qrexec: use separate variables for original target type and value

Avoid passing special characters (like '$' or '@') to the service, even if in environment variable. Use separate variable (and qubes-rpc-multiplexer argument) to provide type of original target. There are two: - specific VM by name ("name") - special name, like $adminvm, $dispvm etc ("keyword") Then, use separate variables to provide actual value: - QREXEC_REQUESTED_TARGET_KEYWORD (if _TYPE == "keyword") - QREXEC_REQUESTED_TARGET (if _TYPE == "name") The later one intentionally is the same as in previous implementation, to preserve compatibility.
6 years ago · d54d953af1
parent 32b0c659a1
commit d54d953af1
1 changed files with 9 additions and 3 deletions
--- a/qrexec/qubes-rpc-multiplexer
+++ b/qrexec/qubes-rpc-multiplexer
@ -8,11 +8,17 @@ rm -f /tmp/qrexec-rpc-stderr.$$
 QUBES_RPC=/etc/qubes-rpc
 LOCAL_QUBES_RPC=/usr/local/etc/qubes-rpc

-if ! [ $# = 2 -o $# == 3 ] ; then
-	echo "$0: bad argument count, usage: $0 SERVICE-NAME REMOTE-DOMAIN-NAME [REQUESTED_TARGET]" >&2
+if ! [ $# = 2 -o $# = 4 ] ; then
+	echo "$0: bad argument count, usage: $0 SERVICE-NAME REMOTE-DOMAIN-NAME [REQUESTED_TARGET_TYPE REQUESTED_TARGET]" >&2
 	exit 1
 fi
-export QREXEC_REQUESTED_TARGET="$3"
+export QREXEC_REQUESTED_TARGET_TYPE="$3"
+if [ "$QREXEC_REQUESTED_TARGET_TYPE" = "name" ]; then
+    export QREXEC_REQUESTED_TARGET="$4"
+elif [ "$QREXEC_REQUESTED_TARGET_TYPE" = "keyword" ]; then
+    export QREXEC_REQUESTED_TARGET_KEYWORD="$4"
+fi
+# else: requested target type unknown or not given, ignore
 export QREXEC_REMOTE_DOMAIN="$2"
 export QREXEC_SERVICE_FULL_NAME="$1"
 SERVICE_WITHOUT_ARGUMENT="${1%%+*}"