_qubesrpc("qubes.SocketService+arg2", "domX")
+        messages = target.recv_all_messages()
+        # No stderr
+        self.assertListEqual(
+            util.sort_messages(messages),
+            [
+                (qrexec.MSG_DATA_STDOUT, b""),
+                (qrexec.MSG_DATA_STDERR, b""),
+                (qrexec.MSG_DATA_EXIT_CODE, b"\175\0\0\0"),
+            ],
+        )
+        self.check_dom0(dom0)
+
     def test_connect_socket_no_metadata(self):
         socket_path = os.path.join(
             self.tempdir, "rpc", "qubes.SocketService+arg2"