From 270be96a2730304de8f5dd1d24dd367c9ed52b22 Mon Sep 17 00:00:00 2001 Message-Id: <270be96a2730304de8f5dd1d24dd367c9ed52b22@dist-git> From: Peter Krempa Date: Mon, 16 Mar 2020 22:12:02 +0100 Subject: [PATCH] qemu: domain: Store data for 'secret' object representing http cookies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The http cookies can have potentially sensitive values and thus should not be leaked into the command line. This means that we'll need to instantiate a 'secret' object in qemu to pass the value encrypted. This patch adds infrastructure for storing of the alias in the status XML. Signed-off-by: Peter Krempa Reviewed-by: Ján Tomko (cherry picked from commit 4e8faa5cdc54ce637f760ad4513753e17d2b9a4f) Conflicts: src/qemu/qemu_domain.c: Context conflict with missing backport of cleanups. (mentioned earlier) https://bugzilla.redhat.com/show_bug.cgi?id=1804750 Message-Id: Reviewed-by: Ján Tomko --- src/qemu/qemu_domain.c | 8 +++++++- src/qemu/qemu_domain.h | 3 +++ tests/qemustatusxml2xmldata/modern-in.xml | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 2920e699f6..9391bc37e0 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -2341,6 +2341,7 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt, char *authalias = NULL; char *encalias = NULL; int ret = -1; + g_autofree char *httpcookiealias = NULL; src->nodestorage = virXPathString("string(./nodenames/nodename[@type='storage']/@name)", ctxt); src->nodeformat = virXPathString("string(./nodenames/nodename[@type='format']/@name)", ctxt); @@ -2354,8 +2355,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt, authalias = virXPathString("string(./objects/secret[@type='auth']/@alias)", ctxt); encalias = virXPathString("string(./objects/secret[@type='encryption']/@alias)", ctxt); + httpcookiealias = virXPathString("string(./objects/secret[@type='httpcookie']/@alias)", ctxt); - if (authalias || encalias) { + if (authalias || encalias || httpcookiealias) { if (!src->privateData && !(src->privateData = qemuDomainStorageSourcePrivateNew())) goto cleanup; @@ -2367,6 +2369,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt, if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &encalias) < 0) goto cleanup; + + if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->httpcookie, &httpcookiealias) < 0) + goto cleanup; } if (virStorageSourcePrivateDataParseRelPath(ctxt, src) < 0) @@ -2423,6 +2428,7 @@ qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src, if (srcPriv) { qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->secinfo, "auth"); qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo, "encryption"); + qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->httpcookie, "httpcookie"); } if (src->tlsAlias) diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index bd9ac85ae2..5733954679 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -460,6 +460,9 @@ struct _qemuDomainStorageSourcePrivate { /* data required for decryption of encrypted storage source */ qemuDomainSecretInfoPtr encinfo; + + /* secure passthrough of the http cookie */ + qemuDomainSecretInfoPtr httpcookie; }; virObjectPtr qemuDomainStorageSourcePrivateNew(void); diff --git a/tests/qemustatusxml2xmldata/modern-in.xml b/tests/qemustatusxml2xmldata/modern-in.xml index c8d21ceada..cb56cdcef9 100644 --- a/tests/qemustatusxml2xmldata/modern-in.xml +++ b/tests/qemustatusxml2xmldata/modern-in.xml @@ -332,6 +332,7 @@ + -- 2.25.1