From d54d953af1430165d506d2a8e42f123def046dd5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Fri, 16 Feb 2018 04:32:50 +0100
Subject: [PATCH] qrexec: use separate variables for original target type and
 value

Avoid passing special characters (like '$' or '@') to the service, even
if in environment variable. Use separate variable (and
qubes-rpc-multiplexer argument) to provide type of original target.
There are two:
 - specific VM by name ("name")
 - special name, like $adminvm, $dispvm etc ("keyword")

Then, use separate variables to provide actual value:
 - QREXEC_REQUESTED_TARGET_KEYWORD (if _TYPE == "keyword")
 - QREXEC_REQUESTED_TARGET (if _TYPE == "name")

The later one intentionally is the same as in previous implementation,
to preserve compatibility.
---
 qrexec/qubes-rpc-multiplexer | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/qrexec/qubes-rpc-multiplexer b/qrexec/qubes-rpc-multiplexer
index 8a4a2d0..1aedb4f 100755
--- a/qrexec/qubes-rpc-multiplexer
+++ b/qrexec/qubes-rpc-multiplexer
@@ -8,11 +8,17 @@ rm -f /tmp/qrexec-rpc-stderr.$$
 QUBES_RPC=/etc/qubes-rpc
 LOCAL_QUBES_RPC=/usr/local/etc/qubes-rpc
 
-if ! [ $# = 2 -o $# == 3 ] ; then
-	echo "$0: bad argument count, usage: $0 SERVICE-NAME REMOTE-DOMAIN-NAME [REQUESTED_TARGET]" >&2
+if ! [ $# = 2 -o $# = 4 ] ; then
+	echo "$0: bad argument count, usage: $0 SERVICE-NAME REMOTE-DOMAIN-NAME [REQUESTED_TARGET_TYPE REQUESTED_TARGET]" >&2
 	exit 1
 fi
-export QREXEC_REQUESTED_TARGET="$3"
+export QREXEC_REQUESTED_TARGET_TYPE="$3"
+if [ "$QREXEC_REQUESTED_TARGET_TYPE" = "name" ]; then
+    export QREXEC_REQUESTED_TARGET="$4"
+elif [ "$QREXEC_REQUESTED_TARGET_TYPE" = "keyword" ]; then
+    export QREXEC_REQUESTED_TARGET_KEYWORD="$4"
+fi
+# else: requested target type unknown or not given, ignore
 export QREXEC_REMOTE_DOMAIN="$2"
 export QREXEC_SERVICE_FULL_NAME="$1"
 SERVICE_WITHOUT_ARGUMENT="${1%%+*}"