From ef557ca4601ecbd4a3d5dc8f9429c6b172bc402d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Sat, 26 May 2018 01:39:07 +0200
Subject: [PATCH] qvm-open-in-vm: implement --view-only option

Implement option to disallow (ignore in fact) modifications of file
opened in another VM (including DispVM).
This commit implements actual services part and handling in wrapping scripts.

Fixes QubesOS/qubes-issues#1118
---
 qubes-rpc/qopen-in-vm.c   | 35 +++++++++++++++++++++++++++--------
 qubes-rpc/qvm-open-in-dvm |  6 +++---
 qubes-rpc/qvm-open-in-vm  | 33 +++++++++++++++++++++++++++------
 3 files changed, 57 insertions(+), 17 deletions(-)

diff --git a/qubes-rpc/qopen-in-vm.c b/qubes-rpc/qopen-in-vm.c
index 45949df..8d2b24f 100644
--- a/qubes-rpc/qopen-in-vm.c
+++ b/qubes-rpc/qopen-in-vm.c
@@ -9,6 +9,7 @@
 #include <stdlib.h>
 #include <libqubes-rpc-filecopy.h>
 #include <unistd.h>
+#include <getopt.h>
 #include <gui-fatal.h>
 #include "dvm2.h"
 
@@ -92,17 +93,35 @@ void recv_file(const char *fname)
         actually_recv_file(fname, tempfile, tmpfd);
 }
 
-void talk_to_daemon(const char *fname)
-{
-    send_file(fname);
-    recv_file(fname);
-}
-
 int main(int argc, char ** argv)
 {
+    char *fname;
+    int view_only = 0;
+    int ret;
+    const struct option opts[] = {
+        {"view-only", no_argument, &view_only, 1},
+        {0}
+    };
+
+    while ((ret=getopt_long(argc, argv, "", opts, NULL)) != -1) {
+        if (ret == '?') {
+            exit(2);
+        }
+    }
+
     signal(SIGPIPE, SIG_IGN);
-    if (argc!=2)
+
+    if (optind >= argc)
         gui_fatal("OpenInVM - no file given?");
-    talk_to_daemon(argv[1]);
+    fname = argv[optind];
+    send_file(fname);
+    if (!view_only) {
+        recv_file(fname);
+    } else {
+        /* discard received data */
+        int null_fd = open("/dev/null", O_WRONLY);
+        copy_fd_all(null_fd, 0);
+        close(null_fd);
+    }
     return 0;
 }
diff --git a/qubes-rpc/qvm-open-in-dvm b/qubes-rpc/qvm-open-in-dvm
index 84af921..8046858 100755
--- a/qubes-rpc/qvm-open-in-dvm
+++ b/qubes-rpc/qvm-open-in-dvm
@@ -20,10 +20,10 @@
 #
 #
 
-if ! [ $# = 1 ] ; then
-	echo "Usage: $0 filename"
+if ! [ $# = 1 ] && ! [ $# = 2 ]; then
+	echo "Usage: $0 [--view-only] filename"
 	exit 1
 fi
 
 # shellcheck disable=SC2016
-exec qvm-open-in-vm '$dispvm' "$1"
+exec qvm-open-in-vm '$dispvm' "$@"
diff --git a/qubes-rpc/qvm-open-in-vm b/qubes-rpc/qvm-open-in-vm
index d109e6b..ead9acf 100755
--- a/qubes-rpc/qvm-open-in-vm
+++ b/qubes-rpc/qvm-open-in-vm
@@ -20,16 +20,37 @@
 #
 #
 
-if ! [ $# = 2 ] ; then
-	echo "Usage: $0 vmname filename"
-	exit 1
+usage() {
+	echo "Usage: $0 [--view-only] vmname filename"
+	exit 2
+}
+
+qopen_opts=
+target=
+filename=
+
+while [ $# -gt 0 ]; do
+    if [ "x$1" = "x--view-only" ]; then
+        qopen_opts=--view-only
+    elif [ -z "$target" ]; then
+        target="$1"
+    elif [ -z "$filename" ]; then
+        filename="$1"
+    else
+        usage
+    fi
+    shift
+done
+
+if [ -z "$target" ] || [ -z "$filename" ]; then
+    usage
 fi
 
-case "$2" in
+case "$filename" in
 	*://*)
-        exec /usr/lib/qubes/qrexec-client-vm "$1" qubes.OpenURL /bin/echo "$2"
+        exec /usr/lib/qubes/qrexec-client-vm "$target" qubes.OpenURL /bin/echo "$filename"
         ;;
     *)
-        exec /usr/lib/qubes/qrexec-client-vm "$1" qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$2"
+        exec /usr/lib/qubes/qrexec-client-vm "$target" qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" $qopen_opts "$filename"
         ;;
 esac